Day 33 of #100DaysOfHomelab was spent figuring out some auth issues I was having between Authelia, Traefik and my docker containers.
All of my containers are running behind Authelia as a sigle sign on auth system. Since migrating my network and moving Authelia and Traefik to a RPi4, I was having issues where other docker containers couldn't access the services behind the SSO.
After many hours of debugging, it turns out that the traefik instance was using the docker container IP as the source which is in the 172.30.0.0/24
CIDR range. My IP whitelist service to bypass the SSO login page was only on the 10.x.x.x
networks.
Monitor your DNS Zones with ZoneWatcher
Be alerted of DNS record changes moments after they happen, not from upset customers.