mirrors
/
calibre-web
mirror of https://github.com/janeczku/calibre-web
1
0
Fork 0
Code Issues Releases Wiki Activity

Added TOC and section regarding Authelia Forward Auth

Northguy 2021-03-07 12:02:06 +01:00
parent ced48b7fe4
commit 0e52cc3435
1 changed files with 29 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
Setup-Reverse-Proxy.md

@ -8,6 +8,16 @@ If your reverse proxy has some kind of authentication mechanism, you can configu
In the admin configuration, check the box marked `Allow Reverse Proxy Authentication`, and then fill in the text box that appears with the name of the header that will contain the username. If you pass a username that isn't present in the database, nothing will happen - the user must exist beforehand in order to login.
### Table of contents
1. [nginx](https://github.com/janeczku/calibre-web/wiki/Setup-Reverse-Proxy#nginx)
2. [Apache 2.4](https://github.com/janeczku/calibre-web/wiki/Setup-Reverse-Proxy#apache-24)
3. [Internet Information Service IIS 10](https://github.com/janeczku/calibre-web/wiki/Setup-Reverse-Proxy#internet-information-service-iis-10)
4. [Lighttpd 1.4](https://github.com/janeczku/calibre-web/wiki/Setup-Reverse-Proxy#lighttpd-14)
5. [Traefik 2.0](https://github.com/janeczku/calibre-web/wiki/Setup-Reverse-Proxy#traefik-200)
6. [Traefik >= 2.4.1 with Authelia forward auth](https://github.com/janeczku/calibre-web/wiki/Setup-Reverse-Proxy/#traefik--241-with-authelia-forward-auth)
### nginx
@ -172,4 +182,22 @@ traefik-proxy.toml:
[[http.services.cw-router.loadbalancer.servers]]
url = "http://127.0.0.1:8083"
```
This example is only working for 127.0.0.1 for other hostnames the routing rule has to be extended.
This example is only working for 127.0.0.1 for other hostnames the routing rule has to be extended.
### Traefik >= 2.4.1 with Authelia Forward Auth
When you have a setup of Traefik >= 2.4.1 in combination with Authelia forward authorization, [Authelia](https://www.authelia.com/docs/deployment/supported-proxies/traefik2.x.html) can provide all required information via a Middleware.
Setting up is as easy as:
1. Adding authResponseHeaders=Remote-User to the forwardauth middleware
2. Adding "Remote-User" as Reverse proxy header name in the Calibre configuration section
### Example of Authelia middleware definition:
- 'traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/verify?rd=https://login.example.com/'
- 'traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true'
- 'traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User, Remote-Groups, Remote-Name, Remote-Email'
- 'traefik.http.middlewares.authelia-basic.forwardauth.address=http://authelia:9091/api/verify?auth=basic'