Docker - Authelia
About
Authelia is an open-source authentication and authorization server and portal fulfilling the identity and access management (IAM) role of information security in providing multi-factor authentication and single sign-on (SSO) for your applications via a web portal. It acts as a companion for common reverse proxies.
Requirements
-
Host with Public IP & Docker Running
-
Port 80 & 443 Public Reachable
-
FQDN pointing to your IP Adress. Best is a Wildcard Record like *.your.host.de -> 1.2.3.4
Clone the Repo
git clone https://github.com/authelia/authelia.git
cd examples/compose/lite
Update docker-compose.yml
- edit TimeZone
- edit Domain Name
sed -i 's#TZ=Australia/Melbourne#TZ=Europe/Zurich#g' docker-compose.yml
sed -i 's/example.com/your.domain.de/g' docker-compose.yml
Update Configuration File
- set all secrets
- set notifier: smtp relay or local file
sed -i 's/example.com/your.domain.de/g' authelia/configuration.yml
vim authelia/configuation.yml
Set Admin User
cat << 'EOF' > authelia/users_database.yml
---
###############################################################
# Users Database #
###############################################################
# This file can be used if you do not have an LDAP set up.
# List of users
users:
admin:
disabled: false
displayname: "Admin User"
# Password is authelia
password: "$6$rounds=50000$BpLnfgDsc2WD8F2q$Zis.ixdg9s/UOJYrs56b5QEZFiZECu0qZVNsIYxBaNJ7ucIL.nlxVCT5tqh8KHG8X4tlwCFm5r6NTOZZ5qRFN/"
email: [email protected]
groups:
- admins
- dev
...
EOF
chmod 600 authelia/users_database.yml
Generate Password
you should, of course, generate you own Passwords.
# Password: password
docker run authelia/authelia:latest authelia crypto hash generate argon2 --password 'password'
# Random PW, Length 16
docker run authelia/authelia:latest authelia crypto hash generate argon2 --random --random.length 16
Build and Start Docker
docker compose up -d; docker compose logs -f
and check if all of them are running
docker compose ps
after a few Seconds, Let’s Encrypt should grab all the Certificates for your Webservers. You got now the following Services:
-
https://public.your.domain.de -> public accessible
-
https://traefik.your.domain.de -> Autheticate with Username (admin) and Password (authelia)
-
https://secure.your.domain.de -> Authenticate with 2FA -> Register your Device, Wait for Mail and Open the Link, or check the File ‘/config/notification.txt’ to the the Link and open in Browser
Happy Authelia … :)
Any Comments ?
sha256: 23e2e38cc0f8ae9c358f131d92ce84f2490b65603943c72602be6784872f5c02