From 586aef0e33321a1347bfa5c1a8abdc5e23fcbc07 Mon Sep 17 00:00:00 2001
From: karmacoma <karmacoma@karmacoma.dev>
Date: Sun, 23 Nov 2025 23:45:07 +0000
Subject: [PATCH] Added traefik labels to allow forward auth

Signed-off-by: karmacoma <karmacoma@karmacoma.dev>
---
 docker-compose.yml | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 0db856d..21662b1 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -40,11 +40,9 @@ services:
         aliases:
           - auth-core
     labels:
-      # 1. Define the Middleware (Forces HTTPS protocol header)
-      - "traefik.http.middlewares.authentik-force-https.headers.customrequestheaders.X-Forwarded-Proto=https"
-      # 2. Attach it to Coolify's generated Router
-      # (Note: We usually append 'gzip' as Coolify adds it by default, ensuring we don't remove it)
-      - "traefik.http.routers.https-0-j88cw4skoowsccs4oc44g0wg-authentik_server.middlewares=gzip,authentik-force-https"
+      - "traefik.http.middlewares.authentik.forwardauth.address=http://authentik_server:80/outpost.goauthentik.io/auth/traefik"
+      - "traefik.http.middlewares.authentik.forwardauth.trustForwardHeader=true"
+      - "traefik.http.middlewares.authentik.forwardauth.authResponseHeaders=X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid,X-authentik-jwt,X-authentik-meta-jwks,X-authentik-meta-outpost,X-authentik-meta-provider,X-authentik-meta-app,X-authentik-meta-version"
   authentik_worker:
     command: worker
     depends_on: