Added TOC and section regarding Authelia Forward Auth
parent
ced48b7fe4
commit
0e52cc3435
|
@ -8,6 +8,16 @@ If your reverse proxy has some kind of authentication mechanism, you can configu
|
|||
|
||||
In the admin configuration, check the box marked `Allow Reverse Proxy Authentication`, and then fill in the text box that appears with the name of the header that will contain the username. If you pass a username that isn't present in the database, nothing will happen - the user must exist beforehand in order to login.
|
||||
|
||||
### Table of contents
|
||||
1. [nginx](https://github.com/janeczku/calibre-web/wiki/Setup-Reverse-Proxy#nginx)
|
||||
2. [Apache 2.4](https://github.com/janeczku/calibre-web/wiki/Setup-Reverse-Proxy#apache-24)
|
||||
3. [Internet Information Service IIS 10](https://github.com/janeczku/calibre-web/wiki/Setup-Reverse-Proxy#internet-information-service-iis-10)
|
||||
4. [Lighttpd 1.4](https://github.com/janeczku/calibre-web/wiki/Setup-Reverse-Proxy#lighttpd-14)
|
||||
5. [Traefik 2.0](https://github.com/janeczku/calibre-web/wiki/Setup-Reverse-Proxy#traefik-200)
|
||||
6. [Traefik >= 2.4.1 with Authelia forward auth](https://github.com/janeczku/calibre-web/wiki/Setup-Reverse-Proxy/#traefik--241-with-authelia-forward-auth)
|
||||
|
||||
|
||||
|
||||
|
||||
### nginx
|
||||
|
||||
|
@ -172,4 +182,22 @@ traefik-proxy.toml:
|
|||
[[http.services.cw-router.loadbalancer.servers]]
|
||||
url = "http://127.0.0.1:8083"
|
||||
```
|
||||
This example is only working for 127.0.0.1 for other hostnames the routing rule has to be extended.
|
||||
This example is only working for 127.0.0.1 for other hostnames the routing rule has to be extended.
|
||||
|
||||
### Traefik >= 2.4.1 with Authelia Forward Auth
|
||||
|
||||
When you have a setup of Traefik >= 2.4.1 in combination with Authelia forward authorization, [Authelia](https://www.authelia.com/docs/deployment/supported-proxies/traefik2.x.html) can provide all required information via a Middleware.
|
||||
|
||||
Setting up is as easy as:
|
||||
1. Adding authResponseHeaders=Remote-User to the forwardauth middleware
|
||||
2. Adding "Remote-User" as Reverse proxy header name in the Calibre configuration section
|
||||
|
||||
|
||||
### Example of Authelia middleware definition:
|
||||
|
||||
- 'traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/verify?rd=https://login.example.com/'
|
||||
- 'traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true'
|
||||
- 'traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User, Remote-Groups, Remote-Name, Remote-Email'
|
||||
- 'traefik.http.middlewares.authelia-basic.forwardauth.address=http://authelia:9091/api/verify?auth=basic'
|
||||
|
||||
|
||||
|
|
Loading…
Reference in New Issue