Skip to main content


Showing posts from April, 2024

Authenticating Traefik Apps with Authentik

 Introduction In our previous post , we secured the Homer app with trusted Let's Encrypt certificates using Traefik as a reverse proxy. But what if only authorized users should access Homer? In this blog, we'll address this by adding multi-factor authentication to Homer using Authentik as an Identity Provider (IdP). Objective The core objectives of this tutorial are to: Set Up Secure Access with Authentik:  Install Authentik using Docker Compose and create your first user to manage access control. Secure Homer with Authentik:  Configure Authentik to act as a gatekeeper, ensuring only authorized users can access your Homer application. Simplify Logins with Traefik:  Integrate Traefik with Authentik to enable Single Sign-On (SSO) for a seamless login experience across your applications. Connect Homer to Authentik:  Configure Homer to leverage Authentik's authentication system for secure logins. Topology For the topology details please see the previous post .  Access Flow Hom

Securing Traefik with Let's Encrypt

Introduction Building on the previous Traefik setup with an internal domain and applications, this tutorial guides you through using a public domain with trusted certificates. Objective The core objectives of this tutorial are to: Deploy Traefik with Automatic SSL using Docker:  This step covers installing the latest Traefik with Let's Encrypt integration and exposing the container to the internet. Configure DNS for Secure Access:  Set up an A record in your domain provider (e.g., Cloudflare) pointing to your pfSense firewall's public IP address for external access and pfsense's DNS server for internal access. Access Applications with HTTPS:  Access your applications using their fully qualified domain names with trusted certificates externally and internally Topology Lets walk through our topology: pfsense This is our firewall which is directly connected to the Internet and doing the following: NATs all traffic from the internal LAN network ( to the WAN (in