Now that we have Traefik deployed, automatically exposing SSL access to our Docker Swarm services using LetsEncrypt wildcard certificates, let's pause to consider that we may not want some services exposed directly to the internet...
From my Point of view the foward-auth offers a wider variety of whitelist options EG whitelist by email, by IP even with certain time of the day. And it looks nicer than oauth. As far as I know both will work fine though
Some changes to the env variable names in the example for the traefik-forward-auth version used here (2.1.0). These two will break the container unless changed:
GOOGLE_CLIENT_ID becomes PROVIDERS_GOOGLE_CLIENT_ID
GOOGLE_CLIENT_SECRET becomes PROVIDERS_GOOGLE_CLIENT_SECRET
This one will raise a warning in the logs that its depreciated, but wont break it (yet, at 2.1.0):
COOKIE_DOMAINS becomes COOKIE_DOMAIN