From 76e8142032d3e2f9a49084a4d09e1bb0d6063ce1 Mon Sep 17 00:00:00 2001
From: Amir Zarrinkafsh <nightah@me.com>
Date: Sat, 11 Apr 2020 11:49:54 +1000
Subject: [PATCH] [DOCS] Add Remote-User and Remote-Groups headers to Traefik
 docs and examples (#849)

---
 compose/lite/docker-compose.yml                           | 1 +
 compose/local/docker-compose.yml                          | 1 +
 docs/deployment/supported-proxies/traefik1.x.md           | 2 ++
 docs/deployment/supported-proxies/traefik2.x.md           | 3 ++-
 .../example/compose/nginx/backend/docker-compose.yml      | 8 ++++++--
 5 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/compose/lite/docker-compose.yml b/compose/lite/docker-compose.yml
index a326e1fdf..884f4e246 100644
--- a/compose/lite/docker-compose.yml
+++ b/compose/lite/docker-compose.yml
@@ -22,6 +22,7 @@ services:
       - 'traefik.http.routers.authelia.tls.certresolver=letsencrypt'
       - 'traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/verify?rd=https://auth.example.com'
       - 'traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true'
+      - 'traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User, Remote-Groups'
     expose:
       - 9091
     restart: unless-stopped
diff --git a/compose/local/docker-compose.yml b/compose/local/docker-compose.yml
index ab93532a5..83b4eb568 100644
--- a/compose/local/docker-compose.yml
+++ b/compose/local/docker-compose.yml
@@ -22,6 +22,7 @@ services:
       - 'traefik.http.routers.authelia.tls.options=default'
       - 'traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/verify?rd=https://authelia.example.com'
       - 'traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true'
+      - 'traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User, Remote-Groups'
     expose:
       - 9091
     restart: unless-stopped
diff --git a/docs/deployment/supported-proxies/traefik1.x.md b/docs/deployment/supported-proxies/traefik1.x.md
index 47952ce1a..fd1aa208c 100644
--- a/docs/deployment/supported-proxies/traefik1.x.md
+++ b/docs/deployment/supported-proxies/traefik1.x.md
@@ -86,6 +86,8 @@ services:
     labels:
       - 'traefik.frontend.rule=Host:nextcloud.example.com'
       - 'traefik.frontend.auth.forward.address=http://authelia:9091/api/verify?rd=https://login.example.com/'
+      - 'traefik.frontend.auth.forward.trustForwardHeader=true'
+      - 'traefik.frontend.auth.forward.authResponseHeaders=Remote-User,Remote-Groups'
     expose:
       - 443
     restart: unless-stopped
diff --git a/docs/deployment/supported-proxies/traefik2.x.md b/docs/deployment/supported-proxies/traefik2.x.md
index 55f33a9ea..c0498f27c 100644
--- a/docs/deployment/supported-proxies/traefik2.x.md
+++ b/docs/deployment/supported-proxies/traefik2.x.md
@@ -73,8 +73,9 @@ services:
       - 'traefik.http.routers.authelia.rule=Host(`login.example.com`)'
       - 'traefik.http.routers.authelia.entrypoints=https'
       - 'traefik.http.routers.authelia.tls=true'
-      - 'traefik.http.middlewares.authelia.forwardAuth.address=http://authelia:9091/api/verify?rd=https://login.example.com/'
+      - 'traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/verify?rd=https://login.example.com/'
       - 'traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true'
+      - 'traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User, Remote-Groups'
     expose:
       - 9091
     restart: unless-stopped
diff --git a/internal/suites/example/compose/nginx/backend/docker-compose.yml b/internal/suites/example/compose/nginx/backend/docker-compose.yml
index e12498d5e..bda2471eb 100644
--- a/internal/suites/example/compose/nginx/backend/docker-compose.yml
+++ b/internal/suites/example/compose/nginx/backend/docker-compose.yml
@@ -7,11 +7,15 @@ services:
       - 'traefik.frontend.rule=Host:home.example.com,public.example.com,secure.example.com,admin.example.com,singlefactor.example.com' # Traefik 1.x
       - 'traefik.frontend.auth.forward.address=http://authelia-backend:9091/api/verify?rd=https://login.example.com:8080/' # Traefik 1.x
       - 'traefik.frontend.auth.forward.tls.insecureSkipVerify=true' # Traefik 1.x
+      - 'traefik.frontend.auth.forward.trustForwardHeader=true' # Traefik 1.x
+      - 'traefik.frontend.auth.forward.authResponseHeaders=Remote-User,Remote-Groups' # Traefik 1.x
       - 'traefik.http.routers.protectedapps.rule=Host(`home.example.com`, `public.example.com`, `secure.example.com`, `admin.example.com`, `singlefactor.example.com`)' # Traefik 2.x
       - 'traefik.http.routers.protectedapps.entrypoints=https' # Traefik 2.x
       - 'traefik.http.routers.protectedapps.tls=true' # Traefik 2.x
       - 'traefik.http.routers.protectedapps.middlewares=authelia' # Traefik 2.x
-      - 'traefik.http.middlewares.authelia.forwardAuth.address=http://authelia-backend:9091/api/verify?rd=https://login.example.com:8080/' # Traefik 2.x
-      - 'traefik.http.middlewares.authelia.forwardAuth.tls.insecureSkipVerify=true' # Traefik 2.x
+      - 'traefik.http.middlewares.authelia.forwardauth.address=http://authelia-backend:9091/api/verify?rd=https://login.example.com:8080/' # Traefik 2.x
+      - 'traefik.http.middlewares.authelia.forwardauth.tls.insecureSkipVerify=true' # Traefik 2.x
+      - 'traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true' # Traefik 2.x
+      - 'traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User, Remote-Groups' # Traefik 2.x
     networks:
       - authelianet
\ No newline at end of file