http: routers: auth: rule: Host(`auth.paccoco.com`) entryPoints: [web] service: authelia middlewares: - security-headers gitea-authentik-outpost: rule: Host(`gitea.paccoco.com`) && PathPrefix(`/outpost.goauthentik.io/`) priority: 15 entryPoints: [web] service: authentik-outpost middlewares: - security-headers gitea: rule: Host(`gitea.paccoco.com`) entryPoints: [web] service: gitea middlewares: - security-headers grafana: rule: Host(`grafana.paccoco.com`) entryPoints: [web] service: grafana middlewares: - security-headers technitium: rule: Host(`dns.paccoco.com`) entryPoints: [web] service: technitium middlewares: - security-headers traefik-dashboard-authentik-outpost: rule: Host(`traefik.paccoco.com`) && PathPrefix(`/outpost.goauthentik.io/`) priority: 20 entryPoints: [web] service: authentik-outpost middlewares: - security-headers traefik-dashboard-root: rule: Host(`traefik.paccoco.com`) && Path(`/`) priority: 15 entryPoints: [web] service: api@internal middlewares: - security-headers - traefik-dashboard-root-redirect traefik-dashboard: rule: Host(`traefik.paccoco.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`)) priority: 10 entryPoints: [web] service: api@internal middlewares: - security-headers - authentik-forwardauth services: authelia: loadBalancer: servers: - url: http://authelia:9091 authentik-outpost: loadBalancer: servers: - url: http://authentik-server:9000 gitea: loadBalancer: servers: - url: http://gitea:3000 grafana: loadBalancer: servers: - url: http://grafana:3000 technitium: loadBalancer: passHostHeader: true serversTransport: technitium-selfsigned servers: - url: https://technitium-dns-pilot:443 middlewares: authelia-forwardauth: forwardAuth: address: http://authelia:9091/api/authz/forward-auth trustForwardHeader: true authResponseHeaders: - Remote-User - Remote-Groups - Remote-Name - Remote-Email authentik-forwardauth: forwardAuth: address: http://authentik-server:9000/outpost.goauthentik.io/auth/traefik trustForwardHeader: true authResponseHeaders: - X-authentik-username - X-authentik-groups - X-authentik-email - X-authentik-name - X-authentik-uid - X-authentik-jwt - X-authentik-meta-jwks - X-authentik-meta-outpost - X-authentik-meta-provider - X-authentik-meta-app - X-authentik-entitlements traefik-dashboard-root-redirect: redirectRegex: regex: ^https?://([^/]+)/?$ replacement: https://${1}/dashboard/ permanent: false security-headers: headers: frameDeny: true browserXssFilter: true contentTypeNosniff: true referrerPolicy: same-origin customRequestHeaders: X-Forwarded-Proto: https customResponseHeaders: X-Robots-Tag: noindex, nofollow, noarchive, nosnippet serversTransports: technitium-selfsigned: insecureSkipVerify: true