From 454edba677f00d11e55168a5cc6deda92eeb5bf2 Mon Sep 17 00:00:00 2001
From: fuomag9 <1580624+fuomag9@users.noreply.github.com>
Date: Wed, 19 Nov 2025 20:22:38 +0100
Subject: [PATCH] Fix outpost upstream dial address parsing

The outpost upstream was being passed directly to Caddy's dial field with the
full URL (http://host:port), but Caddy expects just host:port. This was causing
DNS lookup errors with a leading slash (/authentik.bologna.local.fuo.fi).

Now properly parses the URL to extract just the hostname and port.
---
 src/lib/caddy.ts | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/src/lib/caddy.ts b/src/lib/caddy.ts
index 542507aa..5a30a836 100644
--- a/src/lib/caddy.ts
+++ b/src/lib/caddy.ts
@@ -359,11 +359,22 @@ function buildProxyRoutes(
     // Authentik outpost handler will be added later after protected paths
     let outpostRoute: CaddyHttpRoute | null = null;
     if (authentik) {
+      // Parse the outpost upstream URL to extract host:port for Caddy's dial field
+      let outpostDial = authentik.outpostUpstream;
+      try {
+        const url = new URL(authentik.outpostUpstream);
+        const port = url.port || (url.protocol === "https:" ? "443" : "80");
+        outpostDial = `${url.hostname}:${port}`;
+      } catch {
+        // If URL parsing fails, try to extract host:port from string
+        outpostDial = authentik.outpostUpstream.replace(/^https?:\/\//, "").replace(/\/$/, "");
+      }
+
       const outpostHandler: Record<string, unknown> = {
         handler: "reverse_proxy",
         upstreams: [
           {
-            dial: authentik.outpostUpstream
+            dial: outpostDial
           }
         ]
       };