Authelia - SSO provider

docker-compose.yml

version: '2'

networks:
  traefik:
    name: traefik
    external: true
volumes:
  networking_authelia_config:
    external: true
  authelia:
    image: authelia/authelia
    restart: unless-stopped
    networks:
      - traefik
    expose:
      - 9091
    volumes:
      - networking_authelia_config:/config
    environment:
      - TZ=Europe/Berlin
    labels:
      - 'traefik.enable=true'
      - 'traefik.http.routers.authelia.rule=Host(`auth.domain.com`)'
      - 'traefik.http.routers.authelia.entryPoints=websecure'
      - 'traefik.http.routers.authelia.tls=true'
      - "traefik.http.services.authelia.loadBalancer.server.port=9091"
      - 'traefik.http.middlewares.authelia.forwardAuth.address=http://authelia:9091/api/verify?rd=https%3A%2F%2Fauth.domain.com%2F'
      - 'traefik.http.middlewares.authelia.forwardAuth.trustForwardHeader=true'
      - 'traefik.http.middlewares.authelia.forwardAuth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email'
      - 'traefik.http.middlewares.authelia-basic.forwardAuth.address=http://authelia:9091/api/verify?auth=basic'
      - 'traefik.http.middlewares.authelia-basic.forwardAuth.trustForwardHeader=true'
      - 'traefik.http.middlewares.authelia-basic.forwardAuth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email'

Generate password

docker run authelia/authelia:latest authelia crypto hash generate argon2 --password '<PASSWORD>'