docs: Add complete Authentik nginx configuration to README

README.md

@@ -95,6 +95,7 @@ A modern event RSVP management system with customizable backgrounds and item coo
 This application is compatible with Authentik using a proxy provider (single application). To protect the admin routes, add the following configuration to your nginx config:
 
 ```nginx
+# Protected routes
 location ~ (/create|/admin) {
     proxy_pass	$forward_scheme://$server:$port;
     auth_request /outpost.goauthentik.io/auth/nginx;
@@ -114,12 +115,34 @@ location ~ (/create|/admin) {
     proxy_set_header X-authentik-uid $authentik_uid;
     proxy_set_header Authorization $authentik_authorization;
 }
+
+# Authentik outpost configuration
+location /outpost.goauthentik.io {
+    proxy_pass	http://<YOUR_AUTHENTIK_URL>/outpost.goauthentik.io;
+    proxy_set_header        Host $host;
+    proxy_set_header        X-Original-URL $scheme://$http_host$request_uri;
+    add_header              Set-Cookie $auth_cookie;
+    auth_request_set        $auth_cookie $upstream_http_set_cookie;
+    proxy_pass_request_body off;
+    proxy_set_header        Content-Length "";
+}
+
+# Authentik signin redirect
+location @goauthentik_proxy_signin {
+    internal;
+    add_header Set-Cookie $auth_cookie;
+    return 302 /outpost.goauthentik.io/start?rd=$request_uri;
+}
 ```
 
 This configuration will:
 - Protect the `/create` and `/admin` routes with Authentik authentication
 - Redirect unauthenticated users to the Authentik login page
 - Pass through Authentik user information in headers after successful authentication
+- Handle the authentication flow through the Authentik outpost
+- Properly manage cookies and headers for the authentication process
+
+Note: Replace `<YOUR_AUTHENTIK_URL>` with your actual Authentik instance URL.
 
 ## License