Sur le service auquel on veut rajouter une couche de sécu il faut activer le middleware authelia

    - "traefik.http.routers.whoami.middlewares=compressor,securityheaders,authelia"

Déclarer authelia dans le compose

    authelia:
        image: authelia/authelia
        container_name: authelia
        volumes:
            - ./authelia:/config
        labels:
            - 'traefik.enable=true'
            - 'traefik.http.routers.authelia.rule=Host(`authelia.${DOMAIN}`)'
            - 'traefik.http.routers.authelia.entrypoints=websecure'
            - 'traefik.http.routers.authelia.tls.certresolver=wildcardle'

            - 'traefik.http.middlewares.authelia.forwardAuth.address=http://authelia:9091/api/verify?rd=https%3A%2F%2Fauthelia.${DOMAIN}%2F'
            - 'traefik.http.middlewares.authelia.forwardAuth.trustForwardHeader=true'
            - 'traefik.http.middlewares.authelia.forwardAuth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email'

créer authelia/users_database.yml

users:
    authelia:
        disabled: false
        displayname: "Authelia User"
        # Password is authelia
        password: "$6$rounds=50000$BpLnfgDsc2WD8F2q$Zis.ixdg9s/UOJYrs56b5QEZFiZECu0qZVNsIYxBaNJ7ucIL.nlxVCT5tqh8KHG8X4tlwCFm5r6NTOZZ5qRFN/"
        email: authelia@authelia.com
        groups:
            - admins
            - dev

créer authelia/configuration.yml et vérifier les settings suivants

default_redirection_url: https://whoami.raphaelpiccolo.com/

authentication_backend:
  password_reset:
    disable: true

  file:
    path: /config/users_database.yml

access_control:
  default_policy: one_factor

session:
  domain: raphaelpiccolo.com

storage:
  local:
    path: /config/db.sqlite3

notifier
  filesystem
    filename: /config/notification.txt

générer un mot de passe

docker run --rm authelia/authelia:latest authelia crypto hash generate argon2 --password 'password'