Before we can enable Traefik to forward auth requests to Authelia, we need to first reverse proxy the Authelia app through Traefik. In order to do that, we will add the minimum default two labels to proxy any app.
WARNING
You must replace app
with the name of your application that this label is being added to otherwise Traefik will see duplicates.
To show how this would look in your Authelia docker-compose.yml file, below is an example:
To enable Traefik to forward auth requests to Authelia for an application, we just have to simply set a label for Traefik to pick up. This label will tell Traefik to use a certain middleware for the application we are adding it to.
If you are using docker-compose then you simply need to add a single line to the compose files under labels:
WARNING
You must replace app
with the name of your application that this label is being added to otherwise Traefik will see duplicates.
To show you a full example, we will add the label to an existing docker-compose.yml file for Adminer.
Now while in the same directory as the docker-compose.yml
file, run the command docker-compose up -d
and it should recreate the container for you with the latest labels. Now when you deploy your application you will be able to visit it by going to your domain with the app name as the subdomain (APP-NAME.DOMAIN.COM
).
PLEASE NOTE
You can add multiple of these labels at once before finally deploying your application.
IMPORTANT
In order to avoid Authelia redirecting into a loop, you must add this rule to your Access Control section in the Authelia configuration.yml:
Where auth.domain
is your authelia subdomain and your root domain.
Traefik will now forward all traffic through Authelia to make sure that the user trying to get to your app is correctly authenticated before passing traffic on to the app.