Enabling Authelia Server Authentication

Reverse Proxying Authelia

Before we can enable Traefik to forward auth requests to Authelia, we need to first reverse proxy the Authelia app through Traefik. In order to do that, we will add the minimum default two labels to the Authelia template, as explained in the Proxying Your First App guide.

traefik.enable = true

traefik.http.routers.authelia.entryPoints = https

To enable Traefik to forward auth requests to Authelia for an application, we just have to simply set a label for Traefik to pick up. This label will tell Traefik to use a certain middleware for the application we are adding it to.

## bypass rule
        - domain: 
        - "auth.domain.com"
      policy: bypass

Enable Authelia on the Application

For Unraid, find the app that you would like to protect with Authelia, once you are in the template, scroll to the bottom and click on the "Add another Path, Port, Variable, Label or Device". Select to add a label and fill in the fields as per the screenshot below.

1. Make sure to set this as a Label.

2. Copy and paste the following into the key: field, make sure to swap out app for the app name you are adding this too.

   • Copy

     traefik.http.routers.app.middlewares

3. Tell Traefik to use the middleware called auth that we set up in the dynamic config file by adding auth@file in this field.

4. If you are enabling Authelia to protect the Traefik dashboard you need to use this instead. Do not replace api with the container name.

   • Copy

     traefik.http.routers.api.middlewares

5. Click add and then apply to redeploy the app with the new label added to it.

Conclusion

Traefik will now forward all traffic through Authelia to make sure that the user trying to get to your app is correctly authenticated before passing traffic on to the app. Now when you deploy your application, you will be able to visit it by going to your domain with the app name as the subdomain (APP-NAME.DOMAIN.COM).