From 76e8142032d3e2f9a49084a4d09e1bb0d6063ce1 Mon Sep 17 00:00:00 2001 From: Amir Zarrinkafsh Date: Sat, 11 Apr 2020 11:49:54 +1000 Subject: [PATCH] [DOCS] Add Remote-User and Remote-Groups headers to Traefik docs and examples (#849) --- compose/lite/docker-compose.yml | 1 + compose/local/docker-compose.yml | 1 + docs/deployment/supported-proxies/traefik1.x.md | 2 ++ docs/deployment/supported-proxies/traefik2.x.md | 3 ++- .../example/compose/nginx/backend/docker-compose.yml | 8 ++++++-- 5 files changed, 12 insertions(+), 3 deletions(-) diff --git a/compose/lite/docker-compose.yml b/compose/lite/docker-compose.yml index a326e1fd..884f4e24 100644 --- a/compose/lite/docker-compose.yml +++ b/compose/lite/docker-compose.yml @@ -22,6 +22,7 @@ services: - 'traefik.http.routers.authelia.tls.certresolver=letsencrypt' - 'traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/verify?rd=https://auth.example.com' - 'traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true' + - 'traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User, Remote-Groups' expose: - 9091 restart: unless-stopped diff --git a/compose/local/docker-compose.yml b/compose/local/docker-compose.yml index ab93532a..83b4eb56 100644 --- a/compose/local/docker-compose.yml +++ b/compose/local/docker-compose.yml @@ -22,6 +22,7 @@ services: - 'traefik.http.routers.authelia.tls.options=default' - 'traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/verify?rd=https://authelia.example.com' - 'traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true' + - 'traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User, Remote-Groups' expose: - 9091 restart: unless-stopped diff --git a/docs/deployment/supported-proxies/traefik1.x.md b/docs/deployment/supported-proxies/traefik1.x.md index 47952ce1..fd1aa208 100644 --- a/docs/deployment/supported-proxies/traefik1.x.md +++ b/docs/deployment/supported-proxies/traefik1.x.md @@ -86,6 +86,8 @@ services: labels: - 'traefik.frontend.rule=Host:nextcloud.example.com' - 'traefik.frontend.auth.forward.address=http://authelia:9091/api/verify?rd=https://login.example.com/' + - 'traefik.frontend.auth.forward.trustForwardHeader=true' + - 'traefik.frontend.auth.forward.authResponseHeaders=Remote-User,Remote-Groups' expose: - 443 restart: unless-stopped diff --git a/docs/deployment/supported-proxies/traefik2.x.md b/docs/deployment/supported-proxies/traefik2.x.md index 55f33a9e..c0498f27 100644 --- a/docs/deployment/supported-proxies/traefik2.x.md +++ b/docs/deployment/supported-proxies/traefik2.x.md @@ -73,8 +73,9 @@ services: - 'traefik.http.routers.authelia.rule=Host(`login.example.com`)' - 'traefik.http.routers.authelia.entrypoints=https' - 'traefik.http.routers.authelia.tls=true' - - 'traefik.http.middlewares.authelia.forwardAuth.address=http://authelia:9091/api/verify?rd=https://login.example.com/' + - 'traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/verify?rd=https://login.example.com/' - 'traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true' + - 'traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User, Remote-Groups' expose: - 9091 restart: unless-stopped diff --git a/internal/suites/example/compose/nginx/backend/docker-compose.yml b/internal/suites/example/compose/nginx/backend/docker-compose.yml index e12498d5..bda2471e 100644 --- a/internal/suites/example/compose/nginx/backend/docker-compose.yml +++ b/internal/suites/example/compose/nginx/backend/docker-compose.yml @@ -7,11 +7,15 @@ services: - 'traefik.frontend.rule=Host:home.example.com,public.example.com,secure.example.com,admin.example.com,singlefactor.example.com' # Traefik 1.x - 'traefik.frontend.auth.forward.address=http://authelia-backend:9091/api/verify?rd=https://login.example.com:8080/' # Traefik 1.x - 'traefik.frontend.auth.forward.tls.insecureSkipVerify=true' # Traefik 1.x + - 'traefik.frontend.auth.forward.trustForwardHeader=true' # Traefik 1.x + - 'traefik.frontend.auth.forward.authResponseHeaders=Remote-User,Remote-Groups' # Traefik 1.x - 'traefik.http.routers.protectedapps.rule=Host(`home.example.com`, `public.example.com`, `secure.example.com`, `admin.example.com`, `singlefactor.example.com`)' # Traefik 2.x - 'traefik.http.routers.protectedapps.entrypoints=https' # Traefik 2.x - 'traefik.http.routers.protectedapps.tls=true' # Traefik 2.x - 'traefik.http.routers.protectedapps.middlewares=authelia' # Traefik 2.x - - 'traefik.http.middlewares.authelia.forwardAuth.address=http://authelia-backend:9091/api/verify?rd=https://login.example.com:8080/' # Traefik 2.x - - 'traefik.http.middlewares.authelia.forwardAuth.tls.insecureSkipVerify=true' # Traefik 2.x + - 'traefik.http.middlewares.authelia.forwardauth.address=http://authelia-backend:9091/api/verify?rd=https://login.example.com:8080/' # Traefik 2.x + - 'traefik.http.middlewares.authelia.forwardauth.tls.insecureSkipVerify=true' # Traefik 2.x + - 'traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true' # Traefik 2.x + - 'traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User, Remote-Groups' # Traefik 2.x networks: - authelianet \ No newline at end of file