# This file contains services for security and authorization

http:
  services:
    http-catchall:
      # A dummy service for the http-catchall rule
      loadBalancer:
        servers:
          - url: http://dummy-url

  routers:
    http-catchall:
      # Catch all requests to the http entrypoint and redirect them to https
      service: http-catchall
      rule: hostregexp(`{host:.+}`)
      entryPoints:
        - web
      middlewares:
        - redir

  middlewares:
    redir:
      # Redirect to https
      redirectScheme:
        scheme: https
        permanent: true

    auth:
      # Go through authelia for authorization
      forwardAuth:
        address: http://authelia:9091/api/verify?rd=https://auth.{{ env "PRIVATE_DOMAIN" }}/
        trustForwardHeader: true
        authResponseHeaders:
          - X-Remote-User
          - Remote-User
          - X-Remote-Groups
          - Remote-Groups
        tls:
          insecureSkipVerify: true