akippnn/docker-compose-nas
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

feat!: Use Authelia authentication to protect endpoints

Browse Source 
- Uses Authelia as an authentication middleware and access control, with sensible policy
- Redis as Authelia's backend for session data
- Add https-proto middleware
- Add/update example files
This commit is contained in:
Jose Daniel G. Percy
2025-04-26 17:53:18 +08:00
parent cf78372b71
commit 67ff6d585c
5 changed files with 280 additions and 56 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
.env.example
View File

@@ -36,9 +36,10 @@ TAILSCALE_TAGS=tag:nas
# Enable Tailscale Funnel (public access) for HTTPS? Set to 'true' or 'false'. 'false' uses Serve (Tailnet only, recommended).
ENABLE_FUNNEL_HTTPS=false
# --- Primary Hostname ---
# Primary hostname used by Traefik for routing. Derived from Tailscale settings by default.
HOSTNAME=${TAILSCALE_HOSTNAME}.${TAILSCALE_TAILNET_DOMAIN}
# --- Primary Application Hostname ---
# Primary hostname used by Traefik/Authelia. Derived from Tailscale settings by default.
# Renamed from HOSTNAME to avoid collision with host system environment variable.
APP_HOSTNAME=${TAILSCALE_HOSTNAME}.${TAILSCALE_TAILNET_DOMAIN}
# --- Application Credentials ---
# qBittorrent Web UI Credentials (change default!)
@@ -62,18 +63,16 @@ HOMEPAGE_VAR_WEATHER_UNIT=metric
# --- Authelia Settings ---
# Generate strong random secrets for these using tools like `openssl rand -hex 32`
AUTHELIA_JWT_SECRET= # Example: your_strong_jwt_secret
AUTHELIA_SESSION_SECRET= # Example: your_strong_session_secret
AUTHELIA_STORAGE_ENCRYPTION_KEY= # Example: your_strong_storage_encryption_key
AUTHELIA_REDIS_PASSWORD= # Example: your_strong_redis_password
# These are all REQUIRED for Authelia to function properly
AUTHELIA_JWT_SECRET= # Secret used for JWT tokens (password reset, etc)
AUTHELIA_SESSION_SECRET= # Secret for encrypting session cookies
AUTHELIA_STORAGE_ENCRYPTION_KEY= # Secret for encrypting stored data
AUTHELIA_REDIS_PASSWORD= # Password for Redis session storage
# Google OIDC Provider Settings (Get from Google Cloud Console - https://console.cloud.google.com/apis/credentials)
AUTHELIA_GOOGLE_OIDC_CLIENT_ID= # Example: your-google-client-id.apps.googleusercontent.com
AUTHELIA_GOOGLE_OIDC_CLIENT_SECRET= # Example: GOCSPX-your-google-client-secret
# Authelia Session Configuration
AUTHELIA_SESSION_DOMAIN=${TAILSCALE_HOSTNAME}.${TAILSCALE_TAILNET_DOMAIN}
AUTHELIA_DEFAULT_REDIRECT_URL=https://${TAILSCALE_HOSTNAME}.${TAILSCALE_TAILNET_DOMAIN}/home
# Note: The following variables are no longer needed with Authelia 4.38+ and the updated configuration
# They are preserved for backward compatibility but will be automatically mapped to the new structure
# AUTHELIA_SESSION_DOMAIN=${APP_HOSTNAME}
# AUTHELIA_DEFAULT_REDIRECT_URL=https://${APP_HOSTNAME}/home
# --- API Keys & Integration Tokens (Optional - Mainly for Homepage Widgets) ---
# Find API keys within each application's settings (usually Settings > General or Security)