Croquette

Solved : I was still on my local network instead of my LTE network, so I was accessing the global ip through the local network, and thus the access page.

Hello,

I am running OPNSense as my router for my ISP and my local network.

When I access my global ip, it lands me on the login page of my OPNSense router. Is that normal?

The only Firewall WAN Rule I added is the rule to enable my Wireguard instance (and I disabled it to test if that was the issue)

I was messing with the NAT Outbound for the Road Warrior setup as explained in the OPNSense Road Warrior tutorial, but that rule is also disabled.

I enabled OutboundDNS to override a local domain.

And I have a dynamic DNS to access my VPN with a FQDN instead of the ip directly.

But otherwise, I have the vanilla configuration. I disabled all of these rules I've created to make sure that they weren't the issue, and I can still access my OPNSense from the WAN interface.

So is that a normal default behaviour? If so, how can I disable the access to the OPNSense portal from the WAN and keep it from within one of my LAN/VLAN?

___

*** For anyone stumbling on this post, and is as newbie as I am right now, forward auth doesn't work with FireflyIII.

I thought that forward auth was the same as a proxy, but in this case, it is the proxy that provides the x-authentik tags.

So for Firefly, set up Authentik as a proxy provider and not a forward auth.

I haven't figured out the rest yet, but at least, x-authentik-email is in my header now.

Good luck ***

Hello,

I am trying to setup Authentik to do a forward auth for Firefly3, using caddy. I am trying to learn External authentication so my knowledge is limited.

My setup is as follows.

By looking at the Firefly doc Firefly doc, I need to set AUTHENTICATION_GUARD=remote_user_guard AUTHENTICATION_GUARD_HEADER=HTTP_X_AUTHENTIK_EMAIL in my .env file. I used the base .env file provided by Firefly and modified only these two lines

Then, in my Authentik, I made a forward auth for a single application for firefly. This part seem to work because the redirection is made. The external host is my Firefly ip address.

Then from the example provided in the Authentik provider, I created my caddy file on the Firefly container to redirect port 80 to my custom port 9080.

:80 {
        # directive execution order is only as stated if enclosed with route.
        route {
                # always forward outpost path to actual outpost
                reverse_proxy /outpost.goauthentik.io/* http://10.0.1.7:9080/

                # forward authentication to outpost
                forward_auth http://10.0.1.7:9080/ {
                        uri /outpost.goauthentik.io/auth/caddy

                        # capitalization of the headers is important, otherwise they will be empty
                        copy_headers X-Authentik-Username X-Authentik-Groups X-Authentik-Email X-Authentik-Name X-Authentik-Uid X-Authentik-Jwt X-Authentik-Me>

                        # optional, in this config trust all private ranges, should probably be set to the outposts IP
                        trusted_proxies private_ranges
                }

        }
}

EDIT : The IP address of Firefly is 10.0.1.8

When I try to go on my Firefly app, the Authentik redirection is made and it tries to connect to the Firefly webpage,but I either get unable to connect when I try the https, or Looks like there’s a problem with this site when I try to connect with http.

I see that the connection is refused in both case.

I made sure that my email on my account on firefly matches the email from the Authentik user.

I tried googling my problem to no avail and the Firefly documentation is pretty scarce.

Any help would be welcome.

Hello,

I am trying to setup Authelia using apalrd tutorial.

In the configuration file, I need to setup a SMTP server to send email from.

I am currently using proton mail and they don't have smtp support out of the box, you have to go through their bridge.

I've tried to find tutorial on how to use Proton Bridge CLI to be able to use it as my SMTP locally, but the information seems scarce on that front. (keep in mind that I am no expert).

So my question is as follows : what are my option to have a functional SMTP configuration on my Authelia server?

Thank you