services: add Authelia

This commit is contained in:
Bruno BELANYI 2020-07-16 14:00:30 +02:00
parent 13c6828ecd
commit 46ab4acf42
5 changed files with 99 additions and 0 deletions

4
authelia/authelia.env Normal file
View file

@ -0,0 +1,4 @@
TZ=Europe/Paris
AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE=/config/secrets/smtp
AUTHELIA_JWT_SECRET_FILE=/config/secrets/jwt
AUTHELIA_SESSION_SECRET_FILE=/config/secrets/session

View file

@ -0,0 +1,49 @@
host: 0.0.0.0
port: 9091
log_level: debug
# This secret can also be set using the env variables AUTHELIA_JWT_SECRET_FILE
#jwt_secret: a_very_important_secret
default_redirection_url: https://belanyi.fr
totp:
issuer: authelia.belanyi.fr
authentication_backend:
file:
path: /config/users_database.yml
password:
algorithm: argon2id
iterations: 1
salt_length: 16
parallelism: 8
memory: 1024
access_control:
default_policy: two_factor
rules:
# Declare domain and policy for an override
session:
name: authelia_session
# This secret can also be set using the env variables AUTHELIA_SESSION_SECRET_FILE
#secret: unsecure_session_secret
expiration: 3600 # 1 hour
inactivity: 300 # 5 minutes
domain: belanyi.fr # Should match whatever your root protected domain is
regulation:
max_retries: 3
find_time: 120
ban_time: 300
storage:
local:
path: /config/db.sqlite3
notifier:
smtp:
username: brunobelanyi@gmail.com
# Password can also be set using a secret: https://docs.authelia.com/configuration/secrets.html
#password: yourapppassword
sender: authelia@belanyi.fr
host: smtp.gmail.com
port: 587

View file

@ -0,0 +1,8 @@
users:
Ambroisie:
displayname: "Bruno BELANYI"
password: "$argon2id$v=19$m=1048576,p=8$IcNVZ732CMoCSof6$h5zBFhd3t1d9Mx11uW+BahR6kGAaN59RQZwW9i3Nq9Q"
email: brunobelanyi@gmail.com
groups:
- admins
- dev

View file

@ -15,6 +15,17 @@ services:
- 80:80 - 80:80
- 443:443 - 443:443
authelia:
image: authelia/authelia
container_name: authelia
restart: unless-stopped
env_file:
- ./authelia/authelia.env
volumes:
- ./authelia:/config
expose:
- 9091
freshrss: freshrss:
image: linuxserver/freshrss image: linuxserver/freshrss
container_name: freshrss container_name: freshrss

View file

@ -0,0 +1,27 @@
# make sure that your dns has a cname set for authelia
# the default authelia-server and authelia-location confs included with letsencrypt rely on
# subfolder proxy at "/authelia" and enabling of this proxy conf is not necessary.
# But if you'd like to use authelia via subdomain, you can enable this proxy and set up your own
# authelia-server and authelia-location confs as described in authelia docs.
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name auth.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
location / {
include /config/nginx/proxy.conf;
resolver 127.0.0.11 valid=30s;
set $upstream_app authelia;
set $upstream_port 9091;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}