authentik_host vs authentik_host_browser for embedded outpost?

[itskagee]

Hi,

I am a bit confused about those two options.

As far as I could understand from this: docs, authentik_host is used by the outpost to connect to Authentik, while authentik_host_browser is used for user facing operations.

So going by this, I set these up as follows:
authentik_host: https://localhost:9443
authentik_host_browser: https://auth.<domain>.<tld>

However, when I use Authentik in Forward Auth (single application) mode, after entering my credentials, the webpage redirects to the localhost address set by authentik_host, instead of going to the FQDN set by authentik_host_browser.

I expected the redirect to go to authentik_host_browser, since this is a user facing operation.

Have I misunderstood the documentation, or am I setting something wrong?

Using the FQDN in authentik_host results in correct redirects and a successful authentication, but I'd like it if the outpost didn't have to go out and come back in to connect to something to which it can connect internally.

Relevant info
Reverse Proxy: Caddy

Screenshots

Logs

Version and Deployment (please complete the following information):

• authentik version: 2024.12.2
• Deployment: docker-compose

Additional context