I’ve got a home media server running unraid. To allow access away from home I’ve bought a domain name and set up Authentik, Nginx Proxy Manager and Homepage. I want to be able to go to example.com, hit a login page then get to my homepage (to be clear, throughout this I have replaced my real domain with example.com). When I first set this up auth.example.com would got to the Authentik login but example.com would go straight to homepage.
Following advice from elsewhere I’ve now got it so that going to example.com gives a 500 error – auth.example.com still goes to the login. Nginx has two proxy hosts, one for auth.example.com which has Forward Hostname = authentik and Forward Port = 9000 with no Custom Nginx Configuration, and the other for example.com with the same setup but the following custom config:
location / {
# Put your proxy_pass to your application here
proxy_pass $forward_scheme://$server:$port;
# authentik-specific config
auth_request /outpost.goauthentik.io/auth/nginx;
error_page 401 = @goauthentik_proxy_signin;
auth_request_set $auth_cookie $upstream_http_set_cookie;
add_header Set-Cookie $auth_cookie;
# translate headers from the outposts back to the actual upstream
auth_request_set $authentik_username $upstream_http_x_authentik_username;
auth_request_set $authentik_groups $upstream_http_x_authentik_groups;
auth_request_set $authentik_email $upstream_http_x_authentik_email;
auth_request_set $authentik_name $upstream_http_x_authentik_name;
auth_request_set $authentik_uid $upstream_http_x_authentik_uid;
proxy_set_header X-authentik-username $authentik_username;
proxy_set_header X-authentik-groups $authentik_groups;
proxy_set_header X-authentik-email $authentik_email;
proxy_set_header X-authentik-name $authentik_name;
proxy_set_header X-authentik-uid $authentik_uid;
}
# all requests to /outpost.goauthentik.io must be accessible without authentication
location /outpost.goauthentik.io {
proxy_pass http://auth.example.com/outpost.goauthentik.io;
# ensure the host of this vserver matches your external URL you've configured
# in authentik
proxy_set_header Host $host;
proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
add_header Set-Cookie $auth_cookie;
auth_request_set $auth_cookie $upstream_http_set_cookie;
# required for POST requests to work
proxy_pass_request_body off;
proxy_set_header Content-Length "";
}
# Special location for when the /auth endpoint returns a 401,
# redirect to the /start URL which initiates SSO
location @goauthentik_proxy_signin {
internal;
add_header Set-Cookie $auth_cookie;
return 302 https://authentik.company/outpost.goauthentik.io/start?rd=$scheme://$http_host$request_uri;
}
I’ve been through a few versions of this config, all of which have the same result. In Authentik the application, provider and outpost are all set up with the Provider set as Forward auth (single application). In Unraid all the relevant containers are on a single custom network. Going into the Nginx console and running curl -I http://authentik:9000/ak/forward-auth
I get:
HTTP/1.1 404 Not Found
Content-Length: 3857
Content-Type: text/html; charset=utf-8
Date: Thu, 12 Feb 2026 13:36:00 GMT
Referrer-Policy: same-origin
Vary: Accept-Encoding
Vary: Cookie
X-Authentik-Id: 31cff1079fb7493faa8b4a176322de5a
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Powered-By: authentik
When I go to auth.example.com while watching the authentik logs I see them instantly update but when I go to example.com the logs don’t update. The Nginx logs do not update when going to either address.
Can anyone point me in the right direction of what might be causing the 500 error? I’m happy to provide more detail if there’s something else that needs clarified
Update:
Based on a suggestion from elsewhere I changed one line in the Nginx custom config from proxy_pass $forward_scheme://$server:$port; to proxy_pass http://homepage:3000;. This changed the behaviour so that going to http://example.com returns the generic message Congratulations! You’ve successfully started the Nginx Proxy Manager. Going to https://example.com brings up the following browser error:
Secure Connection Failed
An error occurred during a connection to example.com. SSL peer has no certificate for the requested DNS name.
Error code: SSL_ERROR_UNRECOGNIZED_NAME_ALERT
