replace nforwardauth with authelia #231

Merged
mg merged 45 commits from authelia into master 2024-11-10 12:53:46 +01:00
3 changed files with 89 additions and 26 deletions
Showing only changes of commit 92585e3412 - Show all commits

View file

@ -0,0 +1,51 @@
---
server.host: 0.0.0.0
server.port: 9091
log:
level: debug
jwt_secret: c50498e29383564cd50bdeda9b74a3bf
totp:
issuer: totp.mgrote.net
authentication_backend:
file:
path: /config/users_database.yml
access_control:
default_policy: deny
rules:
- domain: wiki.mgrote.net
policy: one_factor
session:
name: authelia_session
secret: unsecure_session_secret
expiration: 3600 # 1 hour
inactivity: 300 # 5 minutes
domain: mgrote.net # Should match whatever your root protected domain is
redis:
host: authelia-redis
port: 6379
regulation:
max_retries: 3
find_time: 120
ban_time: 300
storage:
encryption_key: f30ebde68b2c85c1b3fe2d16d9884190
local:
path: /data/db.sqlite3
# db auf mariadb ändern
#notifier:
# smtp:
# username: apikey
# password: secret
# host: smtp.sendgrid.net
# port: 587
# sender: no-reply@mydomain.com
#configuration

View file

@ -24,35 +24,37 @@ services:
interval: 30s
timeout: 10s
retries: 3
######## nforwardauth ########
nforwardauth:
######## authelia ########
authelia:
image: authelia/authelia:4.38.17
container_name: authelia
restart: unless-stopped
pull_policy: missing
image: "nosduco/nforwardauth:v1.4.0"
container_name: traefik-nforwardauth
environment:
TOKEN_SECRET: "{{ lookup('viczem.keepass.keepass', 'nforwardauth_token_secret', 'password') }}"
AUTH_HOST: auth.mgrote.net
labels:
traefik.enable: true
traefik.http.routers.nforwardauth.rule: Host(`auth.mgrote.net`)
traefik.http.middlewares.nforwardauth.forwardauth.address: http://nforwardauth:3000
traefik.http.services.nforwardauth.loadbalancer.server.port: 3000
traefik.http.routers.nforwardauth.tls: true
traefik.http.routers.nforwardauth.tls.certresolver: resolver_letsencrypt
traefik.http.routers.nforwardauth.entrypoints: entry_https
TZ: Europe/Berlin
volumes:
- "./passwd:/passwd:ro" # Mount local passwd file at /passwd as read only
networks:
- traefik
healthcheck:
test: ["CMD", "wget", "--quiet", "--spider", "--tries=1", "http://127.0.0.1:3000/login"]
interval: 10s
timeout: 5s
retries: 3
- ./configuration.yml:/config/configuration.yml
- authelia_data:/data
labels:
traefik.enable: true'
traefik.http.routers.authelia.rule: Host(`auth.mgrote.net`)
traefik.http.services.authelia.loadbalancer.server.port: 80
traefik.http.routers.authelia.tls: true
traefik.http.routers.authelia.tls.certresolver: resolver_letsencrypt
traefik.http.routers.authelia.entrypoints: entry_https
traefik.http.middlewares.authelia.forwardauth.address: http://authelia-service:9091/api/verify?rd=https://auth.mgrote.net'
traefik.http.middlewares.authelia.forwardauth.trustForwardHeader: true'
traefik.http.middlewares.authelia.forwardauth.authResponseHeaders: Remote-User,Remote-Groups,Remote-Name,Remote-Email'
depends_on:
- authelia-redis
authelia-redis: # version!!!!
image: redis:7
container_name: authelia-redis
restart: unless-stopped
pull_policy: missing
environment:
TZ: Europe/Berlin
######## Networks ########
networks:
@ -61,7 +63,18 @@ networks:
######## Volumes ########
volumes:
acme_data:
authelia_data:
# passwd
# echo "<user>:$(mkpasswd -m sha-512 <password>)"
# TODO
# ldap user: https://www.authelia.com/configuration/first-factor/ldap/
# test mit whoami
# doku: https://ruanbekker.hashnode.dev/sso-with-authelia-using-traefik-on-docker
# healtchecks
# munin
# keepass aufraumen

View file

@ -1 +0,0 @@
{{ lookup('viczem.keepass.keepass', 'nforwardauth-mg-hash', 'password') }}