From e9c66fa62a040c9bf7b0807f927d5b43c2e04862 Mon Sep 17 00:00:00 2001
From: josedario87 <jodarioel87@gmail.com>
Date: Tue, 14 Oct 2025 11:18:58 -0600
Subject: [PATCH] =?UTF-8?q?Configurar=20Traefik=20con=20autenticaci=C3=B3n?=
 =?UTF-8?q?=20Authentik=20para=20amigos-app?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 docker-compose.yml | 26 ++++++++++++++++++++++++--
 1 file changed, 24 insertions(+), 2 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 54537ba..fb3b3b5 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -4,8 +4,6 @@ services:
   amigos-app:
     image: gitea.nucleoriofrio.com/nucleo000/amigos-app:latest
     container_name: amigos-app
-    ports:
-      - "3001"
     environment:
       - MONGO_HOST=mongodb-local
       - PORT=3001
@@ -16,6 +14,30 @@ services:
     networks:
       - principal
       - amigos-network
+    labels:
+      # Habilitar Traefik
+      - "traefik.enable=true"
+
+      # Router principal
+      - "traefik.http.routers.amigos-nucleoriofrio.rule=Host(`amigos.nucleoriofrio.com`)"
+      - "traefik.http.routers.amigos-nucleoriofrio.entrypoints=websecure"
+      - "traefik.http.routers.amigos-nucleoriofrio.tls.certresolver=letsencrypt"
+      - "traefik.http.routers.amigos-nucleoriofrio.service=amigos-nucleoriofrio-service"
+
+      # Service (puerto interno del contenedor)
+      - "traefik.http.services.amigos-nucleoriofrio-service.loadbalancer.server.port=3001"
+
+      # Middleware de autenticación ESPECÍFICO para amigos-app
+      - "traefik.http.middlewares.amigos-authentik.forwardauth.address=https://lvl0.nucleoriofrio.com/outpost.goauthentik.io/auth/traefik"
+      - "traefik.http.middlewares.amigos-authentik.forwardauth.trustForwardHeader=true"
+      - "traefik.http.middlewares.amigos-authentik.forwardauth.authResponseHeaders=X-authentik-username,X-authentik-email,X-authentik-name,X-authentik-uid,X-authentik-groups,X-authentik-entitlements,Set-Cookie"
+
+      # Middleware de headers ESPECÍFICO para amigos-app
+      - "traefik.http.middlewares.amigos-headers.headers.customrequestheaders.X-Forwarded-Proto=https"
+      - "traefik.http.middlewares.amigos-headers.headers.customrequestheaders.X-Forwarded-Scheme=https"
+
+      # Aplicar SOLO los middlewares específicos de este contenedor
+      - "traefik.http.routers.amigos-nucleoriofrio.middlewares=amigos-authentik,amigos-headers"
 
   mongodb:
     image: mongo:latest