providers/proxy: connect ingress to https instead of http

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#882

authentik/providers/proxy/controllers/k8s/ingress.py

@@ -84,6 +84,7 @@ class IngressReconciler(KubernetesObjectReconciler[NetworkingV1beta1Ingress]):
             "traefik.ingress.kubernetes.io/affinity": "true",
             "nginx.ingress.kubernetes.io/proxy-buffers-number": "4",
             "nginx.ingress.kubernetes.io/proxy-buffer-size": "16k",
+            "nginx.ingress.kubernetes.io/backend-protocol": "HTTPS"
         }
         annotations.update(
             self.controller.outpost.config.kubernetes_ingress_annotations
@@ -113,7 +114,7 @@ class IngressReconciler(KubernetesObjectReconciler[NetworkingV1beta1Ingress]):
                             NetworkingV1beta1HTTPIngressPath(
                                 backend=NetworkingV1beta1IngressBackend(
                                     service_name=self.name,
-                                    service_port="http",
+                                    service_port="https",
                                 ),
                                 path="/akprox",
                             )

website/docs/outposts/proxy.mdx

@@ -15,6 +15,14 @@ Additionally, you can set `additionalHeaders` on groups or users to set addition
 
 If you enable *Set HTTP-Basic Authentication* option, the HTTP Authorization header is being set.
 
+# HTTPS
+
+The outpost listens on both 4180 for HTTP and 4443 for HTTPS.
+
+:::warning
+If your upstream host is HTTPS, and you're not using forward auth, you need to access the outpost over HTTPS too.
+:::
+
 # Forward auth
 
 To use forward auth instead of proxying, you have to change a couple of settings. In the Proxy Provider, make sure to enable `Enable forward-auth mode` on the provider.