Closed TiiFuchs closed 1 month ago
The service proxy-hms@docker
has the configured transmission.[domain] route and an additional transmission-proxy.[domain] route in traefik configured.
I didn't figure out where the transmission-proxy route comes from. It's not configured in any default or custom vars yml.
Looks like this in traefik:
The transmission-proxy route has the authentik-proxy-hms-transmission-midware@docker middleware, but the transmission route has not.
I'm confused because traefik says the transmission-proxy route comes from Docker provider. But in the docker-compose.yml this route is not even once mentioned in a traefik label.
docker inspect
on the transmission-proxy container does not show any label either.
What is the desired configuration to make transmission accessible under transmission.[domain] via authentik and nothing else?
Enable Authentik and then in the container_map.yml
for transmission (change expose_to_public
if you need):
...
transmission:
enabled: yes
proxy_host_rule: transmission
directory: yes
traefik: yes
authentik: yes
authentik_provider_type: proxy
expose_to_public: no
homepage: yes
homepage_stats: yes
...
After this, you will need to configure the Authentik Outpost by following https://github.com/ahembree/ansible-hms-docker/blob/master/docs/Authentik.md#important-note
I'm not sure why you're seeing the transmission-proxy
as a rule since the proxy container is what actually has the traefik rule for transmission
, I haven't been able to replicate this. Traefik also has exposedByDefault
disabled, so there shouldn't be any sort of auto-detection doing this.
This tells me I configured everything correctly. Nonetheless the transmission route ist not secured by authentik, the transmission-proxy route is. I configured basic auth on transmission via the environment variables in the corresponding vars file as a workaround.
If I can help to figure this out, I'm happy to do so.
Finally got some time to do a little more troubleshooting and I was able to get Transmission accessible and protected by Traefik outside my home network by doing the following:
expose_to_public
to yes
for both authentik
and transmission
in the container_map.yml
transmission.{domain}
authentik.{domain}
I'm still unable to replicate the issue with having the transmission-proxy
route as well. Have you been able to run updates by chance to see if a newer version happened to fix anything? It may be an issue with the Traefik config file (default location is /opt/hms-docker/apps/traefik/config/traefik.yml
) since exposedByDefault
defaults to true
which would cause this behavior.
Closing due to inactivity
When enabling expose_to_public and authentik via container_map.yml for transmission, only the transmission-proxy.[domain] get's "secured". But via transmission.[domain] transmission itself is accessible without any authentication or whitelist.
What is the desired configuration to make transmission accessible under transmission.[domain] via authentik and nothing else?