Expose Authentik on public Pangolin hostname
This commit is contained in:
@@ -25,7 +25,8 @@ All homelab services, their hosts, ports, and current status.
|
||||
| Shlink | 8087 | http://pd:8087 | ✅ Active |
|
||||
| Shlink Web Client | 8088 | http://pd:8088 | ✅ Active |
|
||||
| RackPeek | 8283 | http://pd:8283 | ✅ Active |
|
||||
| Authelia | 9091 | http://pd:9091 / https://auth.paccoco.com | ✅ Active internally on PD; Traefik is ready to enforce app auth once Pangolin targets are cut over |
|
||||
| Authelia | 9091 | http://pd:9091 / https://auth.paccoco.com | ✅ Active internally on PD; currently fronts the Traefik-protected app layer |
|
||||
| Authentik | 9000 | http://pd:9000 / https://authentik.paccoco.com | ✅ Active; public Pangolin hostname live for OIDC/SAML migration work |
|
||||
|
||||
## AI Stack
|
||||
|
||||
|
||||
@@ -41,7 +41,7 @@ Bootstrap:
|
||||
docker logs authentik-server --tail=50
|
||||
curl -fsS http://127.0.0.1:9000/-/health/ready/
|
||||
|
||||
6. Complete initial login with the bootstrap admin on the internal URL first, then wire the public auth route.
|
||||
6. Complete initial login with the bootstrap admin on the internal URL first, then wire the public Pangolin hostname `https://authentik.paccoco.com`. Grafana and other OIDC clients should use that public hostname instead of the LAN-only `http://10.5.30.6:9000` base URL.
|
||||
7. Build providers before cutover:
|
||||
|
||||
- Grafana: OAuth2/OIDC provider
|
||||
|
||||
@@ -5,7 +5,7 @@ GF_ADMIN_USER=admin
|
||||
GF_ADMIN_PASS=CHANGE_ME
|
||||
GF_HOST=grafana.paccoco.com
|
||||
LOKI_HOST=loki.paccoco.com
|
||||
AUTHENTIK_URL=https://auth.paccoco.com
|
||||
AUTHENTIK_URL=https://authentik.paccoco.com
|
||||
GF_AUTHENTIK_APP_SLUG=grafana
|
||||
GF_AUTH_GENERIC_OAUTH_ENABLED=true
|
||||
GF_AUTH_GENERIC_OAUTH_NAME=Authentik
|
||||
|
||||
Reference in New Issue
Block a user