7b6eee49c4
Apps with their own user auth + bearer-token APIs were being broken by Traefik → Authentik forward-auth: every iOS/Android/native client got a 302 to authentik.viktorbarzin.me instead of the JSON they expected. Authentik's 302+cookie dance can only be followed by a real browser. Changed: - immich (Immich mobile app + bearer-token /api) - linkwarden (NextAuth + Linkwarden mobile clients) - tandoor (Django auth + Tandoor mobile clients) - freshrss (Fever/GReader API used by Reeder/FeedMe/etc.) - affine (workspace auth + AFFiNE desktop/mobile sync) - actualbudget (server password + Actual mobile/sync clients) - ebooks/abs (Audiobookshelf iOS/Android app) Each app's own auth is the gate now. CrowdSec + rate-limit + anti-AI UA filter still front the ingresses. Same pattern as the novelapp change earlier this session. [ci skip] |
||
|---|---|---|
| .. | ||
| .terraform.lock.hcl | ||
| backend.tf | ||
| main.tf | ||
| providers.tf | ||
| secrets | ||
| terragrunt.hcl | ||