It seems to me connection to the forward-auth middleware get stuck if there is a failover. Some context:
Node proxy1 and proxy2 run traefik, authelia and keepalived, they are master/backup on a VIP that I call proxy.
Users are consuming traefik on https://proxy:443 wich has a forward-auth middleware on 443 entrypoint for which the address is set to https://proxy:8443/api/... which is another entrypoint but without middleware and on which only authelia router runs.
All runs smoothly, I can even browse the API of traefik on proxy2 through proxy1 as https://traefik-proxy2.proxy since both proxy1 and then proxy2 will make auth request to authelia running on proxy=proxy1 as it's master.
Now when I take down proxy1, keepalived detects it properly and proxy2 takes the VIP properly, but it seems to me the connection to proxy:8443 is stuck and as a user nothing is working since everything is behind proxy=proxy2:443 entrypoint that has a forward-auth middleware. As soon as I restart traefik on proxy2 all starts working again as it properly establishes a connection to the forward-auth to the vip (itself proxy2 now) so only impact is users have to open a new session (as both instances of authelia don't share a session database in my setup) but I had to restart traefik for this to work, I would like to avoid this.
And when I restore proxy1 the same thing happens in reverse: everything works fine since proxy1 is master and authenticate everything against itself on port 8443 but when browsing to https://traefik-proxy2.proxy then it fails until I restart traefik on proxy2 when it magically starts to work again.
I have no connection tracking between these nodes, I would like them to work as failover nodes and I don't mind connection being reset, but here it seems to me traefik is not handling it correctly when there is a switch from master to backup for the url of the forward auth middleware. Only thing it has to do is close the TCP connection for which I guess it should have recieved a RST anyway then retry but it fails to do it...
Any idea how to solve this?