r/selfhosted

•

6 mo. ago

SWAG(NGINX) & Authentik OAuth2

Hey all,

I have been using SWAG and Authentik to secure my server's applications for external access and it's been working well. I wanted to make some quality-of-life tweaks by adding OIDC. I previously had Authentik setup with each application provider set to Forward Auth Proxy (Single Application) and routed it through Authentik's outpost. This works as intended. When I switch the provider to OAuth2 for OIDC, the logs show 404 errors. If I test locally and replace my subdomain entries in Authentik with my local IP and application ports, OIDC works perfectly. I assume the issue would be related to SWAG's authentik-location.conf referring to the outpost for auth requests and the OAuth2 providers not being an option in the outpost within Authentik. I don't know enough to properly troubleshoot beyond this point without some direction from my betters. If anyone has suggestions or ideas, I'd appreciate it!

**UPDATE**
I did some more aimless troubleshooting and figured out I can't have forward auth enabled in the NGINX proxy-confs. I removed that and this is now working as intended. I would certainly prefer to have the subdomain locked behind authentication, but I'm not sure if it's possible to have both forward auth as a middleman to prevent unauthorized access to the subdomain AND to have OIDC setup for authentication at the application level. I would still love any insight on this aspect from my betters, but I'm reluctantly content with my current solution.

monday_com

•

Promoted

The feeling of not having enough time to finish all your tasks is real! Well, with monday.com’s work management platform, get more done in less time with automations, real-time communication, and notifications. Smash that done button! Try now.

monday.com

Sort by:

Best

Open comment sort options

cantchooseaname8

•

5mo ago

Did you ever figure this out? I’ve been pulling my hair out trying to use forward auth and OIDC. I can make them work independently but they don’t work together.

johnackelley

•

5mo ago

Unfortunately, I got confirmation that it's one or the other, but not both. I decided this was good enough since OIDC redirects to Authentik, which will force authentication or bar entry. It's less than ideal, but good enough I suppose.

More replies

SWAG(NGINX) & Authentik OAuth2

Comments Section

What's the worst that could happen; Nginx and Jellyfin

Anyone using nginxui ? Trying to find an alternative for nginx-proxy-manager

Nginx server receives malicious requests. Should I be worried?

Struggling with authentik and OIDC Integration Across Self-Hosted Services

Improve security with Authentik

Looking for Alternatives to Nginx Reverse Proxy

Some questions about my Authentik setup

Is Authentik the right tool for me?

Authentik Traefik Forward Auth Guide - SmartHomeBeginner

Is Authentik that resource heavy?

Why is nobody talking about using oauth2-proxy to secure one's services?

Alternatives to Authentik for basic homelab

Is authentik safer than wireguard when I want to share my selfhosted services to my family members?

Self-hosted github?

What are some things you automate?

Tinyauth v1.0.0 released with OAuth support!

Easiest way to do authentication and reverse proxy

What software did you wish was open source or self-hostable?

Wiki-Go - A modern, feature-rich, databaseless flat-file wiki platform built with Go

Easiest way to setup internal-only DNS for a bunch of Docker containers

What are some apps you'd rather host in the cloud, and why?

How secure should I go?

Authentik and Traefik integration. Please help my smooth brain figure this out.

Quickdash version 1 now available! Pop into your favorite webserver, configures board-data.json, all done!

What do you backup across your self-hosted apps?

Trending topics today

SWAG(NGINX) & Authentik OAuth2

Comments Section

What's the worst that could happen; Nginx and Jellyfin

Anyone using nginxui ? Trying to find an alternative for nginx-proxy-manager

Nginx server receives malicious requests. Should I be worried?

Struggling with authentik and OIDC Integration Across Self-Hosted Services

Improve security with Authentik

Looking for Alternatives to Nginx Reverse Proxy

Some questions about my Authentik setup

Is Authentik the right tool for me?

Authentik Traefik Forward Auth Guide - SmartHomeBeginner

Is Authentik that resource heavy?

Why is nobody talking about using oauth2-proxy to secure one's services?

Alternatives to Authentik for basic homelab

Is authentik safer than wireguard when I want to share my selfhosted services to my family members?

Self-hosted github?

What are some things you automate?

Tinyauth v1.0.0 released with OAuth support!

Easiest way to do authentication and reverse proxy

What software did you wish was open source or self-hostable?

Wiki-Go - A modern, feature-rich, databaseless flat-file wiki platform built with Go

Easiest way to setup internal-only DNS for a bunch of Docker containers

What are some apps you'd rather host in the cloud, and why?

How secure should I go?

Authentik and Traefik integration. Please help my smooth brain figure this out.

Quickdash version 1 now available! Pop into your favorite webserver, configures board-data.json, all done!

*What* do you backup across your self-hosted apps?

Trending topics today

What do you backup across your self-hosted apps?