Hi everyone,

I am struggling to create proxy between my apps and Anthentik.

I was able to make Authentik work perfectly with Immich (Oauth2 Provider) and nextcloud (SAML Provider) but I can not make it work with Proxy Provider.

I am on Unraid using Nginx Proxy Manager.

Nginx Proxy Manager, Authentik and my apps are on the same custom network on Unraid.

All of them are accessible from outside my network using cloudflare.

I want to make my app "Homepage" get secured with Authentik SSO. So I want to use the proxy provider feature of authentik.

I can access without any problem to my app "Homepage" using https://home.domain.com without Authentik code in the advanced tab of my proxy in Nginx.

My app is correctly configured inside Authentik.

But when I add the code required in the advanced tab to make it work with authentik, I get the error 500.

Here is the advanced tab code of my app https://home.domain.com :

proxy_buffers 8 16k;
proxy_buffer_size 32k;

location / {
    # Put your proxy_pass to your application here
    proxy_pass          $forward_scheme://$server:$port;

    # authentik-specific config
    auth_request        /outpost.goauthentik.io/auth/nginx;
    error_page          401 = @goauthentik_proxy_signin;
    auth_request_set $auth_cookie $upstream_http_set_cookie;
    add_header Set-Cookie $auth_cookie;

    # translate headers from the outposts back to the actual upstream
    auth_request_set $authentik_username $upstream_http_x_authentik_username;
    auth_request_set $authentik_groups $upstream_http_x_authentik_groups;
    auth_request_set $authentik_email $upstream_http_x_authentik_email;
    auth_request_set $authentik_name $upstream_http_x_authentik_name;
    auth_request_set $authentik_uid $upstream_http_x_authentik_uid;

    proxy_set_header X-authentik-username $authentik_username;
    proxy_set_header X-authentik-groups $authentik_groups;
    proxy_set_header X-authentik-email $authentik_email;
    proxy_set_header X-authentik-name $authentik_name;
    proxy_set_header X-authentik-uid $authentik_uid;

# If behind reverse proxy, forwards the correct IP, assumes you're using Cloudflare. Adjust IP for your Docker network.
set_real_ip_from 172.18.0.0/16; #make sure this IP range matches your network setup
real_ip_header CF-Connecting-IP;
real_ip_recursive on;
}

# all requests to /outpost.goauthentik.io must be accessible without authentication
location /outpost.goauthentik.io {
    proxy_pass          http://192.168.1.XX:9000/outpost.goauthentik.io;
    # ensure the host of this server matches your external URL you've configured
    # in authentik
    proxy_set_header    Host $host;
    proxy_set_header    X-Original-URL $scheme://$http_host$request_uri;
    add_header          Set-Cookie $auth_cookie;
    auth_request_set    $auth_cookie $upstream_http_set_cookie;

    # required for POST requests to work
    proxy_pass_request_body off;
    proxy_set_header Content-Length "";
}

# Special location for when the /auth endpoint returns a 401,
# redirect to the /start URL which initiates SSO
location @goauthentik_proxy_signin {
    internal;
    add_header Set-Cookie $auth_cookie;
    return 302 /outpost.goauthentik.io/start?rd=$request_uri;
    # For domain level, use the below error_page to redirect to your authentik server with the full redirect path
    # return 302 https://auth.mydomain.fr/outpost.goauthentik.io/start?rd=$scheme://$http_host$request_uri;
}

I tried several times to modify this code, also took code from this github's latests posts https://github.com/vineethmn/geekscomments/issues/1

Thanks in advance for your help,