I'll be grateful for assistance please.
I have Traefik and Authelia up and running. Using a basic WhoAmI service, the user name is provided in the header as "Remote-User: paul" as below (url's and IP redacted).
IP: 127.0.0.1
IP: 172.18.0.3
RemoteAddr: 172.18.0.4:36928
GET / HTTP/1.1
Host: whoami.redacted.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip
Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
Cache-Control: max-age=0
Cdn-Loop: cloudflare
Cf-Connecting-Ip: redacted
Cf-Ipcountry: GB
Cf-Ray: 808913071a7071fe-LHR
Cf-Visitor: {"scheme":"https"}
Cookie: cf_clearance=gxwM7vXDTNfce1t..lFe7T1JWZCsob_dUBhGtdY6mny-1695033460-0-1-621f681.ea0a671b.5120a961-0.2.1695033460; authelia_session=tC4Cbv!Oxt%an7BTiZf$ggHp1YipNsY^
Dnt: 1
Referer: https://login.redacted.com/
Remote-Name: paul
Remote-User: paul
Sec-Ch-Ua: "Chromium";v="116", "Not)A;Brand";v="24", "Google Chrome";v="116"
Sec-Ch-Ua-Mobile: ?0
Sec-Ch-Ua-Platform: "Windows"
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Sec-Fetch-User: ?1
Upgrade-Insecure-Requests: 1
X-Forwarded-For: 172.70.91.58
X-Forwarded-Host: whoami.redacted.com
X-Forwarded-Port: 443
X-Forwarded-Proto: https
X-Forwarded-Server: a4229f013d36
X-Real-Ip: 172.70.91.58
http:
use_x_forwarded_for: true
trusted_proxies:
- 172.0.0.0/8
- 192.168.1.11/32 # This needs to be set to the IP of your reverse proxy
auth_header:
username_header: Remote-User
however in the debug log below (url's and IP redacted), Remote-User doesn't appear in the header and unsurprisingly "No header set" and "no matching user found" errors then occur
2023-09-18 11:57:54.386 DEBUG (MainThread) [custom_components.auth_header] Removed original login_flow route (UrlDispatcher) <PlainResource /auth/login_flow>
2023-09-18 11:57:54.386 DEBUG (MainThread) [custom_components.auth_header] Removed original login_flow route (FastUrlDispatcher) <PlainResource /auth/login_flow>
2023-09-18 11:57:54.386 DEBUG (MainThread) [custom_components.auth_header] Add new login_flow route
2023-09-18 11:57:54.387 DEBUG (MainThread) [custom_components.auth_header] Injected auth_header provider
2023-09-18 11:57:54.650 DEBUG (MainThread) [custom_components.auth_header] <CIMultiDictProxy('Host': 'ha.redacted.com', 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36', 'Content-Length': '135', 'Accept': '*/*', 'Accept-Encoding': 'gzip', 'Accept-Language': 'en-GB,en-US;q=0.9,en;q=0.8', 'Cdn-Loop': 'cloudflare', 'Cf-Connecting-Ip': 'redacted', 'Cf-Ipcountry': 'GB', 'Cf-Ray': '8089121bcd4771fe-LHR', 'Cf-Visitor': '{"scheme":"https"}', 'Content-Type': 'text/plain;charset=UTF-8', 'Cookie': 'cf_clearance=gxwM7vXDTNfce1t..lFe7T1JWZCsob_dUBhGtdY6mny-1695033460-0-1-621f681.ea0a671b.5120a961-0.2.1695033460; authelia_session=tC4Cbv!Oxt%an7BTiZf$ggHp1YipNsY^', 'Dnt': '1', 'Origin': 'https://ha.redacted.com', 'Sec-Ch-Ua': '"Chromium";v="116", "Not)A;Brand";v="24", "Google Chrome";v="116"', 'Sec-Ch-Ua-Mobile': '?0', 'Sec-Ch-Ua-Platform': '"Windows"', 'Sec-Fetch-Dest': 'empty', 'Sec-Fetch-Mode': 'cors', 'Sec-Fetch-Site': 'same-origin', 'X-Forwarded-For': '172.70.91.58', 'X-Forwarded-Host': 'ha.redacted.com', 'X-Forwarded-Port': '443', 'X-Forwarded-Proto': 'https', 'X-Forwarded-Server': 'a4229f013d36', 'X-Real-Ip': '172.70.91.58')>
2023-09-18 11:57:54.650 DEBUG (MainThread) [custom_components.auth_header] Got actual IP 192.168.1.11
2023-09-18 11:57:54.650 INFO (MainThread) [custom_components.auth_header.headers] No header set, returning empty flow
2023-09-18 11:57:54.650 DEBUG (MainThread) [custom_components.auth_header.headers] no matching user found