mirror of
https://github.com/tborychowski/self-hosted-cookbook.git
synced 2025-01-23 12:14:17 +00:00
112 lines
2.2 KiB
Markdown
112 lines
2.2 KiB
Markdown
|
# Authelia
|
||
|
This is a fantastic, feature rich and simple to set-up Single Sign-On solution.
|
||
|
The config files below, will use a file-storage for users, because it's simpler and quite sufficient for simple self-hosting server at home (as opposed to seting up full featured LDAP back-end).
|
||
|
|
||
|
<br>
|
||
|
|
||
|
- [Homepage](https://www.authelia.com/)
|
||
|
- [Github repo](https://github.com/authelia/authelia)
|
||
|
- [Docs](https://www.authelia.com/docs/)
|
||
|
|
||
|
|
||
|
## docker-compose.yml
|
||
|
```yml
|
||
|
version: '3.3'
|
||
|
networks:
|
||
|
net:
|
||
|
driver: bridge
|
||
|
|
||
|
services:
|
||
|
authelia:
|
||
|
image: authelia/authelia
|
||
|
container_name: authelia
|
||
|
restart: unless-stopped
|
||
|
expose:
|
||
|
- 9091
|
||
|
ports:
|
||
|
- "9091:9091"
|
||
|
networks:
|
||
|
- net
|
||
|
environment:
|
||
|
- TZ=Europe/Dublin
|
||
|
volumes:
|
||
|
- ./data:/var/lib/authelia
|
||
|
- ./config.yml:/etc/authelia/configuration.yml:ro
|
||
|
- ./users.yml:/etc/authelia/users.yml:ro
|
||
|
|
||
|
redis:
|
||
|
image: redis:alpine
|
||
|
container_name: redis
|
||
|
volumes:
|
||
|
- ./redis:/data
|
||
|
expose:
|
||
|
- 6379
|
||
|
networks:
|
||
|
- net
|
||
|
restart: unless-stopped
|
||
|
environment:
|
||
|
- TZ=Europe/Dublin
|
||
|
```
|
||
|
|
||
|
## config.yml
|
||
|
```yml
|
||
|
host: 0.0.0.0
|
||
|
port: 9091
|
||
|
|
||
|
# log_level: debug
|
||
|
jwt_secret: DphJJcoCO2aXK666tq3d2AgMQ8gaugukKsUjKzMciA
|
||
|
|
||
|
authentication_backend:
|
||
|
file:
|
||
|
path: /etc/authelia/users.yml
|
||
|
|
||
|
storage:
|
||
|
local:
|
||
|
path: /var/lib/authelia/db.sqlite3
|
||
|
|
||
|
notifier:
|
||
|
filesystem:
|
||
|
filename: /tmp/authelia/notification.txt
|
||
|
|
||
|
session:
|
||
|
name: authelia_session
|
||
|
secret: U8kmbel7WhP1YneQh2134DXhsiSHctE5Emtf
|
||
|
expiration: 3600 # 1 hour
|
||
|
inactivity: 300 # 5 minutes
|
||
|
# The domain to protect.
|
||
|
# Note: the login portal must also be a subdomain of that domain.
|
||
|
domain: example.com
|
||
|
redis:
|
||
|
host: redis
|
||
|
port: 6379
|
||
|
|
||
|
regulation:
|
||
|
max_retries: 3
|
||
|
find_time: 120
|
||
|
ban_time: 300
|
||
|
|
||
|
access_control:
|
||
|
default_policy: one_factor
|
||
|
rules:
|
||
|
- domain: "*.example.com"
|
||
|
subject: "group:admins"
|
||
|
policy: one_factor
|
||
|
```
|
||
|
|
||
|
## users.yml
|
||
|
```yml
|
||
|
users:
|
||
|
admin:
|
||
|
displayname: "admin"
|
||
|
password: "" # password hash - see below how to generate
|
||
|
email: admin@example.com
|
||
|
groups:
|
||
|
- admins
|
||
|
```
|
||
|
|
||
|
## Tips & Tricks
|
||
|
Generate password hash for the `users.yml`:
|
||
|
```sh
|
||
|
docker run authelia/authelia:latest authelia hash-password <PASS>
|
||
|
```
|