Skip to content

Instantly share code, notes, and snippets.

View ifeulner's full-sized avatar
💭
Allways on status

Ingo Feulner ifeulner

💭
Allways on status
View GitHub Profile
@ifeulner
ifeulner / authentik-caddy-two-hosts.md
Last active July 9, 2026 10:58
Authentik forward_auth via Caddy across two hosts (embedded outpost): two silent-bypass gotchas and the fix

Authentik forward_auth via Caddy, across two separate hosts (embedded outpost)

Setup: Authentik's embedded outpost (no separate ghcr.io/goauthentik/proxy container) protecting an app on a different host than Authentik, via Caddy's forward_auth. Community examples assume Caddy and Authentik are on the same machine — the two-host case has two extra gotchas that silently bypass auth instead of erroring.

Symptom: config validates fine, Provider/Application exist and are bound to the embedded outpost — but every request reaches the protected app, no

@ifeulner
ifeulner / 01_longhorn_bestpractices.md
Last active December 11, 2025 03:21
Longhorn hcloud best practices

Longhorn best practices

The following settings are provided as an example how longhorn should be configured in a production cluster, especially if it is deployed on Hetzner Cloud infrastructure.

Hetzner server nodes provide local storage and allow up to five attached volumes (with a size of up to 10TiB each) Local storage is provided by NVMe storage and therefore is much faster than the attached volumes, but limited in size (max 300GiB usable).

It is assumed that the cluster creation is already done, e.g. via terraform scripts provided by the great kube-hetzner project.

Initial configuration