More authelia hacking

2022-11-15 15:56:25 -08:00 · 2022-11-15 15:56:25 -08:00 · ced58c24bd
parent 0a335eab4a
commit ced58c24bd
3 changed files with 14 additions and 3 deletions
--- a/core/traefik/traefik.nomad
+++ b/core/traefik/traefik.nomad
@ -276,6 +276,12 @@ CF_ZONE_API_TOKEN={{ .Data.data.domain_lego_dns }}
  [http.middlewares.basic-auth.basicAuth]
    usersFile = "/etc/traefik/usersfile"
 {{ end }}
+{{ end }}
+{{ range service "authelia-sidecar-proxy" }}
+  [http.middlewares.authelia.forwardAuth]
+    address = "https://{{ .Address }}:{{ .Port }}/api/verify?rd=https://authelia.thefij.rocks"
+    trustForwardHeader = true
+    authResponseHeaders = "Remote-User,Remote-Groups,Remote-Name,Remote-Email"
 {{ end }}
        EOH
        destination = "local/config/conf/middlewares.toml"
--- a/services/authelia.tf
+++ b/services/authelia.tf
@ -3,6 +3,7 @@ module "authelia" {

  name         = "authelia"
  image        = "authelia/authelia:latest"
+  ingress      = true
  service_port = 9091
  ports = [
    {
@ -20,10 +21,11 @@ module "authelia" {
  ]

  service_tags = [
-    "traefik.http.middlewares.authelia.forwardAuth.address=http://authelia.service.consul/api/verify?rd=https%3A%2F%2Fauthelia.thefij.rocks%2F",
+    # These doamins should ideally not be routed through traefik as well
+    "traefik.http.middlewares.authelia.forwardAuth.address=https://authelia.thefij.rocks/api/verify?rd=https%3A%2F%2Fauthelia.thefij.rocks%2F",
    "traefik.http.middlewares.authelia.forwardAuth.trustForwardHeader=true",
    "traefik.http.middlewares.authelia.forwardAuth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email",
-    "traefik.http.middlewares.authelia-basic.forwardAuth.address=http://authelia.service.consul/api/verify?auth=basic",
+    "traefik.http.middlewares.authelia-basic.forwardAuth.address=https://authelia.thefij.rocks/api/verify?auth=basic",
    "traefik.http.middlewares.authelia-basic.forwardAuth.trustForwardHeader=true",
    "traefik.http.middlewares.authelia-basic.forwardAuth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email",
  ]
--- a/services/whoami.nomad
+++ b/services/whoami.nomad
@ -50,7 +50,10 @@ job "whoami" {
      tags = [
        "traefik.enable=true",
        "traefik.http.routers.whoami.entryPoints=websecure",
-        "traefik.http.routers.whoami.middlewares=basic-auth@file",
+        # "traefik.http.routers.whoami.middlewares=basic-auth@file",
+        # "traefik.http.routers.whoami.middlewares=authelia@consulcatalog",
+        "traefik.http.routers.whoami.middlewares=authelia@file",
+        # "traefik.http.routers.whoami.middlewares=authelia-basic@consulcatalog",
      ]
    }