I have similar rules in place for other apps that work just fine, but the API access for Karakeep and TubeArchivist is set up differently and I've been banging my head against the wall trying to get their mobile apps and browser extensions to bypass my authentication using and api key.
Here's the api info for TubeArchivist
and what I've tried to implement with compose labels
- traefik.enable=true
## HTTP Routers Auth Bypass
- traefik.http.routers.tubearchivist-rtr-bypass.entrypoints=https
- traefik.http.routers.tubearchivist-rtr-bypass.rule=Host(`tubearchivist.$DOMAINNAME`) && HeaderRegexp(`Authorization`, `$TUBEARCHIVIST_API_KEY`)
- traefik.http.routers.tubearchivist-rtr-bypass.priority=100
## HTTP Routers Auth
- traefik.http.routers.tubearchivist-rtr.entrypoints=https
- traefik.http.routers.tubearchivist-rtr.rule=Host(`tubearchivist.$DOMAINNAME`)
- traefik.http.routers.tubearchivist-rtr.priority=99
## Middlewares
- traefik.http.routers.tubearchivist-rtr-bypass.middlewares=chain-no-auth@file #No Authentication
- traefik.http.routers.tubearchivist-rtr.middlewares=chain-authelia@file #Authelia Authentication
## HTTP Services
- traefik.http.routers.tubearchivist-rtr.service=tubearchivist-svc
- traefik.http.services.tubearchivist-svc.loadbalancer.server.port=8000
Karakeep seems similar but using a bearer token
curl -L '/api/v1/bookmarks' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <token>'
Get all bookmarks | Karakeep Docs
I also tried with only && PathPrefix(`\api`) and && PathRegexp(`^/api([/?].*)?$`) and it didn't fix the issue.
I am seeing traffic through Cloudflare, so I'm reasonably sure it's at least making it to Traefik, but I'm not seeing corresponding entries in my access logs.
I feel like I'm close, but missing something small, if anyone can point me in the right direction, I'd be extremely grateful.