diff --git a/utils/modules/services/web/typo3.nix b/utils/modules/services/web/typo3.nix
index 6459b95..4da4f54 100644
--- a/utils/modules/services/web/typo3.nix
+++ b/utils/modules/services/web/typo3.nix
@@ -264,7 +264,7 @@ in
           fastcgi_param PHP_REMOTE_USER $remote_user;
           fastcgi_param PHP_AUTH_USER $remote_user;
 
-          try_files $uri /typo3/index.php$is_args$args;
+          /typo3/index.php$is_args$args;
         '';
       };
 
@@ -369,8 +369,31 @@ in
           if (!-f $document_root$fastcgi_script_name) {
               return 404;
           }
+
+          auth_request /authelia;
+          # Set the `target_url` variable based on the request. It will be used to build the portal
+          # URL with the correct redirection parameter.
+          auth_request_set $target_url $scheme://$http_host$request_uri;
+          # Set the X-Forwarded-User and X-Forwarded-Groups with the headers
+          # returned by Authelia for the backends which can consume them.
+          # This is not safe, as the backend must make sure that they come from the
+          # proxy. In the future, it's gonna be safe to just use OAuth.
+          auth_request_set $user $upstream_http_remote_user;
+          auth_request_set $groups $upstream_http_remote_groups;
+          auth_request_set $name $upstream_http_remote_name;
+          auth_request_set $email $upstream_http_remote_email;
+          proxy_set_header Remote-User $user;
+          proxy_set_header Remote-Groups $groups;
+          proxy_set_header Remote-Name $name;
+          proxy_set_header Remote-Email $email;
+          fastcgi_param AUTH_USER $remote_user;
+          fastcgi_param REMOTE_USER $remote_user;
+          fastcgi_param PHP_REMOTE_USER $remote_user;
+          fastcgi_param PHP_AUTH_USER $remote_user;
+
+
+
           include ${pkgs.nginx}/conf/fastcgi_params;
-          include ${pkgs.nginx}/conf/fastcgi.conf;
           fastcgi_buffer_size 32k;
           fastcgi_buffers 8 16k;
           fastcgi_connect_timeout 240s;