Traefik with Authelia and Cloudflare: Can't redirect

CaveNilVino · September 2, 2023, 12:02am

I have Traefik and Authelia in docker containers as well as services I want to access. I use Cloudflare's IP obfuscation proxy and remove the X-Forward-To headers as per Authelia's directions. Certs are provided by LetsEncrypt.

I can access Authelia directly on its subdomain and sign on.
However, I can't get any other services to use Authelia. When I try to access them I get HTTP ERROR 500 and Traefik logs show:

" http: server gave HTTP response to HTTPS client "

I've been banging my head against this wall for two weeks now.
I know there are a lot of moving parts with this set-up so I'm not sure what would be useful to show you to help solve the problem?

version: '3.3'

services:
  authelia:
    image: authelia/authelia
    container_name: authelia
    volumes:
      - /docker-container-data/authelia:/config
    networks:
      #- backend
      - default
    labels:
      - 'traefik.enable=true'
      - 'traefik.http.routers.authelia.rule=Host(`auth.y.z`)'
      - 'traefik.http.routers.authelia.entrypoints=web,websecure'
      - 'traefik.http.routers.authelia.tls=true'
      - 'traefik.http.routers.authelia.tls.certresolver=letsencrypt-dns'
      - 'traefik.http.middlewares.authelia.forwardauth.address=https://authelia:9091/api/authz/forward-auth?authelia_url=https://auth.y.z'  # yamllint disable-line rule:line-length
      - 'traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true'
      - 'traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email'  # yamllint disable-line rule:line-length
    expose:
      - 9091
    restart: unless-stopped
    healthcheck:
      ## In production the healthcheck section should be commented.
      disable: true
    environment:
      - TZ=Europe/London

networks:
  default:
     external: true

Example of service I can't connect to:

  nginx_recipes:
    image: nginx:mainline-alpine
    restart: always
    ports:
      - 84:80
    labels:
    - "traefik.enable=true"
    - "traefik.http.routers.nginx_recipes.entrypoints=web, websecure"
    - "traefik.http.routers.nginx_recipes.rule=Host(`recipes.y.z`)"
    - "traefik.http.routers.nginx_recipes.tls=true"
    - "traefik.http.routers.nginx_recipes.tls.certresolver=letsencrypt-dns"
    - "traefik.http.routers.nginx_recipes.middlewares=authelia@docker"

bluepuma77 · September 2, 2023, 11:48am

You seem to enable TLS on web and websecure:

I recommend to set it globally on the entrypoint, see simple Traefik example.

Topic		Replies	Views
Traefik with Authelia configuration problem in docker swarm Traefik v2 docker-swarm	1	1543	January 28, 2021
Cannot get http -> https redirect to work properly Traefik v2 docker , middleware	3	1867	December 12, 2019
Http to https redirection using docker-compose and letsencrypt http challenge Traefik v2 docker , letsencrypt-acme , middleware	0	482	September 2, 2021
Traefik + Authelia with TLS passthrough Traefik v2 docker	0	1008	October 26, 2022
Traefik monitor to accept http and redirect to https? Traefik v2 docker , letsencrypt-acme	2	418	March 1, 2020

Traefik with Authelia and Cloudflare: Can't redirect

Related topics