2020-02-29 07:43:59 +07:00
---
layout: default
title: Traefik 1.x
2020-03-08 22:29:16 +07:00
parent: Proxy Integration
2020-02-29 07:43:59 +07:00
grand_parent: Deployment
nav_order: 3
---
2020-01-27 06:24:50 +07:00
# Traefik
[Traefik 1.x] is a reverse proxy supported by **Authelia** .
## Configuration
Below you will find commented examples of the following configuration:
* Traefik 1.x
* Authelia portal
* Protected endpoint (Nextcloud)
2021-02-24 06:35:04 +07:00
* Protected endpoint with `Authorization` header for basic authentication (Heimdall)
2020-01-27 06:24:50 +07:00
The below configuration looks to provide examples of running Traefik 1.x with labels to protect your endpoint (Nextcloud in this case).
Please ensure that you also setup the respective [ACME configuration ](https://docs.traefik.io/v1.7/configuration/acme/ ) for your Traefik setup as this is not covered in the example below.
2021-02-24 06:35:04 +07:00
### Basic Authentication
Authelia provides the means to be able to authenticate your first factor via the `Proxy-Authorization` header.
Given that this is not compatible with Traefik 1.x you can call Authelia's `/api/verify` endpoint with the `auth=basic` query parameter to force a switch to the `Authentication` header.
2020-01-27 06:24:50 +07:00
##### docker-compose.yml
```yml
version: '3'
networks:
net:
driver: bridge
services:
traefik:
image: traefik:v1.7.20-alpine
container_name: traefik
volumes:
2020-03-27 06:43:10 +07:00
- /var/run/docker.sock:/var/run/docker.sock
2020-01-27 06:24:50 +07:00
networks:
- net
labels:
- 'traefik.frontend.rule=Host:traefik.example.com'
- 'traefik.port=8081'
ports:
- 80:80
- 443:443
- 8081:8081
restart: unless-stopped
command:
- '--api'
- '--api.entrypoint=api'
- '--docker'
- '--defaultentrypoints=https'
- '--logLevel=DEBUG'
- '--traefiklog=true'
- '--traefiklog.filepath=/var/log/traefik.log'
- '--entryPoints=Name:http Address::80'
- '--entryPoints=Name:https Address::443 TLS'
- '--entryPoints=Name:api Address::8081'
authelia:
image: authelia/authelia
container_name: authelia
volumes:
2020-06-17 13:25:35 +07:00
- /path/to/authelia:/config
2020-01-27 06:24:50 +07:00
networks:
- net
labels:
- 'traefik.frontend.rule=Host:login.example.com'
expose:
- 9091
restart: unless-stopped
environment:
- TZ=Australia/Melbourne
nextcloud:
image: linuxserver/nextcloud
container_name: nextcloud
volumes:
- /path/to/nextcloud/config:/config
- /path/to/nextcloud/data:/data
networks:
- net
labels:
- 'traefik.frontend.rule=Host:nextcloud.example.com'
- 'traefik.frontend.auth.forward.address=http://authelia:9091/api/verify?rd=https://login.example.com/'
2020-04-11 08:49:54 +07:00
- 'traefik.frontend.auth.forward.trustForwardHeader=true'
2020-10-26 18:38:08 +07:00
- 'traefik.frontend.auth.forward.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email'
2020-01-27 06:24:50 +07:00
expose:
- 443
restart: unless-stopped
environment:
- PUID=1000
- PGID=1000
- TZ=Australia/Melbourne
2021-02-24 06:35:04 +07:00
heimdall:
image: linuxserver/heimdall
container_name: heimdall
volumes:
- /path/to/heimdall/config:/config
networks:
- net
labels:
- 'traefik.frontend.rule=Host:heimdall.example.com'
2022-03-17 12:29:43 +07:00
- 'traefik.frontend.auth.forward.address=http://authelia:9091/api/verify?auth=basic'
2021-02-24 06:35:04 +07:00
- 'traefik.frontend.auth.forward.trustForwardHeader=true'
- 'traefik.frontend.auth.forward.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email'
expose:
- 443
restart: unless-stopped
environment:
- PUID=1000
- PGID=1000
- TZ=Australia/Melbourne
2020-01-27 06:24:50 +07:00
```
[Traefik 1.x]: https://docs.traefik.io/v1.7/