francislavoie
commented
1 month ago You need to keep the parentheses in the labels as well.
Open wsw70 opened 1 month ago
francislavoie
commented
1 month ago You need to keep the parentheses in the labels as well.
wsw70
commented
1 month ago You need to keep the parentheses in the labels as well.
Ah! I followed the docs.
caddy: (encode)
caddy.encode: zstd gzip
↓
(encode) {
encode zstd gzip
}and
caddy_0: (snippet)
caddy_0.tls: internal
caddy_1: site-a.com
caddy_1.import: snippet
caddy_2: site-b.com
caddy_2.import: snippet
↓
(snippet) {
tls internal
}
site_a {
import snippet
}
site_b {
import snippet
}I will check this out as soon as I see our election results in France :)
wsw70
commented
1 month ago You need to keep the parentheses in the labels as well.
Unfortunately this does not change the error
hycday
commented
1 month ago hey @wsw70 where you able to make authelia work at the end ?
wsw70
commented
1 month ago hey @wsw70 where you able to make authelia work at the end ?
Authelia is working fine. What I could not (and still cannot) make work was the snippet in the labels.
hycday
commented
1 month ago i am super curious as to how you made Authelia work without that snippet/label part.. i am trying to make it work with Caddy Docker Proxy and struggling, let me know if there is a way you could help (between french :) )
as for the conversion I get something like that, but cannot properly test it as i am struggling to make it work :
# Define trusted_proxy_list snippet without active trusted_proxies
caddy_0: (trusted_proxy_list)
# auth.domain.ltd
caddy_1: auth.domain.ltd
caddy_1.reverse_proxy: "{{authelia 9091}}"
caddy_1.reverse_proxy.import: trusted_proxy_list
# site.domain.ltd site to protect
caddy_2: site.domain.ltd
caddy_2.forward_auth: authelia:9091
caddy_2.forward_auth.uri: /api/authz/forward-auth
caddy_2.forward_auth.copy_headers: Remote-User Remote-Groups Remote-Email Remote-Name
caddy_2.forward_auth.import: trusted_proxy_list
caddy_2.reverse_proxy: "{{scrapper 80}}"
caddy_2.reverse_proxy.import: trusted_proxy_listi am super curious as to how you made Authelia work without that snippet/label part.. i am trying to make it work with Caddy Docker Proxy and struggling, let me know if there is a way you could help (between french :) )
I am not sure I understand. I do use the snippet but it is defined in the main Caddyfile. I wanted to get rid of that main configuration file and do everything through the labels. This is not a showstopper though.
hycday
commented
1 month ago wasnt able to make it work, so i used Authentik and besides some few config left it works good...
wsw70
commented
1 month ago i used Authentik
Looks really cool. It is a more complicated (and probably - complete) system compared to Authelia, though. Good luck!
DonDebonair
commented
3 weeks ago I'm using Authelia with caddy-docker-proxy successfully.
These are the relevant labels in the Docker Compose config of my Caddy container:
caddy_90: (secure)
caddy_90.forward_auth: '{args[0]} authelia:9091'
caddy_90.forward_auth.uri: /api/verify?rd=https://auth.example.com
caddy_90.forward_auth.copy_headers: Remote-User Remote-Groups Remote-Name Remote-Email(The 90 suffix is because I have multiple global configs/snippets etc. and I want to order them specifically. You can leave it off)
And then for each container I want to proxy and put behind Authelia
caddy: my-app.example.com
caddy.reverse_proxy: "{{upstreams 8080}}"
caddy.import: secure *Obviously you should change the domain and port
I have the following snippet I would like to convert to labels (it works well when in the Caddyfile):
I tried to convert it to labels in Caddy's docker-compose (I did several versions, all failed):
When restarting Caddy, I get for each service that does an
import authenticate-with-caddyan error message telling me that theauthenticate-with-autheliadirective is not recognized.Since it is not possible to debug snippets via the JSON configuration (they are merged at startup) I have no way to see how it is translated, and I suppose that there is an error in the translation.