Traefik's Missing Middleware: Building Resilient Infrastructure

When Middleware Goes Missing: Fixing Traefik’s Silent Dependency Problem

The borisovai-admin project sits at the intersection of several infrastructure components—Traefik as a reverse proxy, Authelia for authentication, and a management UI layer. Everything works beautifully when all pieces are in place. But what happens when you try to deploy without Authelia? The system collapses with a 502 error, desperately searching for middleware that doesn’t exist.

The root cause was deceptively simple: the Traefik configuration had a hardcoded reference to authelia@file middleware baked directly into the static config. This worked fine in fully-equipped environments, but made the entire setup fragile. The moment Authelia wasn’t installed, Traefik would fail immediately because it couldn’t locate that middleware. The infrastructure code treated an optional component as mandatory.

The fix required rethinking the initialization sequence. The static Traefik configuration was stripped of any hardcoded Authelia references—no middleware definitions that might not exist. Instead, I implemented conditional logic that checks whether Authelia is actually installed. The configure-traefik.sh script now evaluates the AUTHELIA_INSTALLED environment variable and only connects the Authelia middleware if the conditions are right.

This meant coordinating three separate installation scripts to work in harmony. The install-authelia.sh script adds the authelia@file reference to config.json when Authelia is installed. The configure-traefik.sh script stays reactive, only including middleware when needed. Finally, deploy-traefik.sh double-checks the server state and reinstalls the middleware if necessary. No assumptions. No hardcoded dependencies pretending to be optional.

Along the way, I discovered a bonus issue: install-management-ui.sh had an incorrect path reference to mgmt_client_secret. I fixed that while I was already elbow-deep in configuration. I also removed authelia.yml from version control entirely—it’s always generated identically by the installation script, so keeping it in git just creates maintenance debt.

Here’s something worth knowing about Docker-based infrastructure: middleware in Traefik isn’t just a function call—it’s a first-class configuration object that must be explicitly defined before anything can reference it. Traefik enforces this strictly. You cannot reference middleware that doesn’t exist. It’s like trying to call an unimported function in Python. A simple mistake, but with devastating consequences in production because it translates directly to service unavailability.

The final architecture is much more resilient. The system works with Authelia, without it, or with partial deployments. Configuration files don’t carry dead weight. Installation scripts actually understand what they’re doing instead of blindly expecting everything to exist. This is what happens when you treat optional dependencies as genuinely optional—not just in application code, but throughout the entire infrastructure layer.

The lesson sticks: if a component is optional, keep it out of static configuration. Let it be added dynamically when needed, not the other way around.

😄 A guy walks into a DevOps bar and orders a drink. The bartender asks, “What’ll it be?” The guy says, “Something that works without dependencies.” The bartender replies, “Sorry, we don’t serve that here.”