From d075f470cdbc909cc7c7e3eb597e3fbfebe13178 Mon Sep 17 00:00:00 2001
From: Thomas Kendrick <tom@tkendrick.com>
Date: Fri, 19 Dec 2025 23:20:26 +0000
Subject: [PATCH] feat: outpost rule (again)

---
 access_management/authentik/docker-compose.yml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/access_management/authentik/docker-compose.yml b/access_management/authentik/docker-compose.yml
index 72b02af..fccb9db 100644
--- a/access_management/authentik/docker-compose.yml
+++ b/access_management/authentik/docker-compose.yml
@@ -60,6 +60,11 @@ services:
       traefik.http.routers.authentik.rule: "Host(`auth.${DOMAIN}`)"
       traefik.http.routers.authentik.entrypoints: "https"
       traefik.http.routers.authentik.tls.certresolver: "cloudflare"
+      # Authentik Outpost Router (prevents redirect loops)
+      traefik.http.routers.authentik-outpost.rule: "HostRegexp(`{host:.+}`) && PathPrefix(`/outpost.goauthentik.io/`)"
+      traefik.http.routers.authentik-outpost.entrypoints: "https"
+      traefik.http.routers.authentik-outpost.tls.certresolver: "cloudflare"
+      traefik.http.routers.authentik-outpost.service: "authentik"
       traefik.http.services.authentik.loadbalancer.server.port: "9000"
       # Authentik Middleware
       traefik.http.middlewares.authentik.forwardauth.address: "http://authentik-server:9000/outpost.goauthentik.io/auth/traefik"