shmick/docker
1
0
Fork 0
Code Issues Pull Requests Actions Projects Releases Wiki Activity

Fix Authelia auth and bypass from within Wireguard

Browse Source
This commit is contained in:
Matan Horovitz
2022-03-21 18:34:41 +02:00
parent 9078296de6
commit 1d4e9de4ed
2 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
authelia/configuration.yml
View File

@@ -37,7 +37,9 @@ access_control:
# traefik_internal
- 172.19.0.0/16
# Wireguard
- 10.8.0.0/24
- 10.8.0.0/16
# Arr, for some reason
- 192.168.240.0/16
policy: bypass
# Allow access to container's /api address
- domain:

4
docker-compose.yml
View File

@@ -98,7 +98,9 @@ services:
- 'traefik.enable=true'
- 'traefik.http.routers.authelia.rule=Host(`auth.pukeko.xyz`)'
- 'traefik.http.routers.authelia.entrypoints=websecure'
- "traefik.http.routers.authelia.service=authelia-traefik@docker"
- 'traefik.http.routers.authelia.tls=true'
- "traefik.http.routers.authelia.tls.certresolver=pukekoresolver"
- 'traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/verify?rd=https://auth.pukeko.xyz/'
- 'traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true'
- 'traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User, Remote-Groups, Remote-Name, Remote-Email'
@@ -107,6 +109,8 @@ services:
- 'traefik.http.middlewares.authelia-basic.forwardauth.authResponseHeaders=Remote-User, Remote-Groups, Remote-Name, Remote-Email'
networks:
- internal
expose:
- 9091
secrets:
hmac:
file: ./authelia/secrets/hmac