Uptime-kuma, authentik and traefik

[ThierryIT]

Describe your question/

I would like Uptime-Kuma to be authenticated using authentik.
When try to navigate to https://uptime-kuma.domain.org/ I am not getting redirected to authentik login page.

Relevant info

With the bad config I have done concerning this app, I still have external access to uptime-kuma without any authentication. I should be able to logiin with authentik.

Screenshots

Traefik dynamic file config:

authentik:
      forwardAuth:
        address: "http://authentik-server:9000/outpost.goauthentik.io/auth/traefik"
        trustForwardHeader: true
        authResponseHeaders:
          - X-authentik-username
          - X-authentik-groups
          - X-authentik-email
          - X-authentik-name
          - X-authentik-uid
          - X-authentik-jwt
          - X-authentik-meta-jwks
          - X-authentik-meta-outpost
          - X-authentik-meta-provider
          - X-authentik-meta-app
          - X-authentik-meta-version

routers:
    authentik:
      rule: "Host(`authentik.domain.org`) && PathPrefix(`/outpost.goauthentik.io/`)"
      priority: 10
      service: authentik

# service web
    authentik:
      loadBalancer:
        servers:
          - url: "http://authentik-server:9000/outpost.goauthentik.io"

Authentik config (Provider auth transfer apps))

- application:  
                  - name: Traefik Forward Auth Kuma
                  - slug: traefik-forward-auth-kuma
                  - provider: Traefik Forward Auth Provider Kuma
                  - Any

- Provider for uptime-kuma
                   - authorisation flux: default-provider-authorization-implicit ....
                   - forward auth single app
                   - external host: uptime-kuma.domain.org
                   - flux advanced parameters: default-authentication-flow

Authentification parameters:
                    - intercept the authentication header
                    - OIDC: Traefik forward ...
  
advanced flux parameters:

                     - auth flux: default-authentication-flow

Traefik labels for the Kuma docker compose files:

labels:
      - "traefik.enable=true"
      - "traefik.http.routers.kuma.entrypoints=http-external"
      - "traefik.http.routers.kuma.rule=Host(`uptime-kuma.domains.org`)"
      - "traefik.http.middlewares.kuma-https-redirect.redirectscheme.scheme=https"
      - "traefik.http.routers.kuma.middlewares=kuma-https-redirect"
      - "traefik.http.routers.kuma-secure.entrypoints=https-external"
      - "traefik.http.routers.kuma-secure.rule=Host(`uptime-kuma.domains.org`)"
      - "traefik.http.routers.kuma-secure.tls=true"
      - "traefik.http.routers.kuma-secure.service=kuma"
      - "traefik.http.routers.kuma.middlewares=authentik@file"
      - "traefik.http.services.kuma.loadbalancer.server.port=3001"

• authentik version:2025.2.0
• Deployment: docker-compose,

Thx

[ThierryIT]

I have made some change but still have the same pb ... I have access to Kuma without any auth. I have done the test from my phone outside of my home network.
Please help.
Thx

[ThierryIT]

nobody ?