Config: Migrar autenticación a outpost exteriorlvl2 de Authentik
All checks were successful
build-and-deploy / build-and-deploy (push) Successful in 17s
All checks were successful
build-and-deploy / build-and-deploy (push) Successful in 17s
- Reemplazar middleware authentik-forward-auth@file por middleware local - Configurar autenticación hacia http://exteriorlvl2.nucleoriofrio.com - Agregar headers de forward auth completos (username, email, name, uid, groups, entitlements) - Agregar X-Forwarded-Scheme header para mejor compatibilidad HTTPS
This commit is contained in:
@@ -67,10 +67,16 @@ services:
|
||||
- "traefik.http.routers.${APP_NAME}.tls.certresolver=letsencrypt"
|
||||
- "traefik.http.routers.${APP_NAME}.priority=10"
|
||||
- "traefik.http.routers.${APP_NAME}.service=${APP_NAME}"
|
||||
- "traefik.http.routers.${APP_NAME}.middlewares=authentik-forward-auth@file,${APP_NAME}-headers"
|
||||
- "traefik.http.routers.${APP_NAME}.middlewares=${APP_NAME}-authentik,${APP_NAME}-headers"
|
||||
|
||||
# Middleware de autenticación usando outpost exteriorlvl2
|
||||
- "traefik.http.middlewares.${APP_NAME}-authentik.forwardauth.address=http://exteriorlvl2.nucleoriofrio.com/outpost.goauthentik.io/auth/traefik"
|
||||
- "traefik.http.middlewares.${APP_NAME}-authentik.forwardauth.trustForwardHeader=true"
|
||||
- "traefik.http.middlewares.${APP_NAME}-authentik.forwardauth.authResponseHeaders=X-authentik-username,X-authentik-email,X-authentik-name,X-authentik-uid,X-authentik-groups,X-authentik-entitlements,Set-Cookie"
|
||||
|
||||
# Custom headers middleware
|
||||
- "traefik.http.middlewares.${APP_NAME}-headers.headers.customrequestheaders.X-Forwarded-Proto=https"
|
||||
- "traefik.http.middlewares.${APP_NAME}-headers.headers.customrequestheaders.X-Forwarded-Scheme=https"
|
||||
|
||||
# CORS middleware for public resources
|
||||
- "traefik.http.middlewares.${APP_NAME}-cors.headers.accesscontrolallowmethods=GET,OPTIONS"
|
||||
|
||||
Reference in New Issue
Block a user