fix: add AUTHENTIK_HOST_BROWSER for outpost browser redirects

- Adds AUTHENTIK_HOST_BROWSER=https://sso.castaldifamily.com to all outposts
- Required when internal AUTHENTIK_HOST differs from public SSO URL
- Should resolve 404 errors in outpost configuration fetch

nodes/heimdall/prowlarr/compose.yaml

@@ -32,6 +32,7 @@ services:
       - proxy-net
     environment:
       AUTHENTIK_HOST: http://authentik_server:9000
+      AUTHENTIK_HOST_BROWSER: https://sso.castaldifamily.com
       AUTHENTIK_TOKEN: 42FCcV9gmTfixaak77xW4eAZIMUUJ0u5vGsxvumfo1Lav5DIyLViDz4xqinE
       AUTHENTIK_INSECURE: "false"
     labels:

nodes/heimdall/radarr/compose.yaml

@@ -41,6 +41,7 @@ services:
       - proxy-net
     environment:
       AUTHENTIK_HOST: http://authentik_server:9000
+      AUTHENTIK_HOST_BROWSER: https://sso.castaldifamily.com
       AUTHENTIK_TOKEN: mEK1nIhle1dorsb2x7EJlDfwqdQ2GZLlDdzZhTeP9RMvrWtrlM0ZW89SiBWB
       AUTHENTIK_INSECURE: "false"
     labels:

nodes/heimdall/sabnzbd/compose.yaml

@@ -41,6 +41,7 @@ services:
       - proxy-net
     environment:
       AUTHENTIK_HOST: http://authentik_server:9000
+      AUTHENTIK_HOST_BROWSER: https://sso.castaldifamily.com
       AUTHENTIK_TOKEN: xvPTq2ASWspkW9Z7H44RPwLZ9LhFqBrtQ11eXPlE7QWGhsixWU7Rc07xVmsw
       AUTHENTIK_INSECURE: "false"
     labels:

nodes/heimdall/sonarr/compose.yaml

@@ -43,10 +43,9 @@ services:
     container_name: sonarr_outpost
     environment:
         AUTHENTIK_HOST: http://authentik_server:9000
+        AUTHENTIK_HOST_BROWSER: https://sso.castaldifamily.com
         AUTHENTIK_INSECURE: "false"
         AUTHENTIK_TOKEN: cJ4UWeFQ2DUTyvR22s588ciFuLSw698HTVxnEf7ecN3dq3nFOyVod6ngE66Z
-        # Optional setting to be used when `authentik_host` for internal communication doesn't match the public URL.
-        # AUTHENTIK_HOST_BROWSER: https://sonarr.castaldifamily.com
     labels:
       - "traefik.enable=true"
       - "traefik.http.routers.sonarr.entrypoints=websecure"