Reverse-Proxy

Traefik

For protecting your apps using Traefik as the reverse proxy, please see our guide on Traefik

NGINX Proxy Manager

Configuring the Authelia Proxy

1. Copy the data in and head to your NPM dashboard > Hosts > Proxy Hosts

2. Select Add Proxy Host

   • Details:

     • Domain name: auth.example.com (or whatever CNAME you set in your DNS for Authelia)

     • Scheme: http

     • Forward Hostname / IP: Name of your Authelia container (must be on the same custom docker network as NPM, otherwise use server IP)

     • Port: 9091

     • Turn ON: Cache Assets, Block Common Exploits

   • SSL:

     • Request new SSL certificate

     • Turn ON: Force SSL, HTTP/2 Support, HSTS Enabled (if using, i.e. in Cloudflare)

     • Email address: used to create Let’s Encrypt cert.

     • Select I Agree and Save.

     • Alternatively, see our guide on using

3. Test that you can reach the WebUI of Authelia selecting the new proxy or typing in its address. i.e. 'auth.example.com'

4. If all the above is working as intended; Edit proxy host 'auth.example.com'

   • Advanced

     • Under Custom Nginx Configuration, paste the config you customized from

5. Save and confirm you can still access the WebUI via the URL.

To protect an endpoint (i.e. sonarr)

1. Edit proxy host 'sonarr.example.com'

   • Advanced
2. (Optional) Now that Authelia is acting as your single sign-on security you can now disable any in-app security/logins. Disabling the in-app login will still be secure as Authelia will be protecting it but will prevent you from having to log in twice for every app and remember all of the usernames and passwords etc.