traefik & authelia

2025-12-23 12:11:09 +00:00 · 2020-10-31 16:45:17 +00:00
parent 3b2fe005a2
commit c00ded115d
3 changed files with 300 additions and 2 deletions
--- a/apps/reverse-proxy-sso/authelia.md
+++ b/apps/reverse-proxy-sso/authelia.md
@@ -0,0 +1,111 @@
+# Authelia
+This is a fantastic, feature rich and simple to set-up Single Sign-On solution.
+The config files below, will use a file-storage for users, because it's simpler and quite sufficient for simple self-hosting server at home (as opposed to seting up full featured LDAP back-end).
+
+<br>
+
+- [Homepage](https://www.authelia.com/)
+- [Github repo](https://github.com/authelia/authelia)
+- [Docs](https://www.authelia.com/docs/)
+
+
+## docker-compose.yml
+```yml
+version: '3.3'
+networks:
+  net:
+    driver: bridge
+
+services:
+  authelia:
+    image: authelia/authelia
+    container_name: authelia
+    restart: unless-stopped
+    expose:
+      - 9091
+    ports:
+      - "9091:9091"
+    networks:
+      - net
+    environment:
+      - TZ=Europe/Dublin
+    volumes:
+      - ./data:/var/lib/authelia
+      - ./config.yml:/etc/authelia/configuration.yml:ro
+      - ./users.yml:/etc/authelia/users.yml:ro
+
+  redis:
+    image: redis:alpine
+    container_name: redis
+    volumes:
+      - ./redis:/data
+    expose:
+      - 6379
+    networks:
+      - net
+    restart: unless-stopped
+    environment:
+      - TZ=Europe/Dublin
+```
+
+## config.yml
+```yml
+host: 0.0.0.0
+port: 9091
+
+# log_level: debug
+jwt_secret: DphJJcoCO2aXK666tq3d2AgMQ8gaugukKsUjKzMciA
+
+authentication_backend:
+  file:
+    path: /etc/authelia/users.yml
+
+storage:
+    local:
+        path: /var/lib/authelia/db.sqlite3
+
+notifier:
+    filesystem:
+        filename: /tmp/authelia/notification.txt
+
+session:
+  name: authelia_session
+  secret: U8kmbel7WhP1YneQh2134DXhsiSHctE5Emtf
+  expiration: 3600 # 1 hour
+  inactivity: 300 # 5 minutes
+  # The domain to protect.
+  # Note: the login portal must also be a subdomain of that domain.
+  domain: example.com
+  redis:
+    host: redis
+    port: 6379
+
+regulation:
+  max_retries: 3
+  find_time: 120
+  ban_time: 300
+
+access_control:
+  default_policy: one_factor
+  rules:
+    - domain: "*.example.com"
+      subject: "group:admins"
+      policy: one_factor
+```
+
+## users.yml
+```yml
+users:
+  admin:
+    displayname: "admin"
+    password: ""   # password hash - see below how to generate
+    email: admin@example.com
+    groups:
+      - admins
+```
+
+## Tips & Tricks
+Generate password hash for the `users.yml`:
+```sh
+docker run authelia/authelia:latest authelia hash-password <PASS>
+```