Enabling Authelia Server Authentication

Before we can enable Traefik to forward auth requests to Authelia, we need to first reverse proxy the Authelia app through Traefik. In order to do that, we will add the minimum default two labels to proxy any app.

    labels:
      traefik.enable: true
      traefik.http.routers.app.entryPoints: https

To show how this would look in your Authelia docker-compose.yml file, below is an example:

version: '3'
services:
  auth:
    container_name: auth    
    image: authelia/authelia:latest
    volumes:
      - /opt/appdata/authelia:/config
    labels:
      traefik.enable: true
      traefik.http.routers.authelia.entryPoints: https
    networks:
      - proxy
    restart: unless-stopped

networks:
  proxy:
    driver: bridge
    external: true

To enable Traefik to forward auth requests to Authelia for an application, we just have to simply set a label for Traefik to pick up. This label will tell Traefik to use a certain middleware for the application we are adding it to.

If you are using docker-compose then you simply need to add a single line to the compose files under labels:

    labels:
      traefik.http.routers.app.middlewares: auth@file

To show you a full example, we will add the label to an existing docker-compose.yml file for Adminer.

docker-compose.yml
version: '3'

services:
  adminer:
    container_name: adminer
    image: adminer
    networks:
      - proxy
    labels:
      traefik.enable: true
      traefik.http.routers.adminer.entryPoints: https
      traefik.http.routers.adminer.middlewares: auth@file
    restart: unless-stopped

networks:
  proxy:
    driver: bridge
    external: true

Now while in the same directory as the docker-compose.yml file, run the command docker-compose up -d and it should recreate the container for you with the latest labels. Now when you deploy your application you will be able to visit it by going to your domain with the app name as the subdomain (APP-NAME.DOMAIN.COM).

PLEASE NOTE

You can add multiple of these labels at once before finally deploying your application.

Conclusion

Traefik will now forward all traffic through Authelia to make sure that the user trying to get to your app is correctly authenticated before passing traffic on to the app.

Last updated

Was this helpful?