added authelia

authelia/authelia.yml

@@ -0,0 +1,30 @@
+version: '3'
+
+services:
+  authelia:
+    image: authelia/authelia
+    container_name: authelia
+    volumes:
+      - ./config:/config
+    networks:
+      - proxy
+    labels:
+      - 'traefik.enable=true'
+      - 'traefik.http.routers.authelia.entrypoints=websecure'
+      - 'traefik.http.routers.authelia.rule=Host(`authelia.meftimes.com`)'
+      - 'traefik.http.routers.authelia.tls.certresolver=letsencrypt'
+      - 'traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/verify?rd=https://authelia.meftimes.com'
+      - 'traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true'
+      - 'traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email'
+      - 'traefik.http.services.authelia.loadbalancer.server.port=9091'
+    restart: unless-stopped
+    environment:
+      - TZ=America/New_York
+      - AUTHELIA_JWT_SECRET_FILE=/config/authelia_jwt_secret
+      - AUTHELIA_SESSION_SECRET_FILE=/config/authelia_session_secret
+      - AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE=/config/authelia_storage_encryption_key
+    healthcheck:
+      disable: true
+networks:
+  proxy:
+    external: true

authelia/config/authelia_jwt_secret

@@ -0,0 +1 @@
+jwt_secret=secret_goes_here

authelia/config/authelia_session_secret

@@ -0,0 +1 @@
+session.secret=secret_goes_here

authelia/config/authelia_storage_encryption_key

@@ -0,0 +1 @@
+storage.encryption_key=key_goes_here

authelia/config/configuration.yml

@@ -0,0 +1,80 @@
+---
+###############################################################
+#                   Authelia configuration                    #
+###############################################################
+
+server:
+  host: 0.0.0.0
+  port: 9091
+log:
+  level: debug
+theme: dark
+# This secret can also be set using the env variables AUTHELIA_JWT_SECRET_FILE
+#jwt_secret: a_very_important_secret
+default_redirection_url: https://authelia.meftimes.com
+totp:
+  issuer: authelia.com
+
+# duo_api:
+#  hostname: api-123456789.example.com
+#  integration_key: ABCDEF
+#  # This secret can also be set using the env variables AUTHELIA_DUO_API_SECRET_KEY_FILE
+#  secret_key: 1234567890abcdefghifjkl
+
+authentication_backend:
+  file:
+    path: /config/users_database.yml
+    password:
+      algorithm: argon2id
+      iterations: 1
+      salt_length: 16
+      parallelism: 8
+      memory: 64
+      
+access_control:
+  default_policy: deny
+  rules:
+    # Rules applied to everyone
+    - domain: meftimes.com
+      policy: bypass
+        #    - domain: traefik.meftimes.com
+        #      policy: one_factor
+        #    - domain: transmission.meftimes.com
+        #      policy: two_factor
+    - domain: "*.meftimes.com"
+      policy: two_factor
+
+session:
+  name: authelia_session
+  # This secret can also be set using the env variables AUTHELIA_SESSION_SECRET_FILE
+  #secret: unsecure_session_secret
+  expiration: 3600  # 1 hour
+  inactivity: 300  # 5 minutes
+  domain: meftimes.com  # Should match whatever your root protected domain is
+
+  # redis:
+  #   host: redis
+  #   port: 6379
+  #   # This secret can also be set using the env variables AUTHELIA_SESSION_REDIS_PASSWORD_FILE
+  #   # password: authelia
+
+regulation:
+  max_retries: 3
+  find_time: 120
+  ban_time: 300
+
+storage:
+  #encryption_key: a_very_important_secret # Now required
+  local:
+    path: /config/db.sqlite3
+
+notifier:
+  # smtp:
+  #   username: test
+  #   # This secret can also be set using the env variables AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE
+  #   password: password
+  #   host: mail.example.com
+  #   port: 25
+  #   sender: admin@example.com
+  filesystem:
+    filename: /config/notification.txt

authelia/config/users_database.yml

@@ -0,0 +1,16 @@
+---
+###############################################################
+#                         Users Database                      #
+###############################################################
+
+# This file can be used if you do not have an LDAP set up.
+
+# List of users
+users:
+  meftimes:
+    displayname: "meftimes"
+    password: "argon2id_goes_here_see_authelia_documentation" 
+    email: all.other@slmail.me
+    groups:
+      - admins
+      - dev