StackBabber/docker-infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

update Traefik and Authentik configurations to enhance routing and middleware settings

Browse source
This commit is contained in:
CalvinSteenbergen 2025-11-29 13:10:54 +01:00
parent bc8e36d35c
commit 7b7692ffb7
3 changed files with 25 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
1. docker-stacks/authentik/docker-compose.yml
View file

@ -24,6 +24,7 @@ services:
server: server:
image: ghcr.io/goauthentik/server:2025.10 image: ghcr.io/goauthentik/server:2025.10
container_name: authentik-server-1
command: server command: server
environment: environment:
AUTHENTIK_REDIS__HOST: redis AUTHENTIK_REDIS__HOST: redis
@ -48,6 +49,10 @@ services:
- "traefik.http.routers.authentik.tls=true" - "traefik.http.routers.authentik.tls=true"
- "traefik.http.routers.authentik.tls.certresolver=letsencrypt" - "traefik.http.routers.authentik.tls.certresolver=letsencrypt"
- "traefik.http.services.authentik.loadbalancer.server.port=9000" - "traefik.http.services.authentik.loadbalancer.server.port=9000"
# OPTIONEEL: Redirect voor de Authentik UI (niet strikt nodig voor forwardAuth)
- "traefik.http.routers.authentik-http.rule=Host(`authentik.stackbabber.nl`)"
- "traefik.http.routers.authentik-http.entrypoints=web"
- "traefik.http.routers.authentik-http.middlewares=redirect-to-https@file"
worker: worker:
image: ghcr.io/goauthentik/server:2025.10 image: ghcr.io/goauthentik/server:2025.10
command: worker command: worker

13
1. docker-stacks/traefik/data/rules/middlewares.yml
View file

@ -8,6 +8,11 @@ http:
address: "http://authentik-server-1:9000/outpost.goauthentik.io/auth/layer" address: "http://authentik-server-1:9000/outpost.goauthentik.io/auth/layer"
trustForwardHeader: true trustForwardHeader: true
# STUUR DE X-Forwarded-Proto HEADER MEE. Dit lost de redirect-lus op.
authRequestHeaders:
- "X-Forwarded-Proto"
# De headers die Authentik terugstuurt na succesvolle authenticatie
authResponseHeaders: authResponseHeaders:
- "X-authentik-username" - "X-authentik-username"
- "X-authentik-groups" - "X-authentik-groups"
@ -20,4 +25,10 @@ http:
- "X-authentik-meta-provider" - "X-authentik-meta-provider"
- "X-authentik-meta-app" - "X-authentik-meta-app"
- "X-authentik-meta-version" - "X-authentik-meta-version"
- "Set-Cookie" - "Set-Cookie"
# Optioneel: middleware om HTTP verkeer geforceerd naar HTTPS te sturen
redirect-to-https:
redirectScheme:
scheme: "https"
permanent: true

10
1. docker-stacks/traefik/docker-compose.yml
View file

@ -20,14 +20,20 @@ services:
- ./data/rules:/rules - ./data/rules:/rules
labels: labels:
- "traefik.enable=true" - "traefik.enable=true"
# 1. Router voor het Traefik Dashboard (via HTTPS/WebSecure)
- "traefik.http.routers.traefik.rule=Host(`traefik.stackbabber.nl`)" - "traefik.http.routers.traefik.rule=Host(`traefik.stackbabber.nl`)"
- "traefik.http.routers.traefik.entrypoints=websecure" - "traefik.http.routers.traefik.entrypoints=websecure"
- "traefik.http.routers.traefik.tls=true" - "traefik.http.routers.traefik.tls=true"
- "traefik.http.routers.traefik.tls.certresolver=letsencrypt" - "traefik.http.routers.traefik.tls.certresolver=letsencrypt"
- "traefik.http.routers.traefik.service=api@internal" - "traefik.http.routers.traefik.service=api@internal"
# Gebruik de aangepaste Authentik middleware
- "traefik.http.routers.traefik.middlewares=authentik@file" - "traefik.http.routers.traefik.middlewares=authentik@file"
- "traefik.http.middlewares.https-headers.headers.customrequestheaders.X-Forwarded-Proto=https"
- "traefik.http.routers.traefik.middlewares=https-headers,authentik@file" # 2. Router voor de HTTP -> HTTPS redirect (Veiligere oplossing)
- "traefik.http.routers.traefik-http.rule=Host(`traefik.stackbabber.nl`)"
- "traefik.http.routers.traefik-http.entrypoints=web"
- "traefik.http.routers.traefik-http.middlewares=redirect-to-https@file"
networks: networks:
proxy: proxy: