Authentik + traefik labels doesn't promt for authentication.

[AnisseH]

Describe your question/
I want to put some apps that don't provide authentication, behind the Authentik wall.
So I've configured the provider, the app for the proxy traefik, and the outpost.
For testing, I've run up a whoami container and put the label on it to route it through Authentik, but it doesn't prompt for login; it's going directly to the webpage. 

Relevant info
Authentik: 2024.4.2
Traefik: 2.11.1

Screenshots
If applicable, add screenshots to help explain your problem.

Hostname: 1d66117e8bf0
IP: 127.0.0.1
IP: ::1
IP: 172.18.0.7
RemoteAddr: 172.18.0.3:60776
GET / HTTP/1.1
Host: whoami.domain.tld
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Edg/125.0.0.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: fr,fr-FR;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6
Cache-Control: no-cache
Pragma: no-cache
Priority: u=0, i
Sec-Ch-Ua: "Microsoft Edge";v="125", "Chromium";v="125", "Not.A/Brand";v="24"
Sec-Ch-Ua-Mobile: ?0
Sec-Ch-Ua-Platform: "Windows"
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
Upgrade-Insecure-Requests: 1
X-Forwarded-For: 172.18.0.1
X-Forwarded-Host: whoami.domain.tld
X-Forwarded-Port: 443
X-Forwarded-Proto: https
X-Forwarded-Server: 3ed78c0f5347
X-Real-Ip: 172.18.0.1

my provider setup

my outpost config

my application setup

Logs
Output of docker-compose logs or kubectl logs respectively

Version and Deployment (please complete the following information):

• authentik version: [2024.4.2]
• Deployment: docker-compose

services:
  postgresql:
    image: docker.io/library/postgres:12-alpine
    restart: unless-stopped
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
      start_period: 20s
      interval: 30s
      retries: 5
      timeout: 5s
    networks:
      - authentik-internal
    volumes:
      - database:/var/lib/postgresql/data
    environment:
      POSTGRES_PASSWORD: ${PG_PASS}
      POSTGRES_USER: ${PG_USER:-authentik}
      POSTGRES_DB: ${PG_DB:-authentik}
    env_file:
      - .env
  redis:
    image: docker.io/library/redis:alpine
    command: --save 60 1 --loglevel warning
    restart: unless-stopped
    healthcheck:
      test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
      start_period: 20s
      interval: 30s
      retries: 5
      timeout: 3s
    networks:
      - authentik-internal
    volumes:
      - redis:/data
  server:
    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2024.4.2}
    container_name: authentik_server
    restart: unless-stopped
    command: server
    environment:
      AUTHENTIK_REDIS__HOST: redis
      AUTHENTIK_POSTGRESQL__HOST: postgresql
      AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
      AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
      AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
      AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY}
    volumes:
      - ./media:/media
      - ./custom-templates:/templates
    env_file:
      - .env
    depends_on:
      - postgresql
      - redis
    networks:
      - traefik-servicenet
      - authentik-internal
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.authentik.entrypoints=web"
      - "traefik.http.routers.authentik.rule=Host(`authentik.domain.tld`)"
      - "traefik.http.middlewares.authentik-https-redirect.redirectscheme.scheme=https"
      - "traefik.http.routers.authentik.middlewares=authentik-https-redirect"
      - "traefik.http.routers.authentik-secure.entrypoints=web-secure"
      - "traefik.http.routers.authentik-secure.rule=Host(`authentik.domain.tld`)"
      - "traefik.http.routers.authentik-secure.tls=true"
      - "traefik.http.services.authentik.loadbalancer.server.port=9000"
      - "traefik.docker.network=traefik-servicenet"
      - "traefik.http.routers.authentik-secure.tls.certresolver=tlschallenge"
      - "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"
  worker:
    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2024.4.2}
    restart: unless-stopped
    container_name: worker
    command: worker
    environment:
      AUTHENTIK_REDIS__HOST: redis
      AUTHENTIK_POSTGRESQL__HOST: postgresql
      AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
      AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
      AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
      AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY}

    user: root
    volumes:
      - /run/user/1000/docker.sock:/var/run/docker.sock 
      - ./media:/media
      - ./certs:/certs
      - ./custom-templates:/templates
    env_file:
      - .env
    depends_on:
      - postgresql
      - redis
    networks:
      - authentik-internal
volumes:
  database:
    driver: local
  redis:
    driver: local

networks:
  traefik-servicenet:
    external: true 
    name: traefik-servicenet
  authentik-internal:
    external: true

my middleware

http:
  middlewares:
    middlewares-authentik:
      forwardAuth:
        address: "http://authentik_server:9000/outpost.goauthentik.io/auth/traefik"
        trustForwardHeader: true
        authResponseHeaders:
          - X-authentik-username
          - X-authentik-groups
          - X-authentik-email
          - X-authentik-name
          - X-authentik-uid
          - X-authentik-jwt
          - X-authentik-meta-jwks
          - X-authentik-meta-outpost
          - X-authentik-meta-provider
          - X-authentik-meta-app
          - X-authentik-meta-version
    crowdsec-bouncer:
      forwardauth:
        address: http://bouncer-traefik:8080/api/v1/forwardAuth
        trustForwardHeader: true

the whoami compose file

services:
  whoami:
    image: traefik/whoami
    networks:
      - traefik-servicenet
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.whomai.entrypoints=web"
      - "traefik.http.routers.whomai.rule=Host(`whoami.domain.tld`)"
      - "traefik.http.middlewares.whomai-https-redirect.redirectscheme.scheme=https"
      - "traefik.http.routers.whomai.middlewares=whomai-https-redirect"
      - "traefik.http.routers.whomai-secure.entrypoints=web-secure"
      - "traefik.http.routers.whomai-secure.rule=Host(`whoami.domain.tld`)"
      - "traefik.http.routers.whomai-secure.tls=true"
      - "traefik.http.services.whoami.loadbalancer.server.port=80"
      - "traefik.docker.network=traefik-servicenet"
      - "traefik.http.routers.whomai-secure.tls.certresolver=tlschallenge"
      - "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"
      - "traefik.http.routers.whoami.middlewares=middlewares-authentik@file"
networks:
  traefik-servicenet:
    external: true

Additional context
Add any other context about the problem here.

[hanley-development]

Try changing the name of the service from server to authentik_server. I think that was my issue previously.

[AnisseH]

Try changing the name of the service from server to authentik_server. I think that was my issue previously.

hi,
i've tried, but still the same issue