From c625b898cbd9aa384dfe250760b33ed39ed348af Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sebastian=20Kr=C3=BCger?= <valknar@pivoine.art>
Date: Sat, 15 Nov 2025 20:39:06 +0100
Subject: [PATCH] fix: simplify Authelia config to match official blog example
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Removed custom server.endpoints.authz.forward-auth configuration
and simplified session setup to match the official Authelia + Traefik
blog post example.

Key changes:
- Removed server.endpoints configuration (use defaults)
- Added session.name at top level
- Simplified session.cookies to only domain and authelia_url
- Removed custom expiration/inactivity settings

This should enable proper 302 redirects for browsers instead of
401 responses with Location headers.

Reference: https://www.authelia.com/blog/authelia--traefik-setup-guide/

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
---
 net/authelia/configuration.yml | 18 +++---------------
 1 file changed, 3 insertions(+), 15 deletions(-)

diff --git a/net/authelia/configuration.yml b/net/authelia/configuration.yml
index b0bb21e..cd7792c 100644
--- a/net/authelia/configuration.yml
+++ b/net/authelia/configuration.yml
@@ -7,14 +7,6 @@ theme: auto
 
 server:
   address: "tcp://:9091"
-  headers:
-    csp_template: ""
-  endpoints:
-    authz:
-      forward-auth:
-        implementation: 'ForwardAuth'
-        authn_strategies:
-          - name: 'CookieSession'
 
 log:
   level: info
@@ -91,14 +83,10 @@ access_control:
 
 # session secret set via environment variable: AUTHELIA_SESSION_SECRET
 session:
+  name: 'authelia_session'
   cookies:
-    - name: authelia_session
-      domain: pivoine.art
-      authelia_url: https://auth.pivoine.art
-      same_site: lax
-      expiration: 1h
-      inactivity: 5m
-      remember_me: 1M
+    - domain: 'pivoine.art'
+      authelia_url: 'https://auth.pivoine.art'
 
 regulation:
   max_retries: 3