Just deployed Grist with Traefik 3 and the websocket healthcheck is fine without Authelia, but when Authelia is in front of the service, I’m getting : “Unexpected server response: 401”.
Here’s the authelia config (using the NixOS module):
services.traefik.dynamicConfigOptions.http = rec {
middlewares = {
authelia.forwardAuth = {
address = "http://localhost:${builtins.toString autheliaPort}/api/authz/forward-auth";
trustForwardHeader = true;
authResponseHeaders = [
"Remote-User"
"Remote-Groups"
"Remote-Email"
"Remote-Name"
];
};
authelia-headers = {
headers = {
browserXssFilter = true;
customFrameOptionsValue = "SAMEORIGIN";
customResponseHeaders = {
"Cache-Control" = "no-store";
"Pragma" = "no-cache";
};
};
};
};
routers.to-authelia = {
rule = "Host(`${fqdn}`)";
service = "authelia";
middlewares = [ "authelia-headers" ];
};
services."${routers.to-authelia.service}".loadBalancer.servers = [
{
url = "http://localhost:${builtins.toString autheliaPort}";
}
];
};
I’m not yet using Authelia as an identity provider with OIDC, just as an authentication to not have everyone able to access my grist instance.
Anyone made websocket work with Traefik + Authelia ?