authelia: forwardauth with traefik 2.0 doesn't appear to work

I have this, straightforward, docker-compose.yml and traefik is just bypassing forwardauth, I think, though I don’t know why. What am i doing wrong?

version: "3.7"

services:

  authelia:
    image: clems4ever/authelia:v3.15.0
    container_name: authelia
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.auth.rule=Host(`authelia.example.com`)"
      - "traefik.http.routers.auth.entrypoints=web"
      - "traefik.http.services.auth.loadBalancer.server.port=:9091"
    volumes:
      - ./authelia_config.yml:/etc/authelia/config.yml:ro

  traefik:
    image: traefik:v2.0
    command:
      - "--log.level=DEBUG"
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.web.address=:80"
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro

  whoami:
    image: "containous/whoami"
    container_name: "whoami"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.whoami.rule=Host(`example.com`)"
      - "traefik.http.routers.whoami.middlewares=authme"
      - "traefik.http.middlewares.authme.forwardauth.address=http://authelia:9091"
      - "traefik.http.middlewares.authme.forwardauth.trustforwardheader=true"
      - "traefik.http.middlewares.authme.forwardauth.authresponseheaders=X-Forwarded-User"
curl -H Host:example.com http://localhost
Hostname: c308a2f5468a
IP: 127.0.0.1
IP: 192.168.16.3
RemoteAddr: 192.168.16.2:41250
GET / HTTP/1.1
Host: example.com
User-Agent: curl/7.58.0
Accept: */*
Accept-Encoding: gzip
X-Forwarded-For: 192.168.16.1
X-Forwarded-Host: example.com
X-Forwarded-Port: 80
X-Forwarded-Proto: http
X-Forwarded-Server: 6e5c7bd69ec5
X-Real-Ip: 192.168.16.1

About this issue

  • Original URL
  • State: closed
  • Created 5 years ago
  • Comments: 16 (13 by maintainers)

Most upvoted comments

I just tried to add

- traefik.frontend.auth.forward.address=http://192.168.240.1:9091/api/verify?rd=https://login.example.com:8080/%23/

to my docker-compose to make authelia work with traefik 2.0, how would the 2.0 notation look like?

- "traefik.http.middlewares.authme.forwardauth.address=http://authelia:9091/api/verify?rd=http://whoami:80/%23/"

Some thing like this?

Edit: Got it working with traefik 2.0, full setup documentation - "traefik.http.middlewares.authme.forwardauth.address=http://authelia:8080/api/verify?rd=https://auth.${DOMAINNAME}/%23/"