Skip to content

Uptime-kuma, authentik and traefik #13242

Open
@ThierryIT

Description

@ThierryIT

Describe your question/

I would like Uptime-Kuma to be authenticated using authentik.
When try to navigate to https://uptime-kuma.domain.org/ I am not getting redirected to authentik login page.

Relevant info

With the bad config I have done concerning this app, I still have external access to uptime-kuma without any authentication. I should be able to logiin with authentik.

Screenshots

Traefik dynamic file config:

authentik:
      forwardAuth:
        address: "http://authentik-server:9000/outpost.goauthentik.io/auth/traefik"
        trustForwardHeader: true
        authResponseHeaders:
          - X-authentik-username
          - X-authentik-groups
          - X-authentik-email
          - X-authentik-name
          - X-authentik-uid
          - X-authentik-jwt
          - X-authentik-meta-jwks
          - X-authentik-meta-outpost
          - X-authentik-meta-provider
          - X-authentik-meta-app
          - X-authentik-meta-version
routers:
    authentik:
      rule: "Host(`authentik.domain.org`) && PathPrefix(`/outpost.goauthentik.io/`)"
      priority: 10
      service: authentik
# service web
    authentik:
      loadBalancer:
        servers:
          - url: "http://authentik-server:9000/outpost.goauthentik.io"

Authentik config (Provider auth transfer apps))

- application:  
                  - name: Traefik Forward Auth Kuma
                  - slug: traefik-forward-auth-kuma
                  - provider: Traefik Forward Auth Provider Kuma
                  - Any

- Provider for uptime-kuma
                   - authorisation flux: default-provider-authorization-implicit ....
                   - forward auth single app
                   - external host: uptime-kuma.domain.org
                   - flux advanced parameters: default-authentication-flow

Authentification parameters:
                    - intercept the authentication header
                    - OIDC: Traefik forward ...
  
advanced flux parameters:

                     - auth flux: default-authentication-flow

Traefik labels for the Kuma docker compose files:

labels:
      - "traefik.enable=true"
      - "traefik.http.routers.kuma.entrypoints=http-external"
      - "traefik.http.routers.kuma.rule=Host(`uptime-kuma.domains.org`)"
      - "traefik.http.middlewares.kuma-https-redirect.redirectscheme.scheme=https"
      - "traefik.http.routers.kuma.middlewares=kuma-https-redirect"
      - "traefik.http.routers.kuma-secure.entrypoints=https-external"
      - "traefik.http.routers.kuma-secure.rule=Host(`uptime-kuma.domains.org`)"
      - "traefik.http.routers.kuma-secure.tls=true"
      - "traefik.http.routers.kuma-secure.service=kuma"
      - "traefik.http.routers.kuma.middlewares=authentik@file"
      - "traefik.http.services.kuma.loadbalancer.server.port=3001"
  • authentik version:2025.2.0
  • Deployment: docker-compose,

Thx

Metadata

Metadata

Assignees

No one assigned

    Labels

    questionFurther information is requested

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions