fix(authelia): Authentication management and middleware errors
Some checks failed
/ validate-docker-compose (push) Has been cancelled
Some checks failed
/ validate-docker-compose (push) Has been cancelled
- Fix middleware "true@docker" does not exist errors - Integrate authentication management directly into update-setup.sh - Add command-line support for managing service authentication - Add backup file cleanup functionality - Update README with new authentication management instructions - Remove standalone manage-auth.sh script
This commit is contained in:
55
README.md
55
README.md
@@ -25,7 +25,7 @@ The core idea is to manage media libraries (movies, TV shows, music), automate d
|
||||
- [(Optional) VPN Configuration](#optional-vpn-configuration)
|
||||
- [(Optional) Traefik DNS Challenge](#optional-traefik-dns-challenge)
|
||||
- [Service Access](#service-access)
|
||||
- [Configuring Authentication Per Service](#configuring-authentication-per-service)
|
||||
- [Managing Service Authentication](#managing-service-authentication)
|
||||
- [Optional Services](#optional-services)
|
||||
- [Troubleshooting](#troubleshooting)
|
||||
- [Middleware Not Found Errors](#middleware-not-found-errors)
|
||||
@@ -362,34 +362,57 @@ Authelia uses the `authelia/users_database.yml` file to manage users.
|
||||
|
||||
## Service Access
|
||||
|
||||
With the default Tailscale setup and Authelia enabled, services are securely accessible via HTTPS using your Tailscale node's name or IP. Authentication is controlled by the `AUTH_*` environment variables.
|
||||
With the default Tailscale setup and Authelia enabled, services are securely accessible via HTTPS using your Tailscale node's name or IP. Authentication is controlled by the included `update-setup.sh` script.
|
||||
|
||||
* **Login Portal:** `https://<TAILSCALE_NODE>/` (Redirects unauthenticated users here for secured services)
|
||||
* **Homepage Dashboard:** `https://<TAILSCALE_NODE>/home` (Requires login if `AUTH_HOMEPAGE=true`)
|
||||
* **Sonarr:** `https://<TAILSCALE_NODE>/sonarr` (Requires login if `AUTH_SONARR=true`)
|
||||
* **Radarr:** `https://<TAILSCALE_NODE>/radarr` (Requires login if `AUTH_RADARR=true`)
|
||||
* **qBittorrent:** `https://<TAILSCALE_NODE>/qbittorrent` (Requires login if `AUTH_QBITTORRENT=true`)
|
||||
* **Jellyfin:** `https://<TAILSCALE_NODE>/jellyfin` (Requires login if `AUTH_JELLYFIN=true`, default is `false`)
|
||||
* **Homepage Dashboard:** `https://<TAILSCALE_NODE>/home` (Requires login by default)
|
||||
* **Sonarr:** `https://<TAILSCALE_NODE>/sonarr` (Requires login by default)
|
||||
* **Radarr:** `https://<TAILSCALE_NODE>/radarr` (Requires login by default)
|
||||
* **qBittorrent:** `https://<TAILSCALE_NODE>/qbittorrent` (Requires login by default)
|
||||
* **Jellyfin:** `https://<TAILSCALE_NODE>/jellyfin` (Requires login by default)
|
||||
* ...and so on.
|
||||
|
||||
Replace `<TAILSCALE_NODE>` with your Tailscale device name (e.g., `tailscale-nas.your-tailnet.ts.net`) or its Tailscale IP address.
|
||||
|
||||
If you configure DNS for your `APP_HOSTNAME` variable to point to the Tailscale IP, you can use `https://<APP_HOSTNAME>/<service_path>`.
|
||||
|
||||
### Configuring Authentication Per Service
|
||||
### Managing Service Authentication
|
||||
|
||||
You can control which services require authentication by setting the appropriate variables in your `.env` file:
|
||||
You can control which services require authentication using the updated `update-setup.sh` script:
|
||||
|
||||
```bash
|
||||
# Example: Allow Jellyfin and qBittorrent without authentication, require it for others
|
||||
AUTH_JELLYFIN=false
|
||||
AUTH_QBITTORRENT=false
|
||||
AUTH_SONARR=true
|
||||
AUTH_RADARR=true
|
||||
# ...and so on
|
||||
# List all services and their authentication status
|
||||
./update-setup.sh list-auth
|
||||
|
||||
# Disable authentication for Jellyfin (no login required)
|
||||
./update-setup.sh disable-auth jellyfin
|
||||
|
||||
# Enable authentication for Jellyfin (login required)
|
||||
./update-setup.sh enable-auth jellyfin
|
||||
|
||||
# Disable authentication for all services
|
||||
./update-setup.sh disable-all-auth
|
||||
|
||||
# Enable authentication for all services
|
||||
./update-setup.sh enable-all-auth
|
||||
|
||||
# Clean up backup files (keeps most recent by default)
|
||||
./update-setup.sh cleanup
|
||||
|
||||
# View all available commands
|
||||
./update-setup.sh help
|
||||
```
|
||||
|
||||
If a variable is not explicitly set, authentication defaults to `true` for that service (except for Jellyfin, which defaults to `false`).
|
||||
You can also manage authentication through the interactive menu by running `./update-setup.sh` and selecting option 5.
|
||||
|
||||
After making changes, restart your stack for the changes to take effect:
|
||||
|
||||
```bash
|
||||
docker compose down
|
||||
docker compose up -d
|
||||
```
|
||||
|
||||
This approach gives you complete control over which services require authentication, without needing to manually edit configuration files.
|
||||
|
||||
## Optional Services
|
||||
|
||||
|
||||
Reference in New Issue
Block a user