replace nforwardauth with authelia #231
4 changed files with 12 additions and 25 deletions
|
@ -1,4 +1,5 @@
|
||||||
---
|
---
|
||||||
|
# geklaut von: https://ruanbekker.hashnode.dev/sso-with-authelia-using-traefik-on-docker + https://www.reddit.com/r/selfhosted/comments/158quyz/authelia_ldap_groups/
|
||||||
server.address: "0.0.0.0:9091"
|
server.address: "0.0.0.0:9091"
|
||||||
|
|
||||||
log:
|
log:
|
||||||
|
@ -6,7 +7,9 @@ log:
|
||||||
|
|
||||||
identity_validation:
|
identity_validation:
|
||||||
reset_password:
|
reset_password:
|
||||||
jwt_secret: c50498e29383564cd50bdeda9b74a3bf
|
jwt_secret: "{{ lookup('viczem.keepass.keepass', 'authelia_jwt_secret', 'password') }}"
|
||||||
|
|
||||||
|
authelia_jwt_secret
|
||||||
|
|
||||||
totp:
|
totp:
|
||||||
issuer: totp.mgrote.net
|
issuer: totp.mgrote.net
|
||||||
|
@ -36,10 +39,9 @@ regulation:
|
||||||
ban_time: 300
|
ban_time: 300
|
||||||
|
|
||||||
storage:
|
storage:
|
||||||
encryption_key: f30ebde68b2c85c1b3fe2d16d9884190 # verschlüsseln
|
encryption_key: {{ lookup('viczem.keepass.keepass', 'authelia_storage_encryption_key', 'password') }}
|
||||||
local:
|
local:
|
||||||
path: /data/db.sqlite3
|
path: /data/db.sqlite3
|
||||||
# db auf mariadb ändern
|
|
||||||
|
|
||||||
notifier:
|
notifier:
|
||||||
smtp:
|
smtp:
|
||||||
|
@ -68,8 +70,7 @@ authentication_backend:
|
||||||
username: uid
|
username: uid
|
||||||
group_name: cn
|
group_name: cn
|
||||||
mail: mail
|
mail: mail
|
||||||
# The username and password of the bind user.
|
|
||||||
# "bind_user" should be the username you created for authentication with the "lldap_strict_readonly" permission. It is not recommended to use an actual admin account here.
|
|
||||||
# If you are configuring Authelia to change user passwords, then the account used here needs the "lldap_password_manager" permission instead.
|
|
||||||
user: uid=authelia_bind_user,ou=people,dc=mgrote,dc=net
|
user: uid=authelia_bind_user,ou=people,dc=mgrote,dc=net
|
||||||
password: '{{ lookup('viczem.keepass.keepass', 'lldap_authelia_bind_user', 'password') }}'
|
password: '{{ lookup('viczem.keepass.keepass', 'lldap_authelia_bind_user', 'password') }}'
|
||||||
|
|
||||||
|
# Details/Doku: https://wiki.mgrote.net/pages/_Technik/hardware/rest/fpv/software/rest/ldap/
|
||||||
|
|
|
@ -1,3 +1,5 @@
|
||||||
|
# Details/Doku: https://wiki.mgrote.net/pages/_Technik/hardware/rest/fpv/software/rest/ldap/
|
||||||
|
|
||||||
services:
|
services:
|
||||||
######## traefik ########
|
######## traefik ########
|
||||||
traefik:
|
traefik:
|
||||||
|
@ -76,23 +78,13 @@ volumes:
|
||||||
acme_data:
|
acme_data:
|
||||||
authelia_data:
|
authelia_data:
|
||||||
|
|
||||||
|
|
||||||
# passwd
|
|
||||||
# echo "<user>:$(mkpasswd -m sha-512 <password>)" # kann weg
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
# TODO
|
# TODO
|
||||||
# ldap user: https://www.authelia.com/configuration/first-factor/ldap/
|
|
||||||
# test mit whoami
|
|
||||||
# doku: https://ruanbekker.hashnode.dev/sso-with-authelia-using-traefik-on-docker
|
|
||||||
# healtchecks
|
# healtchecks
|
||||||
# munin
|
# munin
|
||||||
# keepass aufraumen
|
# keepass aufraumen
|
||||||
# secrets
|
|
||||||
# docs lesen
|
# docs lesen
|
||||||
# test mail senden
|
|
||||||
# ldap gruppe per app
|
# ldap gruppe per app
|
||||||
# rechte konzept fur ldap beschreiben + https://www.reddit.com/r/selfhosted/comments/158quyz/authelia_ldap_groups/
|
|
||||||
# munin absichern
|
|
||||||
# weitere seiten?
|
# weitere seiten?
|
||||||
|
# registry-ui
|
||||||
|
# munin
|
||||||
|
# traefik
|
||||||
|
|
|
@ -40,9 +40,3 @@ api:
|
||||||
dashboard: true # unter Port 8081 erreichbar
|
dashboard: true # unter Port 8081 erreichbar
|
||||||
|
|
||||||
ping: {} # für healthcheck
|
ping: {} # für healthcheck
|
||||||
|
|
||||||
#experimental:
|
|
||||||
# plugins:
|
|
||||||
# ldapAuth:
|
|
||||||
# moduleName: "github.com/wiltonsr/ldapAuth"
|
|
||||||
# version: "v0.1.4"
|
|
||||||
|
|
BIN
keepass_db.kdbx
BIN
keepass_db.kdbx
Binary file not shown.
Loading…
Reference in a new issue