Change from basic auth to authelia

2025-05-03 18:00:30 +10:00
parent 195df929e3
commit 1a4d434d5b
9 changed files with 298 additions and 36 deletions
--- a/2-nomad-config/traefik.nomad.hcl
+++ b/2-nomad-config/traefik.nomad.hcl
@@ -21,6 +21,7 @@ job "traefik" {
        "traefik.enable=true",
        "traefik.http.routers.traefik.rule=Host(`traefik.othrayte.one`)",
        "traefik.http.routers.traefik.service=traefik",
+        "traefik.http.routers.traefik.middlewares=auth@file",
        "traefik.http.services.traefik.loadbalancer.server.port=8081",
      ]

@@ -71,8 +72,6 @@ entryPoints:
  websecure:
    address: ":443"
    http:
-      middlewares:
-        - auth@file
      tls:
        certResolver: letsencrypt
  traefik:
@@ -111,20 +110,33 @@ EOF
 http:
  middlewares:
    auth:
-      basicAuth:
-        users:
-          - "othrayte:$apr1$7PqVUfNm$Go/SNo6y331KYDnQdOLIt/"
- 
+      forwardAuth:
+        address: "http://192.168.1.235:9091/api/authz/forward-auth"
+        trustForwardHeader: true
  routers:
+    fallback:
+      rule: "HostRegexp(`^.+$`)"
+      entryPoints:
+        - websecure
+      middlewares:
+        - auth
+      service: noop@internal  # This router just applies middleware
+      priority: 1
    nomad-ui:
      rule: "Host(`nomad.othrayte.one`)"
      service: nomad-ui
+      middlewares:
+        - auth
    consul-ui:
      rule: "Host(`consul.othrayte.one`)"
      service: consul-ui
+      middlewares:
+        - auth
    unraid:
      rule: "Host(`unraid.othrayte.one`)"
      service: unraid
+      middlewares:
+        - auth

  services:
    nomad-ui: