From 4343246a41227d91329a665489af7968e9f296a5 Mon Sep 17 00:00:00 2001
From: Jens L <jens.langhammer@beryju.org>
Date: Tue, 8 Feb 2022 20:25:38 +0100
Subject: [PATCH] *: rename akprox to outpost.goauthentik.io (#2266)

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
---
 authentik/providers/proxy/apps.py             |   4 +
 .../providers/proxy/controllers/docker.py     |   4 +-
 .../proxy/controllers/k8s/ingress.py          |   2 +-
 .../proxy/controllers/k8s/traefik.py          |   5 +-
 authentik/providers/proxy/models.py           |   2 +-
 authentik/providers/proxy/tasks.py            |  11 +
 internal/outpost/ldap/metrics/metrics.go      |   2 +-
 .../proxyv2/application/application.go        |  10 +-
 internal/outpost/proxyv2/application/error.go |   2 +-
 .../proxyv2/application/mode_forward.go       |  16 +-
 .../application/mode_forward_nginx_test.go    |  14 +-
 .../application/mode_forward_traefik_test.go  |  16 +-
 internal/outpost/proxyv2/application/utils.go |   2 +-
 .../outpost/proxyv2/application/utils_test.go |   8 +-
 internal/outpost/proxyv2/handlers.go          |   6 +-
 internal/outpost/proxyv2/metrics/metrics.go   |   2 +-
 internal/outpost/proxyv2/proxyv2.go           |   4 +-
 internal/outpost/proxyv2/templates/error.html |  10 +-
 internal/web/proxy.go                         |   2 +-
 ldap.Dockerfile                               |   2 +-
 proxy.Dockerfile                              |   2 +-
 tests/e2e/test_provider_proxy.py              |   2 +-
 web/src/locales/en.po                         | 190 +++++++++---------
 web/src/locales/es.po                         |   4 +-
 web/src/locales/fr_FR.po                      |  72 +++----
 web/src/locales/pl.po                         |   4 +-
 web/src/locales/pl_PL.po                      |   8 +-
 web/src/locales/pseudo-LOCALE.po              | 188 ++++++++---------
 web/src/locales/tr.po                         |   4 +-
 web/src/locales/zh-Hans.po                    |   8 +-
 web/src/locales/zh-Hant.po                    |   8 +-
 web/src/locales/zh_TW.po                      |   8 +-
 .../providers/proxy/ProxyProviderForm.ts      |   2 +-
 website/docs/outposts/embedded/embedded.md    |   2 +-
 website/docs/outposts/integrations/docker.md  |   2 +-
 .../docs/providers/proxy/_nginx_ingress.md    |   6 +-
 .../providers/proxy/_nginx_proxy_manager.md   |  14 +-
 .../docs/providers/proxy/_nginx_standalone.md |  16 +-
 .../docs/providers/proxy/_traefik_compose.md  |   4 +-
 .../docs/providers/proxy/_traefik_ingress.md  |   4 +-
 .../providers/proxy/_traefik_standalone.md    |   6 +-
 website/docs/providers/proxy/forward_auth.mdx |   2 +-
 website/docs/providers/proxy/proxy.md         |   6 +-
 website/docs/releases/v2021.8.md              |   2 +-
 website/docs/releases/v2022.1.md              |   4 +-
 45 files changed, 355 insertions(+), 337 deletions(-)
 create mode 100644 authentik/providers/proxy/tasks.py

diff --git a/authentik/providers/proxy/apps.py b/authentik/providers/proxy/apps.py
index 5355ece60..ad1f0bf45 100644
--- a/authentik/providers/proxy/apps.py
+++ b/authentik/providers/proxy/apps.py
@@ -12,4 +12,8 @@ class AuthentikProviderProxyConfig(AppConfig):
     verbose_name = "authentik Providers.Proxy"
 
     def ready(self) -> None:
+        from authentik.providers.proxy.tasks import proxy_set_defaults
+
         import_module("authentik.providers.proxy.managed")
+
+        proxy_set_defaults.delay()
diff --git a/authentik/providers/proxy/controllers/docker.py b/authentik/providers/proxy/controllers/docker.py
index ef47a69de..32cc9ff33 100644
--- a/authentik/providers/proxy/controllers/docker.py
+++ b/authentik/providers/proxy/controllers/docker.py
@@ -28,12 +28,12 @@ class ProxyDockerController(DockerController):
         labels["traefik.enable"] = "true"
         labels[
             f"traefik.http.routers.{traefik_name}-router.rule"
-        ] = f"Host({','.join(hosts)}) && PathPrefix(`/akprox`)"
+        ] = f"Host({','.join(hosts)}) && PathPrefix(`/outpost.goauthentik.io`)"
         labels[f"traefik.http.routers.{traefik_name}-router.tls"] = "true"
         labels[f"traefik.http.routers.{traefik_name}-router.service"] = f"{traefik_name}-service"
         labels[
             f"traefik.http.services.{traefik_name}-service.loadbalancer.healthcheck.path"
-        ] = "/akprox/ping"
+        ] = "/outpost.goauthentik.io/ping"
         labels[
             f"traefik.http.services.{traefik_name}-service.loadbalancer.healthcheck.port"
         ] = "9300"
diff --git a/authentik/providers/proxy/controllers/k8s/ingress.py b/authentik/providers/proxy/controllers/k8s/ingress.py
index 7b4f10d5d..1d7f1fe07 100644
--- a/authentik/providers/proxy/controllers/k8s/ingress.py
+++ b/authentik/providers/proxy/controllers/k8s/ingress.py
@@ -126,7 +126,7 @@ class IngressReconciler(KubernetesObjectReconciler[V1Ingress]):
                                         port=V1ServiceBackendPort(name="http"),
                                     ),
                                 ),
-                                path="/akprox",
+                                path="/outpost.goauthentik.io",
                                 path_type="ImplementationSpecific",
                             )
                         ]
diff --git a/authentik/providers/proxy/controllers/k8s/traefik.py b/authentik/providers/proxy/controllers/k8s/traefik.py
index 4831d4123..2066b2620 100644
--- a/authentik/providers/proxy/controllers/k8s/traefik.py
+++ b/authentik/providers/proxy/controllers/k8s/traefik.py
@@ -119,7 +119,10 @@ class TraefikMiddlewareReconciler(KubernetesObjectReconciler[TraefikMiddleware])
             ),
             spec=TraefikMiddlewareSpec(
                 forwardAuth=TraefikMiddlewareSpecForwardAuth(
-                    address=f"http://{self.name}.{self.namespace}:9000/akprox/auth/traefik",
+                    address=(
+                        f"http://{self.name}.{self.namespace}:9000/"
+                        "outpost.goauthentik.io/auth/traefik"
+                    ),
                     authResponseHeaders=[
                         "X-authentik-username",
                         "X-authentik-groups",
diff --git a/authentik/providers/proxy/models.py b/authentik/providers/proxy/models.py
index d7f9ceebc..10237d218 100644
--- a/authentik/providers/proxy/models.py
+++ b/authentik/providers/proxy/models.py
@@ -27,7 +27,7 @@ def get_cookie_secret():
 
 
 def _get_callback_url(uri: str) -> str:
-    return urljoin(uri, "/akprox/callback")
+    return urljoin(uri, "/outpost.goauthentik.io/callback")
 
 
 class ProxyMode(models.TextChoices):
diff --git a/authentik/providers/proxy/tasks.py b/authentik/providers/proxy/tasks.py
new file mode 100644
index 000000000..2261c2f09
--- /dev/null
+++ b/authentik/providers/proxy/tasks.py
@@ -0,0 +1,11 @@
+"""proxy provider tasks"""
+from authentik.providers.proxy.models import ProxyProvider
+from authentik.root.celery import CELERY_APP
+
+
+@CELERY_APP.task()
+def proxy_set_defaults():
+    """Ensure correct defaults are set for all providers"""
+    for provider in ProxyProvider.objects.all():
+        provider.set_oauth_defaults()
+        provider.save()
diff --git a/internal/outpost/ldap/metrics/metrics.go b/internal/outpost/ldap/metrics/metrics.go
index fdd1a1825..2ff8af4b0 100644
--- a/internal/outpost/ldap/metrics/metrics.go
+++ b/internal/outpost/ldap/metrics/metrics.go
@@ -25,7 +25,7 @@ var (
 func RunServer() {
 	m := mux.NewRouter()
 	l := log.WithField("logger", "authentik.outpost.metrics")
-	m.HandleFunc("/akprox/ping", func(rw http.ResponseWriter, r *http.Request) {
+	m.HandleFunc("/outpost.goauthentik.io/ping", func(rw http.ResponseWriter, r *http.Request) {
 		rw.WriteHeader(204)
 	})
 	m.Path("/metrics").Handler(promhttp.Handler())
diff --git a/internal/outpost/proxyv2/application/application.go b/internal/outpost/proxyv2/application/application.go
index 6b9c9f02f..72e19adc0 100644
--- a/internal/outpost/proxyv2/application/application.go
+++ b/internal/outpost/proxyv2/application/application.go
@@ -78,7 +78,7 @@ func NewApplication(p api.ProxyOutpostConfig, c *http.Client, cs *ak.CryptoStore
 	oauth2Config := oauth2.Config{
 		ClientID:     *p.ClientId,
 		ClientSecret: *p.ClientSecret,
-		RedirectURL:  urlJoin(p.ExternalHost, "/akprox/callback"),
+		RedirectURL:  urlJoin(p.ExternalHost, "/outpost.goauthentik.io/callback"),
 		Endpoint:     endpoint.Endpoint,
 		Scopes:       p.ScopesToRequest,
 	}
@@ -145,10 +145,10 @@ func NewApplication(p api.ProxyOutpostConfig, c *http.Client, cs *ak.CryptoStore
 	mux.Use(sentryhttp.New(sentryhttp.Options{}).Handle)
 
 	// Support /start and /sign_in for backwards compatibility
-	mux.HandleFunc("/akprox/start", a.handleRedirect)
-	mux.HandleFunc("/akprox/sign_in", a.handleRedirect)
-	mux.HandleFunc("/akprox/callback", a.handleCallback)
-	mux.HandleFunc("/akprox/sign_out", a.handleSignOut)
+	mux.HandleFunc("/outpost.goauthentik.io/start", a.handleRedirect)
+	mux.HandleFunc("/outpost.goauthentik.io/sign_in", a.handleRedirect)
+	mux.HandleFunc("/outpost.goauthentik.io/callback", a.handleCallback)
+	mux.HandleFunc("/outpost.goauthentik.io/sign_out", a.handleSignOut)
 	switch *p.Mode {
 	case api.PROXYMODE_PROXY:
 		err = a.configureProxy()
diff --git a/internal/outpost/proxyv2/application/error.go b/internal/outpost/proxyv2/application/error.go
index ce01178c3..1b52d4f7a 100644
--- a/internal/outpost/proxyv2/application/error.go
+++ b/internal/outpost/proxyv2/application/error.go
@@ -18,7 +18,7 @@ func (a *Application) ErrorPage(rw http.ResponseWriter, r *http.Request, err str
 	data := ErrorPageData{
 		Title:       "Bad Gateway",
 		Message:     "Error proxying to upstream server",
-		ProxyPrefix: "/akprox",
+		ProxyPrefix: "/outpost.goauthentik.io",
 	}
 	if claims != nil && len(err) > 0 {
 		data.Message = err
diff --git a/internal/outpost/proxyv2/application/mode_forward.go b/internal/outpost/proxyv2/application/mode_forward.go
index 35460dd9c..1d06dd5e8 100644
--- a/internal/outpost/proxyv2/application/mode_forward.go
+++ b/internal/outpost/proxyv2/application/mode_forward.go
@@ -12,15 +12,15 @@ import (
 )
 
 func (a *Application) configureForward() error {
-	a.mux.HandleFunc("/akprox/auth", func(rw http.ResponseWriter, r *http.Request) {
+	a.mux.HandleFunc("/outpost.goauthentik.io/auth", func(rw http.ResponseWriter, r *http.Request) {
 		if _, ok := r.URL.Query()["traefik"]; ok {
 			a.forwardHandleTraefik(rw, r)
 			return
 		}
 		a.forwardHandleNginx(rw, r)
 	})
-	a.mux.HandleFunc("/akprox/auth/traefik", a.forwardHandleTraefik)
-	a.mux.HandleFunc("/akprox/auth/nginx", a.forwardHandleNginx)
+	a.mux.HandleFunc("/outpost.goauthentik.io/auth/traefik", a.forwardHandleTraefik)
+	a.mux.HandleFunc("/outpost.goauthentik.io/auth/nginx", a.forwardHandleNginx)
 	return nil
 }
 
@@ -49,8 +49,8 @@ func (a *Application) forwardHandleTraefik(rw http.ResponseWriter, r *http.Reque
 		a.log.Trace("path can be accessed without authentication")
 		return
 	}
-	if strings.HasPrefix(r.Header.Get("X-Forwarded-Uri"), "/akprox") {
-		a.log.WithField("url", r.URL.String()).Trace("path begins with /akprox, allowing access")
+	if strings.HasPrefix(r.Header.Get("X-Forwarded-Uri"), "/outpost.goauthentik.io") {
+		a.log.WithField("url", r.URL.String()).Trace("path begins with /outpost.goauthentik.io, allowing access")
 		return
 	}
 	host := ""
@@ -80,7 +80,7 @@ func (a *Application) forwardHandleTraefik(rw http.ResponseWriter, r *http.Reque
 	if proto != "" {
 		proto = proto + ":"
 	}
-	rdFinal := fmt.Sprintf("%s//%s%s", proto, host, "/akprox/start")
+	rdFinal := fmt.Sprintf("%s//%s%s", proto, host, "/outpost.goauthentik.io/start")
 	a.log.WithField("url", rdFinal).Debug("Redirecting to login")
 	http.Redirect(rw, r, rdFinal, http.StatusTemporaryRedirect)
 }
@@ -119,8 +119,8 @@ func (a *Application) forwardHandleNginx(rw http.ResponseWriter, r *http.Request
 	}
 
 	if fwd.String() != r.URL.String() {
-		if strings.HasPrefix(fwd.Path, "/akprox") {
-			a.log.WithField("url", r.URL.String()).Trace("path begins with /akprox, allowing access")
+		if strings.HasPrefix(fwd.Path, "/outpost.goauthentik.io") {
+			a.log.WithField("url", r.URL.String()).Trace("path begins with /outpost.goauthentik.io, allowing access")
 			return
 		}
 	}
diff --git a/internal/outpost/proxyv2/application/mode_forward_nginx_test.go b/internal/outpost/proxyv2/application/mode_forward_nginx_test.go
index 58873fc15..5d2681ae0 100644
--- a/internal/outpost/proxyv2/application/mode_forward_nginx_test.go
+++ b/internal/outpost/proxyv2/application/mode_forward_nginx_test.go
@@ -12,7 +12,7 @@ import (
 
 func TestForwardHandleNginx_Single_Blank(t *testing.T) {
 	a := newTestApplication()
-	req, _ := http.NewRequest("GET", "/akprox/auth/nginx", nil)
+	req, _ := http.NewRequest("GET", "/outpost.goauthentik.io/auth/nginx", nil)
 
 	rr := httptest.NewRecorder()
 	a.forwardHandleNginx(rr, req)
@@ -22,7 +22,7 @@ func TestForwardHandleNginx_Single_Blank(t *testing.T) {
 
 func TestForwardHandleNginx_Single_Skip(t *testing.T) {
 	a := newTestApplication()
-	req, _ := http.NewRequest("GET", "/akprox/auth/nginx", nil)
+	req, _ := http.NewRequest("GET", "/outpost.goauthentik.io/auth/nginx", nil)
 	req.Header.Set("X-Original-URL", "http://test.goauthentik.io/skip")
 
 	rr := httptest.NewRecorder()
@@ -33,7 +33,7 @@ func TestForwardHandleNginx_Single_Skip(t *testing.T) {
 
 func TestForwardHandleNginx_Single_Headers(t *testing.T) {
 	a := newTestApplication()
-	req, _ := http.NewRequest("GET", "/akprox/auth/nginx", nil)
+	req, _ := http.NewRequest("GET", "/outpost.goauthentik.io/auth/nginx", nil)
 	req.Header.Set("X-Original-URL", "http://test.goauthentik.io/app")
 
 	rr := httptest.NewRecorder()
@@ -47,7 +47,7 @@ func TestForwardHandleNginx_Single_Headers(t *testing.T) {
 
 func TestForwardHandleNginx_Single_URI(t *testing.T) {
 	a := newTestApplication()
-	req, _ := http.NewRequest("GET", "https://foo.bar/akprox/auth/nginx", nil)
+	req, _ := http.NewRequest("GET", "https://foo.bar/outpost.goauthentik.io/auth/nginx", nil)
 	req.Header.Set("X-Original-URI", "/app")
 
 	rr := httptest.NewRecorder()
@@ -61,7 +61,7 @@ func TestForwardHandleNginx_Single_URI(t *testing.T) {
 
 func TestForwardHandleNginx_Single_Claims(t *testing.T) {
 	a := newTestApplication()
-	req, _ := http.NewRequest("GET", "/akprox/auth/nginx", nil)
+	req, _ := http.NewRequest("GET", "/outpost.goauthentik.io/auth/nginx", nil)
 	req.Header.Set("X-Original-URI", "/")
 
 	rr := httptest.NewRecorder()
@@ -108,7 +108,7 @@ func TestForwardHandleNginx_Domain_Blank(t *testing.T) {
 	a := newTestApplication()
 	a.proxyConfig.Mode = api.PROXYMODE_FORWARD_DOMAIN.Ptr()
 	a.proxyConfig.CookieDomain = api.PtrString("foo")
-	req, _ := http.NewRequest("GET", "/akprox/auth/nginx", nil)
+	req, _ := http.NewRequest("GET", "/outpost.goauthentik.io/auth/nginx", nil)
 
 	rr := httptest.NewRecorder()
 	a.forwardHandleNginx(rr, req)
@@ -121,7 +121,7 @@ func TestForwardHandleNginx_Domain_Header(t *testing.T) {
 	a.proxyConfig.Mode = api.PROXYMODE_FORWARD_DOMAIN.Ptr()
 	a.proxyConfig.CookieDomain = api.PtrString("foo")
 	a.proxyConfig.ExternalHost = "http://auth.test.goauthentik.io"
-	req, _ := http.NewRequest("GET", "/akprox/auth/nginx", nil)
+	req, _ := http.NewRequest("GET", "/outpost.goauthentik.io/auth/nginx", nil)
 	req.Header.Set("X-Original-URL", "http://test.goauthentik.io/app")
 
 	rr := httptest.NewRecorder()
diff --git a/internal/outpost/proxyv2/application/mode_forward_traefik_test.go b/internal/outpost/proxyv2/application/mode_forward_traefik_test.go
index e9abe5259..5767a8885 100644
--- a/internal/outpost/proxyv2/application/mode_forward_traefik_test.go
+++ b/internal/outpost/proxyv2/application/mode_forward_traefik_test.go
@@ -12,7 +12,7 @@ import (
 
 func TestForwardHandleTraefik_Single_Blank(t *testing.T) {
 	a := newTestApplication()
-	req, _ := http.NewRequest("GET", "/akprox/auth/traefik", nil)
+	req, _ := http.NewRequest("GET", "/outpost.goauthentik.io/auth/traefik", nil)
 
 	rr := httptest.NewRecorder()
 	a.forwardHandleTraefik(rr, req)
@@ -22,7 +22,7 @@ func TestForwardHandleTraefik_Single_Blank(t *testing.T) {
 
 func TestForwardHandleTraefik_Single_Skip(t *testing.T) {
 	a := newTestApplication()
-	req, _ := http.NewRequest("GET", "/akprox/auth/traefik", nil)
+	req, _ := http.NewRequest("GET", "/outpost.goauthentik.io/auth/traefik", nil)
 	req.Header.Set("X-Forwarded-Proto", "http")
 	req.Header.Set("X-Forwarded-Host", "test.goauthentik.io")
 	req.Header.Set("X-Forwarded-Uri", "/skip")
@@ -35,7 +35,7 @@ func TestForwardHandleTraefik_Single_Skip(t *testing.T) {
 
 func TestForwardHandleTraefik_Single_Headers(t *testing.T) {
 	a := newTestApplication()
-	req, _ := http.NewRequest("GET", "/akprox/auth/traefik", nil)
+	req, _ := http.NewRequest("GET", "/outpost.goauthentik.io/auth/traefik", nil)
 	req.Header.Set("X-Forwarded-Proto", "http")
 	req.Header.Set("X-Forwarded-Host", "test.goauthentik.io")
 	req.Header.Set("X-Forwarded-Uri", "/app")
@@ -45,7 +45,7 @@ func TestForwardHandleTraefik_Single_Headers(t *testing.T) {
 
 	assert.Equal(t, rr.Code, http.StatusTemporaryRedirect)
 	loc, _ := rr.Result().Location()
-	assert.Equal(t, loc.String(), "http://test.goauthentik.io/akprox/start")
+	assert.Equal(t, loc.String(), "http://test.goauthentik.io/outpost.goauthentik.io/start")
 
 	s, _ := a.sessions.Get(req, constants.SeesionName)
 	assert.Equal(t, "http://test.goauthentik.io/app", s.Values[constants.SessionRedirect])
@@ -53,7 +53,7 @@ func TestForwardHandleTraefik_Single_Headers(t *testing.T) {
 
 func TestForwardHandleTraefik_Single_Claims(t *testing.T) {
 	a := newTestApplication()
-	req, _ := http.NewRequest("GET", "/akprox/auth/traefik", nil)
+	req, _ := http.NewRequest("GET", "/outpost.goauthentik.io/auth/traefik", nil)
 	req.Header.Set("X-Forwarded-Proto", "http")
 	req.Header.Set("X-Forwarded-Host", "test.goauthentik.io")
 	req.Header.Set("X-Forwarded-Uri", "/app")
@@ -102,7 +102,7 @@ func TestForwardHandleTraefik_Domain_Blank(t *testing.T) {
 	a := newTestApplication()
 	a.proxyConfig.Mode = api.PROXYMODE_FORWARD_DOMAIN.Ptr()
 	a.proxyConfig.CookieDomain = api.PtrString("foo")
-	req, _ := http.NewRequest("GET", "/akprox/auth/traefik", nil)
+	req, _ := http.NewRequest("GET", "/outpost.goauthentik.io/auth/traefik", nil)
 
 	rr := httptest.NewRecorder()
 	a.forwardHandleTraefik(rr, req)
@@ -115,7 +115,7 @@ func TestForwardHandleTraefik_Domain_Header(t *testing.T) {
 	a.proxyConfig.Mode = api.PROXYMODE_FORWARD_DOMAIN.Ptr()
 	a.proxyConfig.CookieDomain = api.PtrString("foo")
 	a.proxyConfig.ExternalHost = "http://auth.test.goauthentik.io"
-	req, _ := http.NewRequest("GET", "/akprox/auth/traefik", nil)
+	req, _ := http.NewRequest("GET", "/outpost.goauthentik.io/auth/traefik", nil)
 	req.Header.Set("X-Forwarded-Proto", "http")
 	req.Header.Set("X-Forwarded-Host", "test.goauthentik.io")
 	req.Header.Set("X-Forwarded-Uri", "/app")
@@ -125,7 +125,7 @@ func TestForwardHandleTraefik_Domain_Header(t *testing.T) {
 
 	assert.Equal(t, http.StatusTemporaryRedirect, rr.Code)
 	loc, _ := rr.Result().Location()
-	assert.Equal(t, "http://auth.test.goauthentik.io/akprox/start", loc.String())
+	assert.Equal(t, "http://auth.test.goauthentik.io/outpost.goauthentik.io/start", loc.String())
 
 	s, _ := a.sessions.Get(req, constants.SeesionName)
 	assert.Equal(t, "http://test.goauthentik.io/app", s.Values[constants.SessionRedirect])
diff --git a/internal/outpost/proxyv2/application/utils.go b/internal/outpost/proxyv2/application/utils.go
index 3fb5b44e3..44b20f4da 100644
--- a/internal/outpost/proxyv2/application/utils.go
+++ b/internal/outpost/proxyv2/application/utils.go
@@ -42,7 +42,7 @@ func (a *Application) redirectToStart(rw http.ResponseWriter, r *http.Request) {
 		a.log.WithError(err).Warning("failed to save session before redirect")
 	}
 
-	authUrl := urlJoin(a.proxyConfig.ExternalHost, "/akprox/start")
+	authUrl := urlJoin(a.proxyConfig.ExternalHost, "/outpost.goauthentik.io/start")
 	http.Redirect(rw, r, authUrl, http.StatusFound)
 }
 
diff --git a/internal/outpost/proxyv2/application/utils_test.go b/internal/outpost/proxyv2/application/utils_test.go
index 3d84f7608..a10ac20ac 100644
--- a/internal/outpost/proxyv2/application/utils_test.go
+++ b/internal/outpost/proxyv2/application/utils_test.go
@@ -21,7 +21,7 @@ func TestRedirectToStart_Proxy(t *testing.T) {
 
 	assert.Equal(t, http.StatusFound, rr.Code)
 	loc, _ := rr.Result().Location()
-	assert.Equal(t, "https://test.goauthentik.io/akprox/start", loc.String())
+	assert.Equal(t, "https://test.goauthentik.io/outpost.goauthentik.io/start", loc.String())
 
 	s, _ := a.sessions.Get(req, constants.SeesionName)
 	assert.Equal(t, "https://test.goauthentik.io/foo/bar/baz", s.Values[constants.SessionRedirect])
@@ -38,7 +38,7 @@ func TestRedirectToStart_Forward(t *testing.T) {
 
 	assert.Equal(t, http.StatusFound, rr.Code)
 	loc, _ := rr.Result().Location()
-	assert.Equal(t, "https://test.goauthentik.io/akprox/start", loc.String())
+	assert.Equal(t, "https://test.goauthentik.io/outpost.goauthentik.io/start", loc.String())
 
 	s, _ := a.sessions.Get(req, constants.SeesionName)
 	assert.Equal(t, "https://test.goauthentik.io/foo/bar/baz", s.Values[constants.SessionRedirect])
@@ -56,7 +56,7 @@ func TestRedirectToStart_Forward_Domain_Invalid(t *testing.T) {
 
 	assert.Equal(t, http.StatusFound, rr.Code)
 	loc, _ := rr.Result().Location()
-	assert.Equal(t, "https://test.goauthentik.io/akprox/start", loc.String())
+	assert.Equal(t, "https://test.goauthentik.io/outpost.goauthentik.io/start", loc.String())
 
 	s, _ := a.sessions.Get(req, constants.SeesionName)
 	assert.Equal(t, "https://test.goauthentik.io", s.Values[constants.SessionRedirect])
@@ -74,7 +74,7 @@ func TestRedirectToStart_Forward_Domain(t *testing.T) {
 
 	assert.Equal(t, http.StatusFound, rr.Code)
 	loc, _ := rr.Result().Location()
-	assert.Equal(t, "https://test.goauthentik.io/akprox/start", loc.String())
+	assert.Equal(t, "https://test.goauthentik.io/outpost.goauthentik.io/start", loc.String())
 
 	s, _ := a.sessions.Get(req, constants.SeesionName)
 	assert.Equal(t, "https://test.goauthentik.io", s.Values[constants.SessionRedirect])
diff --git a/internal/outpost/proxyv2/handlers.go b/internal/outpost/proxyv2/handlers.go
index 374bcd6af..19c1e8f97 100644
--- a/internal/outpost/proxyv2/handlers.go
+++ b/internal/outpost/proxyv2/handlers.go
@@ -32,7 +32,7 @@ func (ps *ProxyServer) HandlePing(rw http.ResponseWriter, r *http.Request) {
 
 func (ps *ProxyServer) HandleStatic(rw http.ResponseWriter, r *http.Request) {
 	before := time.Now()
-	web.DisableIndex(http.StripPrefix("/akprox/static/dist", staticWeb.StaticHandler)).ServeHTTP(rw, r)
+	web.DisableIndex(http.StripPrefix("/outpost.goauthentik.io/static/dist", staticWeb.StaticHandler)).ServeHTTP(rw, r)
 	after := time.Since(before)
 	metrics.Requests.With(prometheus.Labels{
 		"outpost_name": ps.akAPI.Outpost.Name,
@@ -90,11 +90,11 @@ func (ps *ProxyServer) lookupApp(r *http.Request) (*application.Application, str
 }
 
 func (ps *ProxyServer) Handle(rw http.ResponseWriter, r *http.Request) {
-	if strings.HasPrefix(r.URL.Path, "/akprox/static") {
+	if strings.HasPrefix(r.URL.Path, "/outpost.goauthentik.io/static") {
 		ps.HandleStatic(rw, r)
 		return
 	}
-	if strings.HasPrefix(r.URL.Path, "/akprox/ping") {
+	if strings.HasPrefix(r.URL.Path, "/outpost.goauthentik.io/ping") {
 		ps.HandlePing(rw, r)
 		return
 	}
diff --git a/internal/outpost/proxyv2/metrics/metrics.go b/internal/outpost/proxyv2/metrics/metrics.go
index fb9f18b97..664583683 100644
--- a/internal/outpost/proxyv2/metrics/metrics.go
+++ b/internal/outpost/proxyv2/metrics/metrics.go
@@ -25,7 +25,7 @@ var (
 func RunServer() {
 	m := mux.NewRouter()
 	l := log.WithField("logger", "authentik.outpost.metrics")
-	m.HandleFunc("/akprox/ping", func(rw http.ResponseWriter, r *http.Request) {
+	m.HandleFunc("/outpost.goauthentik.io/ping", func(rw http.ResponseWriter, r *http.Request) {
 		rw.WriteHeader(204)
 	})
 	m.Path("/metrics").Handler(promhttp.Handler())
diff --git a/internal/outpost/proxyv2/proxyv2.go b/internal/outpost/proxyv2/proxyv2.go
index 7ff1e33b1..7863b4660 100644
--- a/internal/outpost/proxyv2/proxyv2.go
+++ b/internal/outpost/proxyv2/proxyv2.go
@@ -64,8 +64,8 @@ func NewProxyServer(ac *ak.APIController, portOffset int) *ProxyServer {
 		akAPI:       ac,
 		defaultCert: defaultCert,
 	}
-	globalMux.PathPrefix("/akprox/static").HandlerFunc(s.HandleStatic)
-	globalMux.Path("/akprox/ping").HandlerFunc(s.HandlePing)
+	globalMux.PathPrefix("/outpost.goauthentik.io/static").HandlerFunc(s.HandleStatic)
+	globalMux.Path("/outpost.goauthentik.io/ping").HandlerFunc(s.HandlePing)
 	rootMux.PathPrefix("/").HandlerFunc(s.Handle)
 	return s
 }
diff --git a/internal/outpost/proxyv2/templates/error.html b/internal/outpost/proxyv2/templates/error.html
index f8853f6d7..02f60e350 100644
--- a/internal/outpost/proxyv2/templates/error.html
+++ b/internal/outpost/proxyv2/templates/error.html
@@ -5,12 +5,12 @@
         <meta charset="UTF-8">
         <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
         <title>{{.Title}}</title>
-        <link rel="shortcut icon" type="image/png" href="/akprox/static/dist/assets/icons/icon.png">
-        <link rel="stylesheet" type="text/css" href="/akprox/static/dist/patternfly.min.css">
-        <link rel="stylesheet" type="text/css" href="/akprox/static/dist/authentik.css">
+        <link rel="shortcut icon" type="image/png" href="/outpost.goauthentik.io/static/dist/assets/icons/icon.png">
+        <link rel="stylesheet" type="text/css" href="/outpost.goauthentik.io/static/dist/patternfly.min.css">
+        <link rel="stylesheet" type="text/css" href="/outpost.goauthentik.io/static/dist/authentik.css">
         <style>
             .pf-c-background-image::before {
-                --ak-flow-background: url("/akprox/static/dist/assets/images/flow_background.jpg");
+                --ak-flow-background: url("/outpost.goauthentik.io/static/dist/assets/images/flow_background.jpg");
             }
         </style>
     </head>
@@ -32,7 +32,7 @@
             <div class="ak-login-container">
                 <header class="pf-c-login__header">
                     <div class="pf-c-brand ak-brand">
-                        <img src="/akprox/static/dist/assets/icons/icon_left_brand.svg" alt="authentik icon" />
+                        <img src="/outpost.goauthentik.io/static/dist/assets/icons/icon_left_brand.svg" alt="authentik icon" />
                     </div>
                 </header>
                 <main class="pf-c-login__main">
diff --git a/internal/web/proxy.go b/internal/web/proxy.go
index 44cb26cdf..19cdcf516 100644
--- a/internal/web/proxy.go
+++ b/internal/web/proxy.go
@@ -28,7 +28,7 @@ func (ws *WebServer) configureProxy() {
 	rp := &httputil.ReverseProxy{Director: director}
 	rp.ErrorHandler = ws.proxyErrorHandler
 	rp.ModifyResponse = ws.proxyModifyResponse
-	ws.m.PathPrefix("/akprox").HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
+	ws.m.PathPrefix("/outpost.goauthentik.io").HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
 		if ws.ProxyServer != nil {
 			before := time.Now()
 			ws.ProxyServer.Handle(rw, r)
diff --git a/ldap.Dockerfile b/ldap.Dockerfile
index 7ec5603dc..2b18aca05 100644
--- a/ldap.Dockerfile
+++ b/ldap.Dockerfile
@@ -19,7 +19,7 @@ ENV GIT_BUILD_HASH=$GIT_BUILD_HASH
 
 COPY --from=builder /go/ldap /
 
-HEALTHCHECK CMD [ "wget", "--spider", "http://localhost:9300/akprox/ping" ]
+HEALTHCHECK CMD [ "wget", "--spider", "http://localhost:9300/outpost.goauthentik.io/ping" ]
 
 EXPOSE 3389 6636 9300
 
diff --git a/proxy.Dockerfile b/proxy.Dockerfile
index c3990110f..93f77634c 100644
--- a/proxy.Dockerfile
+++ b/proxy.Dockerfile
@@ -32,7 +32,7 @@ COPY --from=web-builder /static/security.txt /web/security.txt
 COPY --from=web-builder /static/dist/ /web/dist/
 COPY --from=web-builder /static/authentik/ /web/authentik/
 
-HEALTHCHECK CMD [ "wget", "--spider", "http://localhost:9300/akprox/ping" ]
+HEALTHCHECK CMD [ "wget", "--spider", "http://localhost:9300/outpost.goauthentik.io/ping" ]
 
 EXPOSE 9000 9300 9443
 
diff --git a/tests/e2e/test_provider_proxy.py b/tests/e2e/test_provider_proxy.py
index cad170fde..c75be5d5d 100644
--- a/tests/e2e/test_provider_proxy.py
+++ b/tests/e2e/test_provider_proxy.py
@@ -105,7 +105,7 @@ class TestProviderProxy(SeleniumTestCase):
         self.assertIn(f"X-Authentik-Username: {self.user.username}", full_body_text)
         self.assertIn("X-Foo: bar", full_body_text)
 
-        self.driver.get("http://localhost:9000/akprox/sign_out")
+        self.driver.get("http://localhost:9000/outpost.goauthentik.io/sign_out")
         sleep(2)
         full_body_text = self.driver.find_element(By.CSS_SELECTOR, ".pf-c-title.pf-m-3xl").text
         self.assertIn("You've logged out of proxy.", full_body_text)
diff --git a/web/src/locales/en.po b/web/src/locales/en.po
index c56b4bfe0..a1d94ea80 100644
--- a/web/src/locales/en.po
+++ b/web/src/locales/en.po
@@ -13,7 +13,7 @@ msgstr ""
 "Language-Team: \n"
 "Plural-Forms: \n"
 
-#: 
+#:
 #~ msgid "#/identity/users/{0}"
 #~ msgstr "#/identity/users/{0}"
 
@@ -141,7 +141,7 @@ msgstr "About applications"
 msgid "Access Key"
 msgstr "Access Key"
 
-#: 
+#:
 #~ msgid "Access code validity"
 #~ msgstr "Access code validity"
 
@@ -461,7 +461,7 @@ msgstr "Attributes"
 msgid "Audience"
 msgstr "Audience"
 
-#: 
+#:
 #~ msgid "Auth Type"
 #~ msgstr "Auth Type"
 
@@ -504,7 +504,7 @@ msgstr "Authenticator Attachment"
 msgid "Authorization"
 msgstr "Authorization"
 
-#: 
+#:
 #~ msgid "Authorization Code"
 #~ msgstr "Authorization Code"
 
@@ -656,7 +656,7 @@ msgstr "Browser"
 msgid "Build hash:"
 msgstr "Build hash:"
 
-#: 
+#:
 #~ msgid "Build hash: {0}"
 #~ msgstr "Build hash: {0}"
 
@@ -733,7 +733,7 @@ msgstr "Certificate Subject"
 msgid "Certificate used to sign outgoing Responses going to the Service Provider."
 msgstr "Certificate used to sign outgoing Responses going to the Service Provider."
 
-#: 
+#:
 #~ msgid "Certificate-Key Pair"
 #~ msgstr "Certificate-Key Pair"
 
@@ -816,7 +816,7 @@ msgstr "Check the IP of the Kubernetes service, or"
 msgid "Check the logs"
 msgstr "Check the logs"
 
-#: 
+#:
 #~ msgid "Check your Emails for a password reset link."
 #~ msgstr "Check your Emails for a password reset link."
 
@@ -951,11 +951,11 @@ msgstr "Configuration flow"
 msgid "Configuration stage"
 msgstr "Configuration stage"
 
-#: 
+#:
 #~ msgid "Configure WebAuthn"
 #~ msgstr "Configure WebAuthn"
 
-#: 
+#:
 #~ msgid "Configure how long access codes are valid for."
 #~ msgstr "Configure how long access codes are valid for."
 
@@ -987,8 +987,8 @@ msgstr "Configure how the issuer field of the ID Token should be filled."
 msgid "Configure how the outpost queries the core authentik server's users."
 msgstr "Configure how the outpost queries the core authentik server's users."
 
-#: 
-#: 
+#:
+#:
 #~ msgid "Configure settings relevant to your user profile."
 #~ msgstr "Configure settings relevant to your user profile."
 
@@ -1110,7 +1110,7 @@ msgstr "Cookie domain"
 msgid "Copy"
 msgstr "Copy"
 
-#: 
+#:
 #~ msgid "Copy Key"
 #~ msgstr "Copy Key"
 
@@ -1293,7 +1293,7 @@ msgstr "Create {0}"
 msgid "Created by"
 msgstr "Created by"
 
-#: 
+#:
 #~ msgid "Created {0}"
 #~ msgstr "Created {0}"
 
@@ -1303,7 +1303,7 @@ msgstr "Created by"
 msgid "Creation Date"
 msgstr "Creation Date"
 
-#: 
+#:
 #~ msgid "Current plan cntext"
 #~ msgstr "Current plan cntext"
 
@@ -1398,24 +1398,24 @@ msgstr "Define how notifications are sent to users, like Email or Webhook."
 msgid "Delete"
 msgstr "Delete"
 
-#: 
+#:
 #~ msgid "Delete Authorization Code"
 #~ msgstr "Delete Authorization Code"
 
-#: 
-#: 
+#:
+#:
 #~ msgid "Delete Binding"
 #~ msgstr "Delete Binding"
 
-#: 
+#:
 #~ msgid "Delete Consent"
 #~ msgstr "Delete Consent"
 
-#: 
+#:
 #~ msgid "Delete Refresh Code"
 #~ msgstr "Delete Refresh Code"
 
-#: 
+#:
 #~ msgid "Delete Session"
 #~ msgstr "Delete Session"
 
@@ -1496,7 +1496,7 @@ msgstr "Device classes"
 msgid "Device classes which can be used to authenticate."
 msgstr "Device classes which can be used to authenticate."
 
-#: 
+#:
 #~ msgid "Device name"
 #~ msgstr "Device name"
 
@@ -1525,24 +1525,24 @@ msgstr "Direct querying, always returns the latest data, but slower than cached
 msgid "Directory"
 msgstr "Directory"
 
-#: 
-#: 
+#:
+#:
 #~ msgid "Disable"
 #~ msgstr "Disable"
 
-#: 
+#:
 #~ msgid "Disable Duo authenticator"
 #~ msgstr "Disable Duo authenticator"
 
-#: 
+#:
 #~ msgid "Disable SMS authenticator"
 #~ msgstr "Disable SMS authenticator"
 
-#: 
+#:
 #~ msgid "Disable Static Tokens"
 #~ msgstr "Disable Static Tokens"
 
-#: 
+#:
 #~ msgid "Disable Time-based OTP"
 #~ msgstr "Disable Time-based OTP"
 
@@ -1592,7 +1592,7 @@ msgstr "Due to protocol limitations, this certificate is only used when the outp
 msgid "Dummy stage used for testing. Shows a simple continue button and always passes."
 msgstr "Dummy stage used for testing. Shows a simple continue button and always passes."
 
-#: 
+#:
 #~ msgid "Duo"
 #~ msgstr "Duo"
 
@@ -1702,16 +1702,16 @@ msgstr "Email: Text field with Email type."
 msgid "Embedded outpost is not configured correctly."
 msgstr "Embedded outpost is not configured correctly."
 
-#: 
-#: 
+#:
+#:
 #~ msgid "Enable"
 #~ msgstr "Enable"
 
-#: 
+#:
 #~ msgid "Enable Duo authenticator"
 #~ msgstr "Enable Duo authenticator"
 
-#: 
+#:
 #~ msgid "Enable SMS authenticator"
 #~ msgstr "Enable SMS authenticator"
 
@@ -1719,11 +1719,11 @@ msgstr "Embedded outpost is not configured correctly."
 msgid "Enable StartTLS"
 msgstr "Enable StartTLS"
 
-#: 
+#:
 #~ msgid "Enable Static Tokens"
 #~ msgstr "Enable Static Tokens"
 
-#: 
+#:
 #~ msgid "Enable TOTP"
 #~ msgstr "Enable TOTP"
 
@@ -1787,7 +1787,7 @@ msgstr "Error when validating assertion on server: {err}"
 msgid "Error: unsupported source settings: {0}"
 msgstr "Error: unsupported source settings: {0}"
 
-#: 
+#:
 #~ msgid "Error: unsupported stage settings: {0}"
 #~ msgstr "Error: unsupported stage settings: {0}"
 
@@ -1833,7 +1833,7 @@ msgstr "Everything is ok."
 msgid "Exception"
 msgstr "Exception"
 
-#: 
+#:
 #~ msgid "Execute"
 #~ msgstr "Execute"
 
@@ -1841,7 +1841,7 @@ msgstr "Exception"
 msgid "Execute flow"
 msgstr "Execute flow"
 
-#: 
+#:
 #~ msgid "Execute with inspector"
 #~ msgstr "Execute with inspector"
 
@@ -2013,7 +2013,7 @@ msgstr "Field of the user object this value is written to."
 msgid "Field which contains a unique Identifier."
 msgstr "Field which contains a unique Identifier."
 
-#: 
+#:
 #~ msgid "Field which contains members of a group."
 #~ msgstr "Field which contains members of a group."
 
@@ -2210,7 +2210,7 @@ msgstr "Generic OpenID Connect"
 msgid "Get this value from https://console.twilio.com"
 msgstr "Get this value from https://console.twilio.com"
 
-#: 
+#:
 #~ msgid "Go to admin interface"
 #~ msgstr "Go to admin interface"
 
@@ -2222,7 +2222,7 @@ msgstr "Go to next page"
 msgid "Go to previous page"
 msgstr "Go to previous page"
 
-#: 
+#:
 #~ msgid "Go to user interface"
 #~ msgstr "Go to user interface"
 
@@ -2526,7 +2526,7 @@ msgstr "Invalidation"
 msgid "Invalidation flow"
 msgstr "Invalidation flow"
 
-#: 
+#:
 #~ msgid "Invitation"
 #~ msgstr "Invitation"
 
@@ -2648,7 +2648,7 @@ msgstr "Launch URL"
 msgid "Let the user identify themselves with their username or Email address."
 msgstr "Let the user identify themselves with their username or Email address."
 
-#: 
+#:
 #~ msgid "Library"
 #~ msgstr "Library"
 
@@ -2952,7 +2952,7 @@ msgstr "Model deleted"
 msgid "Model updated"
 msgstr "Model updated"
 
-#: 
+#:
 #~ msgid "Monitor"
 #~ msgstr "Monitor"
 
@@ -3241,7 +3241,7 @@ msgstr "Notification Rules"
 msgid "Notification Transports"
 msgstr "Notification Transports"
 
-#: 
+#:
 #~ msgid "Notification rule"
 #~ msgstr "Notification rule"
 
@@ -3261,7 +3261,7 @@ msgstr "Notification transport(s)"
 msgid "Notifications"
 msgstr "Notifications"
 
-#: 
+#:
 #~ msgid "Notifications Transport"
 #~ msgstr "Notifications Transport"
 
@@ -3324,7 +3324,7 @@ msgstr "Only send notification once, for example when sending a webhook into a c
 msgid "Open API Browser"
 msgstr "Open API Browser"
 
-#: 
+#:
 #~ msgid "Open application"
 #~ msgstr "Open application"
 
@@ -3398,7 +3398,7 @@ msgstr "Other global settings"
 msgid "Outdated outposts"
 msgstr "Outdated outposts"
 
-#: 
+#:
 #~ msgid "Outpost"
 #~ msgstr "Outpost"
 
@@ -3410,11 +3410,11 @@ msgstr "Outpost Deployment Info"
 msgid "Outpost Integrations"
 msgstr "Outpost Integrations"
 
-#: 
+#:
 #~ msgid "Outpost Service-connection"
 #~ msgstr "Outpost Service-connection"
 
-#: 
+#:
 #~ msgid "Outpost integration"
 #~ msgstr "Outpost integration"
 
@@ -3494,7 +3494,7 @@ msgstr "Password set"
 msgid "Password stage"
 msgstr "Password stage"
 
-#: 
+#:
 #~ msgid "Password, 2FA, etc"
 #~ msgstr "Password, 2FA, etc"
 
@@ -3571,7 +3571,7 @@ msgstr "Policy / User / Group"
 msgid "Policy Bindings"
 msgstr "Policy Bindings"
 
-#: 
+#:
 #~ msgid "Policy binding"
 #~ msgstr "Policy binding"
 
@@ -3649,7 +3649,7 @@ msgstr "Private key, acquired from https://www.google.com/recaptcha/intro/v3.htm
 msgid "Profile URL"
 msgstr "Profile URL"
 
-#: 
+#:
 #~ msgid "Prompt"
 #~ msgstr "Prompt"
 
@@ -3666,7 +3666,7 @@ msgstr "Prompt(s)"
 msgid "Prompts"
 msgstr "Prompts"
 
-#: 
+#:
 #~ msgid "Property Mapping"
 #~ msgstr "Property Mapping"
 
@@ -3726,7 +3726,7 @@ msgstr "Provider"
 msgid "Provider Type"
 msgstr "Provider Type"
 
-#: 
+#:
 #~ msgid "Provider type"
 #~ msgstr "Provider type"
 
@@ -3863,7 +3863,7 @@ msgstr "Redirect binding"
 msgid "Refresh"
 msgstr "Refresh"
 
-#: 
+#:
 #~ msgid "Refresh Code"
 #~ msgstr "Refresh Code"
 
@@ -3977,7 +3977,7 @@ msgstr "Result"
 msgid "Retry"
 msgstr "Retry"
 
-#: 
+#:
 #~ msgid "Retry Task"
 #~ msgstr "Retry Task"
 
@@ -4125,7 +4125,7 @@ msgstr "Secret key"
 msgid "Secret was rotated"
 msgstr "Secret was rotated"
 
-#: 
+#:
 #~ msgid "Secret was rotation"
 #~ msgstr "Secret was rotation"
 
@@ -4165,7 +4165,7 @@ msgstr "Select an authentication method."
 msgid "Select an enrollment flow"
 msgstr "Select an enrollment flow"
 
-#: 
+#:
 #~ msgid "Select an identification method."
 #~ msgstr "Select an identification method."
 
@@ -4201,7 +4201,7 @@ msgstr "Select which transports should be used to notify the user. If none are s
 msgid "Selected policies are executed when the stage is submitted to validate the data."
 msgstr "Selected policies are executed when the stage is submitted to validate the data."
 
-#: 
+#:
 #~ msgid "Selecting a service-connection enables the management of the outpost by authentik."
 #~ msgstr "Selecting a service-connection enables the management of the outpost by authentik."
 
@@ -4250,7 +4250,7 @@ msgstr "Server URI"
 msgid "Server and client are further than 5 seconds apart."
 msgstr "Server and client are further than 5 seconds apart."
 
-#: 
+#:
 #~ msgid "Server name for which this provider's certificate is valid for."
 #~ msgstr "Server name for which this provider's certificate is valid for."
 
@@ -4258,7 +4258,7 @@ msgstr "Server and client are further than 5 seconds apart."
 msgid "Server validation of credential failed: {err}"
 msgstr "Server validation of credential failed: {err}"
 
-#: 
+#:
 #~ msgid "Service Connections"
 #~ msgstr "Service Connections"
 
@@ -4266,12 +4266,12 @@ msgstr "Server validation of credential failed: {err}"
 msgid "Service Provider Binding"
 msgstr "Service Provider Binding"
 
-#: 
-#: 
+#:
+#:
 #~ msgid "Service connection"
 #~ msgstr "Service connection"
 
-#: 
+#:
 #~ msgid "Session"
 #~ msgstr "Session"
 
@@ -4404,7 +4404,7 @@ msgstr "Slug"
 msgid "Something went wrong! Please try again later."
 msgstr "Something went wrong! Please try again later."
 
-#: 
+#:
 #~ msgid "Source"
 #~ msgstr "Source"
 
@@ -4412,7 +4412,7 @@ msgstr "Something went wrong! Please try again later."
 msgid "Source linked"
 msgstr "Source linked"
 
-#: 
+#:
 #~ msgid "Source name"
 #~ msgstr "Source name"
 
@@ -4429,7 +4429,7 @@ msgstr "Source(s)"
 msgid "Sources"
 msgstr "Sources"
 
-#: 
+#:
 #~ msgid "Sources of identities, which can either be synced into authentik's database, like LDAP, or can be used by users to authenticate and enroll themselves, like OAuth and social logins"
 #~ msgstr "Sources of identities, which can either be synced into authentik's database, like LDAP, or can be used by users to authenticate and enroll themselves, like OAuth and social logins"
 
@@ -4458,7 +4458,7 @@ msgstr "Stage Bindings"
 msgid "Stage Configuration"
 msgstr "Stage Configuration"
 
-#: 
+#:
 #~ msgid "Stage binding"
 #~ msgstr "Stage binding"
 
@@ -4575,17 +4575,17 @@ msgstr "Statically deny the flow. To use this stage effectively, disable *Evalua
 msgid "Status"
 msgstr "Status"
 
-#: 
-#: 
-#: 
-#: 
+#:
+#:
+#:
+#:
 #~ msgid "Status: Disabled"
 #~ msgstr "Status: Disabled"
 
-#: 
-#: 
-#: 
-#: 
+#:
+#:
+#:
+#:
 #~ msgid "Status: Enabled"
 #~ msgstr "Status: Enabled"
 
@@ -4697,8 +4697,8 @@ msgstr "Successfully created provider."
 msgid "Successfully created rule."
 msgstr "Successfully created rule."
 
-#: 
-#: 
+#:
+#:
 #~ msgid "Successfully created service-connection."
 #~ msgstr "Successfully created service-connection."
 
@@ -4859,8 +4859,8 @@ msgstr "Successfully updated provider."
 msgid "Successfully updated rule."
 msgstr "Successfully updated rule."
 
-#: 
-#: 
+#:
+#:
 #~ msgid "Successfully updated service-connection."
 #~ msgstr "Successfully updated service-connection."
 
@@ -4940,7 +4940,7 @@ msgstr "Suspicious request"
 msgid "Symbol charset"
 msgstr "Symbol charset"
 
-#: 
+#:
 #~ msgid "Sync"
 #~ msgstr "Sync"
 
@@ -4948,7 +4948,7 @@ msgstr "Symbol charset"
 msgid "Sync groups"
 msgstr "Sync groups"
 
-#: 
+#:
 #~ msgid "Sync parent group"
 #~ msgstr "Sync parent group"
 
@@ -4993,7 +4993,7 @@ msgstr "System task execution"
 msgid "TLS Authentication Certificate/SSH Keypair"
 msgstr "TLS Authentication Certificate/SSH Keypair"
 
-#: 
+#:
 #~ msgid "TLS Server name"
 #~ msgstr "TLS Server name"
 
@@ -5098,7 +5098,7 @@ msgstr "The external URL you'll access the application at. Include any non-stand
 msgid "The external URL you'll authenticate at. The authentik core server should be reachable under this URL."
 msgstr "The external URL you'll authenticate at. The authentik core server should be reachable under this URL."
 
-#: 
+#:
 #~ msgid "The following objects use {0}:"
 #~ msgstr "The following objects use {0}:"
 
@@ -5212,7 +5212,7 @@ msgstr "Time in minutes the token sent is valid."
 msgid "Time offset when temporary users should be deleted. This only applies if your IDP uses the NameID Format 'transient', and the user doesn't log out manually. (Format: hours=1;minutes=2;seconds=3)."
 msgstr "Time offset when temporary users should be deleted. This only applies if your IDP uses the NameID Format 'transient', and the user doesn't log out manually. (Format: hours=1;minutes=2;seconds=3)."
 
-#: 
+#:
 #~ msgid "Time-based One-Time Passwords"
 #~ msgstr "Time-based One-Time Passwords"
 
@@ -5251,8 +5251,8 @@ msgstr "To let a user directly reset a their password, configure a recovery flow
 msgid "To use SSL instead, use 'ldaps://' and disable this option."
 msgstr "To use SSL instead, use 'ldaps://' and disable this option."
 
-#: 
-#: 
+#:
+#:
 #~ msgid "Token"
 #~ msgstr "Token"
 
@@ -5451,7 +5451,7 @@ msgstr "Unique identifier the token is referenced by."
 msgid "Unknown"
 msgstr "Unknown"
 
-#: 
+#:
 #~ msgid "Unmanaged"
 #~ msgstr "Unmanaged"
 
@@ -5673,8 +5673,8 @@ msgid "Use the username and password below to authenticate. The password can be
 msgstr "Use the username and password below to authenticate. The password can be retrieved later on the Tokens page."
 
 #: src/pages/providers/proxy/ProxyProviderForm.ts
-msgid "Use this provider with nginx's auth_request or traefik's forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /akprox must be routed to the outpost (when using a manged outpost, this is done for you)."
-msgstr "Use this provider with nginx's auth_request or traefik's forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /akprox must be routed to the outpost (when using a manged outpost, this is done for you)."
+msgid "Use this provider with nginx's auth_request or traefik's forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /outpost.goauthentik.io must be routed to the outpost (when using a manged outpost, this is done for you)."
+msgstr "Use this provider with nginx's auth_request or traefik's forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /outpost.goauthentik.io must be routed to the outpost (when using a manged outpost, this is done for you)."
 
 #: src/pages/providers/proxy/ProxyProviderForm.ts
 msgid "Use this provider with nginx's auth_request or traefik's forwardAuth. Only a single provider is required per root domain. You can't do per-application authorization, but you don't have to create a provider for each application."
@@ -5714,8 +5714,8 @@ msgstr "User Property Mappings"
 #~ msgid "User Reputation"
 #~ msgstr "User Reputation"
 
-#: 
-#: 
+#:
+#:
 #~ msgid "User Settings"
 #~ msgstr "User Settings"
 
@@ -5984,7 +5984,7 @@ msgstr "Web Certificate"
 msgid "WebAuthn Authenticators"
 msgstr "WebAuthn Authenticators"
 
-#: 
+#:
 #~ msgid "WebAuthn Devices"
 #~ msgstr "WebAuthn Devices"
 
@@ -6126,11 +6126,11 @@ msgstr "You're currently impersonating {0}. Click to stop."
 msgid "app1 running on app1.example.com"
 msgstr "app1 running on app1.example.com"
 
-#: 
+#:
 #~ msgid "authentik Builtin Database"
 #~ msgstr "authentik Builtin Database"
 
-#: 
+#:
 #~ msgid "authentik LDAP Backend"
 #~ msgstr "authentik LDAP Backend"
 
diff --git a/web/src/locales/es.po b/web/src/locales/es.po
index 50a40562b..6d17afa85 100644
--- a/web/src/locales/es.po
+++ b/web/src/locales/es.po
@@ -5556,8 +5556,8 @@ msgid "Use the username and password below to authenticate. The password can be
 msgstr "Use el nombre de usuario y la contraseña a continuación para autenticarse. La contraseña se puede recuperar más adelante en la página Tokens."
 
 #: src/pages/providers/proxy/ProxyProviderForm.ts
-msgid "Use this provider with nginx's auth_request or traefik's forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /akprox must be routed to the outpost (when using a manged outpost, this is done for you)."
-msgstr "Use este proveedor con auth_request de nginx o ForwardAuth de traefik. Cada aplicación/dominio necesita su propio proveedor. Además, en cada dominio, /akprox debe enrutarse al puesto avanzado (cuando se usa un puesto avanzado administrado, esto se hace por usted)."
+msgid "Use this provider with nginx's auth_request or traefik's forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /outpost.goauthentik.io must be routed to the outpost (when using a manged outpost, this is done for you)."
+msgstr "Use este proveedor con auth_request de nginx o ForwardAuth de traefik. Cada aplicación/dominio necesita su propio proveedor. Además, en cada dominio, /outpost.goauthentik.io debe enrutarse al puesto avanzado (cuando se usa un puesto avanzado administrado, esto se hace por usted)."
 
 #: src/pages/providers/proxy/ProxyProviderForm.ts
 msgid "Use this provider with nginx's auth_request or traefik's forwardAuth. Only a single provider is required per root domain. You can't do per-application authorization, but you don't have to create a provider for each application."
diff --git a/web/src/locales/fr_FR.po b/web/src/locales/fr_FR.po
index 6e36dda62..c09efdbd1 100644
--- a/web/src/locales/fr_FR.po
+++ b/web/src/locales/fr_FR.po
@@ -19,7 +19,7 @@ msgstr ""
 "Plural-Forms: nplurals=2; plural=(n > 1);\n"
 "X-Generator: @lingui/cli\n"
 
-#: 
+#:
 #~ msgid "#/identity/users/{0}"
 #~ msgstr ""
 
@@ -466,7 +466,7 @@ msgstr "Attributs"
 msgid "Audience"
 msgstr "Audience"
 
-#: 
+#:
 #~ msgid "Auth Type"
 #~ msgstr ""
 
@@ -818,7 +818,7 @@ msgstr ""
 msgid "Check the logs"
 msgstr ""
 
-#: 
+#:
 #~ msgid "Check your Emails for a password reset link."
 #~ msgstr "Vérifiez vos courriels pour un lien de récupération de mot de passe."
 
@@ -953,7 +953,7 @@ msgstr "Flux de configuration"
 msgid "Configuration stage"
 msgstr "Étape de configuration"
 
-#: 
+#:
 #~ msgid "Configure WebAuthn"
 #~ msgstr "Configurer WebAuthn"
 
@@ -1109,7 +1109,7 @@ msgstr "Domaine des cookies"
 msgid "Copy"
 msgstr "Copier"
 
-#: 
+#:
 #~ msgid "Copy Key"
 #~ msgstr "Copier la clé"
 
@@ -1292,7 +1292,7 @@ msgstr "Créer {0}"
 msgid "Created by"
 msgstr "Créé par"
 
-#: 
+#:
 #~ msgid "Created {0}"
 #~ msgstr "Créé {0}"
 
@@ -1302,7 +1302,7 @@ msgstr "Créé par"
 msgid "Creation Date"
 msgstr "Date de création"
 
-#: 
+#:
 #~ msgid "Current plan cntext"
 #~ msgstr "Contexte du plan courant"
 
@@ -1487,7 +1487,7 @@ msgstr "Classes d'équipement"
 msgid "Device classes which can be used to authenticate."
 msgstr "Classe d'équipement qui peut être utilisé pour s'authentifier"
 
-#: 
+#:
 #~ msgid "Device name"
 #~ msgstr "Nom de l'équipement"
 
@@ -1519,19 +1519,19 @@ msgstr ""
 #~ msgid "Disable"
 #~ msgstr "Désactiver"
 
-#: 
+#:
 #~ msgid "Disable Duo authenticator"
 #~ msgstr "Désactiver l'authentificateur Duo"
 
-#: 
+#:
 #~ msgid "Disable SMS authenticator"
 #~ msgstr ""
 
-#: 
+#:
 #~ msgid "Disable Static Tokens"
 #~ msgstr "Désactiver les jetons statiques"
 
-#: 
+#:
 #~ msgid "Disable Time-based OTP"
 #~ msgstr "Désactiver les OTP basés sur le temps"
 
@@ -1581,7 +1581,7 @@ msgstr "En raison des limitations de protocole, ce certificat n'est utilisé que
 msgid "Dummy stage used for testing. Shows a simple continue button and always passes."
 msgstr "Étape factice utilisée pour les tests. Montre un simple bouton continuer et réussit toujours."
 
-#: 
+#:
 #~ msgid "Duo"
 #~ msgstr "Duo"
 
@@ -1694,11 +1694,11 @@ msgstr "L'avant poste intégré n'est pas configuré correctement"
 #~ msgid "Enable"
 #~ msgstr "Activer"
 
-#: 
+#:
 #~ msgid "Enable Duo authenticator"
 #~ msgstr "Activer l'authentificateur Duo"
 
-#: 
+#:
 #~ msgid "Enable SMS authenticator"
 #~ msgstr ""
 
@@ -1706,11 +1706,11 @@ msgstr "L'avant poste intégré n'est pas configuré correctement"
 msgid "Enable StartTLS"
 msgstr "Activer StartTLS"
 
-#: 
+#:
 #~ msgid "Enable Static Tokens"
 #~ msgstr "Activer les jetons statiques"
 
-#: 
+#:
 #~ msgid "Enable TOTP"
 #~ msgstr "Activer TOTP"
 
@@ -1774,7 +1774,7 @@ msgstr "Erreur lors de la validation de l'assertion sur le serveur : {err}"
 msgid "Error: unsupported source settings: {0}"
 msgstr "Erreur : paramètres source non supportés : {0}"
 
-#: 
+#:
 #~ msgid "Error: unsupported stage settings: {0}"
 #~ msgstr "Erreur : paramètres d'étape non supporté : {0}"
 
@@ -1820,7 +1820,7 @@ msgstr "Tout va bien."
 msgid "Exception"
 msgstr "Exception"
 
-#: 
+#:
 #~ msgid "Execute"
 #~ msgstr "Exécuter"
 
@@ -1828,7 +1828,7 @@ msgstr "Exception"
 msgid "Execute flow"
 msgstr "Exécuter le flux"
 
-#: 
+#:
 #~ msgid "Execute with inspector"
 #~ msgstr "Exécuter avec inspection"
 
@@ -3467,7 +3467,7 @@ msgstr "Mot de passe défini"
 msgid "Password stage"
 msgstr "Étape de mot de passe"
 
-#: 
+#:
 #~ msgid "Password, 2FA, etc"
 #~ msgstr "Mot de passe, 2FA, etc"
 
@@ -4096,7 +4096,7 @@ msgstr "Clé secrète"
 msgid "Secret was rotated"
 msgstr ""
 
-#: 
+#:
 #~ msgid "Secret was rotation"
 #~ msgstr "Rotation du secret effectuée"
 
@@ -4375,7 +4375,7 @@ msgstr "Une erreur s'est produite ! Veuillez réessayer plus tard."
 msgid "Source linked"
 msgstr "Source liée"
 
-#: 
+#:
 #~ msgid "Source name"
 #~ msgstr ""
 
@@ -4536,17 +4536,17 @@ msgstr "Refuser statiquement le flux. Pour utiliser cette étape efficacement, d
 msgid "Status"
 msgstr "Statut"
 
-#: 
-#: 
-#: 
-#: 
+#:
+#:
+#:
+#:
 #~ msgid "Status: Disabled"
 #~ msgstr "Statut : Désactivé"
 
-#: 
-#: 
-#: 
-#: 
+#:
+#:
+#:
+#:
 #~ msgid "Status: Enabled"
 #~ msgstr "Statut : Activé"
 
@@ -4897,7 +4897,7 @@ msgstr "Requête suspecte"
 msgid "Symbol charset"
 msgstr "Set de symboles"
 
-#: 
+#:
 #~ msgid "Sync"
 #~ msgstr "Synchroniser"
 
@@ -5156,7 +5156,7 @@ msgstr "Temps en minutes durant lequel le jeton envoyé est valide."
 msgid "Time offset when temporary users should be deleted. This only applies if your IDP uses the NameID Format 'transient', and the user doesn't log out manually. (Format: hours=1;minutes=2;seconds=3)."
 msgstr "Délai de suppression des utilisateurs temporaires. Ceci s'applique uniquement si votre fournisseur d'identité utilise le format NameID transitoire ('transient') et que l'utilisateur ne se déconnecte pas manuellement. (Format : heures=1;minutes=2;secondes=3)."
 
-#: 
+#:
 #~ msgid "Time-based One-Time Passwords"
 #~ msgstr "Mots de passe unique basés sur le temps"
 
@@ -5614,8 +5614,8 @@ msgid "Use the username and password below to authenticate. The password can be
 msgstr "Utilisez le nom d'utilisateur et le mot de passe ci-dessous pour vous authentifier. Le mot de passe peut être récupéré plus tard sur la page Jetons."
 
 #: src/pages/providers/proxy/ProxyProviderForm.ts
-msgid "Use this provider with nginx's auth_request or traefik's forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /akprox must be routed to the outpost (when using a manged outpost, this is done for you)."
-msgstr "Utilisez ce fournisseur avec auth_request de nginx ou forwardAuth de traefik. Chaque application/domaine a besoin de son propre fournisseur. De plus, sur chaque domaine, /akprox doit être routé vers l'avant-poste (si vous utilisez un avant-poste géré, cela est fait pour vous)."
+msgid "Use this provider with nginx's auth_request or traefik's forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /outpost.goauthentik.io must be routed to the outpost (when using a manged outpost, this is done for you)."
+msgstr "Utilisez ce fournisseur avec auth_request de nginx ou forwardAuth de traefik. Chaque application/domaine a besoin de son propre fournisseur. De plus, sur chaque domaine, /outpost.goauthentik.io doit être routé vers l'avant-poste (si vous utilisez un avant-poste géré, cela est fait pour vous)."
 
 #: src/pages/providers/proxy/ProxyProviderForm.ts
 msgid "Use this provider with nginx's auth_request or traefik's forwardAuth. Only a single provider is required per root domain. You can't do per-application authorization, but you don't have to create a provider for each application."
@@ -5923,7 +5923,7 @@ msgstr ""
 msgid "WebAuthn Authenticators"
 msgstr "Authentificateurs WebAuthn"
 
-#: 
+#:
 #~ msgid "WebAuthn Devices"
 #~ msgstr "Équipements WebAuthn"
 
diff --git a/web/src/locales/pl.po b/web/src/locales/pl.po
index a5324f98f..dc905d9be 100644
--- a/web/src/locales/pl.po
+++ b/web/src/locales/pl.po
@@ -5556,8 +5556,8 @@ msgid "Use the username and password below to authenticate. The password can be
 msgstr "Użyj poniższej nazwy użytkownika i hasła do uwierzytelnienia. Hasło można później odzyskać na stronie Tokeny."
 
 #: src/pages/providers/proxy/ProxyProviderForm.ts
-msgid "Use this provider with nginx's auth_request or traefik's forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /akprox must be routed to the outpost (when using a manged outpost, this is done for you)."
-msgstr "Użyj tego dostawcy z auth_request nginx lub forwardAuth traefik. Każda aplikacja/domena potrzebuje własnego dostawcy. Dodatkowo w każdej domenie /akprox musi być przekierowany do placówki (w przypadku korzystania z zarządzanej placówki jest to zrobione za Ciebie)."
+msgid "Use this provider with nginx's auth_request or traefik's forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /outpost.goauthentik.io must be routed to the outpost (when using a manged outpost, this is done for you)."
+msgstr "Użyj tego dostawcy z auth_request nginx lub forwardAuth traefik. Każda aplikacja/domena potrzebuje własnego dostawcy. Dodatkowo w każdej domenie /outpost.goauthentik.io musi być przekierowany do placówki (w przypadku korzystania z zarządzanej placówki jest to zrobione za Ciebie)."
 
 #: src/pages/providers/proxy/ProxyProviderForm.ts
 msgid "Use this provider with nginx's auth_request or traefik's forwardAuth. Only a single provider is required per root domain. You can't do per-application authorization, but you don't have to create a provider for each application."
diff --git a/web/src/locales/pl_PL.po b/web/src/locales/pl_PL.po
index d0e28703f..f6454d116 100644
--- a/web/src/locales/pl_PL.po
+++ b/web/src/locales/pl_PL.po
@@ -1,7 +1,7 @@
-# 
+#
 # Translators:
 # Darek NeroPcStation <dareknowacki2001@gmail.com>, 2022
-# 
+#
 msgid ""
 msgstr ""
 "Project-Id-Version: \n"
@@ -6020,12 +6020,12 @@ msgstr ""
 msgid ""
 "Use this provider with nginx's auth_request or traefik's forwardAuth. Each "
 "application/domain needs its own provider. Additionally, on each domain, "
-"/akprox must be routed to the outpost (when using a manged outpost, this is "
+"/outpost.goauthentik.io must be routed to the outpost (when using a manged outpost, this is "
 "done for you)."
 msgstr ""
 "Użyj tego dostawcy z auth_request nginx lub forwardAuth traefik. Każda "
 "aplikacja/domena potrzebuje własnego dostawcy. Dodatkowo w każdej domenie "
-"/akprox musi być przekierowany do placówki (w przypadku korzystania z "
+"/outpost.goauthentik.io musi być przekierowany do placówki (w przypadku korzystania z "
 "zarządzanej placówki jest to zrobione za Ciebie)."
 
 #: src/pages/providers/proxy/ProxyProviderForm.ts
diff --git a/web/src/locales/pseudo-LOCALE.po b/web/src/locales/pseudo-LOCALE.po
index 6868e3fbd..7c239b7b8 100644
--- a/web/src/locales/pseudo-LOCALE.po
+++ b/web/src/locales/pseudo-LOCALE.po
@@ -13,7 +13,7 @@ msgstr ""
 "Language-Team: \n"
 "Plural-Forms: \n"
 
-#: 
+#:
 #~ msgid "#/identity/users/{0}"
 #~ msgstr ""
 
@@ -141,7 +141,7 @@ msgstr ""
 msgid "Access Key"
 msgstr ""
 
-#: 
+#:
 #~ msgid "Access code validity"
 #~ msgstr ""
 
@@ -457,7 +457,7 @@ msgstr ""
 msgid "Audience"
 msgstr ""
 
-#: 
+#:
 #~ msgid "Auth Type"
 #~ msgstr ""
 
@@ -500,7 +500,7 @@ msgstr ""
 msgid "Authorization"
 msgstr ""
 
-#: 
+#:
 #~ msgid "Authorization Code"
 #~ msgstr ""
 
@@ -652,7 +652,7 @@ msgstr ""
 msgid "Build hash:"
 msgstr ""
 
-#: 
+#:
 #~ msgid "Build hash: {0}"
 #~ msgstr ""
 
@@ -729,7 +729,7 @@ msgstr ""
 msgid "Certificate used to sign outgoing Responses going to the Service Provider."
 msgstr ""
 
-#: 
+#:
 #~ msgid "Certificate-Key Pair"
 #~ msgstr ""
 
@@ -812,7 +812,7 @@ msgstr ""
 msgid "Check the logs"
 msgstr ""
 
-#: 
+#:
 #~ msgid "Check your Emails for a password reset link."
 #~ msgstr ""
 
@@ -945,11 +945,11 @@ msgstr ""
 msgid "Configuration stage"
 msgstr ""
 
-#: 
+#:
 #~ msgid "Configure WebAuthn"
 #~ msgstr ""
 
-#: 
+#:
 #~ msgid "Configure how long access codes are valid for."
 #~ msgstr ""
 
@@ -981,8 +981,8 @@ msgstr ""
 msgid "Configure how the outpost queries the core authentik server's users."
 msgstr ""
 
-#: 
-#: 
+#:
+#:
 #~ msgid "Configure settings relevant to your user profile."
 #~ msgstr ""
 
@@ -1104,7 +1104,7 @@ msgstr ""
 msgid "Copy"
 msgstr ""
 
-#: 
+#:
 #~ msgid "Copy Key"
 #~ msgstr ""
 
@@ -1287,7 +1287,7 @@ msgstr ""
 msgid "Created by"
 msgstr ""
 
-#: 
+#:
 #~ msgid "Created {0}"
 #~ msgstr ""
 
@@ -1297,7 +1297,7 @@ msgstr ""
 msgid "Creation Date"
 msgstr ""
 
-#: 
+#:
 #~ msgid "Current plan cntext"
 #~ msgstr ""
 
@@ -1392,24 +1392,24 @@ msgstr ""
 msgid "Delete"
 msgstr ""
 
-#: 
+#:
 #~ msgid "Delete Authorization Code"
 #~ msgstr ""
 
-#: 
-#: 
+#:
+#:
 #~ msgid "Delete Binding"
 #~ msgstr ""
 
-#: 
+#:
 #~ msgid "Delete Consent"
 #~ msgstr ""
 
-#: 
+#:
 #~ msgid "Delete Refresh Code"
 #~ msgstr ""
 
-#: 
+#:
 #~ msgid "Delete Session"
 #~ msgstr ""
 
@@ -1488,7 +1488,7 @@ msgstr ""
 msgid "Device classes which can be used to authenticate."
 msgstr ""
 
-#: 
+#:
 #~ msgid "Device name"
 #~ msgstr ""
 
@@ -1517,24 +1517,24 @@ msgstr ""
 msgid "Directory"
 msgstr ""
 
-#: 
-#: 
+#:
+#:
 #~ msgid "Disable"
 #~ msgstr ""
 
-#: 
+#:
 #~ msgid "Disable Duo authenticator"
 #~ msgstr ""
 
-#: 
+#:
 #~ msgid "Disable SMS authenticator"
 #~ msgstr ""
 
-#: 
+#:
 #~ msgid "Disable Static Tokens"
 #~ msgstr ""
 
-#: 
+#:
 #~ msgid "Disable Time-based OTP"
 #~ msgstr ""
 
@@ -1584,7 +1584,7 @@ msgstr ""
 msgid "Dummy stage used for testing. Shows a simple continue button and always passes."
 msgstr ""
 
-#: 
+#:
 #~ msgid "Duo"
 #~ msgstr ""
 
@@ -1694,16 +1694,16 @@ msgstr ""
 msgid "Embedded outpost is not configured correctly."
 msgstr ""
 
-#: 
-#: 
+#:
+#:
 #~ msgid "Enable"
 #~ msgstr ""
 
-#: 
+#:
 #~ msgid "Enable Duo authenticator"
 #~ msgstr ""
 
-#: 
+#:
 #~ msgid "Enable SMS authenticator"
 #~ msgstr ""
 
@@ -1711,11 +1711,11 @@ msgstr ""
 msgid "Enable StartTLS"
 msgstr ""
 
-#: 
+#:
 #~ msgid "Enable Static Tokens"
 #~ msgstr ""
 
-#: 
+#:
 #~ msgid "Enable TOTP"
 #~ msgstr ""
 
@@ -1779,7 +1779,7 @@ msgstr ""
 msgid "Error: unsupported source settings: {0}"
 msgstr ""
 
-#: 
+#:
 #~ msgid "Error: unsupported stage settings: {0}"
 #~ msgstr ""
 
@@ -1825,7 +1825,7 @@ msgstr ""
 msgid "Exception"
 msgstr ""
 
-#: 
+#:
 #~ msgid "Execute"
 #~ msgstr ""
 
@@ -1833,7 +1833,7 @@ msgstr ""
 msgid "Execute flow"
 msgstr ""
 
-#: 
+#:
 #~ msgid "Execute with inspector"
 #~ msgstr ""
 
@@ -2005,7 +2005,7 @@ msgstr ""
 msgid "Field which contains a unique Identifier."
 msgstr ""
 
-#: 
+#:
 #~ msgid "Field which contains members of a group."
 #~ msgstr ""
 
@@ -2202,7 +2202,7 @@ msgstr ""
 msgid "Get this value from https://console.twilio.com"
 msgstr ""
 
-#: 
+#:
 #~ msgid "Go to admin interface"
 #~ msgstr ""
 
@@ -2214,7 +2214,7 @@ msgstr ""
 msgid "Go to previous page"
 msgstr ""
 
-#: 
+#:
 #~ msgid "Go to user interface"
 #~ msgstr ""
 
@@ -2516,7 +2516,7 @@ msgstr ""
 msgid "Invalidation flow"
 msgstr ""
 
-#: 
+#:
 #~ msgid "Invitation"
 #~ msgstr ""
 
@@ -2638,7 +2638,7 @@ msgstr ""
 msgid "Let the user identify themselves with their username or Email address."
 msgstr ""
 
-#: 
+#:
 #~ msgid "Library"
 #~ msgstr ""
 
@@ -2942,7 +2942,7 @@ msgstr ""
 msgid "Model updated"
 msgstr ""
 
-#: 
+#:
 #~ msgid "Monitor"
 #~ msgstr ""
 
@@ -3231,7 +3231,7 @@ msgstr ""
 msgid "Notification Transports"
 msgstr ""
 
-#: 
+#:
 #~ msgid "Notification rule"
 #~ msgstr ""
 
@@ -3251,7 +3251,7 @@ msgstr ""
 msgid "Notifications"
 msgstr ""
 
-#: 
+#:
 #~ msgid "Notifications Transport"
 #~ msgstr ""
 
@@ -3314,7 +3314,7 @@ msgstr ""
 msgid "Open API Browser"
 msgstr ""
 
-#: 
+#:
 #~ msgid "Open application"
 #~ msgstr ""
 
@@ -3388,7 +3388,7 @@ msgstr ""
 msgid "Outdated outposts"
 msgstr ""
 
-#: 
+#:
 #~ msgid "Outpost"
 #~ msgstr ""
 
@@ -3400,11 +3400,11 @@ msgstr ""
 msgid "Outpost Integrations"
 msgstr ""
 
-#: 
+#:
 #~ msgid "Outpost Service-connection"
 #~ msgstr ""
 
-#: 
+#:
 #~ msgid "Outpost integration"
 #~ msgstr ""
 
@@ -3484,7 +3484,7 @@ msgstr ""
 msgid "Password stage"
 msgstr ""
 
-#: 
+#:
 #~ msgid "Password, 2FA, etc"
 #~ msgstr ""
 
@@ -3561,7 +3561,7 @@ msgstr ""
 msgid "Policy Bindings"
 msgstr ""
 
-#: 
+#:
 #~ msgid "Policy binding"
 #~ msgstr ""
 
@@ -3639,7 +3639,7 @@ msgstr ""
 msgid "Profile URL"
 msgstr ""
 
-#: 
+#:
 #~ msgid "Prompt"
 #~ msgstr ""
 
@@ -3656,7 +3656,7 @@ msgstr ""
 msgid "Prompts"
 msgstr ""
 
-#: 
+#:
 #~ msgid "Property Mapping"
 #~ msgstr ""
 
@@ -3716,7 +3716,7 @@ msgstr ""
 msgid "Provider Type"
 msgstr ""
 
-#: 
+#:
 #~ msgid "Provider type"
 #~ msgstr ""
 
@@ -3853,7 +3853,7 @@ msgstr ""
 msgid "Refresh"
 msgstr ""
 
-#: 
+#:
 #~ msgid "Refresh Code"
 #~ msgstr ""
 
@@ -3967,7 +3967,7 @@ msgstr ""
 msgid "Retry"
 msgstr ""
 
-#: 
+#:
 #~ msgid "Retry Task"
 #~ msgstr ""
 
@@ -4115,7 +4115,7 @@ msgstr ""
 msgid "Secret was rotated"
 msgstr ""
 
-#: 
+#:
 #~ msgid "Secret was rotation"
 #~ msgstr ""
 
@@ -4155,7 +4155,7 @@ msgstr ""
 msgid "Select an enrollment flow"
 msgstr ""
 
-#: 
+#:
 #~ msgid "Select an identification method."
 #~ msgstr ""
 
@@ -4191,7 +4191,7 @@ msgstr ""
 msgid "Selected policies are executed when the stage is submitted to validate the data."
 msgstr ""
 
-#: 
+#:
 #~ msgid "Selecting a service-connection enables the management of the outpost by authentik."
 #~ msgstr ""
 
@@ -4240,7 +4240,7 @@ msgstr ""
 msgid "Server and client are further than 5 seconds apart."
 msgstr ""
 
-#: 
+#:
 #~ msgid "Server name for which this provider's certificate is valid for."
 #~ msgstr ""
 
@@ -4248,7 +4248,7 @@ msgstr ""
 msgid "Server validation of credential failed: {err}"
 msgstr ""
 
-#: 
+#:
 #~ msgid "Service Connections"
 #~ msgstr ""
 
@@ -4256,12 +4256,12 @@ msgstr ""
 msgid "Service Provider Binding"
 msgstr ""
 
-#: 
-#: 
+#:
+#:
 #~ msgid "Service connection"
 #~ msgstr ""
 
-#: 
+#:
 #~ msgid "Session"
 #~ msgstr ""
 
@@ -4394,7 +4394,7 @@ msgstr ""
 msgid "Something went wrong! Please try again later."
 msgstr ""
 
-#: 
+#:
 #~ msgid "Source"
 #~ msgstr ""
 
@@ -4402,7 +4402,7 @@ msgstr ""
 msgid "Source linked"
 msgstr ""
 
-#: 
+#:
 #~ msgid "Source name"
 #~ msgstr ""
 
@@ -4419,7 +4419,7 @@ msgstr ""
 msgid "Sources"
 msgstr ""
 
-#: 
+#:
 #~ msgid "Sources of identities, which can either be synced into authentik's database, like LDAP, or can be used by users to authenticate and enroll themselves, like OAuth and social logins"
 #~ msgstr ""
 
@@ -4448,7 +4448,7 @@ msgstr ""
 msgid "Stage Configuration"
 msgstr ""
 
-#: 
+#:
 #~ msgid "Stage binding"
 #~ msgstr ""
 
@@ -4565,17 +4565,17 @@ msgstr ""
 msgid "Status"
 msgstr ""
 
-#: 
-#: 
-#: 
-#: 
+#:
+#:
+#:
+#:
 #~ msgid "Status: Disabled"
 #~ msgstr ""
 
-#: 
-#: 
-#: 
-#: 
+#:
+#:
+#:
+#:
 #~ msgid "Status: Enabled"
 #~ msgstr ""
 
@@ -4687,8 +4687,8 @@ msgstr ""
 msgid "Successfully created rule."
 msgstr ""
 
-#: 
-#: 
+#:
+#:
 #~ msgid "Successfully created service-connection."
 #~ msgstr ""
 
@@ -4849,8 +4849,8 @@ msgstr ""
 msgid "Successfully updated rule."
 msgstr ""
 
-#: 
-#: 
+#:
+#:
 #~ msgid "Successfully updated service-connection."
 #~ msgstr ""
 
@@ -4930,7 +4930,7 @@ msgstr ""
 msgid "Symbol charset"
 msgstr ""
 
-#: 
+#:
 #~ msgid "Sync"
 #~ msgstr ""
 
@@ -4938,7 +4938,7 @@ msgstr ""
 msgid "Sync groups"
 msgstr ""
 
-#: 
+#:
 #~ msgid "Sync parent group"
 #~ msgstr ""
 
@@ -4983,7 +4983,7 @@ msgstr ""
 msgid "TLS Authentication Certificate/SSH Keypair"
 msgstr ""
 
-#: 
+#:
 #~ msgid "TLS Server name"
 #~ msgstr ""
 
@@ -5088,7 +5088,7 @@ msgstr ""
 msgid "The external URL you'll authenticate at. The authentik core server should be reachable under this URL."
 msgstr ""
 
-#: 
+#:
 #~ msgid "The following objects use {0}:"
 #~ msgstr ""
 
@@ -5192,7 +5192,7 @@ msgstr ""
 msgid "Time offset when temporary users should be deleted. This only applies if your IDP uses the NameID Format 'transient', and the user doesn't log out manually. (Format: hours=1;minutes=2;seconds=3)."
 msgstr ""
 
-#: 
+#:
 #~ msgid "Time-based One-Time Passwords"
 #~ msgstr ""
 
@@ -5231,8 +5231,8 @@ msgstr ""
 msgid "To use SSL instead, use 'ldaps://' and disable this option."
 msgstr ""
 
-#: 
-#: 
+#:
+#:
 #~ msgid "Token"
 #~ msgstr ""
 
@@ -5431,7 +5431,7 @@ msgstr ""
 msgid "Unknown"
 msgstr ""
 
-#: 
+#:
 #~ msgid "Unmanaged"
 #~ msgstr ""
 
@@ -5653,7 +5653,7 @@ msgid "Use the username and password below to authenticate. The password can be
 msgstr ""
 
 #: src/pages/providers/proxy/ProxyProviderForm.ts
-msgid "Use this provider with nginx's auth_request or traefik's forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /akprox must be routed to the outpost (when using a manged outpost, this is done for you)."
+msgid "Use this provider with nginx's auth_request or traefik's forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /outpost.goauthentik.io must be routed to the outpost (when using a manged outpost, this is done for you)."
 msgstr ""
 
 #: src/pages/providers/proxy/ProxyProviderForm.ts
@@ -5694,8 +5694,8 @@ msgstr ""
 #~ msgid "User Reputation"
 #~ msgstr ""
 
-#: 
-#: 
+#:
+#:
 #~ msgid "User Settings"
 #~ msgstr ""
 
@@ -5964,7 +5964,7 @@ msgstr ""
 msgid "WebAuthn Authenticators"
 msgstr ""
 
-#: 
+#:
 #~ msgid "WebAuthn Devices"
 #~ msgstr ""
 
@@ -6104,11 +6104,11 @@ msgstr ""
 msgid "app1 running on app1.example.com"
 msgstr ""
 
-#: 
+#:
 #~ msgid "authentik Builtin Database"
 #~ msgstr ""
 
-#: 
+#:
 #~ msgid "authentik LDAP Backend"
 #~ msgstr ""
 
diff --git a/web/src/locales/tr.po b/web/src/locales/tr.po
index 2725fc0bb..7c0761d34 100644
--- a/web/src/locales/tr.po
+++ b/web/src/locales/tr.po
@@ -5558,8 +5558,8 @@ msgid "Use the username and password below to authenticate. The password can be
 msgstr "Kimlik doğrulaması için aşağıdaki kullanıcı adı ve parolayı kullanın. Parola daha sonra Belirteçler sayfasından alınabilir."
 
 #: src/pages/providers/proxy/ProxyProviderForm.ts
-msgid "Use this provider with nginx's auth_request or traefik's forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /akprox must be routed to the outpost (when using a manged outpost, this is done for you)."
-msgstr "Bu sağlayıcıyı nginx'in auth_request veya traefik's forwardAuth ile kullanın. Her uygulama/etki alanının kendi sağlayıcısına ihtiyacı vardır. Ayrıca, her etki alanında /akprox üsse yönlendirilmelidir (manged bir üs kullanırken, bu sizin için yapılır)."
+msgid "Use this provider with nginx's auth_request or traefik's forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /outpost.goauthentik.io must be routed to the outpost (when using a manged outpost, this is done for you)."
+msgstr "Bu sağlayıcıyı nginx'in auth_request veya traefik's forwardAuth ile kullanın. Her uygulama/etki alanının kendi sağlayıcısına ihtiyacı vardır. Ayrıca, her etki alanında /outpost.goauthentik.io üsse yönlendirilmelidir (manged bir üs kullanırken, bu sizin için yapılır)."
 
 #: src/pages/providers/proxy/ProxyProviderForm.ts
 msgid "Use this provider with nginx's auth_request or traefik's forwardAuth. Only a single provider is required per root domain. You can't do per-application authorization, but you don't have to create a provider for each application."
diff --git a/web/src/locales/zh-Hans.po b/web/src/locales/zh-Hans.po
index d9d42e5c7..991edf419 100644
--- a/web/src/locales/zh-Hans.po
+++ b/web/src/locales/zh-Hans.po
@@ -1,8 +1,8 @@
-# 
+#
 # Translators:
 # Chen Zhikai, 2022
 # 刘松, 2022
-# 
+#
 msgid ""
 msgstr ""
 "Project-Id-Version: \n"
@@ -5691,11 +5691,11 @@ msgstr "使用下面的用户名和密码进行身份验证。稍后可以在令
 msgid ""
 "Use this provider with nginx's auth_request or traefik's forwardAuth. Each "
 "application/domain needs its own provider. Additionally, on each domain, "
-"/akprox must be routed to the outpost (when using a manged outpost, this is "
+"/outpost.goauthentik.io must be routed to the outpost (when using a manged outpost, this is "
 "done for you)."
 msgstr ""
 "将此提供程序与 nginx 的 auth_request 或 traefik 的 ForwardAuth "
-"一起使用。每个应用程序/域都需要自己的提供商。此外，在每个域上，/akprox必须路由到 Outpost（使用托管 Outpost "
+"一起使用。每个应用程序/域都需要自己的提供商。此外，在每个域上，/outpost.goauthentik.io必须路由到 Outpost（使用托管 Outpost "
 "时，这是为您完成的）。"
 
 #: src/pages/providers/proxy/ProxyProviderForm.ts
diff --git a/web/src/locales/zh-Hant.po b/web/src/locales/zh-Hant.po
index 6dabfdc35..08554a7d8 100644
--- a/web/src/locales/zh-Hant.po
+++ b/web/src/locales/zh-Hant.po
@@ -1,8 +1,8 @@
-# 
+#
 # Translators:
 # Chen Zhikai, 2022
 # 刘松, 2022
-# 
+#
 msgid ""
 msgstr ""
 "Project-Id-Version: \n"
@@ -5691,11 +5691,11 @@ msgstr "使用下面的用户名和密码进行身份验证。稍后可以在令
 msgid ""
 "Use this provider with nginx's auth_request or traefik's forwardAuth. Each "
 "application/domain needs its own provider. Additionally, on each domain, "
-"/akprox must be routed to the outpost (when using a manged outpost, this is "
+"/outpost.goauthentik.io must be routed to the outpost (when using a manged outpost, this is "
 "done for you)."
 msgstr ""
 "将此提供程序与 nginx 的 auth_request 或 traefik 的 ForwardAuth "
-"一起使用。每个应用程序/域都需要自己的提供商。此外，在每个域上，/akprox必须路由到 Outpost（使用托管 Outpost "
+"一起使用。每个应用程序/域都需要自己的提供商。此外，在每个域上，/outpost.goauthentik.io必须路由到 Outpost（使用托管 Outpost "
 "时，这是为您完成的）。"
 
 #: src/pages/providers/proxy/ProxyProviderForm.ts
diff --git a/web/src/locales/zh_TW.po b/web/src/locales/zh_TW.po
index a34a217b2..f9d73df85 100644
--- a/web/src/locales/zh_TW.po
+++ b/web/src/locales/zh_TW.po
@@ -1,8 +1,8 @@
-# 
+#
 # Translators:
 # Chen Zhikai, 2022
 # 刘松, 2022
-# 
+#
 msgid ""
 msgstr ""
 "Project-Id-Version: \n"
@@ -5691,11 +5691,11 @@ msgstr "使用下面的用户名和密码进行身份验证。稍后可以在令
 msgid ""
 "Use this provider with nginx's auth_request or traefik's forwardAuth. Each "
 "application/domain needs its own provider. Additionally, on each domain, "
-"/akprox must be routed to the outpost (when using a manged outpost, this is "
+"/outpost.goauthentik.io must be routed to the outpost (when using a manged outpost, this is "
 "done for you)."
 msgstr ""
 "将此提供程序与 nginx 的 auth_request 或 traefik 的 ForwardAuth "
-"一起使用。每个应用程序/域都需要自己的提供商。此外，在每个域上，/akprox必须路由到 Outpost（使用托管 Outpost "
+"一起使用。每个应用程序/域都需要自己的提供商。此外，在每个域上，/outpost.goauthentik.io必须路由到 Outpost（使用托管 Outpost "
 "时，这是为您完成的）。"
 
 #: src/pages/providers/proxy/ProxyProviderForm.ts
diff --git a/web/src/pages/providers/proxy/ProxyProviderForm.ts b/web/src/pages/providers/proxy/ProxyProviderForm.ts
index 0f920e679..0a2f7212f 100644
--- a/web/src/pages/providers/proxy/ProxyProviderForm.ts
+++ b/web/src/pages/providers/proxy/ProxyProviderForm.ts
@@ -214,7 +214,7 @@ export class ProxyProviderFormPage extends ModelForm<ProxyProvider, number> {
                     </ak-form-element-horizontal>`;
             case ProxyMode.ForwardSingle:
                 return html`<p class="pf-u-mb-xl">
-                        ${t`Use this provider with nginx's auth_request or traefik's forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /akprox must be routed to the outpost (when using a manged outpost, this is done for you).`}
+                        ${t`Use this provider with nginx's auth_request or traefik's forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /outpost.goauthentik.io must be routed to the outpost (when using a manged outpost, this is done for you).`}
                     </p>
                     <ak-form-element-horizontal
                         label=${t`External host`}
diff --git a/website/docs/outposts/embedded/embedded.md b/website/docs/outposts/embedded/embedded.md
index f4a6d643a..7c9420c97 100644
--- a/website/docs/outposts/embedded/embedded.md
+++ b/website/docs/outposts/embedded/embedded.md
@@ -26,7 +26,7 @@ Make sure to set it to full URL, only configuring a hostname or FQDN will not wo
 Routing is handled like this:
 
 1. Paths starting with `/static`, `/media` and `/help` return packaged CSS/JS files, and user-uploaded media files.
-2. Paths starting with `/akprox` are sent to the embedded outpost.
+2. Paths starting with `/outpost.goauthentik.io` are sent to the embedded outpost.
 3. Any hosts configured in the providers assigned to the embedded outpost are sent to the outpost.
 4. Everything remaining is sent to the authentik backend server.
 
diff --git a/website/docs/outposts/integrations/docker.md b/website/docs/outposts/integrations/docker.md
index 4c67496d1..fe3dd8fea 100644
--- a/website/docs/outposts/integrations/docker.md
+++ b/website/docs/outposts/integrations/docker.md
@@ -26,7 +26,7 @@ The container is created with the following hardcoded properties:
     - `traefik.http.routers.ak-outpost-<outpost-name>-router.rule`: `Host(...)`
     - `traefik.http.routers.ak-outpost-<outpost-name>-router.service`: `ak-outpost-<outpost-name>-service`
     - `traefik.http.routers.ak-outpost-<outpost-name>-router.tls`: "true"
-    - `traefik.http.services.ak-outpost-<outpost-name>-service.loadbalancer.healthcheck.path`: "/akprox/ping"
+    - `traefik.http.services.ak-outpost-<outpost-name>-service.loadbalancer.healthcheck.path`: "/outpost.goauthentik.io/ping"
     - `traefik.http.services.ak-outpost-<outpost-name>-service.loadbalancer.healthcheck.port`: "9300"
     - `traefik.http.services.ak-outpost-<outpost-name>-service.loadbalancer.server.port`: "9000"
 
diff --git a/website/docs/providers/proxy/_nginx_ingress.md b/website/docs/providers/proxy/_nginx_ingress.md
index 41f4475f5..2262bf2ec 100644
--- a/website/docs/providers/proxy/_nginx_ingress.md
+++ b/website/docs/providers/proxy/_nginx_ingress.md
@@ -15,7 +15,7 @@ spec:
           # See https://kubernetes.io/docs/concepts/services-networking/service/#externalname
           serviceName: ak-outpost-example-outpost
           servicePort: 9000
-        path: /akprox
+        path: /outpost.goauthentik.io
 ```
 
 This ingress handles authentication requests, and the sign-in flow.
@@ -26,9 +26,9 @@ Add these annotations to the ingress you want to protect
 metadata:
   annotations:
     nginx.ingress.kubernetes.io/auth-url: |
-      https://outpost.company/akprox/auth/nginx
+      https://outpost.company/outpost.goauthentik.io/auth/nginx
     nginx.ingress.kubernetes.io/auth-signin: |
-      https://outpost.company/akprox/start?rd=$escaped_request_uri
+      https://outpost.company/outpost.goauthentik.io/start?rd=$escaped_request_uri
     nginx.ingress.kubernetes.io/auth-response-headers: |
       Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid
     nginx.ingress.kubernetes.io/auth-snippet: |
diff --git a/website/docs/providers/proxy/_nginx_proxy_manager.md b/website/docs/providers/proxy/_nginx_proxy_manager.md
index 14a473c76..426adee10 100644
--- a/website/docs/providers/proxy/_nginx_proxy_manager.md
+++ b/website/docs/providers/proxy/_nginx_proxy_manager.md
@@ -12,8 +12,8 @@ location / {
     proxy_pass          $forward_scheme://$server:$port;
 
     # authentik-specific config
-    auth_request        /akprox/auth/nginx;
-    error_page          401 = @akprox_signin;
+    auth_request        /outpost.goauthentik.io/auth/nginx;
+    error_page          401 = @goauthentik_proxy_signin;
     auth_request_set $auth_cookie $upstream_http_set_cookie;
     add_header Set-Cookie $auth_cookie;
 
@@ -31,9 +31,9 @@ location / {
     proxy_set_header X-authentik-uid $authentik_uid;
 }
 
-# all requests to /akprox must be accessible without authentication
-location /akprox {
-    proxy_pass          http://outpost.company:9000/akprox;
+# all requests to /outpost.goauthentik.io must be accessible without authentication
+location /outpost.goauthentik.io {
+    proxy_pass          http://outpost.company:9000/outpost.goauthentik.io;
     # ensure the host of this vserver matches your external URL you've configured
     # in authentik
     proxy_set_header    Host $host;
@@ -44,9 +44,9 @@ location /akprox {
 
 # Special location for when the /auth endpoint returns a 401,
 # redirect to the /start URL which initiates SSO
-location @akprox_signin {
+location @goauthentik_proxy_signin {
     internal;
     add_header Set-Cookie $auth_cookie;
-    return 302 /akprox/start?rd=$request_uri;
+    return 302 /outpost.goauthentik.io/start?rd=$request_uri;
 }
 ```
diff --git a/website/docs/providers/proxy/_nginx_standalone.md b/website/docs/providers/proxy/_nginx_standalone.md
index 884b98c24..c9a8ec6a9 100644
--- a/website/docs/providers/proxy/_nginx_standalone.md
+++ b/website/docs/providers/proxy/_nginx_standalone.md
@@ -19,10 +19,10 @@ server {
         # proxy_pass          http://localhost:5000;
 
         # authentik-specific config
-        auth_request        /akprox/auth/nginx;
-        error_page          401 = @akprox_signin;
+        auth_request        /outpost.goauthentik.io/auth/nginx;
+        error_page          401 = @goauthentik_proxy_signin;
         # For domain level, use the below error_page to redirect to your authentik server with the full redirect path
-        # error_page          401 =302 https://authentik.company/akprox/start?rd=$scheme://$http_host$request_uri;
+        # error_page          401 =302 https://authentik.company/outpost.goauthentik.io/start?rd=$scheme://$http_host$request_uri;
         auth_request_set $auth_cookie $upstream_http_set_cookie;
         add_header Set-Cookie $auth_cookie;
 
@@ -40,9 +40,9 @@ server {
         proxy_set_header X-authentik-uid $authentik_uid;
     }
 
-    # all requests to /akprox must be accessible without authentication
-    location /akprox {
-        proxy_pass          http://outpost.company:9000/akprox;
+    # all requests to /outpost.goauthentik.io must be accessible without authentication
+    location /outpost.goauthentik.io {
+        proxy_pass          http://outpost.company:9000/outpost.goauthentik.io;
         # ensure the host of this vserver matches your external URL you've configured
         # in authentik
         proxy_set_header    Host $host;
@@ -53,10 +53,10 @@ server {
 
     # Special location for when the /auth endpoint returns a 401,
     # redirect to the /start URL which initiates SSO
-    location @akprox_signin {
+    location @goauthentik_proxy_signin {
         internal;
         add_header Set-Cookie $auth_cookie;
-        return 302 /akprox/start?rd=$request_uri;
+        return 302 /outpost.goauthentik.io/start?rd=$request_uri;
     }
 }
 ```
diff --git a/website/docs/providers/proxy/_traefik_compose.md b/website/docs/providers/proxy/_traefik_compose.md
index bd0248f2d..6ddaff9da 100644
--- a/website/docs/providers/proxy/_traefik_compose.md
+++ b/website/docs/providers/proxy/_traefik_compose.md
@@ -30,9 +30,9 @@ services:
     labels:
       traefik.enable: true
       traefik.port: 9000
-      traefik.http.routers.authentik.rule: Host(`app.company`) && PathPrefix(`/akprox/`)
+      traefik.http.routers.authentik.rule: Host(`app.company`) && PathPrefix(`/outpost.goauthentik.io/`)
       # `authentik-proxy` refers to the service name in the compose file.
-      traefik.http.middlewares.authentik.forwardauth.address: http://authentik-proxy:9000/akprox/auth/traefik
+      traefik.http.middlewares.authentik.forwardauth.address: http://authentik-proxy:9000/outpost.goauthentik.io/auth/traefik
       traefik.http.middlewares.authentik.forwardauth.trustForwardHeader: true
       traefik.http.middlewares.authentik.forwardauth.authResponseHeaders: X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid,X-authentik-jwt,X-authentik-meta-jwks,X-authentik-meta-outpost,X-authentik-meta-provider,X-authentik-meta-app,X-authentik-meta-version
     restart: unless-stopped
diff --git a/website/docs/providers/proxy/_traefik_ingress.md b/website/docs/providers/proxy/_traefik_ingress.md
index b673b1990..c48e626e7 100644
--- a/website/docs/providers/proxy/_traefik_ingress.md
+++ b/website/docs/providers/proxy/_traefik_ingress.md
@@ -7,7 +7,7 @@ metadata:
   name: authentik
 spec:
   forwardAuth:
-    address: http://outpost.company:9000/akprox/auth/traefik
+    address: http://outpost.company:9000/outpost.goauthentik.io/auth/traefik
     trustForwardHeader: true
     authResponseHeaders:
       - X-authentik-username
@@ -41,7 +41,7 @@ spec:
       services: # Unchanged
     # This part is only required for single-app setups
     - kind: Rule
-      match: "Host(`app.company`) && PathPrefix(`/akprox/`)"
+      match: "Host(`app.company`) && PathPrefix(`/outpost.goauthentik.io/`)"
       priority: 15
       services:
         - kind: Service
diff --git a/website/docs/providers/proxy/_traefik_standalone.md b/website/docs/providers/proxy/_traefik_standalone.md
index c58a2d87b..6fb1610c3 100644
--- a/website/docs/providers/proxy/_traefik_standalone.md
+++ b/website/docs/providers/proxy/_traefik_standalone.md
@@ -3,7 +3,7 @@ http:
   middlewares:
     authentik:
       forwardAuth:
-        address: http://outpost.company:9000/akprox/auth/traefik
+        address: http://outpost.company:9000/outpost.goauthentik.io/auth/traefik
         trustForwardHeader: true
         authResponseHeaders:
           - X-authentik-username
@@ -25,7 +25,7 @@ http:
       priority: 10
       services: # Unchanged
     default-router-auth:
-      match: "Host(`app.company`) && PathPrefix(`/akprox/`)"
+      match: "Host(`app.company`) && PathPrefix(`/outpost.goauthentik.io/`)"
       priority: 15
-      services: http://outpost.company:9000/akprox
+      services: http://outpost.company:9000/outpost.goauthentik.io
 ```
diff --git a/website/docs/providers/proxy/forward_auth.mdx b/website/docs/providers/proxy/forward_auth.mdx
index 76c84ccbd..84d03c474 100644
--- a/website/docs/providers/proxy/forward_auth.mdx
+++ b/website/docs/providers/proxy/forward_auth.mdx
@@ -27,7 +27,7 @@ applications to different users.
 
 The only configuration difference between single application and domain level is the host you specify.
 
-For single application, you'd use the domain which the application is running on, and only /akprox
+For single application, you'd use the domain which the application is running on, and only /outpost.goauthentik.io
 is redirected to the outpost.
 
 For domain level, you'd use the same domain as authentik.
diff --git a/website/docs/providers/proxy/proxy.md b/website/docs/providers/proxy/proxy.md
index c415ff6c6..d5ad5063f 100644
--- a/website/docs/providers/proxy/proxy.md
+++ b/website/docs/providers/proxy/proxy.md
@@ -58,11 +58,11 @@ If your upstream host is HTTPS, and you're not using forward auth, you need to a
 
 Login is done automatically when you visit the domain without a valid cookie.
 
-When using single-application mode, navigate to `app.domain.tld/akprox/sign_out`.
+When using single-application mode, navigate to `app.domain.tld/outpost.goauthentik.io/sign_out`.
 
-When using domain-level mode, navigate to `auth.domain.tld/akprox/sign_out`, where auth.domain.tld is the external host configured for the provider.
+When using domain-level mode, navigate to `auth.domain.tld/outpost.goauthentik.io/sign_out`, where auth.domain.tld is the external host configured for the provider.
 
-To log out, navigate to `/akprox/sign_out`.
+To log out, navigate to `/outpost.goauthentik.io/sign_out`.
 
 ## Allowing unauthenticated requests
 
diff --git a/website/docs/releases/v2021.8.md b/website/docs/releases/v2021.8.md
index 2fa01bdf3..1d2edce42 100644
--- a/website/docs/releases/v2021.8.md
+++ b/website/docs/releases/v2021.8.md
@@ -10,7 +10,7 @@ slug: "2021.8"
     To simplify the setup, an embedded outpost has been added. This outpost runs as part of the main authentik server, and requires no additional setup.
 
     You can simply assign providers to the embedded outpost, and either use the integrations to configure reverse proxies, or point your traffic to the main authentik server.
-    Traffic is routed based on host-header, meaning every host that has been configured as a provider and is assigned to the embedded proxy will be sent to the outpost, and every sub-path under `/akprox` is sent to the outpost too. The rest is sent to authentik itself.
+    Traffic is routed based on host-header, meaning every host that has been configured as a provider and is assigned to the embedded proxy will be sent to the outpost, and every sub-path under `/outpost.goauthentik.io` is sent to the outpost too. The rest is sent to authentik itself.
 
 - App passwords
 
diff --git a/website/docs/releases/v2022.1.md b/website/docs/releases/v2022.1.md
index 6173b6123..a508e8cde 100644
--- a/website/docs/releases/v2022.1.md
+++ b/website/docs/releases/v2022.1.md
@@ -43,7 +43,7 @@ This release mostly removes legacy fields and features that have been deprecated
 - internal: route traffic to proxy providers based on cookie domain when multiple domain-level providers exist
 - internal: use math.MaxInt for compatibility
 - lifecycle: add early check for missing/invalid secret key
-- outposts/proxyv2: allow access to /akprox urls in forward auth mode to make routing in nginx/traefik easier
+- outposts/proxyv2: allow access to /outpost.goauthentik.io urls in forward auth mode to make routing in nginx/traefik easier
 - outposts/proxyv2: fix before-redirect url not being saved in proxy mode
 - outposts/proxyv2: fix JWKS url pointing to localhost on embedded outpost
 - providers/oauth2: change default redirect uri behaviour; set first used url when blank and use star for wildcard
@@ -60,7 +60,7 @@ This release mostly removes legacy fields and features that have been deprecated
 
 ## Fixed in 2022.1.2
 
-- internal/proxyv2: only allow access to /akprox in nginx mode when forward url could be extracted
+- internal/proxyv2: only allow access to /outpost.goauthentik.io in nginx mode when forward url could be extracted
 - lib: disable backup by default, add note to configuration
 - lifecycle: replace lowercase, deprecated prometheus_multiproc_dir
 - outposts: allow custom label for docker containers