I have a reverse proxy setup where a bare https://example.com is protected by Authelia, and https://example.com/whatever_here is not. The idea is to limit the people who can create a shared file (the GUI is at https://example.com), but freely allow for the files to be retrieved by anyone when they know the URI ( https://example.com/some_key_here):
https://example.com {
@add_file {
path /
}
@share_file {
path /*
}
reverse_proxy @share psitransfer:3000
import authenticate-with-authelia
reverse_proxy @share_file psitransfer:3000
}
The idea is to first match the freely available URI, and then if there is no match, load the Authelia configuration, and then allow for the GUI in case the authentication is OK.
Now I would like to extend this configuration by having https://example.com/admin protected by Authelia, via a new named matcher:
@admin {
path /admin
}
My problem: I do not know how to mix this with the setup above. Either
- I match
@adminfirst (but I would need toimport authenticate-with-autheliaand have everything authenticated (including what I do not want) →
- or I first match
@share_fileand it will also match/admin→
Ideally, I would look for conditional blocks such as
if @admin then { import authenticate-with-authelia; reverse_proxy ...}
but it looks like the matcher always comes after the command (or rather, in addition to the command).
How can I approach this?