Skip to main content

authelia

The following page documents how I did setup a service in docker-compose to use authelia for authentication via traefik 2.0

environment

I use the following entries for this setup in my /etc/environment file

PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games"
PUID=1000
PGID=1000
TZ="Europe/Zurich"
DOMAINNAME="example.com"
DNS=1.1.1.1
GOPATH=/usr/bin/go
EMAIL=mail@example.com

Install golang

I found a setup guide that shows how to install golang on ubuntu 18.04 based on a ppa. I did the following steps

sudo add-apt-repository ppa:longsleep/golang-backports
sudo apt-get update
sudo apt-get install golang-go

Basic traefik 2.0 setup

My basic traefik 2.0 setup was based on the traefik 2.0 intoduction blog post.

Full docker-compose

version: '3.7'

services:
  traefik:
    container_name: traefik
    domainname: ${DOMAINNAME}
    image: traefik
    restart: unless-stopped
    command:
      - --api.insecure=true
      - --providers.docker=true
      - --providers.docker.exposedbydefault=false
      - --entrypoints.web.address=:80
      - --log.level=DEBUG
      - --entrypoints.websecure.address=:443
      - --certificatesresolvers.le.acme.email=${EMAIL}
      - --certificatesresolvers.le.acme.storage=/acme.json
      - --certificatesresolvers.le.acme.tlschallenge=true
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./users:/users
    networks:
      - default
      - discovery
    dns:
      - ${DNS}

  my-app:
    image: containous/whoami:v1.3.0
    command:
      - --port=8082
    networks:
      - discovery
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.my-app.rule=Host(`my-app.${DOMAINNAME}`)"
      - "traefik.http.services.my-app.loadbalancer.server.port=8082"
      - "traefik.http.routers.my-app.middlewares=authme"
      - "traefik.http.middlewares.authme.forwardauth.address=http://authelia:9091"
      - "traefik.http.middlewares.authme.forwardauth.trustforwardheader=true"
      - "traefik.http.middlewares.authme.forwardauth.authresponseheaders=X-Forwarded-User"
      - "traefik.http.middlewares.authme.forwardauth.address=http://authelia:8080/api/verify?rd=https://auth.${DOMAINNAME}/%23/"
      - "traefik.http.routers.my-app.tls.certresolver=le"
      - "traefik.http.routers.my-app.entrypoints=websecure"
      
  authelia:
    image: clems4ever/authelia:master
    container_name: authelia
    restart: always
    volumes:
      - ./authelia/config.minimal.yml:/etc/authelia/config.yml:ro
      - ./authelia/users_database.yml:/etc/authelia/users_database.yml:rw
      - authelia:/tmp/authelia
      - ${GOPATH}:/go
    environment:
      - TZ=${TZ}
      - NODE_TLS_REJECT_UNAUTHORIZED=1
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.auth.rule=Host(`auth.${DOMAINNAME}`)"
      - "traefik.http.routers.auth.entrypoints=web"
      - "traefik.http.services.auth.loadbalancer.server.port=8080"
      - "traefik.http.routers.auth.tls.certresolver=le"
      - "traefik.http.routers.auth.entrypoints=websecure"
    expose:
      - 8080
    networks:
      - discovery

volumes:
  authelia:
networks:
  discovery:

authelia config
Back to top