From 664d420ec25deb90bcf3d0f12381e064c23ca2df Mon Sep 17 00:00:00 2001 From: fuomag9 <1580624+fuomag9@users.noreply.github.com> Date: Fri, 7 Nov 2025 00:19:28 +0100 Subject: [PATCH] updated src/lib/caddy.ts (lines 410-475) to generate the proper reverse_proxy handler configuration that mimics what forward_auth does --- src/lib/caddy.ts | 59 +++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 56 insertions(+), 3 deletions(-) diff --git a/src/lib/caddy.ts b/src/lib/caddy.ts index 90cc9b9e..dd95d266 100644 --- a/src/lib/caddy.ts +++ b/src/lib/caddy.ts @@ -408,15 +408,68 @@ function buildProxyRoutes( } if (authentik) { + // Build handle_response routes for copying headers on 2xx status + const handleResponseRoutes = [ + { + handle: [{ handler: "vars" }] + } + ]; + + // Add header copying for each configured header + for (const headerName of authentik.copyHeaders) { + handleResponseRoutes.push({ + handle: [ + { + handler: "headers", + request: { + set: { + [headerName]: [`{http.reverse_proxy.header.${headerName}}`] + } + } + } + ], + match: [ + { + not: [ + { + vars: { + [`{http.reverse_proxy.header.${headerName}}`]: [""] + } + } + ] + } + ] + }); + } + + // Create the forward auth reverse_proxy handler handlers.push({ - handler: "forward_auth", + handler: "reverse_proxy", upstreams: [ { dial: authentik.outpostUpstream } ], - uri: authentik.authEndpoint, - copy_headers: authentik.copyHeaders, + rewrite: { + method: "GET", + uri: authentik.authEndpoint + }, + headers: { + request: { + set: { + "X-Forwarded-Method": ["{http.request.method}"], + "X-Forwarded-Uri": ["{http.request.uri}"] + } + } + }, + handle_response: [ + { + match: { + status_code: [2] + }, + routes: handleResponseRoutes + } + ], trusted_proxies: authentik.trustedProxies }); }