fix(authelia): Add trusted proxies configuration

authelia/configuration.example.yml

@@ -4,6 +4,8 @@
 # Server settings
 server:
   address: 'tcp://0.0.0.0:9091'
+  trusted_proxies:
+    - '172.16.0.0/12'  # Docker networks
 
 # Logging configuration
 log:

docker-compose.yml

@@ -15,6 +15,8 @@ services:
       - --experimental.plugins.rewriteHeaders.version=v0.0.3
       - --providers.docker.network=docker-compose-nas
       - --providers.docker.endpoint=unix:///var/run/docker.sock
+      - --log.level=DEBUG
+      - --entrypoints.web.http.middlewares=set-x-forwarded-proto@docker
     network_mode: service:tailscale
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock:ro
@@ -22,6 +24,8 @@ services:
       test: ["CMD", "traefik", "healthcheck", "--ping"]
       interval: 30s
       retries: 10
+    labels:
+      - traefik.http.middlewares.set-x-forwarded-proto.headers.customRequestHeaders.X-Forwarded-Proto=https
   redis:
     image: redis:alpine
     container_name: redis
@@ -44,7 +48,6 @@ services:
     volumes:
       - ${CONFIG_ROOT:-.}/authelia:/config:Z
     environment:
-      - AUTHELIA_JWT_SECRET=${AUTHELIA_JWT_SECRET}
       - AUTHELIA_SESSION_SECRET=${AUTHELIA_SESSION_SECRET}
       - AUTHELIA_STORAGE_ENCRYPTION_KEY=${AUTHELIA_STORAGE_ENCRYPTION_KEY}
       - AUTHELIA_SESSION_REDIS_PASSWORD=${AUTHELIA_REDIS_PASSWORD}
@@ -400,7 +403,7 @@ services:
       - PUID=${USER_ID}
       - PGID=${GROUP_ID}
       - TZ=${TIMEZONE}
-      - JELLYFIN_PublishedServerUrl=${TAILSCALE_HOSTNAME}.${TAILSCALE_TAILNET_DOMAIN}/jellyfin
+      - JELLYFIN_PublishedServerUrl=https://${TAILSCALE_HOSTNAME}.${TAILSCALE_TAILNET_DOMAIN}/jellyfin
     volumes:
       - ${CONFIG_ROOT:-.}/jellyfin:/config:Z
       - ${DATA_ROOT}:/data:Z