Accessing applications behind Teleport provides a secure way of logging into applications through HTTPS as well as behind the Teleport OTP.
Assuming your Teleport URL is as follows:
ssh.yourdomain.com
And your Unifi controller has the the following URL:
unifi.ssh.yourdomain.com
You’ll find that you encounter a 403 error upon login to your Unifi controller. In order to solve this, use the following app config in your /etc/teleport.yml:
app_service:
enabled: "yes"
debug_app: false
apps:
- name: unifi
uri: https://localhost:8443
public_addr: ""
insecure_skip_verify: true
rewrite:
headers:
- "Origin: https://unifi.ssh.yourdomain.com"
- "Host: unifi.ssh.yourdomain.com"
The important parts to take note of are the Origin and Host parts. Be sure to restart teleport after the config change and the 403 error will be a thing of the past.