Do you know if this will handle cookies & JWT tokens properly when running multiple replicas of the traefik-forward-auth0 deployment?

If you configure different listening ports, cookie domains and different callbacks urls, it should work with multiple running deployments of the with back-end.

An improvement to the backend would be configurable cookie name per application, but right now the name of the time is hard coded unfortunately .

With this improvement the same running instance of the backend could handle many different applications on different domains, cookie names and tokens.

@dniel thanks for the response!

I'm wondering about deploying traefik-forward-auth0 to kubernetes via the helm chart and bumping the number of replicas from the default of 1 to something like 3. There would be three identical copies of the application running fronted by the same service (and port) and kube-proxy would be responsible for routing the requests of the service to the running instances.

The benefit to running it this way would be to add resiliency & redundancy to the solution so that if the single instance of the pod is unavailable, it doesn't block service to the applications that are fronted by it.

The forwardauth backend is stateless, does not hold any session of the users. It should work fine with any number of replicas I think. I have updated my configuration with 3 replicas now and it seems to work without trouble. Its running at https://www.dniel.se and is using the configuration found here https://github.com/dniel/manifests/blob/master/forwardauth.yaml

Awesome, thank you @dniel!