authelia
The following page documents how I did setup a service in docker-compose to use authelia for authentication via traefik 2.0
environment
I use the following entries for this setup in my /etc/environment
file
PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games"
PUID=1000
PGID=1000
TZ="Europe/Zurich"
DOMAINNAME="example.com"
DNS=1.1.1.1
GOPATH=/usr/bin/go
EMAIL=mail@example.com
Install golang
I found a setup guide that shows how to install golang on ubuntu 18.04 based on a ppa. I did the following steps
sudo add-apt-repository ppa:longsleep/golang-backports
sudo apt-get update
sudo apt-get install golang-go
Basic traefik 2.0 setup
My basic traefik 2.0 setup was based on the traefik 2.0 intoduction blog post.
Full docker-compose
version: '3.7'
services:
traefik:
container_name: traefik
domainname: ${DOMAINNAME}
image: traefik
restart: unless-stopped
command:
- --api.insecure=true
- --providers.docker=true
- --providers.docker.exposedbydefault=false
- --entrypoints.web.address=:80
- --log.level=DEBUG
- --entrypoints.websecure.address=:443
- --certificatesresolvers.le.acme.email=${EMAIL}
- --certificatesresolvers.le.acme.storage=/acme.json
- --certificatesresolvers.le.acme.tlschallenge=true
ports:
- "80:80"
- "443:443"
- "8080:8080"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./users:/users
networks:
- default
- discovery
dns:
- ${DNS}
my-app:
image: containous/whoami:v1.3.0
command:
- --port=8082
networks:
- discovery
labels:
- "traefik.enable=true"
- "traefik.http.routers.my-app.rule=Host(`my-app.${DOMAINNAME}`)"
- "traefik.http.services.my-app.loadbalancer.server.port=8082"
- "traefik.http.routers.my-app.middlewares=authme"
- "traefik.http.middlewares.authme.forwardauth.address=http://authelia:9091"
- "traefik.http.middlewares.authme.forwardauth.trustforwardheader=true"
- "traefik.http.middlewares.authme.forwardauth.authresponseheaders=X-Forwarded-User"
- "traefik.http.middlewares.authme.forwardauth.address=http://authelia:8080/api/verify?rd=https://auth.${DOMAINNAME}/%23/"
- "traefik.http.routers.my-app.tls.certresolver=le"
- "traefik.http.routers.my-app.entrypoints=websecure"
authelia:
image: clems4ever/authelia:master
container_name: authelia
restart: always
volumes:
- ./authelia/config.minimal.yml:/etc/authelia/config.yml:ro
- ./authelia/users_database.yml:/etc/authelia/users_database.yml:rw
- authelia:/tmp/authelia
- ${GOPATH}:/go
environment:
- TZ=${TZ}
- NODE_TLS_REJECT_UNAUTHORIZED=1
labels:
- "traefik.enable=true"
- "traefik.http.routers.auth.rule=Host(`auth.${DOMAINNAME}`)"
- "traefik.http.routers.auth.entrypoints=web"
- "traefik.http.services.auth.loadbalancer.server.port=8080"
- "traefik.http.routers.auth.tls.certresolver=le"
- "traefik.http.routers.auth.entrypoints=websecure"
expose:
- 8080
networks:
- discovery
volumes:
authelia:
networks:
discovery:
authelia config