Enabling Authelia Server Authentication

Reverse Proxying Authelia

Before we can enable Traefik to forward auth requests to Authelia, we need to first reverse proxy the Authelia app through Traefik. In order to do that, we will add the minimum default two labels to the Authelia template, as explained in the Proxying Your First App guide.

traefik.enable = true

traefik.http.routers.authelia.entryPoints = https

WARNING

You must replace app with the name of your application that this label is being added to otherwise Traefik will see duplicates.

To enable Traefik to forward auth requests to Authelia for an application, we just have to simply set a label for Traefik to pick up. This label will tell Traefik to use a certain middleware for the application we are adding it to.

IMPORTANT

In order to avoid Authelia redirecting into a loop, you must add this rule to your Access Control section in the Authelia configuration.yml:

## bypass rule
        - domain: 
        - "auth.domain.com"
      policy: bypass

Where auth.domainis your authelia subdomain and your root domain.

Enable Authelia on the Application

For Unraid, find the app that you would like to protect with Authelia, once you are in the template, scroll to the bottom and click on the "Add another Path, Port, Variable, Label or Device". Select to add a label and fill in the fields as per the screenshot below.

Make sure to set this as a Label.
Copy and paste the following into the key: field, make sure to swap out app for the app name you are adding this too.
- traefik.http.routers.app.middlewares
Tell Traefik to use the middleware called auth that we set up in the dynamic config file by adding auth@file in this field.
If you are enabling Authelia to protect the Traefik dashboard you need to use this instead. Do not replace api with the container name.
- traefik.http.routers.api.middlewares
Click add and then apply to redeploy the app with the new label added to it.

WARNING

You must replace app with the name of your application that this label is being added to otherwise Traefik will see duplicates.

PLEASE NOTE

You can add multiple of these labels at once before finally deploying your application.

Conclusion

Traefik will now forward all traffic through Authelia to make sure that the user trying to get to your app is correctly authenticated before passing traffic on to the app. Now when you deploy your application, you will be able to visit it by going to your domain with the app name as the subdomain (APP-NAME.DOMAIN.COM).

PreviousChoosing Your App Subdomain Manually NextEnabling Organizr server authentication

Last updated 2 years ago

Was this helpful?

Reverse Proxying Authelia

traefik.enable = true

traefik.http.routers.authelia.entryPoints = https

WARNING

You must replace app with the name of your application that this label is being added to otherwise Traefik will see duplicates.

IMPORTANT

In order to avoid Authelia redirecting into a loop, you must add this rule to your Access Control section in the Authelia configuration.yml:

## bypass rule
        - domain: 
        - "auth.domain.com"
      policy: bypass

Where auth.domainis your authelia subdomain and your root domain.

Enable Authelia on the Application

Make sure to set this as a Label.

Copy and paste the following into the key: field, make sure to swap out app for the app name you are adding this too.

```
traefik.http.routers.app.middlewares
```

Tell Traefik to use the middleware called auth that we set up in the dynamic config file by adding auth@file in this field.

If you are enabling Authelia to protect the Traefik dashboard you need to use this instead. Do not replace api with the container name.

```
traefik.http.routers.api.middlewares
```

Click add and then apply to redeploy the app with the new label added to it.

WARNING

You must replace app with the name of your application that this label is being added to otherwise Traefik will see duplicates.

PLEASE NOTE

You can add multiple of these labels at once before finally deploying your application.

Conclusion