diff --git a/website/docs/outposts/proxy/forward_auth.mdx b/website/docs/outposts/proxy/forward_auth.mdx
index 176112771..0f5258875 100644
--- a/website/docs/outposts/proxy/forward_auth.mdx
+++ b/website/docs/outposts/proxy/forward_auth.mdx
@@ -46,24 +46,46 @@ import TabItem from '@theme/TabItem';
   <TabItem value="standalone-nginx">
 
 ```
-    location /akprox {
-        proxy_pass          http://*ip of your outpost*:4180;
-        error_page          401 = @akprox_signin;
-        proxy_set_header    X-Forwarded-Host $http_host;
-        auth_request_set    $auth_cookie $upstream_http_set_cookie;
-        add_header          Set-Cookie $auth_cookie;
-    }
+server {
+    # SSL and VHost configuration
+    listen                  443 ssl http2;
+    server_name             _;
 
-    location @akprox_signin {
-      internal;
-      add_header Set-Cookie $auth_cookie;
-      return 302 /akprox/start?rd=$request_uri;
-    }
+    ssl_certificate         /etc/ssl/certs/ssl-cert-snakeoil.pem;
+    ssl_certificate_key     /etc/ssl/private/ssl-cert-snakeoil.key;
 
     location / {
-        auth_request /akprox/auth?nginx;
-        # All your other options...
+        # Put your proxy_pass to your application here
+        # proxy_pass          http://localhost:5000;
+
+        # authentik-specific config
+        auth_request        /akprox/auth;
+        error_page          401 = @akprox_signin;
+        # translate headers from the outposts back to the actual upstream
+        auth_request_set    $username    $upstream_http_x_auth_username;
+        auth_request_set    $email       $upstream_http_X_Forwarded_Email;
+        proxy_set_header    X-Auth-Username   $username;
+        proxy_set_header    X-Forwarded-Email $email;
     }
+
+    # all requests to /akprox must be accessible without authentication
+    location /akprox {
+        proxy_pass          http://*ip or hostname of the authentik OUTPOST*:4180;
+        # ensure the host of this vserver matches your external URL you've configured
+        # in authentik
+        proxy_set_header    Host $host;
+        add_header          Set-Cookie $auth_cookie;
+        auth_request_set    $auth_cookie $upstream_http_set_cookie;
+    }
+
+    # Special location for when the /auth endpoint returns a 401,
+    # redirect to the /start URL which initiates SSO
+    location @akprox_signin {
+        internal;
+        add_header Set-Cookie $auth_cookie;
+        return 302 /akprox/start?rd=$request_uri;
+    }
+}
 ```
 
   </TabItem>