diff --git a/internalproxy/templates/duplicati-ingress.yaml b/internalproxy/templates/duplicati-ingress.yaml
index 6489633..eeca6b9 100644
--- a/internalproxy/templates/duplicati-ingress.yaml
+++ b/internalproxy/templates/duplicati-ingress.yaml
@@ -35,9 +35,14 @@ metadata:
     kubernetes.io/ingress.class: nginx
     cert-manager.io/cluster-issuer: letsencrypt-production 
     nginx.ingress.kubernetes.io/whitelist-source-range: "192.168.0.0/16"
-#    nginx.ingress.kubernetes.io/auth-response-headers: Authorization
-#    nginx.ingress.kubernetes.io/auth-url: http://oauth2-proxy.oauth2-proxy.svc.cluster.local/oauth2/auth
-#   nginx.ingress.kubernetes.io/auth-signin: https://oauth.durp.info/oauth2/start?rd=https://$host$request_uri$is_args$args
+    nginx.ingress.kubernetes.io/auth-url: |-
+        http://ak-outpost-authentik-embedded-outpost.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/nginx
+    nginx.ingress.kubernetes.io/auth-signin: |-
+        https://duplicati.internal.durp.info/outpost.goauthentik.io/start?rd=$escaped_request_uri
+    nginx.ingress.kubernetes.io/auth-response-headers: |-
+        Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid
+    nginx.ingress.kubernetes.io/auth-snippet: |
+        proxy_set_header X-Forwarded-Host $http_host;
 spec:
   rules:
   - host: duplicati.internal.durp.info