Caddy setup with Authentik

1. The problem I’m having:

I am currently trying to setup authentik with caddy as my reverse proxy. I use caddy installed on bare metal on debian, and I use a single caddyfile to manage everything.

There is more notes/code at the bottom of this

2. Error messages and/or full log output:

I am not receiving any error messages, I just cannot reach the page.

3. Caddy version:

v2.7.6

4. How I installed and ran Caddy:

Here is my caddyfile for authentik:

NOTE: I set the http port for authentik to port 9009. 9443 is still https, but I cant get to the page when using caddy unless I use the HTTP port, which makes sense as caddy handles https.

authentik.example.com {
        reverse_proxy 10.9.69.3:9009
}

a. System environment:

Current version of debian

b. Command:

sudo caddy start

d. My complete Caddy config:

authentik.example.com {
        reverse_proxy 10.9.69.3:9009
}

5. Links to relevant resources:


6. Actual help question

I am trying to setup caddy with authentik. I am unsure how to do so.

Everything should be configured inside authentik correctly, but I am getting stuck with caddy.

Here is what I tried, but did not work:

myapplication.example.com {
    # always forward outpost path to actual outpost
    reverse_proxy /outpost.goauthentik.io/* http://10.69.69.3:9009

    # forward authentication to outpost
    forward_auth http://10.69.69.3:9009 {
        uri /outpost.goauthentik.io/auth/caddy

        # capitalization of the headers is important, otherwise they will be empty
        copy_headers X-Authentik-Username X-Authentik-Groups X-Authentik-Email X-Authentik-Name X-Authentik-Uid X-Authentik-Jwt X-Authentik-Meta-Jwks X-Authentik-Meta-Outpost X-Authentik-Meta-Provider X-Authentik-Meta-App X-Authentik-Meta-Version

        # optional, in this config trust all private ranges, should probably be set to the outposts IP
        trusted_proxies private_ranges
    }

    # actual site configuration below, for example
    reverse_proxy 10.69.69.3:8080
}

NOTE: 10.69.69.3:9009 is the port for authentik http.
10.69.69.3:8080 is the port of the application locally.

when adding this snippit of code to the caddyfile, it will run, but I cannot get to the page. It is not working. Any suggestions?

Don’t use caddy start if you installed Caddy using the apt repo. You should run Caddy as a systemd service. See the instructions here: Keep Caddy Running — Caddy Documentation

What do you mean, exactly? What error do you see? What behaviour do you see? What’s in your logs? Show an example request with curl -v.