Dont understand howto use middlewares to perform double authentification with Authelia

Traefik Traefik v2
,
1

Hi,
I don't see why in my configuration https://github.com/tygerlord/myhome/blob/main/docker-compose.yml I'm not landing on Authelia login page? Resource are still accessible like if middleware never be called. :face_with_head_bandage:

2

Hi @tygerlord,
Here is my working example on using authelia : make-my-server/authelia at authelia · tomMoulard/make-my-server · GitHub
My configuration is using traefik 1.7, I think you will be able to translate it to Traefik 2.4 with ease.
(Don't use traefik:lastest on your docker-compose.yml, use traefik:2.4 btw)

3

Thank you, 1.7 is quite different from 2.4, but at least I learn something : the keyword "healthcheck" in docker compose, great!!
2.4 seem to use "middlewares" to perform request via third application and I don't view this in your config. I will try to define like you by resources if I can't resolve my problem, but I will prefer to use "middlewares" mechanism if possible...

4

I've got another branch with traefik v2 to do a pr soon : GitHub - tomMoulard/make-my-server at traefik-v2

You'll find that I use basic auth middle ware by default to authorize users:
I define the middleware here (to use environments variables):

And I use it like this

Otherwise, use the dynamic conf file provider make-my-server/middlewares.yml at traefik-v2 · tomMoulard/make-my-server · GitHub

5

Ah yes, I've not seen this.

It's what it used to be, I define my middlewares like this:

   labels:
      - "traefik.enable=false"
      - "traefik.http.routers.api.rule=PathPrefix(`/api`)||PathPrefix(`/dashboard`)"
      - "traefik.http.routers.api.service=api@internal"
      - "traefik.http.routers.api.entrypoints=http"
      - "traefik.http.services.api.loadbalancer.server.port=80"
      - "traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/verify?rd=https://${MYHOME_TRAEFIK_DOMAIN}/authelia"
    - "traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true"
    - "traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User, Remote-Groups, Remote-Name, Remote-Email"

And use it in resource like this:

    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.shellinabox.rule=Host(`${MYHOME_TRAEFIK_DOMAIN}`)&&PathPrefix(`/shellinabox`)"
      - "traefik.http.routers.shellinabox.entrypoints=https"
      - "traefik.http.routers.shellinabox.tls=true"
      - "traefik.http.routers.shellinabox.tls.certresolver=myhomeresolver"
      - "traefik.http.routers.shellinbox.middlewares=authelia"
      - "traefik.http.services.shellinabox.loadbalancer.server.port=4200"

I've tried too

  - "traefik.http.routers.shellinbox.middlewares=authelia@docker"

Unfortunately, in each case I have access with no logging to the resource.