From 8803c26a9cd56375b7e8ad0aab4c183065f201a8 Mon Sep 17 00:00:00 2001 From: josedario87 Date: Sun, 19 Oct 2025 13:18:38 -0600 Subject: [PATCH] =?UTF-8?q?Config:=20Migrar=20autenticaci=C3=B3n=20a=20out?= =?UTF-8?q?post=20exteriorlvl2=20de=20Authentik?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Reemplazar middleware authentik-forward-auth@file por middleware local - Configurar autenticación hacia http://exteriorlvl2.nucleoriofrio.com - Agregar headers de forward auth completos (username, email, name, uid, groups, entitlements) - Agregar X-Forwarded-Scheme header para mejor compatibilidad HTTPS --- docker-compose.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index e15ed78..2a2159d 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -67,10 +67,16 @@ services: - "traefik.http.routers.${APP_NAME}.tls.certresolver=letsencrypt" - "traefik.http.routers.${APP_NAME}.priority=10" - "traefik.http.routers.${APP_NAME}.service=${APP_NAME}" - - "traefik.http.routers.${APP_NAME}.middlewares=authentik-forward-auth@file,${APP_NAME}-headers" + - "traefik.http.routers.${APP_NAME}.middlewares=${APP_NAME}-authentik,${APP_NAME}-headers" + + # Middleware de autenticación usando outpost exteriorlvl2 + - "traefik.http.middlewares.${APP_NAME}-authentik.forwardauth.address=http://exteriorlvl2.nucleoriofrio.com/outpost.goauthentik.io/auth/traefik" + - "traefik.http.middlewares.${APP_NAME}-authentik.forwardauth.trustForwardHeader=true" + - "traefik.http.middlewares.${APP_NAME}-authentik.forwardauth.authResponseHeaders=X-authentik-username,X-authentik-email,X-authentik-name,X-authentik-uid,X-authentik-groups,X-authentik-entitlements,Set-Cookie" # Custom headers middleware - "traefik.http.middlewares.${APP_NAME}-headers.headers.customrequestheaders.X-Forwarded-Proto=https" + - "traefik.http.middlewares.${APP_NAME}-headers.headers.customrequestheaders.X-Forwarded-Scheme=https" # CORS middleware for public resources - "traefik.http.middlewares.${APP_NAME}-cors.headers.accesscontrolallowmethods=GET,OPTIONS"