From ced58c24bdf8f7b0a9d2eeb251ac9d7eca40c12f Mon Sep 17 00:00:00 2001
From: Ian Fijolek <ian@iamthefij.com>
Date: Tue, 15 Nov 2022 15:56:25 -0800
Subject: [PATCH] More authelia hacking

---
 core/traefik/traefik.nomad | 6 ++++++
 services/authelia.tf       | 6 ++++--
 services/whoami.nomad      | 5 ++++-
 3 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/core/traefik/traefik.nomad b/core/traefik/traefik.nomad
index a2b22a7..93c8a65 100644
--- a/core/traefik/traefik.nomad
+++ b/core/traefik/traefik.nomad
@@ -276,6 +276,12 @@ CF_ZONE_API_TOKEN={{ .Data.data.domain_lego_dns }}
   [http.middlewares.basic-auth.basicAuth]
     usersFile = "/etc/traefik/usersfile"
 {{ end }}
+{{ end }}
+{{ range service "authelia-sidecar-proxy" }}
+  [http.middlewares.authelia.forwardAuth]
+    address = "https://{{ .Address }}:{{ .Port }}/api/verify?rd=https://authelia.thefij.rocks"
+    trustForwardHeader = true
+    authResponseHeaders = "Remote-User,Remote-Groups,Remote-Name,Remote-Email"
 {{ end }}
         EOH
         destination = "local/config/conf/middlewares.toml"
diff --git a/services/authelia.tf b/services/authelia.tf
index d486279..ab32931 100644
--- a/services/authelia.tf
+++ b/services/authelia.tf
@@ -3,6 +3,7 @@ module "authelia" {
 
   name         = "authelia"
   image        = "authelia/authelia:latest"
+  ingress      = true
   service_port = 9091
   ports = [
     {
@@ -20,10 +21,11 @@ module "authelia" {
   ]
 
   service_tags = [
-    "traefik.http.middlewares.authelia.forwardAuth.address=http://authelia.service.consul/api/verify?rd=https%3A%2F%2Fauthelia.thefij.rocks%2F",
+    # These doamins should ideally not be routed through traefik as well
+    "traefik.http.middlewares.authelia.forwardAuth.address=https://authelia.thefij.rocks/api/verify?rd=https%3A%2F%2Fauthelia.thefij.rocks%2F",
     "traefik.http.middlewares.authelia.forwardAuth.trustForwardHeader=true",
     "traefik.http.middlewares.authelia.forwardAuth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email",
-    "traefik.http.middlewares.authelia-basic.forwardAuth.address=http://authelia.service.consul/api/verify?auth=basic",
+    "traefik.http.middlewares.authelia-basic.forwardAuth.address=https://authelia.thefij.rocks/api/verify?auth=basic",
     "traefik.http.middlewares.authelia-basic.forwardAuth.trustForwardHeader=true",
     "traefik.http.middlewares.authelia-basic.forwardAuth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email",
   ]
diff --git a/services/whoami.nomad b/services/whoami.nomad
index bfd2146..7910f07 100644
--- a/services/whoami.nomad
+++ b/services/whoami.nomad
@@ -50,7 +50,10 @@ job "whoami" {
       tags = [
         "traefik.enable=true",
         "traefik.http.routers.whoami.entryPoints=websecure",
-        "traefik.http.routers.whoami.middlewares=basic-auth@file",
+        # "traefik.http.routers.whoami.middlewares=basic-auth@file",
+        # "traefik.http.routers.whoami.middlewares=authelia@consulcatalog",
+        "traefik.http.routers.whoami.middlewares=authelia@file",
+        # "traefik.http.routers.whoami.middlewares=authelia-basic@consulcatalog",
       ]
     }