diff --git a/roles/authentik_docker/templates/authentik-server-docker.service.j2 b/roles/authentik_docker/templates/authentik-server-docker.service.j2 index bae135d..c087b68 100644 --- a/roles/authentik_docker/templates/authentik-server-docker.service.j2 +++ b/roles/authentik_docker/templates/authentik-server-docker.service.j2 @@ -8,10 +8,14 @@ ExecStartPre=-/usr/bin/docker rm --force {{ container_names.authentik.server }} ExecStartPre=-/usr/bin/docker pull ghcr.io/goauthentik/server:{{ version.authentik }} ExecStart=/usr/bin/docker run --rm --name {{ container_names.authentik.server }} \ --network authentik_net --publish 127.0.0.1:9000:9000 --publish 127.0.0.1:9443:9443 \ - --label "traefik.enable=true" --label "traefik.http.routers.authentik.rule=Host(`auth.un-hack-bar.de`)" \ + --label "traefik.enable=true" --label "traefik.http.routers.authentik.rule=Host(`auth.un-hack-bar.de`,`auth.unhb.de`,`a.unhb.de`)" \ + --lable "traefik.http.routers.authentik.middlewares=authentik_redirect" \ --label "traefik.http.routers.authentik.entrypoints=websecure" \ --label "traefik.http.routers.authentik.tls.certresolver=letsencrypt" \ --label "traefik.http.services.authentik.loadbalancer.server.port=9000" \ + --label "traefik.http.middlewares.authentik_redirect.redirectregex.permanent=true" \ + --label "traefik.http.middlewares.authentik_redirect.redirectregex.regex=^https?://(auth|a)\\.unhb\\.de/(.*)" \ + --label "traefik.http.middlewares.authentik_redirect.redirectregex.replacement=https://auth.un-hack-bar.de/$${2}" \ --env-file {{ docker_volumes_dir }}/authentik/authentik.env \ -v {{ docker_volumes_dir }}/authentik/media:/media \ -v {{ docker_volumes_dir }}/authentik/custom-templates:/templates \