You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
Nginx Forward Auth provider (domain level) returned the following error : Outpost authentik Embedded Outpost (Provider Provider for XXX) failed to detect a forward URL from nginx
Steps to reproduce the behavior:
While connecting to an application, the application nginx reverse proxy returned an error 500.
Authentik related logs show the error message Outpost authentik Embedded Outpost (Provider Provider for XXX) failed to detect a forward URL from nginx
The application reverse proxy is configured as following (slightly modified copy from the authentik web ui):
1 # authentik-specific config
auth_request /outpost.goauthentik.io/auth/nginx;
...
# all requests to /outpost.goauthentik.io must be accessible without authentication
location /outpost.goauthentik.io {
proxy_pass https://authentik:9443/outpost.goauthentik.io;
# ensure the host of this vserver matches your external URL you've configured
# in authentik
proxy_set_header Host $host;
add_header X-Original-URL $scheme://$http_host$request_uri;
...
}
Expected behavior
No error
Solution
The proxy header configuration proposed by the ui is to set X-Original-URL to $scheme://$http_host$request_uri.
However, it seems that the authentik code is checking X-Original-URI (last character is I instead of L) cf.
Describe the bug
Nginx Forward Auth provider (domain level) returned the following error :
Outpost authentik Embedded Outpost (Provider Provider for XXX) failed to detect a forward URL from nginx
Steps to reproduce the behavior:
While connecting to an application, the application nginx reverse proxy returned an error 500.
Authentik related logs show the error message
Outpost authentik Embedded Outpost (Provider Provider for XXX) failed to detect a forward URL from nginx
The application reverse proxy is configured as following (slightly modified copy from the authentik web ui):
Expected behavior
No error
Solution
The proxy header configuration proposed by the ui is to set
X-Original-URL
to$scheme://$http_host$request_uri
.However, it seems that the authentik code is checking
X-Original-URI
(last character is I instead of L) cf.authentik/internal/outpost/proxyv2/application/mode_common.go
Line 90 in 0766a47
In fact, setting the
X-Original-URI
to$scheme://$http_host$request_uri
instead ofX-Original-URL
solves the error.It seems that the header
X-Original-URL
is a standard. Maybe the code may be changed to lookup for it instead ?Thanks for your awesome application 👍
The text was updated successfully, but these errors were encountered: