Joakim
df4ae0eb17
- Created authentik.pod file for proper pod definition - Removed superfluous authentik-pod.container file - Updated container templates to reference pod correctly - Issue: Quadlet still reports 'pod authentik is not Quadlet based' - Container services not being generated (only pod service works)
41 lines
1.2 KiB
Django/Jinja
41 lines
1.2 KiB
Django/Jinja
# Authentik Authentication Service
|
|
{{ authentik_domain }} {
|
|
reverse_proxy https://{{ authentik_bind_address }}:{{ authentik_https_port }} {
|
|
transport http {
|
|
tls_insecure_skip_verify
|
|
}
|
|
|
|
header_up Host {upstream_hostport}
|
|
header_up X-Real-IP {remote_host}
|
|
header_up X-Forwarded-Proto https
|
|
header_up X-Forwarded-For {remote_host}
|
|
header_up X-Forwarded-Host {host}
|
|
|
|
# Health check
|
|
health_uri /if/health/live/
|
|
health_timeout 10s
|
|
health_interval 30s
|
|
health_status 200
|
|
}
|
|
|
|
# Security headers
|
|
header {
|
|
X-Frame-Options SAMEORIGIN
|
|
X-Content-Type-Options nosniff
|
|
X-XSS-Protection "1; mode=block"
|
|
Referrer-Policy strict-origin-when-cross-origin
|
|
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
|
}
|
|
|
|
# Authentik-specific paths
|
|
handle_path /outpost.goauthentik.io/* {
|
|
reverse_proxy https://{{ authentik_bind_address }}:{{ authentik_https_port }}
|
|
}
|
|
|
|
# Logging
|
|
log {
|
|
output file {{ caddy_log_dir }}/authentik.log
|
|
level INFO
|
|
format json
|
|
}
|
|
} |