I do not understand middlewares in @file config

Traefik Traefik v3 (latest)
,
1

I use Traefik to reverse-proxy to containers, and to static (bare metal) services.
I want all the services to go through an Authelia middleware

The docker-managed services all work fine: they load without information in the logs and when I go to `http://.my.domain.eu` I land on the expected docker service.

The Authelia middleware configuration is done via relevant docker labels on Traefik:

  traefik:
    image: traefik:3
    volumes:
      - proxy_traefik:/config
      - /var/run/docker.sock:/var/run/docker.sock:ro
    labels:
      - traefik.enable=true
      - traefik.http.routers.traefik.rule=Host(`traefik.my.domain.eu`)
      - traefik.http.services.traefik.loadbalancer.server.port=8080
      - traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/authz/forward-auth?authelia_url=https://authelia.swtk.eu
      - traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true
      - traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Email,Remote-Name
      - com.centurylinklabs.watchtower.enable=false
(...)

It is then configured in the main traefik.yaml

entryPoints:
  websecure:
      middlewares:
        - authelia

I also have some more tricky services that I need to define in configuration files. Typically this would be the case when I have several staruc services that I want to manage from one file. Example for Pihole:

{{- define "router" }}
    pihole-{{ .Hostname }}:
      rule: Host(`{{ .Hostname }}.my.domain.eu`)
      service: pihole-{{ .Hostname }}
      middlewares:
        - pihole-redirect-to-admin
{{- end }}

{{- define "service" }}
    pihole-{{ .Hostname }}:
      loadBalancer:
        servers:
          - url: {{ .Url }}
{{- end }}

{{- $hosts := list
    (dict "Hostname" "srv" "Url" "http://192.168.10.2:28080")
    (dict "Hostname" "rpi-dash" "Url" "http://192.168.10.102:28080")
-}}

http:
  routers:
{{- range $host := $hosts }}
{{ template "router" $host }}
{{- end }}

  services:
{{- range $host := $hosts }}
{{ template "service" $host }}
{{- end }}

  middlewares:
    pihole-redirect-to-admin:
      redirectRegex:
        regex: "^http[s]?://([^/]*)[/]?$"
        replacement: "https://${1}/admin"
        permanent: true

When parsing this file, I get

2025-11-23T16:07:46+01:00 ERR error="middleware \"authelia@file\" does not exist" entryPointName=websecure routerName=pihole-srv@file
2025-11-23T16:07:46+01:00 ERR error="middleware \"authelia@file\" does not exist" entryPointName=websecure routerName=pihole-rpi-dash@file

My question is therefore: can I mix a file configuration with a glbal middleware which is maybe not defined yet (assuming that the files are parsed before the docker labels)?

2

I would use authelia@file.

You might see an error first, if dynamic later loaded middlewares are used, but then it should be applied.

Your templates look complicated, maybe share their final output, I think that works with docker config.