feat!: Add Authelia for authentication and Redis for session storage
Some checks failed
/ validate-docker-compose (push) Has been cancelled
Some checks failed
/ validate-docker-compose (push) Has been cancelled
- Introduced Redis service for session management with health checks. - Added Authelia service for user authentication with necessary environment variables. - Configured Traefik to use Authelia as middleware for various services. - Created Authelia configuration file with session, storage, and access control settings. - Added user database for Authelia with an example admin user.
This commit is contained in:
83
authelia/configuration.yml
Normal file
83
authelia/configuration.yml
Normal file
@@ -0,0 +1,83 @@
|
||||
# Authelia Configuration File
|
||||
# Documentation: https://www.authelia.com/configuration/
|
||||
|
||||
# Default configuration options affecting multiple sections.
|
||||
default_redirection_url: ${AUTHELIA_DEFAULT_REDIRECT_URL}
|
||||
|
||||
# Server settings (listening address, paths, etc.)
|
||||
server:
|
||||
host: 0.0.0.0
|
||||
port: 9091
|
||||
|
||||
# Logging configuration
|
||||
log:
|
||||
level: info
|
||||
format: text # or json
|
||||
|
||||
# Session configuration
|
||||
session:
|
||||
name: authelia_session
|
||||
secret: ${AUTHELIA_SESSION_SECRET}
|
||||
expiration: 1h # Adjust as needed
|
||||
inactivity: 5m # Adjust as needed
|
||||
domain: ${AUTHELIA_SESSION_DOMAIN} # Set from .env
|
||||
redis:
|
||||
host: redis
|
||||
port: 6379
|
||||
password: ${AUTHELIA_REDIS_PASSWORD}
|
||||
database_index: 0
|
||||
|
||||
# Regulation (brute force protection)
|
||||
regulation:
|
||||
max_retries: 3
|
||||
find_time: 2m
|
||||
ban_time: 5m
|
||||
|
||||
# Storage (for user preferences, etc. - encrypted using storage key)
|
||||
storage:
|
||||
encryption_key: ${AUTHELIA_STORAGE_ENCRYPTION_KEY}
|
||||
local:
|
||||
path: /config/db.sqlite3 # Example using SQLite for simple storage needs
|
||||
|
||||
# Authentication backend (using file-based user database)
|
||||
authentication_backend:
|
||||
file:
|
||||
path: /config/users_database.yml
|
||||
password:
|
||||
algorithm: argon2id # Recommended hashing algorithm
|
||||
iterations: 1
|
||||
memory: 1024 # MiB
|
||||
parallelism: 8
|
||||
salt_length: 16
|
||||
key_length: 32
|
||||
|
||||
# Access control rules
|
||||
access_control:
|
||||
default_policy: deny # Deny access by default
|
||||
rules:
|
||||
# Rule to allow authenticated users access to the domain
|
||||
- domain: ${AUTHELIA_SESSION_DOMAIN}
|
||||
policy: one_factor # Requires username/password
|
||||
|
||||
# Notifier (Optional, for password resets, etc. - configure if needed)
|
||||
# notifier:
|
||||
# smtp:
|
||||
# address: smtp.example.com:587
|
||||
# username: user@example.com
|
||||
# password: password
|
||||
# sender: Authelia <authelia@example.com>
|
||||
# subject: "[Authelia] {title}"
|
||||
# startup_check_address: test@authelia.com
|
||||
|
||||
# JWT configuration (used for forwardAuth)
|
||||
jwt_secret: ${AUTHELIA_JWT_SECRET}
|
||||
|
||||
# Identity Providers (None configured for this setup)
|
||||
identity_providers:
|
||||
oidc: null # Explicitly disable OIDC
|
||||
|
||||
# Enable registration (requires manual approval by editing users_database.yml)
|
||||
# Set 'enable: true' to allow users to register.
|
||||
# They will be added to users_database.yml commented out or with disabled: true.
|
||||
# registration:
|
||||
# enable: false # Set to true to enable registration form
|
||||
Reference in New Issue
Block a user