I set up authelia, and I understood how it works. But there is a snag.
If I give a link to someone, for example radarr.myDomain.ru. THEN this person has an error 403. In the address bar, it can be seen that the redirect gives the authorization address of the hostel + secure point, but the address of the secure point does not come out 'https', but 'http'. To avoid this, he needs to first go through the authorization of the network, then the cookies are saved, and the errors are also ok.
Or he can manually attribute the letters 'S', go through authorization, and also, after saving cookies, there will be no 403 error in the future.
I will send you a PM my web so you can see for yourself.