From 126a0f1f89d9c3ef2a8e05b854d2d4118b553722 Mon Sep 17 00:00:00 2001
From: Thomas Kendrick <tom@tkendrick.com>
Date: Fri, 19 Dec 2025 22:38:13 +0000
Subject: [PATCH] feat: traefik auth flow

---
 proxies/traefik/docker-compose.yml | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/proxies/traefik/docker-compose.yml b/proxies/traefik/docker-compose.yml
index a01ea58..79b2be9 100644
--- a/proxies/traefik/docker-compose.yml
+++ b/proxies/traefik/docker-compose.yml
@@ -27,9 +27,11 @@ services:
       - "traefik.http.routers.traefik.entrypoints=https"
       - "traefik.http.routers.traefik.service=api@internal"
       - "traefik.http.routers.traefik.tls.certresolver=cloudflare"
-      # Basic Auth Middleware
-      - "traefik.http.middlewares.traefik-auth.basicauth.users=user:$$apr1$$q8eZFHjF$$Fj9U0fCH4d13F5j3v3v3w0"
-      - "traefik.http.routers.traefik.middlewares=traefik-auth"
+      # Authentik Forward Auth Middleware
+      - "traefik.http.middlewares.authentik.forwardauth.address=http://authentik-server:9000/outpost.goauthentik.io/auth/traefik"
+      - "traefik.http.middlewares.authentik.forwardauth.trustForwardHeader=true"
+      - "traefik.http.middlewares.authentik.forwardauth.authResponseHeaders=X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid,X-authentik-jwt,X-authentik-meta-jwks,X-authentik-meta-outpost,X-authentik-meta-provider,X-authentik-meta-app,X-authentik-meta-version"
+      - "traefik.http.routers.traefik.middlewares=authentik"
     networks:
       - traefik_public