Before we can enable Traefik to forward auth requests to Authelia, we need to first reverse proxy the Authelia app through Traefik. In order to do that, we will add the minimum default two labels to the Authelia template, as explained in the Proxying Your First App guide.
WARNING
You must replace app
with the name of your application that this label is being added to otherwise Traefik will see duplicates.
To enable Traefik to forward auth requests to Authelia for an application, we just have to simply set a label for Traefik to pick up. This label will tell Traefik to use a certain middleware for the application we are adding it to.
IMPORTANT
In order to avoid Authelia redirecting into a loop, you must add this rule to your Access Control section in the Authelia configuration.yml:
Where auth.domain
is your authelia subdomain and your root domain.
For Unraid, find the app that you would like to protect with Authelia, once you are in the template, scroll to the bottom and click on the "Add another Path, Port, Variable, Label or Device". Select to add a label and fill in the fields as per the screenshot below.
Make sure to set this as a Label
.
Copy and paste the following into the key:
field, make sure to swap out app
for the app name you are adding this too.
Tell Traefik to use the middleware called auth
that we set up in the dynamic config file by adding auth@file
in this field.
If you are enabling Authelia to protect the Traefik dashboard you need to use this instead. Do not replace api with the container name.
Click add and then apply to redeploy the app with the new label added to it.
WARNING
You must replace app
with the name of your application that this label is being added to otherwise Traefik will see duplicates.
PLEASE NOTE
You can add multiple of these labels at once before finally deploying your application.
Traefik will now forward all traffic through Authelia to make sure that the user trying to get to your app is correctly authenticated before passing traffic on to the app. Now when you deploy your application, you will be able to visit it by going to your domain with the app name as the subdomain (APP-NAME.DOMAIN.COM
).