this post was submitted on 16 Jun 2026
27 points (100.0% liked)

Selfhosted

60024 readers
719 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam.

  3. Posts here are to be centered around self-hosting. Please ensure it is clear in your post how it relates to self-hosting.

  4. Don't duplicate the full text of your blog or git here. Just post the link for folks to click.

  5. Submission headline should match the article title.

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
ayyy@sh.itjust.works
curbstickle@anarchist.nexus
curbstickle_lw@lemmy.world
27
New to Authentik - Challenges with getting my first application working (friendica.ginestes.es)
submitted 5 days ago by abeorch@friendica.ginestes.es to c/selfhosted@lemmy.world
14 comments fedilink hide all child comments
 

- I'm new to #Authentik - I've just spun up a test instance and tried to connect my first application (#Postiz) but I'm kind of stuck.

I've installed both Postiz and Authentik using Docker Compose - as provided by the relevant apps.

As far as #Authentik goes it looks like its approving authentication requests (its showing successes in the GUI) but the application just returns to the login screen without progressing.

One thing that I found was that within the configuration of the Application and Provider one URL provided by Authentik is the /application/o/postiz/.well-known/openid-configuration which lists several URLs used by the application - one is /application/o/authorize/ but unlike all the others this returns a 404 error when I try to load it via the browser.

I am struggling to work out if - this URL should 404 should occur and also how to diagnose what the problem is.

I've popped messages in their relevant Discord forums but any ideas or input would be greatly appreciated - I'm figuring getting Authentik is going to be key to getting other applications going.

top 14 comments
sorted by: hot top controversial new old
[–] abeorch@friendica.ginestes.es 1 points 2 days ago

So an update. It turns out that all the issues were actually to do with Postiz rather than Authentic. - I tried installing a few other apps and linking them to Authentik but I ran into a few issues. Then I took Postiz and tried turning off the Atuthentik authentication and then just getting it to work with native user accounts. This initially didn't work - it turned out that there were a few issues.

  1. The startup procedure for Poztiz actually left the backend API service not running properly. I had to run the docker compose, get all the other services running and then stop the postiz container specifically wait a bit more and then restart just that container. That got the API service running.

  2. Because I was just running it internally I didn't have SSL certificates configured and was just using http - consequently I had to introduce NOT_SECURED: "true" into the environment section of the Postiz service in the compose file and then repeat the process above. This resolved a silent error in my browser where cookies used to manage the authenticated browser session were discarded because I wasn't using SSL.

So success at least getting Postiz running. I am now going to step back, reconfigure it for Authentic retry.

I am going to guess that these issues might be relevant if you are running Postiz behind a reverse proxy (I'm not sure if this is being done with the docker compose set-up). I possibly also need to look at how much memory and CPU I have on my test VM.

I've posted similar details in Postiz Discord. If anyone else is using #Postiz and would like to exchange notes - please do drop me a mention. Always good to have other people to talk to about these things and share notes.

[–] dlsolo@lemmy.world 12 points 5 days ago (1 children)

I moved away from authentik for void-auth: https://github.com/voidauth/voidauth

Life is so much better...

[–] Starfighter@discuss.tchncs.de 4 points 5 days ago* (last edited 5 days ago) (1 children)

If you don't mind me asking, what made you go with VoidAuth vs Authelia or something else entirely?

I'm in a similar boat as OP and while VoidAuth looks very promising I'm put off a little by the young age and size of the project.

[–] CHOPSTEEQ@lemmy.ml 6 points 5 days ago (1 children)

I tried literally every mature option and they all were ridiculously complicated or just straight didn’t work for me. Voidauth just works. One container. Does everything you need to offer SSO for your users, and secures apps that don’t use SSO just as easily with proxyauth.

[–] dlsolo@lemmy.world 1 points 4 days ago

This!

[–] brewery@feddit.uk 4 points 5 days ago (2 children)

I have self hosted for years using Authentik and have 50 + services. Postiz has been one of the most challenging to spin up and maintain. The documentation is not up to date, the software is constantly changing and I had to tweak lots to get it to work. Even now, it seems to crash after a few days and haven't had the chance to investigate. All these posts I set up didn't go through and now if I turn it back on, it'll release them all in one go before I can get in to stop it, or have to revert to a fresh install...

The vast majority of services and not like this so don't get disheartened! Try some other ones first them come back to this when more experienced. I recommend Bento PDF, ConvertX, outline wiki, vikunja and immich (if you have the storage space).

At first, try to stick to software on Authentik's guides (https://integrations.goauthentik.io/). Once you do a few OIDC and forward proxy services you'll get the hang of it.

When I get a chance I'll share my docker compose SSO settings and authentik redirect uri that worked for me with the caveat that the software crashes for some reason.

[–] abeorch@friendica.ginestes.es 1 points 4 days ago

@brewery A specific question - Does your Authorise URL for Postiz return a 404 when you load it via a browser? Is it /application/o/authorize/ ? because that seems oddly non-specific for a specific application...

[–] abeorch@friendica.ginestes.es 2 points 5 days ago

@brewery Oh cheers. Yeah I think I need to test setting up another app to confirm whether its Authentik or Postiz. The other app I am looking at is an open source core banking system so I think I'll leave that one for a while and as you suggest try something more straight forward.

I'm keen to get Postiz working because I belong to a sailing club and its a time vacuum posting updates all over the place.

I'm interested do you you anything for social listening - I'd like to pull together a few social feeds from Twitter, Instal, Facebook and provide them to the few of us that are working on keeping the club's profile up.

[–] devaly@ani.social 4 points 5 days ago (2 children)

Any particular reason for Authentik? I found it very resource hungry and slow. PocketId on the other hand, is super lightweight and fast

[–] lovable_titty@lemmy.world 1 points 4 days ago

I feel the same, at least for a homelab. It's very feature rich though.

For that reason I switched to Keycloak. It seems a lot faster.

[–] abeorch@friendica.ginestes.es 0 points 5 days ago (1 children)

@devaly Is it possible to use PocketID without Https if I am testing it internally ?

[–] devaly@ani.social 2 points 5 days ago* (last edited 5 days ago)

nope, https only. Because pocket id uses web authn which requires encryption

[–] roofuskit@lemmy.world 3 points 5 days ago

https://integrations.goauthentik.io/applications/

https://youtube.com/playlist?list=PLH73rprBo7vSkDq-hAuXOoXx2es-1ExOP

Everything you need is there. Authentik is fantastic.

[–] Tolookah@discuss.tchncs.de 1 points 5 days ago

If you are getting the authentik login screen and being redirected, it's either the redirect url not being right or the app itself not being configured for authentik.

Source: my limited knowledge with authentik and other apps.