1.2 KiB
BunkerWeb + Authentik (Forward Auth, Domain Level)
This example protects two demo applications (app1 and app2) behind a single Authentik instance using the Forward auth (domain level) mode. BunkerWeb sits in front of everything as the reverse proxy and Web Application Firewall, calls the Authentik outpost on each request via auth_request, and redirects unauthenticated users to the Authentik sign-in flow.
The Authentik stack (server, worker, postgresql) tracks the upstream docker-compose reference for 2026.2+ and no longer needs Redis. An Authentik blueprint auto-provisions the forward-auth providers, applications and the embedded outpost binding, so both apps work out of the box without any manual click-through in the Authentik admin UI.
Supported integrations: docker-compose.yml, autoconf.yml and kubernetes.yml.
See the BunkerWeb documentation for the full configuration reference.