Graceful Degradation: When Infrastructure Assumptions Break

Authelia Configuration: When Silent Failures Teach Loud Lessons

The borisovai-admin project was humming along nicely—until someone deployed Traefik without Authelia installed, and everything started returning 502 errors. The culprit? A hardcoded authelia@file reference sitting in static configuration files, blissfully unaware that Authelia might not even exist on the server. It was a classic case of assumptions in infrastructure code—and they had to go.

The task was straightforward: make Authelia integration graceful and conditional. No more broken deployments when Authelia isn’t present.

Here’s what actually happened. First, I yanked authelia@file completely out of the static Traefik configs. This felt risky—like removing a load-bearing wall—but it was necessary. The real magic needed to happen elsewhere, during the installation and deployment flow.

The strategy became a three-script coordination:

install-authelia.sh became the automation hub. When Authelia gets installed, this script now automatically injects authelia@file into the config.json and sets up OIDC configuration in one go. No manual steps, no “oh, I forgot to update the config” moments. It’s self-contained.

configure-traefik.sh got smarter with a conditional check—if AUTHELIA_INSTALLED is true, it includes the Authelia middleware. Otherwise, it skips it cleanly. Simple environment variable, massive reliability gain.

deploy-traefik.sh added a safety net: it re-injects authelia@file if Authelia is detected on the server during deployment. This handles the scenario where Authelia might have been installed separately and ensures the configuration stays in sync.

There was also a painful discovery in install-management-ui.sh—the path to mgmt_client_secret was broken. That got fixed too, almost as a bonus.

And finally, authelia.yml got evicted from the repository entirely. It’s now generated by install-authelia.sh at runtime. This eliminates version conflicts and keeps sensitive configuration from drifting.

Here’s what makes this interesting: Infrastructure code lives in a grey zone between application code and operations. You can’t just assume dependencies exist. Every external service, every optional module, needs to degrade gracefully. The pattern here—conditional middleware loading, environment-aware configuration, runtime-generated sensitive files—is exactly how production systems should behave. It’s not sexy, but it’s the difference between “works in my test environment” and “works everywhere.”

The real lesson? Validate your assumptions at runtime, not at deploy time. Authelia integration should work whether Authelia is present or not. That’s not just defensive programming; that’s respectful of whoever has to maintain this later.