prowlarr and bazarr forward auth

Signed-off-by: Michael Thomson <michael@michaelthomson.dev>
2026-02-04 13:09:53 +00:00 · 2024-10-09 14:34:02 -04:00
parent 4ced4d67fa
commit faf2e08be5
4 changed files with 50 additions and 0 deletions
--- a/media/bazarr/ingress.yaml
+++ b/media/bazarr/ingress.yaml
@@ -6,6 +6,7 @@ metadata:
  annotations:
    traefik.ingress.kubernetes.io/router.entrypoints: websecure
    traefik.ingress.kubernetes.io/router.tls: "true"
+    traefik.ingress.kubernetes.io/router.middlewares: authentik-bazarr@kubernetescrd
 spec:
  rules:
  - host: bazarr.michaelthomson.dev
--- a/media/prowlarr/ingress.yaml
+++ b/media/prowlarr/ingress.yaml
@@ -6,6 +6,7 @@ metadata:
  annotations:
    traefik.ingress.kubernetes.io/router.entrypoints: websecure
    traefik.ingress.kubernetes.io/router.tls: "true"
+    traefik.ingress.kubernetes.io/router.middlewares: authentik-prowlarr@kubernetescrd
 spec:
  rules:
  - host: prowlarr.michaelthomson.dev
--- a/traefik/bazarr-middleware.yaml
+++ b/traefik/bazarr-middleware.yaml
@@ -0,0 +1,24 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: bazarr
+  namespace: authentik
+spec:
+  forwardAuth:
+    address: https://bazarr.michaelthomson.dev/outpost.goauthentik.io/auth/traefik
+    trustForwardHeader: true
+    authResponseHeaders:
+    - X-authentik-username
+    - X-authentik-groups
+    - X-authentik-email
+    - X-authentik-name
+    - X-authentik-uid
+    - X-authentik-jwt
+    - X-authentik-meta-jwks
+    - X-authentik-meta-outpost
+    - X-authentik-meta-provider
+    - X-authentik-meta-app
+    - X-authentik-meta-version
+    - authorization
+    tls:
+      certSecret: letsencrypt-wildcard-cert-michaelthomson.dev
--- a/traefik/prowlarr-middleware.yaml
+++ b/traefik/prowlarr-middleware.yaml
@@ -0,0 +1,24 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: prowlarr
+  namespace: authentik
+spec:
+  forwardAuth:
+    address: https://prowlarr.michaelthomson.dev/outpost.goauthentik.io/auth/traefik
+    trustForwardHeader: true
+    authResponseHeaders:
+    - X-authentik-username
+    - X-authentik-groups
+    - X-authentik-email
+    - X-authentik-name
+    - X-authentik-uid
+    - X-authentik-jwt
+    - X-authentik-meta-jwks
+    - X-authentik-meta-outpost
+    - X-authentik-meta-provider
+    - X-authentik-meta-app
+    - X-authentik-meta-version
+    - authorization
+    tls:
+      certSecret: letsencrypt-wildcard-cert-michaelthomson.dev