You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If this is in the wrong section then please move it.
I've seen a lot of discussions about securing Frigate using Traefik and Authelia and while I could not get it to work I have it working with Google Oauth. this is how I did it
In my .env file I've defined
DOMAINNAME_1
In my secreats folder I created a file called
traefik_forward_auth
This file contains the following
providers.google.client-id=
providers.google.client-secret=
secret= <this was generated using: openssl rand -hex 16>
whitelist= my gmail email address
With that in place below is my docker compose
services:
# Google OAuth - Single Sign On using OAuth 2.0
oauth:
container_name: oauth
image: thomseddon/traefik-forward-auth:latest
# image: thomseddon/traefik-forward-auth:2.1-arm # Use this image with Raspberry Pi
security_opt:
- no-new-privileges:true
restart: unless-stopped
#profiles: ["core", "all"]
networks:
- t2_proxy
# Allow apps to bypass OAuth. Radarr example below will bypass OAuth if API key is present in the request (eg. from NZB360 mobile app).
# While this is one way, the recommended way is to bypass authentication using Traefik labels shown in some of the -Arr apps in this file.
# command: --rule.radarr.action=allow --rule.radarr.rule="Headers(`X-Api-Key`, `$RADARR_API_KEY`)"
# command: --rule.sabnzbd.action=allow --rule.sabnzbd.rule="HeadersRegexp(`X-Forwarded-Uri`, `$SABNZBD_API_KEY`)"
environment:
- CONFIG=/config
- COOKIE_DOMAIN=$DOMAINNAME_1
- INSECURE_COOKIE=false
- AUTH_HOST=oauth.$DOMAINNAME_1
- URL_PATH=/_oauth
- LOG_LEVEL=warn # set to trace while testing bypass rules
- LOG_FORMAT=text
- LIFETIME=86400 # 1 day
- DEFAULT_ACTION=auth
- DEFAULT_PROVIDER=google
secrets:
- source: traefik_forward_auth
target: /config
labels:
- "traefik.enable=true"
# HTTP Routers
- "traefik.http.routers.oauth-rtr.tls=true"
- "traefik.http.routers.oauth-rtr.entrypoints=websecure"
- "traefik.http.routers.oauth-rtr.rule=Host(`oauth.$DOMAINNAME_1`)"
# Middlewares
- "traefik.http.routers.oauth-rtr.middlewares=chain-oauth@file"
# HTTP Services
- "traefik.http.routers.oauth-rtr.service=oauth-svc"
- "traefik.http.services.oauth-svc.loadbalancer.server.port=4181"
In Traefil rules folder I created the following file
app-frigate-nvr.yml
and added
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
If this is in the wrong section then please move it.
I've seen a lot of discussions about securing Frigate using Traefik and Authelia and while I could not get it to work I have it working with Google Oauth. this is how I did it
In my .env file I've defined
In my secreats folder I created a file called
traefik_forward_auth
This file contains the following
With that in place below is my docker compose
In Traefil rules folder I created the following file
app-frigate-nvr.yml
and added
In there frigate compose file I added the following labels
Hope this helps.
Beta Was this translation helpful? Give feedback.
All reactions