I’m trying to set up Authentik as an auth layer between Nginx Proxy Manager (NPM) and my apps. The goal is to have users authenticate with Authentik after hitting NPM but before reaching the app.
I got the proxy provider with single-app forward auth working, but now I’m facing issues with my app’s OIDC login through Authentik. It was fine before tweaking the NPM custom Nginx config.
With the new setup, I can access the app’s login page, but clicking ‘Login with Authentik’ causes two problems:
It redirects to the app’s local IP and port instead of the domain.
The app shows an error about missing ‘oidc-state’ cookie.
I think I need to adjust my Nginx config, but I’m not sure how. Any ideas on fixing this? Thanks!
I’ve been down this road before, and it can be tricky. One thing that helped me was tweaking the proxy_cookie_domain directive in my Nginx config. It ensures cookies are set for the correct domain, which might solve your ‘oidc-state’ issue.
Also, double-check your Authentik application settings. Make sure the ‘Redirect URIs’ and ‘Audience’ fields are using your public domain, not internal IPs. This was a gotcha for me.
For the redirect problem, you might need to adjust your app’s configuration to trust the X-Forwarded-Proto header. This way, it’ll generate the correct URLs even behind a proxy.
Lastly, don’t forget to clear your browser cache and cookies after making changes. Sometimes old data can mask fixes and lead you on a wild goose chase. Keep at it, you’re on the right track!
have u tried adjusting the X-Forwarded headers in ur NPM config? that might help with the redirect issue. for the cookie problem, check if ur passing cookies correctly thru NPM. maybe add some custom headers in the nginx config to preserve OIDC state. good luck!
Your situation sounds familiar. I encountered similar issues when setting up Authentik with NPM. Have you verified your application’s OIDC configuration in Authentik? Ensure the redirect URIs are correctly set to use your public domain, not the local IP. Also, check your NPM’s custom Nginx configuration. You might need to add directives to properly handle OIDC cookies and headers. Something like: