fix(authelia): Update configuration and setup script for Tailscale domain handling in Authelia v4.38+
Some checks failed
/ validate-docker-compose (push) Has been cancelled
Some checks failed
/ validate-docker-compose (push) Has been cancelled
This commit is contained in:
13
README.md
13
README.md
@@ -401,7 +401,10 @@ If you are running Docker on a host with SELinux enabled (like Fedora, CentOS, R
|
||||
|
||||
Authelia v4.38+ introduces significant changes to its configuration structure, particularly for session domains and authentication flows. The setup in this repository has been carefully configured to work with these changes:
|
||||
|
||||
1. **Domain Configuration**: The configuration now properly uses the base Tailscale domain (e.g., `ts.net`) for cookies rather than a wildcard domain, which is not allowed for cookie configuration in Authelia v4.38+. Wildcards are still used in access control rules where they are permitted.
|
||||
1. **Domain Configuration**:
|
||||
- You must use your specific Tailnet domain (e.g., `example.ts.net`) for cookies, not just `ts.net`
|
||||
- The domain `ts.net` is part of the [Public Suffix List](https://publicsuffix.org/), which means browsers restrict cookies on it for security reasons
|
||||
- Authelia will refuse to start if you try to use a domain from this list
|
||||
|
||||
2. **Required Secret Variables**: You must set these four variables in your `.env` file:
|
||||
- `AUTHELIA_JWT_SECRET`: Used for password reset tokens
|
||||
@@ -412,15 +415,15 @@ Authelia v4.38+ introduces significant changes to its configuration structure, p
|
||||
Generate strong random values for these with: `openssl rand -hex 32`
|
||||
|
||||
3. **Automatic Domain Setup**: The `update-setup.sh` script automatically:
|
||||
- Extracts your Tailscale base domain (e.g., `ts.net`) from your `.env` file
|
||||
- Configures cookie domains properly without wildcards
|
||||
- Sets the correct URLs based on your Tailscale hostname
|
||||
- Uses your specific Tailnet domain (e.g., `example.ts.net`) from your `.env` file
|
||||
- Configures cookie domains properly to avoid Public Suffix List issues
|
||||
- Sets up proper access control rules for both your domain and its subdomains
|
||||
|
||||
4. **File Permissions**: The Authelia container runs with your user ID and group ID, preventing permission issues when managing the configuration files with git or other tools.
|
||||
|
||||
If you encounter any of these common errors, running the setup script should resolve them:
|
||||
```
|
||||
error: option 'domain' must be the domain you wish to protect not a wildcard domain
|
||||
error: option 'domain' is not a valid cookie domain: the domain is part of the special public suffix list
|
||||
error: option 'authelia_url' does not share a cookie scope with domain
|
||||
error: can't be specified at the same time: option 'domain' and option 'cookies'
|
||||
configuration key 'jwt_secret' is deprecated in 4.38.0
|
||||
|
||||
Reference in New Issue
Block a user