From 461a0dc1103653e5dc0b44dc809c0a6925f54378 Mon Sep 17 00:00:00 2001 From: aki Date: Fri, 25 Apr 2025 23:40:25 +0800 Subject: [PATCH] fix(authelia): Update configuration for v4.38+ compatibility and remove deprecated variables --- .env.example | 15 ++++++++------- README.md | 18 ++++++++++++++++++ authelia/configuration.yml | 12 +++++------- docker-compose.yml | 5 ++--- 4 files changed, 33 insertions(+), 17 deletions(-) diff --git a/.env.example b/.env.example index 06df216..2912b0a 100644 --- a/.env.example +++ b/.env.example @@ -63,14 +63,15 @@ HOMEPAGE_VAR_WEATHER_UNIT=metric # --- Authelia Settings --- # Generate strong random secrets for these using tools like `openssl rand -hex 32` -AUTHELIA_JWT_SECRET= # Example: your_strong_jwt_secret -AUTHELIA_SESSION_SECRET= # Example: your_strong_session_secret -AUTHELIA_STORAGE_ENCRYPTION_KEY= # Example: your_strong_storage_encryption_key -AUTHELIA_REDIS_PASSWORD= # Example: your_strong_redis_password +AUTHELIA_JWT_SECRET= # Used for password reset functionality (also mapped to AUTHELIA_IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET in 4.38+) +AUTHELIA_SESSION_SECRET= # Secret for session cookies +AUTHELIA_STORAGE_ENCRYPTION_KEY= # For encrypting stored data +AUTHELIA_REDIS_PASSWORD= # Used as AUTHELIA_SESSION_REDIS_PASSWORD in 4.38+ -# Authelia Session Configuration (Note: These may be less relevant with config v4.38+ structure) -AUTHELIA_SESSION_DOMAIN=${APP_HOSTNAME} -AUTHELIA_DEFAULT_REDIRECT_URL=https://${APP_HOSTNAME}/home +# Note: The following variables are no longer needed with Authelia 4.38+ and the updated configuration +# They are preserved for backward compatibility but will be automatically mapped to the new structure +# AUTHELIA_SESSION_DOMAIN=${APP_HOSTNAME} +# AUTHELIA_DEFAULT_REDIRECT_URL=https://${APP_HOSTNAME}/home # --- API Keys & Integration Tokens (Optional - Mainly for Homepage Widgets) --- # Find API keys within each application's settings (usually Settings > General or Security) diff --git a/README.md b/README.md index d6db25a..2b9bab4 100644 --- a/README.md +++ b/README.md @@ -27,6 +27,7 @@ The core idea is to manage media libraries (movies, TV shows, music), automate d - [Optional Services](#optional-services) - [Troubleshooting](#troubleshooting) - [SELinux Socket Permissions (Docker)](#selinux-socket-permissions-docker) + - [Authelia v4.38+ Compatibility](#authelia-v438-compatibility) - [Tailscale Issues](#tailscale-issues) - [File Permissions](#file-permissions) - [Advanced Topics](#advanced-topics) @@ -350,6 +351,23 @@ If you are running Docker on a host with SELinux enabled (like Fedora, CentOS, R ``` This allows the specific actions that were being denied. You might need to repeat this if different denials appear after applying the first policy. +### Authelia v4.38+ Compatibility + +If you see errors like these in your Authelia logs: +``` +Configuration: configuration key not expected: session.domains +Configuration: configuration key not expected: session.domains[].default_redirection_url +Configuration: configuration key not expected: session.domains[].domain +Can't continue due to the errors loading the configuration +``` + +This is likely due to Authelia v4.38+ changing the session domain configuration format. The stack has been updated to use the new `cookies` configuration structure: +- Updated `authelia/configuration.yml` with new session cookies structure +- Environment variables in Docker Compose are remapped to the new format +- Old environment variables like `AUTHELIA_DEFAULT_REDIRECT_URL` are no longer directly used + +**Fix:** Update your `authelia/configuration.yml` with the latest version from the repository. See the configuration file for the current correct format. + ### Tailscale Issues * **Authentication:** Ensure your `TAILSCALE_AUTHKEY` in `.env` is valid and hasn't expired (especially if using ephemeral keys). Check the `tailscale` container logs (`docker compose logs tailscale`) for authentication errors. diff --git a/authelia/configuration.yml b/authelia/configuration.yml index 53cdd1d..dec6322 100644 --- a/authelia/configuration.yml +++ b/authelia/configuration.yml @@ -12,7 +12,7 @@ log: level: info format: text # or json -# Session configuration using the new 'domains' list format +# Session configuration for v4.38+ session: name: authelia_session secret: ${AUTHELIA_SESSION_SECRET} @@ -25,12 +25,10 @@ session: # Set password directly here instead of relying on potentially problematic env var password: ${AUTHELIA_REDIS_PASSWORD} database_index: 0 - # Define session domains explicitly - domains: - - domain: ${APP_HOSTNAME} # Use the renamed variable from .env - default_redirection_url: https://${APP_HOSTNAME}/home # Default redirect after login - # Optional: Define specific Authelia portal URL if different from domain root - # authelia_url: https://${APP_HOSTNAME}/ + cookies: + - domain: ${APP_HOSTNAME} + authelia_url: https://${APP_HOSTNAME} + default_redirection_url: https://${APP_HOSTNAME}/home # Regulation (brute force protection) regulation: diff --git a/docker-compose.yml b/docker-compose.yml index cb59bea..3274276 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -49,9 +49,8 @@ services: - AUTHELIA_JWT_SECRET=${AUTHELIA_JWT_SECRET} - AUTHELIA_SESSION_SECRET=${AUTHELIA_SESSION_SECRET} - AUTHELIA_STORAGE_ENCRYPTION_KEY=${AUTHELIA_STORAGE_ENCRYPTION_KEY} - - AUTHELIA_REDIS_PASSWORD=${AUTHELIA_REDIS_PASSWORD} - - AUTHELIA_SESSION_DOMAIN=${AUTHELIA_SESSION_DOMAIN} - - AUTHELIA_DEFAULT_REDIRECT_URL=${AUTHELIA_DEFAULT_REDIRECT_URL} + - AUTHELIA_IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET=${AUTHELIA_JWT_SECRET} + - AUTHELIA_SESSION_REDIS_PASSWORD=${AUTHELIA_REDIS_PASSWORD} - TZ=${TIMEZONE} labels: - traefik.enable=true