diff --git a/apps/prod/authelia/forward-auth-middleware.yaml b/apps/prod/authelia/forward-auth-middleware.yaml
new file mode 100644
index 0000000..b1e704f
--- /dev/null
+++ b/apps/prod/authelia/forward-auth-middleware.yaml
@@ -0,0 +1,15 @@
+# /apps/prod/authelia/forward-auth-middleware.yaml
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: authelia
+  namespace: auth
+spec:
+  forwardAuth:
+    address: 'http://authelia.auth.svc.cluster.local/api/authz/forward-auth?authelia_url=https%3A%2F%2Fauth.example.com'
+    trustForwardHeader: true
+    authResponseHeaders:
+    - "Remote-User"
+    - "Remote-Groups"
+    - "Remote-Email"
+    - "Remote-Name"
diff --git a/apps/prod/authelia/kustomization.yaml b/apps/prod/authelia/kustomization.yaml
index ac11aed..a34b97f 100644
--- a/apps/prod/authelia/kustomization.yaml
+++ b/apps/prod/authelia/kustomization.yaml
@@ -5,8 +5,9 @@ namespace: auth
 
 resources:
   - ../../base/authelia
-  - release.yaml
   - users-database.enc.yaml
+  - release.yaml
+  - forward-auth-middleware.yaml
 
 configMapGenerator:
   - name: authelia-prod-values
diff --git a/apps/prod/authelia/values.yaml b/apps/prod/authelia/values.yaml
index 8b49802..ce5f59d 100644
--- a/apps/prod/authelia/values.yaml
+++ b/apps/prod/authelia/values.yaml
@@ -51,14 +51,6 @@ ingress:
   ingressClassName: "traefik"
   traefikCRD:
     enabled: true
-    middlewares:
-      auth:
-        nameOverride: "authelia"
-        authResponseHeaders:
-          - "Remote-User"
-          - "Remote-Groups"
-          - "Remote-Email"
-          - "Remote-Name"
     matchOverride: Host(`auth.example.com`)
     entryPoints:
       - "websecure"
\ No newline at end of file