feat: replace Basic Auth with Authelia

Replace HTTP Basic Auth with Authelia ForwardAuth for consistent authentication across infrastructure: - Asciinema Admin (admin.asciinema.dev.pivoine.art): Removed Basic Auth, added Authelia protection - FaceFusion (facefusion.ai.pivoine.art): Removed Basic Auth, added Authelia protection Updated Authelia access control to include both services with one_factor policy. All services now use Authelia for authentication, eliminating the need to manage separate Basic Auth credentials. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-15 21:54:27 +01:00
parent 39c28d49a4
commit ffbcecc09d
3 changed files with 6 additions and 7 deletions
--- a/ai/compose.yaml
+++ b/ai/compose.yaml
@@ -176,19 +176,17 @@ services:
      - compose_network
    labels:
      - 'traefik.enable=${AI_FACEFUSION_TRAEFIK_ENABLED}'
-      # HTTP Basic Auth middleware
-      - 'traefik.http.middlewares.${AI_COMPOSE_PROJECT_NAME}-facefusion-auth.basicauth.users=${AUTH_USERS}'
      # HTTP to HTTPS redirect
      - 'traefik.http.middlewares.${AI_COMPOSE_PROJECT_NAME}-facefusion-redirect-web-secure.redirectscheme.scheme=https'
      - 'traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-facefusion-web.middlewares=${AI_COMPOSE_PROJECT_NAME}-facefusion-redirect-web-secure'
      - 'traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-facefusion-web.rule=Host(`${AI_FACEFUSION_TRAEFIK_HOST}`)'
      - 'traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-facefusion-web.entrypoints=web'
-      # HTTPS router with auth
+      # HTTPS router with Authelia
      - 'traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-facefusion-web-secure.rule=Host(`${AI_FACEFUSION_TRAEFIK_HOST}`)'
      - 'traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-facefusion-web-secure.tls.certresolver=resolver'
      - 'traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-facefusion-web-secure.entrypoints=web-secure'
      - 'traefik.http.middlewares.${AI_COMPOSE_PROJECT_NAME}-facefusion-web-secure-compress.compress=true'
-      - 'traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-facefusion-web-secure.middlewares=${AI_COMPOSE_PROJECT_NAME}-facefusion-auth,${AI_COMPOSE_PROJECT_NAME}-facefusion-web-secure-compress,security-headers@file'
+      - 'traefik.http.routers.${AI_COMPOSE_PROJECT_NAME}-facefusion-web-secure.middlewares=${AI_COMPOSE_PROJECT_NAME}-facefusion-web-secure-compress,net-authelia,security-headers@file'
      # Service
      - 'traefik.http.services.${AI_COMPOSE_PROJECT_NAME}-facefusion-web-secure.loadbalancer.server.port=7860'
      - 'traefik.docker.network=${NETWORK_NAME}'