From b49d6781aa5d773902628e83902b5a7cbfe33717 Mon Sep 17 00:00:00 2001
From: Petru Paler <petru@paler.net>
Date: Mon, 21 Aug 2023 13:20:37 +0100
Subject: [PATCH] Proxy forward auth SSO.

---
 services/authentik.hcl | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/services/authentik.hcl b/services/authentik.hcl
index 4ab9961..5e12e1a 100644
--- a/services/authentik.hcl
+++ b/services/authentik.hcl
@@ -49,7 +49,14 @@ job "authentik" {
         port = "http"
         tags = [
           "traefik.enable=true",
+          # Main UI
           "traefik.http.routers.authentik.entryPoints=websecure",
+          "traefik.http.routers.authentik.rule=Host(`authentik.v.paler.net`) || Host(`authentik.alo.land`)",
+          # Embedded outpost for forward auth
+          "traefik.http.routers.authentik-palernet.entryPoints=websecure",
+          "traefik.http.routers.authentik-palernet.rule=HostRegexp(`{subdomain:[a-z0-9-]+}.v.paler.net`) && PathPrefix(`/outpost.goauthentik.io/`)",
+          "traefik.http.routers.authentik-aloland.entryPoints=websecure",
+          "traefik.http.routers.authentik-aloland.rule=HostRegexp(`{subdomain:[a-z0-9-]+}.alo.land`) && PathPrefix(`/outpost.goauthentik.io/`)",
         ]
       }
       service {