A minimal forward authentication service providing Google/OpenID OAuth-based login and authentication for the Traefik reverse proxy.
Minimal forward authentication service that provides Google/OpenID oauth based login and authentication for the traefik reverse proxy
This tool is used to add OAuth/SSO authentication to any HTTP service behind the Traefik reverse proxy, enabling secure access control via Google or OpenID providers. It is ideal for DevOps engineers and system administrators who want to seamlessly integrate authentication into their microservices or web applications without modifying the services themselves.
Do not use INSECURE_COOKIE=true in production environments as it disables secure cookie flags. Ensure proper OAuth provider credentials are configured. When upgrading to v2, review the upgrade guide to avoid configuration warnings. Use HTTPS in production to maintain secure authentication flows.
Use Docker to run the service with the image thomseddon/traefik-forward-auth:2
Configure environment variables such as PROVIDERS_GOOGLE_CLIENT_ID, PROVIDERS_GOOGLE_CLIENT_SECRET, and SECRET
Mount Docker socket if running alongside Traefik for provider autodiscovery
Optionally download pre-built binaries from GitHub releases for non-Docker usage
Refer to the upgrade guide when migrating to v2 to update configuration optionsdocker-compose.yml example with traefik and traefik-forward-auth services
Defines a simple setup running Traefik v2.2 and traefik-forward-auth with Google OAuth environment variables for authentication.
thomseddon/traefik-forward-auth:2
Docker image tag recommended for stable usage.
Use environment variables PROVIDERS_GOOGLE_CLIENT_ID and PROVIDERS_GOOGLE_CLIENT_SECRET
Configure Google OAuth credentials for authentication.
Set SECRET environment variable
Defines a random secret key used for cookie signing and security.
INSECURE_COOKIE=true
Allows running without HTTPS for testing purposes; not recommended for production.