services: add Authelia
This commit is contained in:
parent
13c6828ecd
commit
46ab4acf42
4
authelia/authelia.env
Normal file
4
authelia/authelia.env
Normal file
|
@ -0,0 +1,4 @@
|
|||
TZ=Europe/Paris
|
||||
AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE=/config/secrets/smtp
|
||||
AUTHELIA_JWT_SECRET_FILE=/config/secrets/jwt
|
||||
AUTHELIA_SESSION_SECRET_FILE=/config/secrets/session
|
49
authelia/configuration.yml
Normal file
49
authelia/configuration.yml
Normal file
|
@ -0,0 +1,49 @@
|
|||
host: 0.0.0.0
|
||||
port: 9091
|
||||
log_level: debug
|
||||
# This secret can also be set using the env variables AUTHELIA_JWT_SECRET_FILE
|
||||
#jwt_secret: a_very_important_secret
|
||||
default_redirection_url: https://belanyi.fr
|
||||
totp:
|
||||
issuer: authelia.belanyi.fr
|
||||
|
||||
authentication_backend:
|
||||
file:
|
||||
path: /config/users_database.yml
|
||||
password:
|
||||
algorithm: argon2id
|
||||
iterations: 1
|
||||
salt_length: 16
|
||||
parallelism: 8
|
||||
memory: 1024
|
||||
|
||||
access_control:
|
||||
default_policy: two_factor
|
||||
rules:
|
||||
# Declare domain and policy for an override
|
||||
|
||||
session:
|
||||
name: authelia_session
|
||||
# This secret can also be set using the env variables AUTHELIA_SESSION_SECRET_FILE
|
||||
#secret: unsecure_session_secret
|
||||
expiration: 3600 # 1 hour
|
||||
inactivity: 300 # 5 minutes
|
||||
domain: belanyi.fr # Should match whatever your root protected domain is
|
||||
|
||||
regulation:
|
||||
max_retries: 3
|
||||
find_time: 120
|
||||
ban_time: 300
|
||||
|
||||
storage:
|
||||
local:
|
||||
path: /config/db.sqlite3
|
||||
|
||||
notifier:
|
||||
smtp:
|
||||
username: brunobelanyi@gmail.com
|
||||
# Password can also be set using a secret: https://docs.authelia.com/configuration/secrets.html
|
||||
#password: yourapppassword
|
||||
sender: authelia@belanyi.fr
|
||||
host: smtp.gmail.com
|
||||
port: 587
|
8
authelia/users_database.yml
Normal file
8
authelia/users_database.yml
Normal file
|
@ -0,0 +1,8 @@
|
|||
users:
|
||||
Ambroisie:
|
||||
displayname: "Bruno BELANYI"
|
||||
password: "$argon2id$v=19$m=1048576,p=8$IcNVZ732CMoCSof6$h5zBFhd3t1d9Mx11uW+BahR6kGAaN59RQZwW9i3Nq9Q"
|
||||
email: brunobelanyi@gmail.com
|
||||
groups:
|
||||
- admins
|
||||
- dev
|
|
@ -15,6 +15,17 @@ services:
|
|||
- 80:80
|
||||
- 443:443
|
||||
|
||||
authelia:
|
||||
image: authelia/authelia
|
||||
container_name: authelia
|
||||
restart: unless-stopped
|
||||
env_file:
|
||||
- ./authelia/authelia.env
|
||||
volumes:
|
||||
- ./authelia:/config
|
||||
expose:
|
||||
- 9091
|
||||
|
||||
freshrss:
|
||||
image: linuxserver/freshrss
|
||||
container_name: freshrss
|
||||
|
|
27
letsencrypt/nginx/proxy-confs/authelia.subdomain.conf
Normal file
27
letsencrypt/nginx/proxy-confs/authelia.subdomain.conf
Normal file
|
@ -0,0 +1,27 @@
|
|||
# make sure that your dns has a cname set for authelia
|
||||
# the default authelia-server and authelia-location confs included with letsencrypt rely on
|
||||
# subfolder proxy at "/authelia" and enabling of this proxy conf is not necessary.
|
||||
# But if you'd like to use authelia via subdomain, you can enable this proxy and set up your own
|
||||
# authelia-server and authelia-location confs as described in authelia docs.
|
||||
|
||||
server {
|
||||
listen 443 ssl;
|
||||
listen [::]:443 ssl;
|
||||
|
||||
server_name auth.*;
|
||||
|
||||
include /config/nginx/ssl.conf;
|
||||
|
||||
client_max_body_size 0;
|
||||
|
||||
location / {
|
||||
|
||||
include /config/nginx/proxy.conf;
|
||||
resolver 127.0.0.11 valid=30s;
|
||||
set $upstream_app authelia;
|
||||
set $upstream_port 9091;
|
||||
set $upstream_proto http;
|
||||
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
|
||||
|
||||
}
|
||||
}
|
Reference in a new issue