Docker - Authelia

2023-03-01 (Last Modified: 2023-03-06)

Page content

About

Authelia is an open-source authentication and authorization server and portal fulfilling the identity and access management (IAM) role of information security in providing multi-factor authentication and single sign-on (SSO) for your applications via a web portal. It acts as a companion for common reverse proxies.

https://www.authelia.com/

Requirements

Host with Public IP & Docker Running
Port 80 & 443 Public Reachable
FQDN pointing to your IP Adress. Best is a Wildcard Record like *.your.host.de -> 1.2.3.4

Clone the Repo

git clone https://github.com/authelia/authelia.git
cd examples/compose/lite

Update docker-compose.yml

edit TimeZone
edit Domain Name

sed -i 's#TZ=Australia/Melbourne#TZ=Europe/Zurich#g' docker-compose.yml
sed -i 's/example.com/your.domain.de/g' docker-compose.yml

Update Configuration File

set all secrets
set notifier: smtp relay or local file

sed -i 's/example.com/your.domain.de/g' authelia/configuration.yml
vim authelia/configuation.yml

Set Admin User

cat << 'EOF' > authelia/users_database.yml
---
###############################################################
#                         Users Database                      #
###############################################################

# This file can be used if you do not have an LDAP set up.

# List of users
users:
  admin:
    disabled: false
    displayname: "Admin User"
    # Password is authelia
    password: "$6$rounds=50000$BpLnfgDsc2WD8F2q$Zis.ixdg9s/UOJYrs56b5QEZFiZECu0qZVNsIYxBaNJ7ucIL.nlxVCT5tqh8KHG8X4tlwCFm5r6NTOZZ5qRFN/"
    email: authelia@your.domain.de
    groups:
      - admins
      - dev
...
EOF

chmod 600 authelia/users_database.yml

Generate Password

you should, of course, generate you own Passwords.

# Password: password
docker run authelia/authelia:latest authelia crypto hash generate argon2 --password 'password'

# Random PW, Length 16
docker run authelia/authelia:latest authelia crypto hash generate argon2 --random --random.length 16

Build and Start Docker

docker compose up -d; docker compose logs -f

and check if all of them are running

docker compose ps

after a few Seconds, Let’s Encrypt should grab all the Certificates for your Webservers. You got now the following Services:

https://public.your.domain.de -> public accessible
https://traefik.your.domain.de -> Autheticate with Username (admin) and Password (authelia)
https://secure.your.domain.de -> Authenticate with 2FA -> Register your Device, Wait for Mail and Open the Link, or check the File ‘/config/notification.txt’ to the the Link and open in Browser

Happy Authelia … :)

Any Comments ?

sha256: 23e2e38cc0f8ae9c358f131d92ce84f2490b65603943c72602be6784872f5c02