Authenticate based on HTTP headers from reverse proxy.

Configuration 

auth:
  methods:
    proxy:
      enabled: true
      header: "X-Forwarded-User"  # or "Remote-User"
      createUser: true

Use Cases

  • Corporate SSO via proxy
  • Kubernetes ingress authentication
  • Nginx auth_request module
  • Traefik ForwardAuth

Traefik Example

Traefik middleware:

http:
  middlewares:
    auth:
      forwardAuth:
        address: "https://auth.example.com/verify"
        trustForwardHeader: true

FileBrowser config:

auth:
  methods:
    proxy:
      enabled: true
      header: "X-Forwarded-User"
      createUser: true

Next Steps