refactor: Consolidate Authelia configuration management and update setup scripts
Some checks failed
/ validate-docker-compose (push) Has been cancelled
Some checks failed
/ validate-docker-compose (push) Has been cancelled
- Removed outdated configuration files and scripts. - Introduced a new setup script to streamline environment and Authelia configuration updates. - Enhanced .gitignore to exclude unnecessary files. - Updated README to reflect new setup process and configuration details for Authelia v4.38+.
This commit is contained in:
52
README.md
52
README.md
@@ -154,21 +154,25 @@ After completing all [Required Setup Steps](#required-setup-steps) above, follow
|
||||
nano authelia/users_database.yml
|
||||
```
|
||||
|
||||
4. **Start the Stack:**
|
||||
4. **Run the Setup Script:**
|
||||
```bash
|
||||
# Make helper script executable (if needed)
|
||||
chmod +x ./update-config.sh
|
||||
chmod +x ./update-env.sh
|
||||
# Make the script executable
|
||||
chmod +x ./update-setup.sh
|
||||
|
||||
# Run the setup tool
|
||||
./update-setup.sh
|
||||
```
|
||||
This interactive script will guide you through:
|
||||
- Updating your `.env` file while preserving existing values
|
||||
- Configuring Authelia with your Tailscale domain settings
|
||||
- Setting up service configurations and retrieving API keys
|
||||
|
||||
5. **Start the Stack:**
|
||||
```bash
|
||||
# Start containers
|
||||
docker compose up -d
|
||||
```
|
||||
|
||||
5. **Configure Service API Keys** (after stack is running):
|
||||
```bash
|
||||
# Optional: Run config script to set API keys
|
||||
./update-config.sh
|
||||
```
|
||||
*(Wait for containers to download and start)*
|
||||
|
||||
6. **Access Your NAS:**
|
||||
- Open `https://<TAILSCALE_HOSTNAME>.<TAILSCALE_TAILNET_DOMAIN>/`
|
||||
@@ -395,13 +399,11 @@ If you are running Docker on a host with SELinux enabled (like Fedora, CentOS, R
|
||||
|
||||
### Authelia v4.38+ Configuration
|
||||
|
||||
Authelia v4.38+ introduces significant changes to its configuration structure, particularly for session domains and authentication flows. This Docker Compose template has been updated to support these changes, making it easier to set up:
|
||||
Authelia v4.38+ introduces significant changes to its configuration structure, particularly for session domains and authentication flows. The setup in this repository has been carefully configured to work with these changes:
|
||||
|
||||
1. **Simplified Configuration**: The setup now uses a more reliable approach with wildcard domain matching (`*.ts.net`) that works properly with Tailscale domains. This eliminates environment variable interpolation issues that were causing errors in previous versions.
|
||||
1. **Domain Configuration**: The configuration now properly uses the base Tailscale domain (e.g., `ts.net`) for cookies rather than a wildcard domain, which is not allowed for cookie configuration in Authelia v4.38+. Wildcards are still used in access control rules where they are permitted.
|
||||
|
||||
2. **No Manual YAML Editing Required**: You don't need to edit the Authelia configuration file manually. The important settings are configured through environment variables in the Docker Compose setup.
|
||||
|
||||
3. **Required Secret Variables**: You only need to set these four variables in your `.env` file:
|
||||
2. **Required Secret Variables**: You must set these four variables in your `.env` file:
|
||||
- `AUTHELIA_JWT_SECRET`: Used for password reset tokens
|
||||
- `AUTHELIA_SESSION_SECRET`: Used for session cookie encryption
|
||||
- `AUTHELIA_STORAGE_ENCRYPTION_KEY`: Used for database encryption
|
||||
@@ -409,16 +411,20 @@ Authelia v4.38+ introduces significant changes to its configuration structure, p
|
||||
|
||||
Generate strong random values for these with: `openssl rand -hex 32`
|
||||
|
||||
4. **File Permissions Fixed**: The Authelia container now runs with your user ID and group ID, preventing permission issues when managing the configuration files with git or other tools.
|
||||
3. **Automatic Domain Setup**: The `update-setup.sh` script automatically:
|
||||
- Extracts your Tailscale base domain (e.g., `ts.net`) from your `.env` file
|
||||
- Configures cookie domains properly without wildcards
|
||||
- Sets the correct URLs based on your Tailscale hostname
|
||||
|
||||
5. **Common Error Solutions**: If you encounter configuration errors like these:
|
||||
```
|
||||
error decoding 'session.cookies[0].authelia_url': could not decode 'https://${APP_HOSTNAME}'
|
||||
can't be specified at the same time: option 'domain' and option 'cookies'
|
||||
```
|
||||
The solution is already implemented in the updated configuration. No manual fixes needed.
|
||||
4. **File Permissions**: The Authelia container runs with your user ID and group ID, preventing permission issues when managing the configuration files with git or other tools.
|
||||
|
||||
If you need to make changes to the domain settings for some reason, edit `authelia/configuration.yml` and modify the `*.ts.net` wildcard pattern to match your specific domain. For most setups using Tailscale, the default configuration will work without any changes.
|
||||
If you encounter any of these common errors, running the setup script should resolve them:
|
||||
```
|
||||
error: option 'domain' must be the domain you wish to protect not a wildcard domain
|
||||
error: option 'authelia_url' does not share a cookie scope with domain
|
||||
error: can't be specified at the same time: option 'domain' and option 'cookies'
|
||||
configuration key 'jwt_secret' is deprecated in 4.38.0
|
||||
```
|
||||
|
||||
After making changes to the configuration, restart Authelia with:
|
||||
```bash
|
||||
|
||||
Reference in New Issue
Block a user