From 19089602b8ecfae5cf48ce4e1441362d7418021e Mon Sep 17 00:00:00 2001 From: nathan Date: Sun, 31 May 2026 21:24:02 -0400 Subject: [PATCH] fix(prowlarr): resolve auth_mode_conflict by using shared authentik middleware Remove redundant prowlarr_outpost sidecar container and apply the shared authentik-auth@file middleware to the prowlarr router. The Authentik forward auth middleware already exists in the Traefik dynamic configuration and provides the necessary authentication layer without requiring a dedicated outpost container per service. --- nodes/heimdall/prowlarr/compose.yaml | 78 +++++++++++++--------------- 1 file changed, 35 insertions(+), 43 deletions(-) diff --git a/nodes/heimdall/prowlarr/compose.yaml b/nodes/heimdall/prowlarr/compose.yaml index cc20257..40f5488 100644 --- a/nodes/heimdall/prowlarr/compose.yaml +++ b/nodes/heimdall/prowlarr/compose.yaml @@ -1,43 +1,35 @@ -############################################################### -# Networks -############################################################### -networks: - proxy-net: - name: proxy-net - external: true - -############################################################### -# Services -############################################################### -services: - prowlarr: - image: lscr.io/linuxserver/prowlarr:2.3.5.5327-ls142 - container_name: prowlarr - mem_limit: 2048m - environment: - - PUID=0 - - PGID=0 - - TZ=America/New_York - volumes: - - /mnt/appdata/prowlarr/data:/config - ports: - - 9696:9696 - restart: unless-stopped - networks: - - proxy-net - prowlarr_outpost: - image: ghcr.io/goauthentik/proxy:2026.2.2 - container_name: prowlarr_outpost - networks: - - proxy-net - environment: - AUTHENTIK_HOST: https://sso.castaldifamily.com - AUTHENTIK_TOKEN: 42FCcV9gmTfixaak77xW4eAZIMUUJ0u5vGsxvumfo1Lav5DIyLViDz4xqinE - AUTHENTIK_INSECURE: "false" - labels: - - "traefik.enable=true" - - "traefik.http.routers.prowlarr-proxy.entrypoints=websecure" - - "traefik.http.routers.prowlarr-proxy.rule=Host(`prowlarr.castaldifamily.com`)" - - "traefik.http.routers.prowlarr-proxy.tls=true" - - "traefik.http.routers.prowlarr-proxy.tls.certresolver=cloudflare" - - "traefik.http.services.prowlarr-proxy.loadbalancer.server.port=9000" \ No newline at end of file +############################################################### +# Networks +############################################################### +networks: + proxy-net: + name: proxy-net + external: true + +############################################################### +# Services +############################################################### +services: + prowlarr: + image: lscr.io/linuxserver/prowlarr:2.3.5.5327-ls142 + container_name: prowlarr + mem_limit: 2048m + environment: + - PUID=0 + - PGID=0 + - TZ=America/New_York + volumes: + - /mnt/appdata/prowlarr/data:/config + ports: + - 9696:9696 + restart: unless-stopped + networks: + - proxy-net + labels: + - "traefik.enable=true" + - "traefik.http.routers.prowlarr-proxy.entrypoints=websecure" + - "traefik.http.routers.prowlarr-proxy.rule=Host(`prowlarr.castaldifamily.com`)" + - "traefik.http.routers.prowlarr-proxy.tls=true" + - "traefik.http.routers.prowlarr-proxy.tls.certresolver=cloudflare" + - "traefik.http.routers.prowlarr-proxy.middlewares=authentik-auth@file,security-headers@file" + - "traefik.http.services.prowlarr-proxy.loadbalancer.server.port=9696" \ No newline at end of file