From 49f9f0be08ecce8507a0a71bea66589bc36f4d12 Mon Sep 17 00:00:00 2001
From: Adrien Reslinger <adrien@reslinger.net>
Date: Sat, 26 Mar 2022 00:04:05 +0100
Subject: [PATCH 1/2] Prepare default backend

---
 tasks/main.yml                          |  1 +
 templates/traefik-defaultbackend.yml.j2 | 16 ++++++++++++++++
 2 files changed, 17 insertions(+)
 create mode 100644 templates/traefik-defaultbackend.yml.j2

diff --git a/tasks/main.yml b/tasks/main.yml
index def16fe..3fa5e21 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -102,5 +102,6 @@
 #      - traefik-sa.yml.j2
       - traefik-ingressroute.yml.j2
 #      - traefik-svc.yml.j2
+#      - traefik-defaultbackend.yml.j2
 
   tags: traefik
diff --git a/templates/traefik-defaultbackend.yml.j2 b/templates/traefik-defaultbackend.yml.j2
new file mode 100644
index 0000000..40ad31d
--- /dev/null
+++ b/templates/traefik-defaultbackend.yml.j2
@@ -0,0 +1,16 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: cheese
+  annotations:
+    traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
+    traefik.ingress.kubernetes.io/router.priority: "1"
+    traefik.ingress.kubernetes.io/router.middlewares: security_headers@file,compress@file
+
+spec:
+  defaultBackend:
+    service:
+      name: stilton
+      port:
+        number: 80

From 5456ce68ef33277d8e1eeeb120cf4b4ee1722669 Mon Sep 17 00:00:00 2001
From: Adrien Reslinger <adrien@reslinger.net>
Date: Sat, 26 Mar 2022 00:04:37 +0100
Subject: [PATCH 2/2] Fix authelia middleware

---
 templates/traefik-files.yml.j2 | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/templates/traefik-files.yml.j2 b/templates/traefik-files.yml.j2
index b5ab8e9..b03f2f6 100644
--- a/templates/traefik-files.yml.j2
+++ b/templates/traefik-files.yml.j2
@@ -51,13 +51,24 @@ data:
     #        users:
     #          - {{ basic_auth_data }}
 {% endif %}
-{% if false %}
         authelia:
           forwardAuth:
             address: "http://authelia:9091/api/verify?rd=https://login.example.com/"
             trustForwardHeader: true
-            authReponseHeaders: ["Remote-User", "Remote-Groups", "Remote-Name", "Remote-Email"]
-{% endif %}
+            authResponseHeaders:
+              - "Remote-User"
+              - "Remote-Groups"
+              - "Remote-Name"
+              - "Remote-Email"
+        authelia-basic:
+          forwardAuth:
+            address: "http://authelia:9091/api/verify?auth=basic"
+            trustForwardHeader: true
+            authResponseHeaders:
+              - "Remote-User"
+              - "Remote-Groups"
+              - "Remote-Name"
+              - "Remote-Email"
 
   traefik-tls-defaults-options.yaml: |
     tls: