Kanboard Authentification with Authelia

Hello,

I use kanboard in docker, behind Traefik and Authelia for Authentification.

This is my configuration :

When I go in kanboard.xxxxx.org i’m redirect to sso.xxxxx.org.
Authentication is working but redirects me to the login page, but I would like to be logged in automatically.

This is my docker-compose.yml :

version: '3'

networks:
  net:
    driver: bridge
    name: net

services:
  traefik:
    image: traefik:v2.2
    container_name: traefik
    volumes:
      - ./config.yml:/etc/traefik/traefik.yml:ro
      - /var/run/docker.sock:/var/run/docker.sock
      - ./letsencrypt:/letsencrypt
    networks:
      - net
    labels:
      - 'traefik.enable=true'
      - 'traefik.http.routers.api.rule=Host(`xxx.xxxx.xxx`)'
      - 'traefik.http.routers.api.entrypoints=https'
      - 'traefik.http.routers.api.service=api@internal'
      - 'traefik.http.routers.api.tls=true'
    ports:
      - 80:80
      - 443:443
    command:
      - '--api'
      - '--providers.docker=true'
      - '--providers.docker.exposedByDefault=false'
      - '--entrypoints.http=true'
      - '--entrypoints.http.address=:80'
      - '--entrypoints.http.http.redirections.entrypoint.to=https'
      - '--entrypoints.http.http.redirections.entrypoint.scheme=https'
      - '--entrypoints.https=true'
      - '--entrypoints.https.address=:443'
      - '--log=true'
      - '--log.level=DEBUG'
      - '--log.filepath=/var/log/traefik.log'

  kanboard:
    image: kanboard/kanboard:latest
    container_name: kanboard
    networks:
      - net
    labels:
      - 'traefik.enable=true'
      - 'traefik.http.routers.kanboard.rule=Host(`xxx.xxx.xxx`)'
      - 'traefik.http.routers.kanboard.entrypoints=https'
      - 'traefik.http.routers.kanboard.tls=true'
      - 'traefik.http.routers.kanboard.middlewares=authelia@docker'
    expose:
      - 80
    restart: unless-stopped

  secure:
    image: containous/whoami
    container_name: secure
    networks:
      - net
    labels:
      - 'traefik.enable=true'
      - 'traefik.http.routers.secure.rule=Host(`whoami.xxx.xxx`)'
      - 'traefik.http.routers.secure.entrypoints=https'
      - 'traefik.http.routers.secure.tls=true'
      - 'traefik.http.routers.secure.middlewares=authelia@docker'
    expose:
      - 80
    restart: unless-stopped

Here is the result after the authentication on the “secure” container (whoami).
The headers are well recovered

header895×514 25.7 KB

I have add this in /var/www/app/config.php for kanboard :

// Enable/disable the reverse proxy authentication
define(‘REVERSE_PROXY_AUTH’, true);
// Header name to use for the username
define(‘REVERSE_PROXY_USER_HEADER’, ‘REMOTE_USER’);
// Username of the admin, by default blank
define(‘REVERSE_PROXY_DEFAULT_ADMIN’, ‘admin’);
// Header name to use for the username
define(‘REVERSE_PROXY_EMAIL_HEADER’, ‘REMOTE_EMAIL’);

But nothing changes, after authelia authentication I am redirected to the kanboard login page and not authenticated directly on kanboard

Can you help me please?

Hi, try to prepend HTTP_

// Enable/disable the reverse proxy authentication
define('REVERSE_PROXY_AUTH', true);
// Header name to use for the username
define('REVERSE_PROXY_USER_HEADER', 'HTTP_REMOTE_USER');

// Header name to use for the username
define('REVERSE_PROXY_EMAIL_HEADER', 'HTTP_REMOTE_EMAIL');

That works for me.

Ressource: Note at the bottom of https://docs.kanboard.org/en/latest/admin_guide/reverse_proxy_authentication.html

Hi,

Sorry for the response time, and thank you very much for your help it works for me!