# yaml-language-server: $schema=https://json.schemastore.org/traefik-v2.json
api:
  insecure: true
  debug: true

log:
  level: debug
accessLog:
  filePath: /dev/stdout

entryPoints:
  web:
    address: ":80"

# Re-use the same config file to define everything
providers:
  file:
    filename: /etc/traefik/traefik.yml

http:
  middlewares:
    authentik:
      forwardAuth:
        address: http://ak-test-outpost:9000/outpost.goauthentik.io/auth/traefik
        trustForwardHeader: true
        authResponseHeaders:
          - X-authentik-username
          - X-authentik-groups
          - X-authentik-email
          - X-authentik-name
          - X-authentik-uid
          - X-authentik-jwt
          - X-authentik-meta-jwks
          - X-authentik-meta-outpost
          - X-authentik-meta-provider
          - X-authentik-meta-app
          - X-authentik-meta-version
  routers:
    default-router:
      rule: "Host(`localhost`)"
      middlewares:
        - authentik
      priority: 10
      service: app
    default-router-auth:
      rule: "Host(`localhost`) && PathPrefix(`/outpost.goauthentik.io/`)"
      priority: 15
      service: authentik
  services:
    app:
      loadBalancer:
        servers:
          - url: http://ak-whoami
    authentik:
      loadBalancer:
        servers:
          - url: http://ak-test-outpost:9000/outpost.goauthentik.io