aki/docker-compose-nas
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

fix(authelia): Adjust configuration for Tailscale domain handling and simplify session settings

Browse Source
This commit is contained in:
Jose Daniel G. Percy 2025-04-26 00:18:57 +08:00
parent 09b20f71fc
commit 6b1a8b7d45
2 changed files with 18 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
authelia/configuration.yml
View File

@ -1,14 +1,14 @@
# Authelia Configuration File v4.38+ # Authelia Configuration File v4.38+
# Documentation: https://www.authelia.com/configuration/ # Documentation: https://www.authelia.com/configuration/
# Server settings using the new 'address' format # Server settings
server: server:
address: 'tcp://0.0.0.0:9091' # Listen on all interfaces, port 9091 address: 'tcp://0.0.0.0:9091'
# Logging configuration # Logging configuration
log: log:
level: info level: info
format: text # or json format: text
# Session configuration for v4.38+ # Session configuration for v4.38+
session: session:
@ -22,10 +22,11 @@ session:
password: ${AUTHELIA_SESSION_REDIS_PASSWORD} password: ${AUTHELIA_SESSION_REDIS_PASSWORD}
database_index: 0 database_index: 0
cookies: cookies:
# Use the wildcard domain pattern to match all subdomains # Using a wildcard domain pattern - works for Tailscale domains
- domain: ${AUTHELIA_SESSION_DOMAIN} - domain: '*.ts.net'
authelia_url: ${AUTHELIA_DEFAULT_REDIRECTION_URL} authelia_url: 'https://tailscale-nas.ts.net'
default_redirection_url: ${AUTHELIA_DEFAULT_REDIRECTION_URL} default_redirection_url: 'https://tailscale-nas.ts.net/home'
same_site: lax
# Regulation (brute force protection) # Regulation (brute force protection)
regulation: regulation:
@ -44,19 +45,20 @@ authentication_backend:
file: file:
path: /config/users_database.yml path: /config/users_database.yml
password: password:
algorithm: argon2id # Recommended hashing algorithm algorithm: argon2id
iterations: 1 iterations: 1
memory: 1024 # MiB memory: 1024
parallelism: 8 parallelism: 8
salt_length: 16 salt_length: 16
key_length: 32 key_length: 32
# Access control rules # Access control rules
access_control: access_control:
default_policy: deny # Deny access by default default_policy: deny
rules: rules:
- domain: ${AUTHELIA_SESSION_DOMAIN} # This will match any Tailscale domain
policy: one_factor # Requires username/password - domain: '*.ts.net'
policy: one_factor
# Notifier configuration # Notifier configuration
notifier: notifier:
@ -70,4 +72,4 @@ identity_validation:
# Identity Providers # Identity Providers
identity_providers: identity_providers:
oidc: null # Explicitly disable OIDC oidc: null

8
docker-compose.yml
View File

@ -47,16 +47,14 @@ services:
volumes: volumes:
- ${CONFIG_ROOT:-.}/authelia:/config:Z - ${CONFIG_ROOT:-.}/authelia:/config:Z
environment: environment:
# Core secrets and keys # Core secrets
- AUTHELIA_JWT_SECRET=${AUTHELIA_JWT_SECRET} - AUTHELIA_JWT_SECRET=${AUTHELIA_JWT_SECRET}
- AUTHELIA_SESSION_SECRET=${AUTHELIA_SESSION_SECRET} - AUTHELIA_SESSION_SECRET=${AUTHELIA_SESSION_SECRET}
- AUTHELIA_STORAGE_ENCRYPTION_KEY=${AUTHELIA_STORAGE_ENCRYPTION_KEY} - AUTHELIA_STORAGE_ENCRYPTION_KEY=${AUTHELIA_STORAGE_ENCRYPTION_KEY}
- AUTHELIA_SESSION_REDIS_PASSWORD=${AUTHELIA_REDIS_PASSWORD} - AUTHELIA_SESSION_REDIS_PASSWORD=${AUTHELIA_REDIS_PASSWORD}
# Only environment variable needed for identity validation
- AUTHELIA_IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET=${AUTHELIA_JWT_SECRET} - AUTHELIA_IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET=${AUTHELIA_JWT_SECRET}
# Domain settings extracted from APP_HOSTNAME # Timezone
- AUTHELIA_SESSION_DOMAIN=${APP_HOSTNAME}
- AUTHELIA_SERVER_DOMAIN=${APP_HOSTNAME}
- AUTHELIA_DEFAULT_REDIRECTION_URL=https://${APP_HOSTNAME}/home
- TZ=${TIMEZONE} - TZ=${TIMEZONE}
labels: labels:
- traefik.enable=true - traefik.enable=true