middelware fix

2026-02-17 08:57:58 +00:00
parent f8cd4c2df1
commit f29208cfa2
12 changed files with 24 additions and 24 deletions
--- a/.env
+++ b/.env
@@ -19,7 +19,7 @@
 # TRAEFIK_CERTRESOLVER=letsencrypt

 # Middleware de autenticación (SSO, etc.)
-# TRAEFIK_AUTH_MIDDLEWARE=authentik@docker
+# TRAEFIK_AUTH_MIDDLEWARE=ths-authentik@docker

 # Dominios de ejemplo (cámbialos por los tuyos)
 # PORTAINER_DOMAIN=portainer.example.com
--- a/README.md
+++ b/README.md
@@ -165,7 +165,7 @@ Variables principales a configurar:
 - `PORTAINER_DOMAIN`: Tu dominio para Portainer UI (ej: `portainer.tudominio.com`)
 - `PORTAINER_API_DOMAIN`: Tu dominio para la API de Portainer (ej: `portainer-api.tudominio.com`)
 - `PORTAINER_API_IP_WHITELIST`: IPs permitidas para acceso directo a la API
- `TRAEFIK_AUTH_MIDDLEWARE`: Middleware de autenticación (ej: `authentik@docker`)
+- `TRAEFIK_AUTH_MIDDLEWARE`: Middleware de autenticación (ej: `ths-authentik@docker`)

 ### Paso 10: Actualizar Stack de Portainer (Opcional)

@@ -250,7 +250,7 @@ PORTAINER_API_DOMAIN=portainer-api.example.com

 # Seguridad
 PORTAINER_API_IP_WHITELIST=10.8.0.0/24,172.18.0.1/32
-TRAEFIK_AUTH_MIDDLEWARE=authentik@docker
+TRAEFIK_AUTH_MIDDLEWARE=ths-authentik@docker
 ```

 ### Configuraciones por Stack
--- a/Traefik/README.md
+++ b/Traefik/README.md
@@ -121,7 +121,7 @@ labels:
  traefik.http.routers.dashboard.entrypoints: "websecure"
  traefik.http.routers.dashboard.tls.certresolver: "letsencrypt"
  traefik.http.routers.dashboard.service: "api@internal"
-  traefik.http.routers.dashboard.middlewares: "authentik@docker"
+  traefik.http.routers.dashboard.middlewares: "ths-authentik@docker"
 ```

 **Opción 2: Acceso local (inseguro - solo desarrollo)**
@@ -165,7 +165,7 @@ services:
      traefik.http.services.mi-servicio.loadbalancer.server.port: "80"
      
      # Middleware (opcional)
-      traefik.http.routers.mi-servicio.middlewares: "authentik@docker"
+      traefik.http.routers.mi-servicio.middlewares: "ths-authentik@docker"

 networks:
  proxy:
@@ -180,7 +180,7 @@ labels:
  traefik.http.routers.app-ui.rule: "Host(`app.tudominio.com`)"
  traefik.http.routers.app-ui.entrypoints: "websecure"
  traefik.http.routers.app-ui.tls.certresolver: "letsencrypt"
-  traefik.http.routers.app-ui.middlewares: "authentik@docker"
+  traefik.http.routers.app-ui.middlewares: "ths-authentik@docker"
  traefik.http.routers.app-ui.priority: "10"
  
  # API pública sin protección
--- a/adguard/README.md
+++ b/adguard/README.md
@@ -89,7 +89,7 @@ ADGUARD_CERT_KEY_PATH=/opt/adguard/certs/adguard.key
 TRAEFIK_DOCKER_NETWORK=proxy
 TRAEFIK_ENTRYPOINT_SECURE=websecure
 TRAEFIK_CERTRESOLVER=letsencrypt
-TRAEFIK_AUTH_MIDDLEWARE=authentik@docker
+TRAEFIK_AUTH_MIDDLEWARE=ths-authentik@docker
 ```

 ## ⚙️ Configuración Post-Instalación
--- a/authentik/README.md
+++ b/authentik/README.md
@@ -203,7 +203,7 @@ Una vez configurado el middleware, añade la label a los servicios que quieras p

 ```yaml
 labels:
-  traefik.http.routers.portainer.middlewares: "authentik@docker"
+  traefik.http.routers.portainer.middlewares: "ths-authentik@docker"
 ```

 O si definiste el middleware en archivo:
--- a/authentik/docker-compose.yml
+++ b/authentik/docker-compose.yml
@@ -67,7 +67,7 @@ services:
      traefik.http.routers.ths-authentik.tls.certresolver: "${TRAEFIK_CERTRESOLVER}"
      traefik.http.routers.ths-authentik.service: "ths-authentik"

-      # Middleware forwardAuth (para proteger otros servicios) -> usar ths-authentik@docker en tus stacks THS
+      # Middleware forwardAuth (para proteger otros servicios) -> usar ths-ths-authentik@docker en tus stacks THS
      traefik.http.middlewares.ths-authentik.forwardauth.address: "http://ths-authentik-server:${AUTHENTIK_HTTP_PORT}/outpost.goauthentik.io/auth/traefik"
      traefik.http.middlewares.ths-authentik.forwardauth.trustForwardHeader: "true"
      traefik.http.middlewares.ths-authentik.forwardauth.authResponseHeaders: "X-Authentik-Username,X-Authentik-Groups,X-Authentik-Email,X-Authentik-Uid,X-Authentik-Jwt"
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -35,7 +35,7 @@ services:
      traefik.http.routers.portainer.rule: "Host(`${PORTAINER_DOMAIN:-portainer.example.com}`)"
      traefik.http.routers.portainer.entrypoints: "${TRAEFIK_ENTRYPOINT_SECURE:-websecure}"
      traefik.http.routers.portainer.tls.certresolver: "${TRAEFIK_CERTRESOLVER:-letsencrypt}"
-      traefik.http.routers.portainer.middlewares: "${TRAEFIK_AUTH_MIDDLEWARE:-authentik@docker}"
+      traefik.http.routers.portainer.middlewares: "${TRAEFIK_AUTH_MIDDLEWARE:-ths-authentik@docker}"
      traefik.http.services.portainer.loadbalancer.server.port: "${PORTAINER_HTTP_PORT:-9000}"

      #########################################################
--- a/media-server/README.md
+++ b/media-server/README.md
@@ -81,7 +81,7 @@ TRAEFIK_ENABLE=true
 TRAEFIK_ENTRYPOINTS=websecure
 TRAEFIK_TLS=true
 TRAEFIK_CERTRESOLVER=letsencrypt
-AUTH_MIDDLEWARE=authentik@docker
+AUTH_MIDDLEWARE=ths-authentik@docker

 # Dominios - Personaliza según tu dominio
 DOMAIN=tudominio.com
@@ -188,7 +188,7 @@ En **Sonarr** y **Radarr**:

 ### 8. Integración con Authentik (SSO)

-Todos los servicios están protegidos con Authentik por defecto mediante el middleware `authentik@docker`.
+Todos los servicios están protegidos con Authentik por defecto mediante el middleware `ths-authentik@docker`.

 Para personalizar el acceso:

--- a/media-server/docker-compose.yml
+++ b/media-server/docker-compose.yml
@@ -38,7 +38,7 @@ services:
      - traefik.http.routers.prowlarr.entrypoints=websecure
      - traefik.http.routers.prowlarr.tls=true
      - traefik.http.routers.prowlarr.tls.certresolver=letsencrypt
-      - traefik.http.routers.prowlarr.middlewares=authentik@docker
+      - traefik.http.routers.prowlarr.middlewares=ths-authentik@docker
      - traefik.http.services.prowlarr.loadbalancer.server.port=9696

  jackett:
@@ -61,7 +61,7 @@ services:
      - traefik.http.routers.jackett.entrypoints=websecure
      - traefik.http.routers.jackett.tls=true
      - traefik.http.routers.jackett.tls.certresolver=letsencrypt
-      - traefik.http.routers.jackett.middlewares=authentik@docker
+      - traefik.http.routers.jackett.middlewares=ths-authentik@docker
      - traefik.http.services.jackett.loadbalancer.server.port=9117

  sonarr:
@@ -86,7 +86,7 @@ services:
      - traefik.http.routers.sonarr.entrypoints=websecure
      - traefik.http.routers.sonarr.tls=true
      - traefik.http.routers.sonarr.tls.certresolver=letsencrypt
-      - traefik.http.routers.sonarr.middlewares=authentik@docker
+      - traefik.http.routers.sonarr.middlewares=ths-authentik@docker
      - traefik.http.services.sonarr.loadbalancer.server.port=8989

  radarr:
@@ -111,7 +111,7 @@ services:
      - traefik.http.routers.radarr.entrypoints=websecure
      - traefik.http.routers.radarr.tls=true
      - traefik.http.routers.radarr.tls.certresolver=letsencrypt
-      - traefik.http.routers.radarr.middlewares=authentik@docker
+      - traefik.http.routers.radarr.middlewares=ths-authentik@docker
      - traefik.http.services.radarr.loadbalancer.server.port=7878

  jellyseerr:
@@ -133,7 +133,7 @@ services:
      - traefik.http.routers.jellyseerr.entrypoints=websecure
      - traefik.http.routers.jellyseerr.tls=true
      - traefik.http.routers.jellyseerr.tls.certresolver=letsencrypt
-      - traefik.http.routers.jellyseerr.middlewares=authentik@docker
+      - traefik.http.routers.jellyseerr.middlewares=ths-authentik@docker
      - traefik.http.services.jellyseerr.loadbalancer.server.port=5055

  # Opcional: Jellyfin en VPS (sin GPU)
@@ -161,6 +161,6 @@ services:
      - traefik.http.routers.jellyfin.entrypoints=websecure
      - traefik.http.routers.jellyfin.tls=true
      - traefik.http.routers.jellyfin.tls.certresolver=letsencrypt
-      - traefik.http.routers.jellyfin.middlewares=authentik@docker
+      - traefik.http.routers.jellyfin.middlewares=ths-authentik@docker
      - traefik.http.services.jellyfin.loadbalancer.server.port=8096

--- a/ruleta/README.md
+++ b/ruleta/README.md
@@ -135,10 +135,10 @@ Edita el `docker-compose.yml` y descomenta:
 ```yaml
 labels:
  # Para subdominio
-  traefik.http.routers.ruleta-sub.middlewares: "authentik@docker"
+  traefik.http.routers.ruleta-sub.middlewares: "ths-authentik@docker"
  
  # Para path (requiere cadena de middlewares)
-  traefik.http.routers.ruleta-path.middlewares: "authentik@docker,ruleta-strip@docker"
+  traefik.http.routers.ruleta-path.middlewares: "ths-authentik@docker,ruleta-strip@docker"
 ```

 ### Opción 2: Proteger Solo Ciertas Rutas
@@ -152,7 +152,7 @@ traefik.http.routers.ruleta-public.priority: "20"

 # Router para rutas protegidas
 traefik.http.routers.ruleta-private.rule: "Host(`ruleta.tudominio.com`) && PathPrefix(`/admin`)"
-traefik.http.routers.ruleta-private.middlewares: "authentik@docker"
+traefik.http.routers.ruleta-private.middlewares: "ths-authentik@docker"
 traefik.http.routers.ruleta-private.priority: "30"
 ```

--- a/ruleta/docker-compose.yml
+++ b/ruleta/docker-compose.yml
@@ -48,8 +48,8 @@ services:

      # Proteger con Authentik (si quieres habilitarlo)
      # OJO: si lo activas, ponlo en ambos routers o usa una cadena.
-      # traefik.http.routers.ruleta-sub.middlewares: "authentik@docker"
-      # traefik.http.routers.ruleta-path.middlewares: "authentik@docker,ruleta-strip@docker"
+      # traefik.http.routers.ruleta-sub.middlewares: "ths-authentik@docker"
+      # traefik.http.routers.ruleta-path.middlewares: "ths-authentik@docker,ruleta-strip@docker"

 networks:
  proxy:
--- a/wireguard/README.md
+++ b/wireguard/README.md
@@ -83,7 +83,7 @@ WG_DOMAIN=vpn-admin.tudominio.com
 TRAEFIK_DOCKER_NETWORK=proxy
 TRAEFIK_ENTRYPOINT_SECURE=websecure
 TRAEFIK_CERTRESOLVER=letsencrypt
-TRAEFIK_AUTH_MIDDLEWARE=authentik@docker
+TRAEFIK_AUTH_MIDDLEWARE=ths-authentik@docker
 ```

 > **⚠️ Importante**: