replace nforwardauth with authelia #231
4 changed files with 78 additions and 63 deletions
|
@ -1,55 +0,0 @@
|
||||||
---
|
|
||||||
server.address: "0.0.0.0:9091"
|
|
||||||
|
|
||||||
log:
|
|
||||||
level: debug
|
|
||||||
|
|
||||||
identity_validation:
|
|
||||||
reset_password:
|
|
||||||
jwt_secret: c50498e29383564cd50bdeda9b74a3bf
|
|
||||||
|
|
||||||
totp:
|
|
||||||
issuer: totp.mgrote.net
|
|
||||||
|
|
||||||
authentication_backend:
|
|
||||||
file:
|
|
||||||
path: /config/users_database.yml
|
|
||||||
|
|
||||||
access_control:
|
|
||||||
default_policy: deny
|
|
||||||
rules:
|
|
||||||
- domain: wiki.mgrote.net
|
|
||||||
policy: one_factor
|
|
||||||
|
|
||||||
session:
|
|
||||||
name: authelia_session
|
|
||||||
secret: unsecure_session_secret
|
|
||||||
expiration: 3600 # 1 hour
|
|
||||||
inactivity: 300 # 5 minutes
|
|
||||||
domain: mgrote.net # Should match whatever your root protected domain is
|
|
||||||
|
|
||||||
redis:
|
|
||||||
host: authelia-redis
|
|
||||||
port: 6379
|
|
||||||
|
|
||||||
regulation:
|
|
||||||
max_retries: 3
|
|
||||||
find_time: 120
|
|
||||||
ban_time: 300
|
|
||||||
|
|
||||||
storage:
|
|
||||||
encryption_key: f30ebde68b2c85c1b3fe2d16d9884190
|
|
||||||
local:
|
|
||||||
path: /data/db.sqlite3
|
|
||||||
# db auf mariadb ändern
|
|
||||||
|
|
||||||
notifier:
|
|
||||||
smtp:
|
|
||||||
address: postfix:25
|
|
||||||
sender: no-reply-authelia@mgrote.net
|
|
||||||
disable_require_tls: true
|
|
||||||
|
|
||||||
#mg@docker10 /docker/wiki
|
|
||||||
#> docker run --rm -it authelia/authelia:4 authelia crypto hash generate
|
|
||||||
#Digest: $argon2id$v=19$m=65536,t=3,p=4$QFNGrAPRPposUASpU2l4hw$pNthSP2DS1r2QoGT0k3QpU28vbsty6dNemTI+hJhPec
|
|
||||||
# == hallowelt
|
|
78
docker-compose/traefik/configuration.yml.j2
Normal file
78
docker-compose/traefik/configuration.yml.j2
Normal file
|
@ -0,0 +1,78 @@
|
||||||
|
---
|
||||||
|
server.address: "0.0.0.0:9091"
|
||||||
|
|
||||||
|
log:
|
||||||
|
level: debug
|
||||||
|
|
||||||
|
identity_validation:
|
||||||
|
reset_password:
|
||||||
|
jwt_secret: c50498e29383564cd50bdeda9b74a3bf
|
||||||
|
|
||||||
|
totp:
|
||||||
|
issuer: totp.mgrote.net
|
||||||
|
|
||||||
|
access_control:
|
||||||
|
default_policy: deny
|
||||||
|
rules:
|
||||||
|
- domain: wiki.mgrote.net
|
||||||
|
policy: one_factor
|
||||||
|
|
||||||
|
session:
|
||||||
|
name: authelia_session
|
||||||
|
secret: unsecure_session_secret
|
||||||
|
expiration: 3600 # 1 hour
|
||||||
|
inactivity: 300 # 5 minutes
|
||||||
|
domain: mgrote.net # Should match whatever your root protected domain is
|
||||||
|
|
||||||
|
redis:
|
||||||
|
host: authelia-redis
|
||||||
|
port: 6379
|
||||||
|
|
||||||
|
regulation:
|
||||||
|
max_retries: 3
|
||||||
|
find_time: 120
|
||||||
|
ban_time: 300
|
||||||
|
|
||||||
|
storage:
|
||||||
|
encryption_key: f30ebde68b2c85c1b3fe2d16d9884190 # verschlüsseln
|
||||||
|
local:
|
||||||
|
path: /data/db.sqlite3
|
||||||
|
# db auf mariadb ändern
|
||||||
|
|
||||||
|
notifier:
|
||||||
|
smtp:
|
||||||
|
address: postfix:25
|
||||||
|
sender: no-reply-authelia@mgrote.net
|
||||||
|
disable_require_tls: true
|
||||||
|
|
||||||
|
#mg@docker10 /docker/wiki
|
||||||
|
#> docker run --rm -it authelia/authelia:4 authelia crypto hash generate
|
||||||
|
#Digest: $argon2id$v=19$m=65536,t=3,p=4$QFNGrAPRPposUASpU2l4hw$pNthSP2DS1r2QoGT0k3QpU28vbsty6dNemTI+hJhPec
|
||||||
|
# == hallowelt
|
||||||
|
|
||||||
|
# ldap
|
||||||
|
# https://github.com/lldap/lldap/blob/main/example_configs/authelia_config.yml
|
||||||
|
authentication_backend:
|
||||||
|
password_reset:
|
||||||
|
disable: false
|
||||||
|
refresh_interval: 1m
|
||||||
|
ldap:
|
||||||
|
implementation: custom
|
||||||
|
address: ldap://lldap.mgrote.net:3890
|
||||||
|
timeout: 5s
|
||||||
|
start_tls: false
|
||||||
|
base_dn: dc=mgrote,dc=net
|
||||||
|
additional_users_dn: ou=people
|
||||||
|
users_filter: "(&({username_attribute}={input})(objectClass=person))"
|
||||||
|
additional_groups_dn: ou=groups
|
||||||
|
groups_filter: "(member={dn})"
|
||||||
|
attributes:
|
||||||
|
display_name: displayName
|
||||||
|
username: uid
|
||||||
|
group_name: cn
|
||||||
|
mail: mail
|
||||||
|
# The username and password of the bind user.
|
||||||
|
# "bind_user" should be the username you created for authentication with the "lldap_strict_readonly" permission. It is not recommended to use an actual admin account here.
|
||||||
|
# If you are configuring Authelia to change user passwords, then the account used here needs the "lldap_password_manager" permission instead.
|
||||||
|
user: uid=authelia_bind_user,ou=people,dc=mgrote,dc=net
|
||||||
|
password: '{{ lookup('viczem.keepass.keepass', 'lldap_authelia_bind_user', 'password') }}'
|
|
@ -1,8 +0,0 @@
|
||||||
---
|
|
||||||
users:
|
|
||||||
authelia:
|
|
||||||
displayname: "mg"
|
|
||||||
password: "$argon2id$v=19$m=65536,t=3,p=4$QFNGrAPRPposUASpU2l4hw$pNthSP2DS1r2QoGT0k3QpU28vbsty6dNemTI+hJhPec"
|
|
||||||
email: michael.grote@posteo.de
|
|
||||||
groups:
|
|
||||||
- admins
|
|
BIN
keepass_db.kdbx
BIN
keepass_db.kdbx
Binary file not shown.
Loading…
Reference in a new issue