From 1d4e9de4ed8a0dab03ec25184a5f30300fd41d53 Mon Sep 17 00:00:00 2001
From: Matan Horovitz <matanhorovitz@protonmail.com>
Date: Mon, 21 Mar 2022 18:34:41 +0200
Subject: [PATCH] Fix Authelia auth and bypass from within Wireguard

---
 authelia/configuration.yml | 4 +++-
 docker-compose.yml         | 4 ++++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/authelia/configuration.yml b/authelia/configuration.yml
index cb184b7..d57c339 100644
--- a/authelia/configuration.yml
+++ b/authelia/configuration.yml
@@ -37,7 +37,9 @@ access_control:
         # traefik_internal
         - 172.19.0.0/16
         # Wireguard
-        - 10.8.0.0/24 
+        - 10.8.0.0/16 
+        # Arr, for some reason
+        - 192.168.240.0/16 
       policy: bypass
 #   Allow access to container's /api address
     - domain:
diff --git a/docker-compose.yml b/docker-compose.yml
index 5de47cd..03a49d2 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -98,7 +98,9 @@ services:
       - 'traefik.enable=true'
       - 'traefik.http.routers.authelia.rule=Host(`auth.pukeko.xyz`)'
       - 'traefik.http.routers.authelia.entrypoints=websecure'
+      - "traefik.http.routers.authelia.service=authelia-traefik@docker"
       - 'traefik.http.routers.authelia.tls=true'
+      - "traefik.http.routers.authelia.tls.certresolver=pukekoresolver"
       - 'traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/verify?rd=https://auth.pukeko.xyz/'
       - 'traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true'
       - 'traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User, Remote-Groups, Remote-Name, Remote-Email'
@@ -107,6 +109,8 @@ services:
       - 'traefik.http.middlewares.authelia-basic.forwardauth.authResponseHeaders=Remote-User, Remote-Groups, Remote-Name, Remote-Email'
     networks:
       - internal
+    expose:
+      - 9091
 secrets:
   hmac:
     file: ./authelia/secrets/hmac