http: routers: authentik: rule: "Host(`authentik.local.mk-labs.cloud`)" entryPoints: - websecure service: authentik tls: certResolver: cloudflare middlewares: - security-headers services: authentik: loadBalancer: servers: - url: "http://guest-relations.local.mk-labs.cloud:8000" ## Authentik Forward Auth Middleware ## Add 'authentik-forwardauth' to a router's middlewares list to protect it with SSO ## Example: ## my-service: ## rule: "Host(`my-service.local.mk-labs.cloud`)" ## middlewares: ## - security-headers ## - authentik-forwardauth middlewares: authentik-forwardauth: forwardAuth: address: "http://guest-relations.local.mk-labs.cloud:8000/outpost.goauthentik.io/auth/nginx" trustForwardHeader: true authResponseHeaders: - X-authentik-username - X-authentik-groups - X-authentik-email - X-authentik-name - X-authentik-uid - X-authentik-jwt - X-authentik-meta-jwks - X-authentik-meta-outpost - X-authentik-meta-provider - X-authentik-meta-app - X-authentik-meta-version