Authentik / Traefik and Uptime-kuma

[ThierryIT]

⚠️ Please verify that this question has NOT been raised before.

• I checked and didn't find similar issue

🛡️ Security Policy

• I agree to have read this project Security Policy

📝 Describe your problem

Describe your question/

I would like Uptime-Kuma to be authenticated using authentik.
When try to navigate to https://uptime-kuma.domain.org/ I am not getting redirected to authentik login page.
I have followed the doc on authentik web site for Kuma.

Relevant info

With the bad config I have done concerning this app, I still have external access to uptime-kuma without any authentication. I should be able to logiin with authentik.

Screenshots

Traefik dynamic file config:

authentik:
      forwardAuth:
        address: "http://authentik-server:9000/outpost.goauthentik.io/auth/traefik"
        trustForwardHeader: true
        authResponseHeaders:
          - X-authentik-username
          - X-authentik-groups
          - X-authentik-email
          - X-authentik-name
          - X-authentik-uid
          - X-authentik-jwt
          - X-authentik-meta-jwks
          - X-authentik-meta-outpost
          - X-authentik-meta-provider
          - X-authentik-meta-app
          - X-authentik-meta-version

routers:
    uptime-kuma:
      rule: "host(`uptime-kuma.domain.org`)"
      middlewares:
        - https-redirectscheme
        - authentik
      priority: 10
      service: uptime-kuma
    authentik:
      rule: "Host(`authentik.domain.org`) && PathPrefix(`/outpost.goauthentik.io/`)"
      priority: 10
      service: authentik

# service web
    uptime-kuma:
      loadBalancer:
        servers:
          - url: "http://192.168.XXX.XXX"
    authentik:
      loadBalancer:
        servers:
          - url: "http://authentik-server:9000/outpost.goauthentik.io"

Authentik config (Provider auth transfer apps))

- application:  
                  - name: Traefik Forward Auth Kuma
                  - slug: traefik-forward-auth-kuma
                  - provider: Traefik Forward Auth Provider Kuma
                  - Any

- Provider for uptime-kuma
                   - authorisation flux: default-provider-authorization-implicit ....
                   - forward auth single app
                   - external host: uptime-kuma.domain.org
                   - flux advanced parameters: default-authentication-flow

Authentification parameters:
                    - intercept the authentication header
                    - OIDC: Traefik forward ...
  
advanced flux parameters:

                     - auth flux: default-authentication-flow

Traefik labels for the Kuma docker compose files:

labels:
      - "traefik.enable=true"
      - "traefik.http.routers.kuma.entrypoints=http-external"
      - "traefik.http.routers.kuma.rule=Host(`uptime-kuma.domains.org`)"
      - "traefik.http.middlewares.kuma-https-redirect.redirectscheme.scheme=https"
      - "traefik.http.routers.kuma.middlewares=kuma-https-redirect"
      - "traefik.http.routers.kuma-secure.entrypoints=https-external"
      - "traefik.http.routers.kuma-secure.rule=Host(`uptime-kuma.domains.org`)"
      - "traefik.http.routers.kuma-secure.tls=true"
      - "traefik.http.routers.kuma-secure.service=kuma"
      - "traefik.http.routers.kuma.middlewares=authentik@file"
      - "traefik.http.services.kuma.loadbalancer.server.port=3001"

I have made some change but still have the same pb ... I have access to Kuma without any auth. I have done the test from my phone outside of my home network.
Please help.
Thx

• authentik version:2025.2.0
• Traefik version 3.3
• Deployment: docker-compose,

Thx

📝 Error Message(s) or Log

No response

🐻 Uptime-Kuma Version

1.23.16-alpine

💻 Operating System and Arch

docker compose

🌐 Browser

Version 1.75.180 Chromium

🖥️ Deployment Environment

• Runtime: docker
• Database: sqlite
• Filesystem used to store the database on:
• number of monitors: 20