replace nforwardauth with authelia #231

Merged
mg merged 45 commits from authelia into master 2024-11-10 12:53:46 +01:00
4 changed files with 12 additions and 25 deletions
Showing only changes of commit 07d480fd91 - Show all commits

View file

@ -1,4 +1,5 @@
--- ---
# geklaut von: https://ruanbekker.hashnode.dev/sso-with-authelia-using-traefik-on-docker + https://www.reddit.com/r/selfhosted/comments/158quyz/authelia_ldap_groups/
server.address: "0.0.0.0:9091" server.address: "0.0.0.0:9091"
log: log:
@ -6,7 +7,9 @@ log:
identity_validation: identity_validation:
reset_password: reset_password:
jwt_secret: c50498e29383564cd50bdeda9b74a3bf jwt_secret: "{{ lookup('viczem.keepass.keepass', 'authelia_jwt_secret', 'password') }}"
authelia_jwt_secret
totp: totp:
issuer: totp.mgrote.net issuer: totp.mgrote.net
@ -36,10 +39,9 @@ regulation:
ban_time: 300 ban_time: 300
storage: storage:
encryption_key: f30ebde68b2c85c1b3fe2d16d9884190 # verschlüsseln encryption_key: {{ lookup('viczem.keepass.keepass', 'authelia_storage_encryption_key', 'password') }}
local: local:
path: /data/db.sqlite3 path: /data/db.sqlite3
# db auf mariadb ändern
notifier: notifier:
smtp: smtp:
@ -68,8 +70,7 @@ authentication_backend:
username: uid username: uid
group_name: cn group_name: cn
mail: mail mail: mail
# The username and password of the bind user.
# "bind_user" should be the username you created for authentication with the "lldap_strict_readonly" permission. It is not recommended to use an actual admin account here.
# If you are configuring Authelia to change user passwords, then the account used here needs the "lldap_password_manager" permission instead.
user: uid=authelia_bind_user,ou=people,dc=mgrote,dc=net user: uid=authelia_bind_user,ou=people,dc=mgrote,dc=net
password: '{{ lookup('viczem.keepass.keepass', 'lldap_authelia_bind_user', 'password') }}' password: '{{ lookup('viczem.keepass.keepass', 'lldap_authelia_bind_user', 'password') }}'
# Details/Doku: https://wiki.mgrote.net/pages/_Technik/hardware/rest/fpv/software/rest/ldap/

View file

@ -1,3 +1,5 @@
# Details/Doku: https://wiki.mgrote.net/pages/_Technik/hardware/rest/fpv/software/rest/ldap/
services: services:
######## traefik ######## ######## traefik ########
traefik: traefik:
@ -76,23 +78,13 @@ volumes:
acme_data: acme_data:
authelia_data: authelia_data:
# passwd
# echo "<user>:$(mkpasswd -m sha-512 <password>)" # kann weg
# TODO # TODO
# ldap user: https://www.authelia.com/configuration/first-factor/ldap/
# test mit whoami
# doku: https://ruanbekker.hashnode.dev/sso-with-authelia-using-traefik-on-docker
# healtchecks # healtchecks
# munin # munin
# keepass aufraumen # keepass aufraumen
# secrets
# docs lesen # docs lesen
# test mail senden
# ldap gruppe per app # ldap gruppe per app
# rechte konzept fur ldap beschreiben + https://www.reddit.com/r/selfhosted/comments/158quyz/authelia_ldap_groups/
# munin absichern
# weitere seiten? # weitere seiten?
# registry-ui
# munin
# traefik

View file

@ -40,9 +40,3 @@ api:
dashboard: true # unter Port 8081 erreichbar dashboard: true # unter Port 8081 erreichbar
ping: {} # für healthcheck ping: {} # für healthcheck
#experimental:
# plugins:
# ldapAuth:
# moduleName: "github.com/wiltonsr/ldapAuth"
# version: "v0.1.4"

Binary file not shown.