CaZzzer/alpina
1
1
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

authentik: add support for basic http auth on arrstack

Browse Source
This commit is contained in:
Iurii Tatishchev
2023-04-04 02:46:51 -07:00
parent 659d5ffebc
commit ec335e5d3c
3 changed files with 27 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
roles/authentik/templates/blueprints/arrstack.yaml.j2
View File

@@ -8,6 +8,9 @@ entries:
name: arrstack
model: authentik_core.group
id: arrstack
attrs:
arrstack_username: "arr"
arrstack_password: "{{ arrstack_password }}"
{% for service in ["qBit", "Prowlarr", "Sonarr", "Radarr"] -%}
- identifiers:
@@ -18,6 +21,11 @@ entries:
access_token_validity: hours=24
authorization_flow: !Find [authentik_flows.flow, [slug, default-provider-authorization-implicit-consent]]
certificate: !Find [authentik_crypto.certificatekeypair, [name, "authentik Self-signed Certificate"]]
{% if service != 'qBit' -%}
basic_auth_enabled: true
basic_auth_user_attribute: arrstack_username
basic_auth_password_attribute: arrstack_password
{% endif -%}
intercept_header_auth: true
external_host: https://{{ service | lower }}.{{ domain }}/
mode: forward_single

2
roles/authentik/templates/docker-compose.yml.j2
View File

@@ -15,7 +15,7 @@ services:
- {{ helpers.traefik_labels('auth', port='9000') | indent(6) }}
- traefik.http.middlewares.authentik.forwardauth.address=http://localhost:9000/outpost.goauthentik.io/auth/traefik
- traefik.http.middlewares.authentik.forwardauth.trustForwardHeader=true
- traefik.http.middlewares.authentik.forwardauth.authResponseHeaders=X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid,X-authentik-jwt,X-authentik-meta-jwks,X-authentik-meta-outpost,X-authentik-meta-provider,X-authentik-meta-app,X-authentik-meta-version
- traefik.http.middlewares.authentik.forwardauth.authResponseHeaders=Authorization,X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid,X-authentik-jwt,X-authentik-meta-jwks,X-authentik-meta-outpost,X-authentik-meta-provider,X-authentik-meta-app,X-authentik-meta-version
restart: unless-stopped
# Port forward is needed because traefik can't resolve the container name from the host network
ports: