fix(prowlarr): resolve auth_mode_conflict by using shared authentik middleware

Remove redundant prowlarr_outpost sidecar container and apply the shared authentik-auth@file middleware to the prowlarr router. The Authentik forward auth middleware already exists in the Traefik dynamic configuration and provides the necessary authentication layer without requiring a dedicated outpost container per service.
2026-05-31 21:24:02 -04:00 · 2026-05-31 21:24:02 -04:00 · 19089602b8
commit 19089602b8
parent 2610b5a430
1 changed files with 35 additions and 43 deletions
--- a/nodes/heimdall/prowlarr/compose.yaml
+++ b/nodes/heimdall/prowlarr/compose.yaml
@ -25,19 +25,11 @@ services:
    restart: unless-stopped
    networks:
      - proxy-net
-  prowlarr_outpost:
-    image: ghcr.io/goauthentik/proxy:2026.2.2
-    container_name: prowlarr_outpost
-    networks:
-      - proxy-net
-    environment:
-      AUTHENTIK_HOST: https://sso.castaldifamily.com
-      AUTHENTIK_TOKEN: 42FCcV9gmTfixaak77xW4eAZIMUUJ0u5vGsxvumfo1Lav5DIyLViDz4xqinE
-      AUTHENTIK_INSECURE: "false"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.prowlarr-proxy.entrypoints=websecure"
      - "traefik.http.routers.prowlarr-proxy.rule=Host(`prowlarr.castaldifamily.com`)"
      - "traefik.http.routers.prowlarr-proxy.tls=true"
      - "traefik.http.routers.prowlarr-proxy.tls.certresolver=cloudflare"
-      - "traefik.http.services.prowlarr-proxy.loadbalancer.server.port=9000"
+      - "traefik.http.routers.prowlarr-proxy.middlewares=authentik-auth@file,security-headers@file"
+      - "traefik.http.services.prowlarr-proxy.loadbalancer.server.port=9696"