Last active
December 3, 2025 02:12
-
-
Save lotsokluze/840acc5c1614ff9bc48c18f73bcb34f1 to your computer and use it in GitHub Desktop.
The correct config for Authentik & NGINX Proxy Manager 2-7-2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Couple Of TIP: | |
| ** Im running Authentik in docker and running other containers in docker. NGINX PROXY MANAGER is also in the same docker. | |
| 1. Delete your default outpost and restart Authentik. It will recreate it. | |
| 2. Set ip up, add your applications and then edit the advanced and add your domain or auth.domain.com for where your authentik is installed. | |
| 3. Restart | |
| It will work now | |
| 4. Every time you add a new one. Restart authentik. | |
| # Increase buffer size for large headers | |
| proxy_buffers 8 16k; | |
| proxy_buffer_size 32k; | |
| # Make sure not to redirect traffic to a port 4443 | |
| port_in_redirect off; | |
| location / { | |
| proxy_pass $forward_scheme://$server:$port; | |
| proxy_set_header Host $host; | |
| proxy_set_header X-Real-IP $remote_addr; | |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
| proxy_set_header X-Forwarded-Proto $scheme; | |
| # authentik-specific config | |
| auth_request /outpost.goauthentik.io/auth/nginx; | |
| error_page 401 = @goauthentik_proxy_signin; | |
| auth_request_set $auth_cookie $upstream_http_set_cookie; | |
| add_header Set-Cookie $auth_cookie; | |
| auth_request_set $authentik_username $upstream_http_x_authentik_username; | |
| auth_request_set $authentik_groups $upstream_http_x_authentik_groups; | |
| auth_request_set $authentik_entitlements $upstream_http_x_authentik_entitlements; | |
| auth_request_set $authentik_email $upstream_http_x_authentik_email; | |
| auth_request_set $authentik_name $upstream_http_x_authentik_name; | |
| auth_request_set $authentik_uid $upstream_http_x_authentik_uid; | |
| proxy_set_header X-authentik-username $authentik_username; | |
| proxy_set_header X-authentik-groups $authentik_groups; | |
| proxy_set_header X-authentik-entitlements $authentik_entitlements; | |
| proxy_set_header X-authentik-email $authentik_email; | |
| proxy_set_header X-authentik-name $authentik_name; | |
| proxy_set_header X-authentik-uid $authentik_uid; | |
| } | |
| location /outpost.goauthentik.io { | |
| # proxy_pass http://internal-ip-or-docker-name:9000/outpost.goauthentik.io; | |
| # proxy_pass https://auth.yourdomain.com/outpost.goauthentik.io; | |
| proxy_set_header Host $host; | |
| proxy_set_header X-Original-URL $scheme://$http_host$request_uri; | |
| add_header Set-Cookie $auth_cookie; | |
| auth_request_set $auth_cookie $upstream_http_set_cookie; | |
| proxy_pass_request_body off; | |
| proxy_set_header Content-Length ""; | |
| } | |
| location @goauthentik_proxy_signin { | |
| internal; | |
| add_header Set-Cookie $auth_cookie; | |
| return 302 /outpost.goauthentik.io/start?rd=$scheme://$http_host$request_uri; | |
| } |
Author
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello! It looks like something in your npm settings is wrong, What are you trying to forward to? Is it HASS by chance?