fix(authelia): Update configuration and setup script for Tailscale domain handling in Authelia v4.38+

authelia/configuration.example.yml

@@ -22,10 +22,10 @@ session:
     password: ${AUTHELIA_SESSION_REDIS_PASSWORD}
     database_index: 0
   cookies:
-    # Using parent domain to allow proper cookie scope
-    - domain: 'ts.net'
-      authelia_url: 'https://tailscale-nas.ts.net'
-      default_redirection_url: 'https://tailscale-nas.ts.net/home'
+    # Using your specific Tailscale domain (e.g. example.ts.net) not just ts.net
+    - domain: 'your-tailnet.ts.net'
+      authelia_url: 'https://tailscale-nas.your-tailnet.ts.net'
+      default_redirection_url: 'https://tailscale-nas.your-tailnet.ts.net/home'
       same_site: lax
 
 # Regulation (brute force protection)
@@ -56,8 +56,11 @@ authentication_backend:
 access_control:
   default_policy: deny
   rules:
-    # This will match any Tailscale domain - using wildcard with domains is allowed in rules
-    - domain: '*.ts.net'
+    # This will match any subdomain of your specific Tailscale domain
+    - domain: '*.your-tailnet.ts.net'
+      policy: one_factor
+    # Also match the main domain without subdomain
+    - domain: 'your-tailnet.ts.net'
       policy: one_factor
 
 # Notifier configuration