From 16f0f89a9d9af7669ebed360c84e76f5d8f15026 Mon Sep 17 00:00:00 2001
From: Jens Langhammer <jens.langhammer@beryju.org>
Date: Sun, 8 Aug 2021 15:39:52 +0200
Subject: [PATCH] outpost/embedded: fix embedded outpost redirecting to
 localhost

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
---
 internal/outpost/proxy/api_bundle.go | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/internal/outpost/proxy/api_bundle.go b/internal/outpost/proxy/api_bundle.go
index d819ed2b9..34d3f3050 100644
--- a/internal/outpost/proxy/api_bundle.go
+++ b/internal/outpost/proxy/api_bundle.go
@@ -35,6 +35,12 @@ func intToPointer(i int) *int {
 	return &i
 }
 
+func (pb *providerBundle) replaceLocal(url string) string {
+	f := strings.ReplaceAll(url, "localhost:8000", pb.s.ak.Client.GetConfig().Host)
+	f = strings.ReplaceAll(f, "http", pb.s.ak.Client.GetConfig().Scheme)
+	return f
+}
+
 func (pb *providerBundle) prepareOpts(provider api.ProxyOutpostConfig) *options.Options {
 	externalHost, err := url.Parse(provider.ExternalHost)
 	if err != nil {
@@ -54,12 +60,12 @@ func (pb *providerBundle) prepareOpts(provider api.ProxyOutpostConfig) *options.
 	providerOpts.Cookie.Secure = externalHost.Scheme == "https"
 
 	providerOpts.SkipOIDCDiscovery = true
-	providerOpts.OIDCIssuerURL = provider.OidcConfiguration.Issuer
-	providerOpts.LoginURL = provider.OidcConfiguration.AuthorizationEndpoint
-	providerOpts.RedeemURL = provider.OidcConfiguration.TokenEndpoint
-	providerOpts.OIDCJwksURL = provider.OidcConfiguration.JwksUri
-	providerOpts.ProfileURL = provider.OidcConfiguration.UserinfoEndpoint
-	providerOpts.ValidateURL = provider.OidcConfiguration.UserinfoEndpoint
+	providerOpts.OIDCIssuerURL = pb.replaceLocal(provider.OidcConfiguration.Issuer)
+	providerOpts.LoginURL = pb.replaceLocal(provider.OidcConfiguration.AuthorizationEndpoint)
+	providerOpts.RedeemURL = pb.replaceLocal(provider.OidcConfiguration.TokenEndpoint)
+	providerOpts.OIDCJwksURL = pb.replaceLocal(provider.OidcConfiguration.JwksUri)
+	providerOpts.ProfileURL = pb.replaceLocal(provider.OidcConfiguration.UserinfoEndpoint)
+	providerOpts.ValidateURL = pb.replaceLocal(provider.OidcConfiguration.UserinfoEndpoint)
 	providerOpts.AcrValues = "goauthentik.io/providers/oauth2/default"
 
 	if *provider.SkipPathRegex != "" {