Traefik Forward Auth - Funky Penguin's Geek Cookbook

Now that we have Traefik deployed, automatically exposing SSL access to our Docker Swarm services using LetsEncrypt wildcard certificates, let's pause to consider that we may not want some services exposed directly to the internet...


This is a companion discussion topic for the original entry at https://geek-cookbook.funkypenguin.co.nz/ha-docker-swarm/traefik-forward-auth/

I’m a bit confused about the difference between using Traefik Forward Auth vs using the Oauth proxy, like you used in your Wekan deployment. Why do one way over the other?

From my Point of view the foward-auth offers a wider variety of whitelist options EG whitelist by email, by IP even with certain time of the day. And it looks nicer than oauth. As far as I know both will work fine though :slight_smile:

That seems pretty cool - is there a good way to whitelist by email address per container? So far I’ve only really seen email whitelist for the traefik-forward-auth container as a whole, but I’d rather whitelist specific services. I guess it’s also handy to have a single Google Credential and simply add the authorized URIs to that one, instead of generating new credentials for each service.