Expose Authentik on public Pangolin hostname
Some checks failed
secret-guardrails / artifact-secret-scan (push) Has been cancelled
secret-guardrails / gitleaks (push) Has been cancelled

This commit is contained in:
Fizzlepoof
2026-05-23 20:23:27 +00:00
parent 406efa102d
commit c1f6dce227
3 changed files with 4 additions and 3 deletions

View File

@@ -25,7 +25,8 @@ All homelab services, their hosts, ports, and current status.
| Shlink | 8087 | http://pd:8087 | ✅ Active |
| Shlink Web Client | 8088 | http://pd:8088 | ✅ Active |
| RackPeek | 8283 | http://pd:8283 | ✅ Active |
| Authelia | 9091 | http://pd:9091 / https://auth.paccoco.com | ✅ Active internally on PD; Traefik is ready to enforce app auth once Pangolin targets are cut over |
| Authelia | 9091 | http://pd:9091 / https://auth.paccoco.com | ✅ Active internally on PD; currently fronts the Traefik-protected app layer |
| Authentik | 9000 | http://pd:9000 / https://authentik.paccoco.com | ✅ Active; public Pangolin hostname live for OIDC/SAML migration work |
## AI Stack

View File

@@ -41,7 +41,7 @@ Bootstrap:
docker logs authentik-server --tail=50
curl -fsS http://127.0.0.1:9000/-/health/ready/
6. Complete initial login with the bootstrap admin on the internal URL first, then wire the public auth route.
6. Complete initial login with the bootstrap admin on the internal URL first, then wire the public Pangolin hostname `https://authentik.paccoco.com`. Grafana and other OIDC clients should use that public hostname instead of the LAN-only `http://10.5.30.6:9000` base URL.
7. Build providers before cutover:
- Grafana: OAuth2/OIDC provider

View File

@@ -5,7 +5,7 @@ GF_ADMIN_USER=admin
GF_ADMIN_PASS=CHANGE_ME
GF_HOST=grafana.paccoco.com
LOKI_HOST=loki.paccoco.com
AUTHENTIK_URL=https://auth.paccoco.com
AUTHENTIK_URL=https://authentik.paccoco.com
GF_AUTHENTIK_APP_SLUG=grafana
GF_AUTH_GENERIC_OAUTH_ENABLED=true
GF_AUTH_GENERIC_OAUTH_NAME=Authentik