From 186f7df39e247e08bf038d95af77b33c9f57f614 Mon Sep 17 00:00:00 2001 From: meftimes Date: Mon, 7 Aug 2023 10:42:56 -0400 Subject: [PATCH] added authelia --- authelia/authelia.yml | 30 +++++++ authelia/config/authelia_jwt_secret | 1 + authelia/config/authelia_session_secret | 1 + .../config/authelia_storage_encryption_key | 1 + authelia/config/configuration.yml | 80 +++++++++++++++++++ authelia/config/users_database.yml | 16 ++++ 6 files changed, 129 insertions(+) create mode 100644 authelia/authelia.yml create mode 100644 authelia/config/authelia_jwt_secret create mode 100644 authelia/config/authelia_session_secret create mode 100644 authelia/config/authelia_storage_encryption_key create mode 100644 authelia/config/configuration.yml create mode 100644 authelia/config/users_database.yml diff --git a/authelia/authelia.yml b/authelia/authelia.yml new file mode 100644 index 0000000..f7e3918 --- /dev/null +++ b/authelia/authelia.yml @@ -0,0 +1,30 @@ +version: '3' + +services: + authelia: + image: authelia/authelia + container_name: authelia + volumes: + - ./config:/config + networks: + - proxy + labels: + - 'traefik.enable=true' + - 'traefik.http.routers.authelia.entrypoints=websecure' + - 'traefik.http.routers.authelia.rule=Host(`authelia.meftimes.com`)' + - 'traefik.http.routers.authelia.tls.certresolver=letsencrypt' + - 'traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/verify?rd=https://authelia.meftimes.com' + - 'traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true' + - 'traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email' + - 'traefik.http.services.authelia.loadbalancer.server.port=9091' + restart: unless-stopped + environment: + - TZ=America/New_York + - AUTHELIA_JWT_SECRET_FILE=/config/authelia_jwt_secret + - AUTHELIA_SESSION_SECRET_FILE=/config/authelia_session_secret + - AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE=/config/authelia_storage_encryption_key + healthcheck: + disable: true +networks: + proxy: + external: true diff --git a/authelia/config/authelia_jwt_secret b/authelia/config/authelia_jwt_secret new file mode 100644 index 0000000..d9b17e6 --- /dev/null +++ b/authelia/config/authelia_jwt_secret @@ -0,0 +1 @@ +jwt_secret=secret_goes_here diff --git a/authelia/config/authelia_session_secret b/authelia/config/authelia_session_secret new file mode 100644 index 0000000..9447d0a --- /dev/null +++ b/authelia/config/authelia_session_secret @@ -0,0 +1 @@ +session.secret=secret_goes_here diff --git a/authelia/config/authelia_storage_encryption_key b/authelia/config/authelia_storage_encryption_key new file mode 100644 index 0000000..54438be --- /dev/null +++ b/authelia/config/authelia_storage_encryption_key @@ -0,0 +1 @@ +storage.encryption_key=key_goes_here diff --git a/authelia/config/configuration.yml b/authelia/config/configuration.yml new file mode 100644 index 0000000..31a3bf3 --- /dev/null +++ b/authelia/config/configuration.yml @@ -0,0 +1,80 @@ +--- +############################################################### +# Authelia configuration # +############################################################### + +server: + host: 0.0.0.0 + port: 9091 +log: + level: debug +theme: dark +# This secret can also be set using the env variables AUTHELIA_JWT_SECRET_FILE +#jwt_secret: a_very_important_secret +default_redirection_url: https://authelia.meftimes.com +totp: + issuer: authelia.com + +# duo_api: +# hostname: api-123456789.example.com +# integration_key: ABCDEF +# # This secret can also be set using the env variables AUTHELIA_DUO_API_SECRET_KEY_FILE +# secret_key: 1234567890abcdefghifjkl + +authentication_backend: + file: + path: /config/users_database.yml + password: + algorithm: argon2id + iterations: 1 + salt_length: 16 + parallelism: 8 + memory: 64 + +access_control: + default_policy: deny + rules: + # Rules applied to everyone + - domain: meftimes.com + policy: bypass + # - domain: traefik.meftimes.com + # policy: one_factor + # - domain: transmission.meftimes.com + # policy: two_factor + - domain: "*.meftimes.com" + policy: two_factor + +session: + name: authelia_session + # This secret can also be set using the env variables AUTHELIA_SESSION_SECRET_FILE + #secret: unsecure_session_secret + expiration: 3600 # 1 hour + inactivity: 300 # 5 minutes + domain: meftimes.com # Should match whatever your root protected domain is + + # redis: + # host: redis + # port: 6379 + # # This secret can also be set using the env variables AUTHELIA_SESSION_REDIS_PASSWORD_FILE + # # password: authelia + +regulation: + max_retries: 3 + find_time: 120 + ban_time: 300 + +storage: + #encryption_key: a_very_important_secret # Now required + local: + path: /config/db.sqlite3 + +notifier: + # smtp: + # username: test + # # This secret can also be set using the env variables AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE + # password: password + # host: mail.example.com + # port: 25 + # sender: admin@example.com + filesystem: + filename: /config/notification.txt diff --git a/authelia/config/users_database.yml b/authelia/config/users_database.yml new file mode 100644 index 0000000..c9c195a --- /dev/null +++ b/authelia/config/users_database.yml @@ -0,0 +1,16 @@ +--- +############################################################### +# Users Database # +############################################################### + +# This file can be used if you do not have an LDAP set up. + +# List of users +users: + meftimes: + displayname: "meftimes" + password: "argon2id_goes_here_see_authelia_documentation" + email: all.other@slmail.me + groups: + - admins + - dev