replace nforwardauth with authelia #231
4 changed files with 12 additions and 25 deletions
|
@ -1,4 +1,5 @@
|
|||
---
|
||||
# geklaut von: https://ruanbekker.hashnode.dev/sso-with-authelia-using-traefik-on-docker + https://www.reddit.com/r/selfhosted/comments/158quyz/authelia_ldap_groups/
|
||||
server.address: "0.0.0.0:9091"
|
||||
|
||||
log:
|
||||
|
@ -6,7 +7,9 @@ log:
|
|||
|
||||
identity_validation:
|
||||
reset_password:
|
||||
jwt_secret: c50498e29383564cd50bdeda9b74a3bf
|
||||
jwt_secret: "{{ lookup('viczem.keepass.keepass', 'authelia_jwt_secret', 'password') }}"
|
||||
|
||||
authelia_jwt_secret
|
||||
|
||||
totp:
|
||||
issuer: totp.mgrote.net
|
||||
|
@ -36,10 +39,9 @@ regulation:
|
|||
ban_time: 300
|
||||
|
||||
storage:
|
||||
encryption_key: f30ebde68b2c85c1b3fe2d16d9884190 # verschlüsseln
|
||||
encryption_key: {{ lookup('viczem.keepass.keepass', 'authelia_storage_encryption_key', 'password') }}
|
||||
local:
|
||||
path: /data/db.sqlite3
|
||||
# db auf mariadb ändern
|
||||
|
||||
notifier:
|
||||
smtp:
|
||||
|
@ -68,8 +70,7 @@ authentication_backend:
|
|||
username: uid
|
||||
group_name: cn
|
||||
mail: mail
|
||||
# The username and password of the bind user.
|
||||
# "bind_user" should be the username you created for authentication with the "lldap_strict_readonly" permission. It is not recommended to use an actual admin account here.
|
||||
# If you are configuring Authelia to change user passwords, then the account used here needs the "lldap_password_manager" permission instead.
|
||||
user: uid=authelia_bind_user,ou=people,dc=mgrote,dc=net
|
||||
password: '{{ lookup('viczem.keepass.keepass', 'lldap_authelia_bind_user', 'password') }}'
|
||||
|
||||
# Details/Doku: https://wiki.mgrote.net/pages/_Technik/hardware/rest/fpv/software/rest/ldap/
|
||||
|
|
|
@ -1,3 +1,5 @@
|
|||
# Details/Doku: https://wiki.mgrote.net/pages/_Technik/hardware/rest/fpv/software/rest/ldap/
|
||||
|
||||
services:
|
||||
######## traefik ########
|
||||
traefik:
|
||||
|
@ -76,23 +78,13 @@ volumes:
|
|||
acme_data:
|
||||
authelia_data:
|
||||
|
||||
|
||||
# passwd
|
||||
# echo "<user>:$(mkpasswd -m sha-512 <password>)" # kann weg
|
||||
|
||||
|
||||
|
||||
# TODO
|
||||
# ldap user: https://www.authelia.com/configuration/first-factor/ldap/
|
||||
# test mit whoami
|
||||
# doku: https://ruanbekker.hashnode.dev/sso-with-authelia-using-traefik-on-docker
|
||||
# healtchecks
|
||||
# munin
|
||||
# keepass aufraumen
|
||||
# secrets
|
||||
# docs lesen
|
||||
# test mail senden
|
||||
# ldap gruppe per app
|
||||
# rechte konzept fur ldap beschreiben + https://www.reddit.com/r/selfhosted/comments/158quyz/authelia_ldap_groups/
|
||||
# munin absichern
|
||||
# weitere seiten?
|
||||
# registry-ui
|
||||
# munin
|
||||
# traefik
|
||||
|
|
|
@ -40,9 +40,3 @@ api:
|
|||
dashboard: true # unter Port 8081 erreichbar
|
||||
|
||||
ping: {} # für healthcheck
|
||||
|
||||
#experimental:
|
||||
# plugins:
|
||||
# ldapAuth:
|
||||
# moduleName: "github.com/wiltonsr/ldapAuth"
|
||||
# version: "v0.1.4"
|
||||
|
|
BIN
keepass_db.kdbx
BIN
keepass_db.kdbx
Binary file not shown.
Loading…
Reference in a new issue