Help: authelia integration results in 404

Traefik Traefik v3 (latest)
,
1

I've been a long user of traefik v2 but moved to v3 now. I can't understand why every request goes to authelia and then results in 404.

This is my docker compose:

services:
  traefik:
    image: 'traefik:v3'
    container_name: 'traefik'
    restart: 'unless-stopped'
    security_opt:
      - 'no-new-privileges=true'
    networks:
      proxy:
        aliases:
          - 'auth.example.com'
      authelia: {}
      traefik: {}
    ports:
      - 10.8.0.2:80:80
      - 10.8.0.2:443:443
      #- '8080:8080'
    environment:
      TZ: 'America/Los_Angeles' ## see below
    volumes:
      - '/var/run/docker.sock:/var/run/docker.sock:ro'
      - './traefik/data/:/data'
      - './traefik/logs:/logs'
      - './traefik/certificates:/certificates'
    command:
      - --providers.docker=true
      - --global.sendAnonymousUsage=false
      - --providers.file.filename=/certificates/tls.yaml
      - --entryPoints.http.address=:80
      - --entryPoints.https.address=:443
      - --api=false
      - --api.dashboard=false
      - --api.insecure=false
      - --api.debug=false
      - --log=true
      - --log.level=DEBUG
      - --providers.docker.exposedByDefault=false
      - --entryPoints.http.forwardedHeaders.trustedIPs=0.0.0.0/0 # Trust all IPs (or restrict to specific ranges)
      - --entryPoints.https.forwardedHeaders.trustedIPs=0.0.0.0/0
      - --accessLog=true
      - --accesslog.format=json
      - --accesslog.fields.defaultmode=keep
      - --accesslog.fields.headers.defaultmode=keep
    labels:
      traefik.enable: 'true'
      traefik.http.routers.dashboard.rule: 'Host(`example.com`)'
      traefik.http.routers.dashboard.entrypoints: 'https'
      #traefik.http.routers.dashboard.middlewares: 'authelia@docker' < if I comment this line, the dashboard works
      traefik.http.routers.dashboard.service: 'api@internal'
      traefik.http.routers.dashboard.tls: 'true'

  authelia:
    image: 'authelia/authelia:4.38'
    container_name: 'authelia'
    security_opt:
      - 'no-new-privileges=true'
    volumes:
      - './traefik/authelia/secrets:/secrets:ro'
      - './traefik/authelia/config:/config'
      - './traefik/authelia/logs:/var/log/authelia/'
    networks:
      authelia: {}
    labels:
      traefik.enable: 'true'
      traefik.docker.network: 'authelia'
      traefik.http.routers.authelia.rule: 'Host(`auth.example.com`)'
      traefik.http.routers.authelia.entryPoints: 'http'
      traefik.http.middlewares.authelia.forwardAuth.address: 'http://authelia:9091/api/authz/forward-auth'
      traefik.http.middlewares.authelia.forwardAuth.trustForwardHeader: 'true'
      traefik.http.middlewares.authelia.forwardAuth.authResponseHeaders: 'Remote-User,Remote-Groups,Remote-Email,Remote-Name'
    environment:
      TZ: 'America/Los_Angeles'
      X_AUTHELIA_CONFIG_FILTERS: 'template'

  myservice:
    labels:
      traefik.enable: 'true'
      traefik.docker.network: 'traefik'
      traefik.http.routers.myservice.tls: 'true'
      traefik.http.routers.myservice.rule: 'Host(`myservice.example.com`)'
      traefik.http.routers.myservice.entrypoints: 'https'
      traefik.http.routers.myservice.middlewares: 'authelia@docker'
      traefik.http.services.myservice.loadbalancer.server.port: 80
    restart: unless-stopped
    networks:
      traefik: {}

networks:
  proxy:
    external: true
    name: 'proxy'
  traefik: # internal network, no outbound connections
    internal: true
    name: traefik-internal
  authelia:
    name: 'authelia'

Request logs:

authelia       | time="2025-04-07T03:08:24-07:00" level=info msg="Access to https://myservice.example.com/ (method GET) is not authorized to user <anonymous>, responding with status code 302 with location redirect to https://auth.example.com/?rd=https%3A%2F%2Fmyservice.example.com%3A8443%2F&rm=GET" method=GET path=/api/authz/forward-auth remote_ip=45.129.56.144
traefik        | 2025-04-07T03:08:24-07:00 DBG github.com/traefik/traefik/v3/pkg/middlewares/auth/forward.go:223 > Remote error http://authelia:9091/api/authz/forward-auth. StatusCode: 302 middlewareName=authelia@docker middlewareType=ForwardAuth
traefik        | {"ClientAddr":"10.8.0.1:50738","ClientHost":"100.100.100.100","ClientPort":"50738","ClientUsername":"-","DownstreamContentSize":114,"DownstreamStatus":302,"Duration":26348409,"GzipRatio":0,"OriginContentSize":0,"OriginDuration":0,"OriginStatus":0,"Overhead":26348409,"RequestAddr":"myservice.example.com","RequestContentSize":0,"RequestCount":3,"RequestHost":"myservice.example.com","RequestMethod":"GET","RequestPath":"/", ...
traefik        | 2025-04-07T03:08:24-07:00 DBG github.com/traefik/traefik/v3/pkg/tls/tlsmanager.go:228 > Serving default certificate for request: "example.com"