Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Help to convert a snippet to labels #642

Open
wsw70 opened this issue Jul 7, 2024 · 10 comments
Open

Help to convert a snippet to labels #642

wsw70 opened this issue Jul 7, 2024 · 10 comments

Comments

@wsw70
Copy link

wsw70 commented Jul 7, 2024

I have the following snippet I would like to convert to labels (it works well when in the Caddyfile):

(authenticate-with-authelia) {
	@forceAuth {
		not header x-authelia-whitelist XXX
		}
	forward_auth @forceAuth authelia:9091 {
		uri /api/verify?rd=https://authelia.swtk.eu/
		copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
		trusted_proxies private_ranges
	}
}

I tried to convert it to labels in Caddy's docker-compose (I did several versions, all failed):

      caddy: (authenticate-with-authelia)
      [email protected]: header x-authelia-token XXX
      caddy.authenticate-with-authelia.forward_auth: "@forceAuth authelia:9091"
      caddy.authenticate-with-authelia.forward_auth.uri: /api/verify?rd=https://authelia.swtk.eu/
      caddy.authenticate-with-authelia.forward_auth.copy_headers: Remote-User Remote-Groups Remote-Name Remote-Email
      caddy.authenticate-with-authelia.forward_auth.trusted_proxies: private_ranges

When restarting Caddy, I get for each service that does an import authenticate-with-caddy an error message telling me that the authenticate-with-authelia directive is not recognized.

Since it is not possible to debug snippets via the JSON configuration (they are merged at startup) I have no way to see how it is translated, and I suppose that there is an error in the translation.
@francislavoie
Copy link
Collaborator

You need to keep the parentheses in the labels as well.

@wsw70
Copy link
Author

wsw70 commented Jul 7, 2024
edited
Loading

You need to keep the parentheses in the labels as well.

Ah! I followed the docs.

caddy: (encode)
caddy.encode: zstd gzip
↓
(encode) {
	encode zstd gzip
}

and

caddy_0: (snippet)
caddy_0.tls: internal
caddy_1: site-a.com
caddy_1.import: snippet
caddy_2: site-b.com
caddy_2.import: snippet
↓
(snippet) {
	tls internal
}
site_a {
	import snippet
}
site_b {
	import snippet
}

I will check this out as soon as I see our election results in France :)

@wsw70
Copy link
Author

wsw70 commented Jul 7, 2024

You need to keep the parentheses in the labels as well.

Unfortunately this does not change the error

@hycday
Copy link

hycday commented Jul 19, 2024

hey @wsw70 where you able to make authelia work at the end ?

@wsw70
Copy link
Author

wsw70 commented Jul 19, 2024

hey @wsw70 where you able to make authelia work at the end ?

Authelia is working fine. What I could not (and still cannot) make work was the snippet in the labels.

@hycday
Copy link

hycday commented Jul 19, 2024
edited
Loading

i am super curious as to how you made Authelia work without that snippet/label part.. i am trying to make it work with Caddy Docker Proxy and struggling, let me know if there is a way you could help (between french :) )

as for the conversion I get something like that, but cannot properly test it as i am struggling to make it work :

  # Define trusted_proxy_list snippet without active trusted_proxies
  caddy_0: (trusted_proxy_list)

  # auth.domain.ltd
  caddy_1: auth.domain.ltd
  caddy_1.reverse_proxy: "{{authelia 9091}}"
  caddy_1.reverse_proxy.import: trusted_proxy_list

  # site.domain.ltd site to protect
  caddy_2: site.domain.ltd
  caddy_2.forward_auth: authelia:9091
  caddy_2.forward_auth.uri: /api/authz/forward-auth
  caddy_2.forward_auth.copy_headers: Remote-User Remote-Groups Remote-Email Remote-Name
  caddy_2.forward_auth.import: trusted_proxy_list
  caddy_2.reverse_proxy: "{{scrapper 80}}"
  caddy_2.reverse_proxy.import: trusted_proxy_list

@wsw70
Copy link
Author

wsw70 commented Jul 21, 2024
edited
Loading

i am super curious as to how you made Authelia work without that snippet/label part.. i am trying to make it work with Caddy Docker Proxy and struggling, let me know if there is a way you could help (between french :) )

I am not sure I understand. I do use the snippet but it is defined in the main Caddyfile. I wanted to get rid of that main configuration file and do everything through the labels. This is not a showstopper though.

@hycday
Copy link

hycday commented Jul 21, 2024

wasnt able to make it work, so i used Authentik and besides some few config left it works good...

@wsw70
Copy link
Author

wsw70 commented Jul 21, 2024

i used Authentik

Looks really cool. It is a more complicated (and probably - complete) system compared to Authelia, though. Good luck!

@DonDebonair
Copy link

DonDebonair commented Aug 7, 2024
edited
Loading

I'm using Authelia with caddy-docker-proxy successfully.

These are the relevant labels in the Docker Compose config of my Caddy container:

caddy_90: (secure)
caddy_90.forward_auth: '{args[0]} authelia:9091'
caddy_90.forward_auth.uri: /api/verify?rd=https://auth.example.com
caddy_90.forward_auth.copy_headers: Remote-User Remote-Groups Remote-Name Remote-Email

(The 90 suffix is because I have multiple global configs/snippets etc. and I want to order them specifically. You can leave it off)

And then for each container I want to proxy and put behind Authelia

caddy: my-app.example.com
caddy.reverse_proxy: "{{upstreams 8080}}"
caddy.import: secure *

Obviously you should change the domain and port

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@DonDebonair @wsw70 @francislavoie @hycday