authelia: forwardauth with traefik 2.0 doesn't appear to work
I have this, straightforward, docker-compose.yml and traefik is just bypassing forwardauth, I think, though I don’t know why. What am i doing wrong?
version: "3.7"
services:
authelia:
image: clems4ever/authelia:v3.15.0
container_name: authelia
labels:
- "traefik.enable=true"
- "traefik.http.routers.auth.rule=Host(`authelia.example.com`)"
- "traefik.http.routers.auth.entrypoints=web"
- "traefik.http.services.auth.loadBalancer.server.port=:9091"
volumes:
- ./authelia_config.yml:/etc/authelia/config.yml:ro
traefik:
image: traefik:v2.0
command:
- "--log.level=DEBUG"
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
ports:
- "80:80"
- "443:443"
- "8080:8080"
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
whoami:
image: "containous/whoami"
container_name: "whoami"
labels:
- "traefik.enable=true"
- "traefik.http.routers.whoami.rule=Host(`example.com`)"
- "traefik.http.routers.whoami.middlewares=authme"
- "traefik.http.middlewares.authme.forwardauth.address=http://authelia:9091"
- "traefik.http.middlewares.authme.forwardauth.trustforwardheader=true"
- "traefik.http.middlewares.authme.forwardauth.authresponseheaders=X-Forwarded-User"
curl -H Host:example.com http://localhost
Hostname: c308a2f5468a
IP: 127.0.0.1
IP: 192.168.16.3
RemoteAddr: 192.168.16.2:41250
GET / HTTP/1.1
Host: example.com
User-Agent: curl/7.58.0
Accept: */*
Accept-Encoding: gzip
X-Forwarded-For: 192.168.16.1
X-Forwarded-Host: example.com
X-Forwarded-Port: 80
X-Forwarded-Proto: http
X-Forwarded-Server: 6e5c7bd69ec5
X-Real-Ip: 192.168.16.1
About this issue
- Original URL
- State: closed
- Created 5 years ago
- Comments: 16 (13 by maintainers)
I just tried to add
- traefik.frontend.auth.forward.address=http://192.168.240.1:9091/api/verify?rd=https://login.example.com:8080/%23/
to my docker-compose to make authelia work with traefik 2.0, how would the 2.0 notation look like?
- "traefik.http.middlewares.authme.forwardauth.address=http://authelia:9091/api/verify?rd=http://whoami:80/%23/"
Some thing like this?
Edit: Got it working with traefik 2.0, full setup documentation
- "traefik.http.middlewares.authme.forwardauth.address=http://authelia:8080/api/verify?rd=https://auth.${DOMAINNAME}/%23/"