diff --git a/Deployments/traefik-middlewares.yaml b/Deployments/traefik-middlewares.yaml
new file mode 100644
index 0000000..633932e
--- /dev/null
+++ b/Deployments/traefik-middlewares.yaml
@@ -0,0 +1,40 @@
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  namespace: traefik
+  name: longhorn-authentik-forward
+spec:
+  forwardAuth:
+    address: http://longhorn.roxedus.com/outpost.goauthentik.io/auth/traefik
+    trustForwardHeader: true
+    authResponseHeaders:
+      - X-authentik-username
+      - X-authentik-groups
+      - X-authentik-email
+      - X-authentik-name
+      - X-authentik-uid
+      - X-authentik-jwt
+      - X-authentik-meta-jwks
+      - X-authentik-meta-outpost
+      - X-authentik-meta-provider
+      - X-authentik-meta-app
+      - X-authentik-meta-version
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: authentik-foorward-wildcard
+spec:
+  rules:
+    - host: "*.roxedus.com"
+
+      http:
+        paths:
+          - pathType: Prefix
+            path: "/outpost.goauthentik.io/"
+            backend:
+              service:
+                name: ak-outpost-localcluster
+                port:
+                  number: 9000
diff --git a/apps/templates/longhorn.yaml b/apps/templates/longhorn.yaml
index fa71e5e..0d6c7f8 100644
--- a/apps/templates/longhorn.yaml
+++ b/apps/templates/longhorn.yaml
@@ -38,6 +38,7 @@ spec:
           annotations:
             cert-manager.io/acme-challenge-type: dns01
             cert-manager.io/cluster-issuer: roxedus.com-cloudflare
+            traefik.ingress.kubernetes.io/router.middlewares: authentik-forward@kubernetes
           host: longhorn.roxedus.com
           tls: true
           tlsSecret: longhorn-roxedus-com-cert