iamthefij/homelab-nomad
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

More authelia hacking

Browse Source
This commit is contained in:
IamTheFij 2022-11-15 15:56:25 -08:00
parent 0a335eab4a
commit ced58c24bd
3 changed files with 14 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
core/traefik/traefik.nomad
View File

@ -276,6 +276,12 @@ CF_ZONE_API_TOKEN={{ .Data.data.domain_lego_dns }}
[http.middlewares.basic-auth.basicAuth] [http.middlewares.basic-auth.basicAuth]
usersFile = "/etc/traefik/usersfile" usersFile = "/etc/traefik/usersfile"
{{ end }} {{ end }}
{{ end }}
{{ range service "authelia-sidecar-proxy" }}
[http.middlewares.authelia.forwardAuth]
address = "https://{{ .Address }}:{{ .Port }}/api/verify?rd=https://authelia.thefij.rocks"
trustForwardHeader = true
authResponseHeaders = "Remote-User,Remote-Groups,Remote-Name,Remote-Email"
{{ end }} {{ end }}
EOH EOH
destination = "local/config/conf/middlewares.toml" destination = "local/config/conf/middlewares.toml"

6
services/authelia.tf
View File

@ -3,6 +3,7 @@ module "authelia" {
name = "authelia" name = "authelia"
image = "authelia/authelia:latest" image = "authelia/authelia:latest"
ingress = true
service_port = 9091 service_port = 9091
ports = [ ports = [
{ {
@ -20,10 +21,11 @@ module "authelia" {
] ]
service_tags = [ service_tags = [
"traefik.http.middlewares.authelia.forwardAuth.address=http://authelia.service.consul/api/verify?rd=https%3A%2F%2Fauthelia.thefij.rocks%2F", # These doamins should ideally not be routed through traefik as well
"traefik.http.middlewares.authelia.forwardAuth.address=https://authelia.thefij.rocks/api/verify?rd=https%3A%2F%2Fauthelia.thefij.rocks%2F",
"traefik.http.middlewares.authelia.forwardAuth.trustForwardHeader=true", "traefik.http.middlewares.authelia.forwardAuth.trustForwardHeader=true",
"traefik.http.middlewares.authelia.forwardAuth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email", "traefik.http.middlewares.authelia.forwardAuth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email",
"traefik.http.middlewares.authelia-basic.forwardAuth.address=http://authelia.service.consul/api/verify?auth=basic", "traefik.http.middlewares.authelia-basic.forwardAuth.address=https://authelia.thefij.rocks/api/verify?auth=basic",
"traefik.http.middlewares.authelia-basic.forwardAuth.trustForwardHeader=true", "traefik.http.middlewares.authelia-basic.forwardAuth.trustForwardHeader=true",
"traefik.http.middlewares.authelia-basic.forwardAuth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email", "traefik.http.middlewares.authelia-basic.forwardAuth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email",
] ]

5
services/whoami.nomad
View File

@ -50,7 +50,10 @@ job "whoami" {
tags = [ tags = [
"traefik.enable=true", "traefik.enable=true",
"traefik.http.routers.whoami.entryPoints=websecure", "traefik.http.routers.whoami.entryPoints=websecure",
"traefik.http.routers.whoami.middlewares=basic-auth@file", # "traefik.http.routers.whoami.middlewares=basic-auth@file",
# "traefik.http.routers.whoami.middlewares=authelia@consulcatalog",
"traefik.http.routers.whoami.middlewares=authelia@file",
# "traefik.http.routers.whoami.middlewares=authelia-basic@consulcatalog",
] ]
} }