From 7b7692ffb725f8f660e7ae4f5db9fa466d2df46e Mon Sep 17 00:00:00 2001 From: CalvinSteenbergen Date: Sat, 29 Nov 2025 13:10:54 +0100 Subject: [PATCH] update Traefik and Authentik configurations to enhance routing and middleware settings --- 1. docker-stacks/authentik/docker-compose.yml | 5 +++++ 1. docker-stacks/traefik/data/rules/middlewares.yml | 13 ++++++++++++- 1. docker-stacks/traefik/docker-compose.yml | 10 ++++++++-- 3 files changed, 25 insertions(+), 3 deletions(-) diff --git a/1. docker-stacks/authentik/docker-compose.yml b/1. docker-stacks/authentik/docker-compose.yml index 2d14346..63ee72e 100644 --- a/1. docker-stacks/authentik/docker-compose.yml +++ b/1. docker-stacks/authentik/docker-compose.yml @@ -24,6 +24,7 @@ services: server: image: ghcr.io/goauthentik/server:2025.10 + container_name: authentik-server-1 command: server environment: AUTHENTIK_REDIS__HOST: redis @@ -48,6 +49,10 @@ services: - "traefik.http.routers.authentik.tls=true" - "traefik.http.routers.authentik.tls.certresolver=letsencrypt" - "traefik.http.services.authentik.loadbalancer.server.port=9000" + # OPTIONEEL: Redirect voor de Authentik UI (niet strikt nodig voor forwardAuth) + - "traefik.http.routers.authentik-http.rule=Host(`authentik.stackbabber.nl`)" + - "traefik.http.routers.authentik-http.entrypoints=web" + - "traefik.http.routers.authentik-http.middlewares=redirect-to-https@file" worker: image: ghcr.io/goauthentik/server:2025.10 command: worker diff --git a/1. docker-stacks/traefik/data/rules/middlewares.yml b/1. docker-stacks/traefik/data/rules/middlewares.yml index 3fb6ddc..6a73e99 100644 --- a/1. docker-stacks/traefik/data/rules/middlewares.yml +++ b/1. docker-stacks/traefik/data/rules/middlewares.yml @@ -8,6 +8,11 @@ http: address: "http://authentik-server-1:9000/outpost.goauthentik.io/auth/layer" trustForwardHeader: true + # STUUR DE X-Forwarded-Proto HEADER MEE. Dit lost de redirect-lus op. + authRequestHeaders: + - "X-Forwarded-Proto" + + # De headers die Authentik terugstuurt na succesvolle authenticatie authResponseHeaders: - "X-authentik-username" - "X-authentik-groups" @@ -20,4 +25,10 @@ http: - "X-authentik-meta-provider" - "X-authentik-meta-app" - "X-authentik-meta-version" - - "Set-Cookie" \ No newline at end of file + - "Set-Cookie" + + # Optioneel: middleware om HTTP verkeer geforceerd naar HTTPS te sturen + redirect-to-https: + redirectScheme: + scheme: "https" + permanent: true \ No newline at end of file diff --git a/1. docker-stacks/traefik/docker-compose.yml b/1. docker-stacks/traefik/docker-compose.yml index 13bcfa1..4111da3 100644 --- a/1. docker-stacks/traefik/docker-compose.yml +++ b/1. docker-stacks/traefik/docker-compose.yml @@ -20,14 +20,20 @@ services: - ./data/rules:/rules labels: - "traefik.enable=true" + + # 1. Router voor het Traefik Dashboard (via HTTPS/WebSecure) - "traefik.http.routers.traefik.rule=Host(`traefik.stackbabber.nl`)" - "traefik.http.routers.traefik.entrypoints=websecure" - "traefik.http.routers.traefik.tls=true" - "traefik.http.routers.traefik.tls.certresolver=letsencrypt" - "traefik.http.routers.traefik.service=api@internal" + # Gebruik de aangepaste Authentik middleware - "traefik.http.routers.traefik.middlewares=authentik@file" - - "traefik.http.middlewares.https-headers.headers.customrequestheaders.X-Forwarded-Proto=https" - - "traefik.http.routers.traefik.middlewares=https-headers,authentik@file" + + # 2. Router voor de HTTP -> HTTPS redirect (Veiligere oplossing) + - "traefik.http.routers.traefik-http.rule=Host(`traefik.stackbabber.nl`)" + - "traefik.http.routers.traefik-http.entrypoints=web" + - "traefik.http.routers.traefik-http.middlewares=redirect-to-https@file" networks: proxy: