fix(authelia): Update configuration for v4.38+ with required variables and improved domain handling
Some checks failed
/ validate-docker-compose (push) Has been cancelled
Some checks failed
/ validate-docker-compose (push) Has been cancelled
This commit is contained in:
34
README.md
34
README.md
@@ -27,7 +27,7 @@ The core idea is to manage media libraries (movies, TV shows, music), automate d
|
||||
- [Optional Services](#optional-services)
|
||||
- [Troubleshooting](#troubleshooting)
|
||||
- [SELinux Socket Permissions (Docker)](#selinux-socket-permissions-docker)
|
||||
- [Authelia v4.38+ Compatibility](#authelia-v438-compatibility)
|
||||
- [Authelia v4.38+ Configuration](#authelia-v438-configuration)
|
||||
- [Tailscale Issues](#tailscale-issues)
|
||||
- [File Permissions](#file-permissions)
|
||||
- [Advanced Topics](#advanced-topics)
|
||||
@@ -351,22 +351,28 @@ If you are running Docker on a host with SELinux enabled (like Fedora, CentOS, R
|
||||
```
|
||||
This allows the specific actions that were being denied. You might need to repeat this if different denials appear after applying the first policy.
|
||||
|
||||
### Authelia v4.38+ Compatibility
|
||||
### Authelia v4.38+ Configuration
|
||||
|
||||
If you see errors like these in your Authelia logs:
|
||||
```
|
||||
Configuration: configuration key not expected: session.domains
|
||||
Configuration: configuration key not expected: session.domains[].default_redirection_url
|
||||
Configuration: configuration key not expected: session.domains[].domain
|
||||
Can't continue due to the errors loading the configuration
|
||||
```
|
||||
Authelia v4.38+ introduces significant changes to its configuration structure, particularly for session domains and authentication flows. This Docker Compose template has been updated to support these changes, making it easier to set up:
|
||||
|
||||
This is likely due to Authelia v4.38+ changing the session domain configuration format. The stack has been updated to use the new `cookies` configuration structure:
|
||||
- Updated `authelia/configuration.yml` with new session cookies structure
|
||||
- Environment variables in Docker Compose are remapped to the new format
|
||||
- Old environment variables like `AUTHELIA_DEFAULT_REDIRECT_URL` are no longer directly used
|
||||
1. **Centralized Configuration**: All required Authelia settings are defined in the `.env` file - you don't need to manually edit the Authelia YAML configuration.
|
||||
|
||||
**Fix:** Update your `authelia/configuration.yml` with the latest version from the repository. See the configuration file for the current correct format.
|
||||
2. **Domain Handling**: The system now uses wildcard domain matching (`*.ts.net`) to handle Tailscale domains, eliminating environment variable expansion issues that could cause errors like:
|
||||
```
|
||||
error decoding 'session.cookies[0].authelia_url': could not decode 'https://${APP_HOSTNAME}'
|
||||
```
|
||||
|
||||
3. **Required Variables**: You only need to set these variables in your `.env` file:
|
||||
- `AUTHELIA_JWT_SECRET`: For password reset tokens
|
||||
- `AUTHELIA_SESSION_SECRET`: For session cookie encryption
|
||||
- `AUTHELIA_STORAGE_ENCRYPTION_KEY`: For database encryption
|
||||
- `AUTHELIA_REDIS_PASSWORD`: For Redis authentication
|
||||
|
||||
Generate these with: `openssl rand -hex 32`
|
||||
|
||||
4. **Domain Configuration**: Your Tailscale domain is automatically set using `APP_HOSTNAME=${TAILSCALE_HOSTNAME}.${TAILSCALE_TAILNET_DOMAIN}` in the `.env` file.
|
||||
|
||||
If you still encounter issues, make sure your `TAILSCALE_TAILNET_DOMAIN` ends with `.ts.net` for proper domain matching, or edit `authelia/configuration.yml` to match your specific domain pattern.
|
||||
|
||||
### Tailscale Issues
|
||||
|
||||
|
||||
Reference in New Issue
Block a user