Protect WebUI access


I can’t managed to have nextcloud working behind traefik + authelia
It’s not about login to nextcloud via authelia and openid

But to authorize access to the webui only after a succesful authentication on authelia
Then authelia will redirect the user on the nextcloud login page
And then, the user would still have to authenticate on his nextcloud account

Is there a way to achieve that ?

For the moment, I have 2FA with duo to log in my nextcloud working fine
But it’s really about the webui not accessible by only typing on the url bar

Thank you for your help and avices :slight_smile:


I never worked with traefik or authelia but I’m pretty sure, what you want is not directly related to nextcloud.
What you need is a reverse proxy that will verify if your user was authenticated by traefik + authelia and then will forward the client request to

The architecture is documented here :

As you can see on the Sequence Diagram, first the user tries to connect to but is redirected to authelia by traefik (your reverse proxy). And then authelia redirects the user to which is behind traefik.

I did not read this page entirely but the example seems to be exactly your situation:

Hi ligal,

I thank you for your reply and your links :grin: :grin: