Remove Authelia configuration and related files; add Basic Authentication setup in Traefik

docker-compose.yml

@@ -4,8 +4,6 @@
 networks:
   traefik_proxy:
     name: traefik_proxy
-  internal:
-    name: internal
 
 volumes:
   traefik_letsencrypt:
@@ -80,12 +78,15 @@ services:
       - traefik.http.middlewares.security-headers.headers.referrerPolicy=no-referrer-when-downgrade
       - traefik.http.middlewares.security-headers.headers.frameDeny=true
 
+      # Basic Auth middleware
+      - traefik.http.middlewares.basic-auth.basicauth.users=${BASIC_AUTH_USERS}
+
       # Traefik dashboard (protected)
       - traefik.http.routers.traefik.rule=Host(`traefik.gate.${DOMAIN}`)
       - traefik.http.routers.traefik.entrypoints=websecure
       - traefik.http.routers.traefik.tls.certresolver=le
       - traefik.http.routers.traefik.service=api@internal
-      - traefik.http.routers.traefik.middlewares=security-headers
+      - traefik.http.routers.traefik.middlewares=basic-auth,security-headers
 
   ## ─────────────────────────────────────────────
   ## Portainer — Docker control plane
@@ -103,44 +104,9 @@ services:
       - traefik.http.routers.portainer.rule=Host(`portainer.gate.${DOMAIN}`)
       - traefik.http.routers.portainer.entrypoints=websecure
       - traefik.http.routers.portainer.tls.certresolver=le
-      - traefik.http.routers.portainer.middlewares=authelia,security-headers
+      - traefik.http.routers.portainer.middlewares=basic-auth,security-headers
       - traefik.http.services.portainer.loadbalancer.server.port=9000
 
-  ## ─────────────────────────────────────────────
-  ## Authelia — authentication and authorization
-  ## ─────────────────────────────────────────────
-  authelia:
-    image: authelia/authelia:latest
-    container_name: authelia
-    restart: unless-stopped
-    networks: [traefik_proxy, internal]
-    volumes:
-      - ./authelia:/config
-    environment:
-      TZ: "${TZ}"
-      AUTHELIA_JWT_SECRET: "${AUTHELIA_JWT_SECRET}"
-      AUTHELIA_SESSION_SECRET: "${AUTHELIA_SESSION_SECRET}"
-      AUTHELIA_STORAGE_ENCRYPTION_KEY: "${AUTHELIA_STORAGE_ENCRYPTION_KEY}"
-      DOMAIN: "${DOMAIN}"
-    healthcheck:
-      test: ["CMD-SHELL", "wget --no-verbose --tries=1 --spider http://localhost:9091/api/health || exit 1"]
-      interval: 30s
-      timeout: 10s
-      retries: 5
-      start_period: 60s
-    labels:
-      - traefik.enable=true
-      - traefik.http.routers.authelia.rule=Host(`auth.gate.${DOMAIN}`)
-      - traefik.http.routers.authelia.entrypoints=websecure
-      - traefik.http.routers.authelia.tls.certresolver=le
-      - traefik.http.routers.authelia.middlewares=security-headers
-      - traefik.http.services.authelia.loadbalancer.server.port=9091
-
-      # ForwardAuth middleware for protecting other services
-      - traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/authz/forward-auth
-      - traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true
-      - traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Email,Remote-Name
-
   ## ─────────────────────────────────────────────
   ## Uptime Kuma — status page / checks
   ## ─────────────────────────────────────────────
@@ -156,5 +122,5 @@ services:
       - traefik.http.routers.kuma.rule=Host(`uptime.gate.${DOMAIN}`)
       - traefik.http.routers.kuma.entrypoints=websecure
       - traefik.http.routers.kuma.tls.certresolver=le
-      - traefik.http.routers.kuma.middlewares=authelia,security-headers
+      - traefik.http.routers.kuma.middlewares=basic-auth,security-headers
       - traefik.http.services.kuma.loadbalancer.server.port=3001