Secure my docker web app with authentication page

Hi there,

Some of my docker containers behind my traefik instance don't have any username-password required to access them.

I would like to add some gateway, only when accessed through traefik, in the form of a web page, that require a username-password.

Ideally, I would like to have multiple users and decide which one can access to which container, and have some persistance of the login.

The dream would be that this would be able to authenticate automatically to my apps that does have an existing user-name password system.

So, that's for the whishlist.
I found that there is a basic auth easy to setup, but it bother me because it seems it's a bit all of nothing and doesn't support well the password managers.

What's the easiest other way to setup an authentication middleware that would be the closest to what I'm looking for?

Traefik ForwardAuth was made for this use-case (doc).

That's nice thanks!
But what kind of auth server would you put next to it? Is there some container that are directly compatible and would allow me to assign some permissions to some URL?

After some research, I came accross traefik forward auth0: Welcome to ForwardAuth for Auth0’s documentation! — ForwardAuth for Auth0 documentation which seems to be a nice match.

I'm just curious, would that be somehow compatible with apps that already have some internal authentication? Like emby or paperless?

Some of the common self-hosted identity providers:

• Authelia (home use)
• Authentik
• Keycloak (corporate, needs adapter)
• Zitadel (needs adapter)

Both authelia and authentik looks nice! Do you advise one of them?

Authelia seems more like home setup (easier, limited), whereas I know some companies using Authentik.