beatzaplenty/docker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #20 from beatz174-bit/codex/update-traefik-configuration-for-trusted-proxies

Browse Source 
Restrict Traefik forwarded headers to trusted IPs, enable Authelia trustForwardHeader, and add traefik network subnet
This commit is contained in:
beatz174-bit
2026-04-13 10:16:25 +10:00
committed by GitHub
parent cfbefed2e3 8448f2bb94
commit 47a5908430
3 changed files with 20 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
core/docker-compose.yml
+2
View File
@@ -122,6 +122,8 @@ services:
- traefik.http.routers.authelia.tls.certresolver=myresolver
- io.portainer.accesscontrol.public
- traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/verify?rd=https://auth.lan.ddnsgeek.com/
# Keep trustForwardHeader enabled so Authelia evaluates the real client IP from
# X-Forwarded-* headers that Traefik now accepts only from trustedIPs.
- traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true
- traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User,Remote-Groups
- traefik.http.middlewares.authelia.forwardauth.maxResponseBodySize=2097152