update traefik config
This commit is contained in:
43
boilerplates/traefik/dynamic/authentik.yml
Normal file
43
boilerplates/traefik/dynamic/authentik.yml
Normal file
@@ -0,0 +1,43 @@
|
|||||||
|
http:
|
||||||
|
routers:
|
||||||
|
authentik:
|
||||||
|
rule: "Host(`authentik.local.mk-labs.cloud`)"
|
||||||
|
entryPoints:
|
||||||
|
- websecure
|
||||||
|
service: authentik
|
||||||
|
tls:
|
||||||
|
certResolver: cloudflare
|
||||||
|
middlewares:
|
||||||
|
- security-headers
|
||||||
|
|
||||||
|
services:
|
||||||
|
authentik:
|
||||||
|
loadBalancer:
|
||||||
|
servers:
|
||||||
|
- url: "http://10.1.71.40:8000"
|
||||||
|
|
||||||
|
## Authentik Forward Auth Middleware
|
||||||
|
## Add 'authentik' to a router's middlewares list to protect it with SSO
|
||||||
|
## Example:
|
||||||
|
## my-service:
|
||||||
|
## rule: "Host(`my-service.local.mk-labs.cloud`)"
|
||||||
|
## middlewares:
|
||||||
|
## - security-headers
|
||||||
|
## - authentik-forwardauth
|
||||||
|
middlewares:
|
||||||
|
authentik-forwardauth:
|
||||||
|
forwardAuth:
|
||||||
|
address: "http://10.1.71.40:8000/outpost.goauthentik.io/auth/nginx"
|
||||||
|
trustForwardHeader: true
|
||||||
|
authResponseHeaders:
|
||||||
|
- X-authentik-username
|
||||||
|
- X-authentik-groups
|
||||||
|
- X-authentik-email
|
||||||
|
- X-authentik-name
|
||||||
|
- X-authentik-uid
|
||||||
|
- X-authentik-jwt
|
||||||
|
- X-authentik-meta-jwks
|
||||||
|
- X-authentik-meta-outpost
|
||||||
|
- X-authentik-meta-provider
|
||||||
|
- X-authentik-meta-app
|
||||||
|
- X-authentik-meta-version
|
||||||
Reference in New Issue
Block a user