adding google auth middleware to traefik

remove duplicate line move traefik-auth to https endpoints
LegitCamper · Feb 29, 2024 · fb5e570 · fb5e570
1 parent da1e707
commit fb5e570
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 0 deletions.
diff --git a/media.yml b/media.yml
@@ -71,3 +71,4 @@ services:
       - "traefik.http.routers.transmission-secure.tls=true"
       - "traefik.http.routers.transmission-secure.tls.certresolver=${DNS}"
       - "traefik.http.services.transmission-secure.loadbalancer.server.port=9091"
+      - "traefik.http.routers.transmission-secure.middlewares=forward-auth"
diff --git a/network.yml b/network.yml
@@ -75,6 +75,28 @@ services:
       - "traefik.http.routers.traefik-secure.tls=true"
       - "traefik.http.routers.traefik-secure.tls.certresolver=${DNS}"
       - "traefik.http.routers.traefik-secure.service=api@internal"
+      - "traefik.http.routers.treafik-secure.middlewares=forward-auth"
+
+  traefik-forward-auth:
+    image: thomseddon/traefik-forward-auth:2.1.0
+    container_name: traefik-auth
+    env_file: 
+      - ./secrets/homelab.env
+    networks:
+      - web
+    labels:
+      - "traefik.enable=true"
+      - "traefik.docker.network=web"
+      - "traefik.http.routers.auth.rule=Host(`auth.${DOMAIN}`)"
+      - "traefik.http.routers.auth.entrypoints=https"
+      - "traefik.http.routers.auth.tls=true"
+      - "traefik.http.routers.auth.tls.certresolver=${DNS}"
+      - "traefik.http.routers.auth.service=auth@docker"
+      - "traefik.http.services.auth.loadbalancer.server.port=4181"
+      - "traefik.http.middlewares.forward-auth.forwardauth.address=http://traefik-forward-auth:4181"
+      - "traefik.http.middlewares.forward-auth.forwardauth.trustForwardHeader=true"
+      - "traefik.http.middlewares.forward-auth.forwardauth.authResponseHeaders=X-Forwarded-User"
+      - "traefik.http.routers.auth.middlewares=forward-auth"
 
   adguardhome:
     image: adguard/adguardhome
@@ -105,6 +127,7 @@ services:
       - "traefik.http.routers.adguard-secure.rule=Host(`adguard.${DOMAIN}`) || Host(`adguardhome.${DOMAIN}`)"
       - "traefik.http.routers.adguard-secure.tls=true"
       - "traefik.http.routers.adguard-secure.tls.certresolver=${DNS}"
+      - "traefik.http.routers.adguard-secure.middlewares=forward-auth"
 
       # DNS-over-TLS
       - traefik.tcp.routers.adguard-dot.rule=HostSNI(`dns.${DOMAIN}`) 

diff --git a/utilities.yml b/utilities.yml
@@ -86,6 +86,7 @@ services:
       - "traefik.http.routers.files-secure.rule=Host(`files.${DOMAIN}`) || Host(`filebrowser.${DOMAIN}`) "
       - "traefik.http.routers.files-secure.tls=true"
       - "traefik.http.routers.files-secure.tls.certresolver=${DNS}"
+      - "traefik.http.routers.files-secure.middlewares=forward-auth"
 
   smokeping:
     image: lscr.io/linuxserver/smokeping
@@ -109,6 +110,7 @@ services:
       - "traefik.http.routers.ping-secure.rule=Host(`ping.${DOMAIN}`) || Host(`smokeping.${DOMAIN}`) "
       - "traefik.http.routers.ping-secure.tls=true"
       - "traefik.http.routers.ping-secure.tls.certresolver=${DNS}"
+      - "traefik.http.routers.ping-secure.middlewares=forward-auth"
 
   watchtower:
     image: containrrr/watchtower