fix: add authRequestHeaders to Authelia ForwardAuth middleware

Traefik needs to forward X-Forwarded-* headers to Authelia so it can determine the target URL. Without these headers, Authelia returns "failed to get target URL: missing host value" error. Added authRequestHeaders configuration to forward: - X-Forwarded-Method (HTTP method) - X-Forwarded-Proto (HTTPS/HTTP) - X-Forwarded-Host (target domain) - X-Forwarded-Uri (target path) - X-Forwarded-For (client IP) This fixes the issue where services returned 401 without redirecting to the Authelia login page. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-15 20:23:22 +01:00
parent ee0ca7b538
commit 45f1161fc1
1 changed files with 1 additions and 0 deletions
--- a/net/compose.yaml
+++ b/net/compose.yaml
@@ -297,6 +297,7 @@ services:
      # ForwardAuth middleware for other services
      - 'traefik.http.middlewares.${NET_COMPOSE_PROJECT_NAME}-authelia.forwardAuth.address=http://net_authelia:9091/api/authz/forward-auth'
      - 'traefik.http.middlewares.${NET_COMPOSE_PROJECT_NAME}-authelia.forwardAuth.trustForwardHeader=true'
+      - 'traefik.http.middlewares.${NET_COMPOSE_PROJECT_NAME}-authelia.forwardAuth.authRequestHeaders=X-Forwarded-Method,X-Forwarded-Proto,X-Forwarded-Host,X-Forwarded-Uri,X-Forwarded-For'
      - 'traefik.http.middlewares.${NET_COMPOSE_PROJECT_NAME}-authelia.forwardAuth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email'
      - 'traefik.http.middlewares.${NET_COMPOSE_PROJECT_NAME}-authelia.forwardAuth.authResponseHeadersRegex=^Remote-'
      # Watchtower