2020-02-29 07:43:59 +07:00
---
layout: default
title: Traefik 2.x
2020-03-08 22:29:16 +07:00
parent: Proxy Integration
2020-02-29 07:43:59 +07:00
grand_parent: Deployment
nav_order: 3
---
2020-01-27 06:24:50 +07:00
# Traefik2
[Traefik 2.x] is a reverse proxy supported by **Authelia** .
## Configuration
Below you will find commented examples of the following configuration:
* Traefik 2.x
* Authelia portal
* Protected endpoint (Nextcloud)
2021-02-24 06:35:04 +07:00
* Protected endpoint with `Authorization` header for basic authentication (Heimdall)
2020-01-27 06:24:50 +07:00
The below configuration looks to provide examples of running Traefik 2.x with labels to protect your endpoint (Nextcloud in this case).
Please ensure that you also setup the respective [ACME configuration ](https://docs.traefik.io/https/acme/ ) for your Traefik setup as this is not covered in the example below.
2021-02-24 06:35:04 +07:00
### Basic Authentication
Authelia provides the means to be able to authenticate your first factor via the `Proxy-Authorization` header, this is compatible with Traefik >= 2.4.1.
If you are running Traefik < 2.4.1 , or you have a use-case which requires the use of the `Authorization` header / basic authentication login prompt you can call Authelia ' s `/api/verify` endpoint with the `auth=basic` query parameter to force a switch to the `Authentication` header .
2020-01-27 06:24:50 +07:00
##### docker-compose.yml
```yml
version: '3'
networks:
net:
driver: bridge
services:
traefik:
2020-05-14 10:26:52 +07:00
image: traefik:v2.2
2020-01-27 06:24:50 +07:00
container_name: traefik
volumes:
- /var/run/docker.sock:/var/run/docker.sock
networks:
- net
labels:
2020-03-27 06:43:10 +07:00
- 'traefik.enable=true'
2020-01-27 06:24:50 +07:00
- 'traefik.http.routers.api.rule=Host(`traefik.example.com`)'
- 'traefik.http.routers.api.entrypoints=https'
- 'traefik.http.routers.api.service=api@internal'
- 'traefik.http.routers.api.tls=true'
ports:
- 80:80
- 443:443
command:
- '--api'
- '--providers.docker=true'
2020-03-27 06:43:10 +07:00
- '--providers.docker.exposedByDefault=false'
2020-01-27 06:24:50 +07:00
- '--entrypoints.http=true'
- '--entrypoints.http.address=:80'
2020-05-14 10:26:52 +07:00
- '--entrypoints.http.http.redirections.entrypoint.to=https'
- '--entrypoints.http.http.redirections.entrypoint.scheme=https'
2020-01-27 06:24:50 +07:00
- '--entrypoints.https=true'
- '--entrypoints.https.address=:443'
- '--log=true'
- '--log.level=DEBUG'
- '--log.filepath=/var/log/traefik.log'
authelia:
image: authelia/authelia
container_name: authelia
volumes:
2020-06-17 13:25:35 +07:00
- /path/to/authelia:/config
2020-01-27 06:24:50 +07:00
networks:
- net
labels:
2020-03-27 06:43:10 +07:00
- 'traefik.enable=true'
2020-01-27 06:24:50 +07:00
- 'traefik.http.routers.authelia.rule=Host(`login.example.com`)'
- 'traefik.http.routers.authelia.entrypoints=https'
- 'traefik.http.routers.authelia.tls=true'
2020-04-11 08:49:54 +07:00
- 'traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/verify?rd=https://login.example.com/'
2020-03-27 06:43:10 +07:00
- 'traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true'
2020-10-26 18:38:08 +07:00
- 'traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User, Remote-Groups, Remote-Name, Remote-Email'
2021-02-24 06:35:04 +07:00
- 'traefik.http.middlewares.authelia-basic.forwardauth.address=http://authelia:9091/api/verify?auth=basic'
- 'traefik.http.middlewares.authelia-basic.forwardauth.trustForwardHeader=true'
- 'traefik.http.middlewares.authelia-basic.forwardauth.authResponseHeaders=Remote-User, Remote-Groups, Remote-Name, Remote-Email'
2020-01-27 06:24:50 +07:00
expose:
- 9091
restart: unless-stopped
environment:
- TZ=Australia/Melbourne
nextcloud:
image: linuxserver/nextcloud
container_name: nextcloud
volumes:
- /path/to/nextcloud/config:/config
- /path/to/nextcloud/data:/data
networks:
- net
labels:
2020-03-27 06:43:10 +07:00
- 'traefik.enable=true'
2020-01-27 06:24:50 +07:00
- 'traefik.http.routers.nextcloud.rule=Host(`nextcloud.example.com`)'
- 'traefik.http.routers.nextcloud.entrypoints=https'
- 'traefik.http.routers.nextcloud.tls=true'
2020-03-27 06:43:10 +07:00
- 'traefik.http.routers.nextcloud.middlewares=authelia@docker'
2020-01-27 06:24:50 +07:00
expose:
- 443
restart: unless-stopped
environment:
- PUID=1000
- PGID=1000
- TZ=Australia/Melbourne
2021-02-24 06:35:04 +07:00
heimdall:
image: linuxserver/heimdall
container_name: heimdall
volumes:
- /path/to/heimdall/config:/config
networks:
- net
labels:
- 'traefik.enable=true'
- 'traefik.http.routers.heimdall.rule=Host(`heimdall.example.com`)'
- 'traefik.http.routers.heimdall.entrypoints=https'
- 'traefik.http.routers.heimdall.tls=true'
- 'traefik.http.routers.heimdall.middlewares=authelia-basic@docker'
expose:
- 443
restart: unless-stopped
environment:
- PUID=1000
- PGID=1000
- TZ=Australia/Melbourne
2020-01-27 06:24:50 +07:00
```
2020-05-21 21:48:54 +07:00
## FAQ
### Middleware authelia@docker not found
If Traefik and Authelia are defined in different docker compose stacks you may experience
an issue where Traefik complains that: `middleware authelia@docker not found` .
This can be avoided a couple different ways:
1. Ensure Authelia container is up before Traefik is started:
- Utilise the [`depends_on` option ](https://docs.docker.com/compose/compose-file/#depends_on )
2. Define the Authelia middleware on your Traefik container
```yaml
- 'traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/verify?rd=https://login.example.com/'
- 'traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true'
2020-10-26 18:38:08 +07:00
- 'traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User, Remote-Groups, Remote-Name, Remote-Email'
2020-05-21 21:48:54 +07:00
```
2020-01-27 06:24:50 +07:00
[Traefik 2.x]: https://docs.traefik.io/