#Christian woman. #Aroace. Totally #blind and #autistic with multiple #chronicIllnesses. #UsabilityTester, aspiring #AccessibilityConsultant. #Disability
rights advocate. Interests: #technology, #reading, #gaming, #food, #OpenSource. Human to Squeaker (MinPin). Creating a nonprofit for multiply disabled
people.
#tfr, #Fedi22

  • 6 Posts
  • 17 Comments
Joined 3 months ago
cake
Cake day: October 29th, 2024

help-circle
  • @selfhost @selfhosting @selfhosted @linux Authelia configuration.yml:

    theme: light
    
    server:  
     address: 0.0.0.0:9091
    
    log:  
     level: debug  
     format: text  
     file\_path: /var/log/authelia/authelia.log
    
    totp:  
     issuer: laniesplace.us  
     period: 30  
     skew: 1
    
    authentication\_backend:  
     file:  
     path: /config/users\_database.yml  
     password:  
     algorithm: argon2id  
     iterations: 3  
     memory: 65536  
     parallelism: 4  
     salt\_length: 16  
     key\_length: 32
    
    access\_control:  
     default\_policy: deny  
     rules:  
     \# Public Access  
     \- domain:   
     \- "pihole.laniesplace.us"  
     \- "homer.laniesplace.us"  
     policy: bypass
    
     \# High Security (Two Factor)  
     \- domain:   
     \- "portainer.laniesplace.us"  
     \- "netdata.laniesplace.us"  
     \- "cockpit.laniesplace.us"  
     \- "glances.laniesplace.us"  
     \- "code.laniesplace.us"  
     policy: two\_factor  
     subject:  
     \- "group:admins"
    
     \# Medium Security (One Factor Admin)  
     \- domain:  
     \- "forgejo.laniesplace.us"  
     \- "files.laniesplace.us"  
     \- "uptime.laniesplace.us"  
     policy: one\_factor  
     subject:  
     \- "group:admins"
    
     \# Standard Auth (One Factor)  
     \- domain:  
     \- "thelounge.laniesplace.us"  
     \- "miniflux.laniesplace.us"  
     \- "linkding.laniesplace.us"  
     \- "wiki.laniesplace.us"  
     policy: one\_factor
    
     \# Catch-all rule  
     \- domain: "\*.laniesplace.us"  
     policy: one\_factor
    
    session:  
     name: authelia\_session  
     domain: laniesplace.us  
     same\_site: lax  
     expiration: 3600  
     inactivity: 300  
     remember\_me: 1M
    
    regulation:  
     max\_retries: 3  
     find\_time: 120  
     ban\_time: 300
    
    storage:  
     local:  
     path: /config/db.sqlite3
    
    notifier:  
     disable\_startup\_check: false  
     smtp:  
     address: submission://smtp.gmail.com:587  
     username: laniegcarmelo@gmail.com  
     password: rcig lqpk cbsg aqcm  
     sender: "Authelia \<laniegcarmelo@gmail.com\>"  
     identifier: auth.laniesplace.us  
     subject: "[Authelia] {title}"  
     startup\_check\_address: laniegcarmelo@gmail.com  
     timeout: 5s
    
    identity\_validation:  
     reset\_password:  
     jwt\_secret: ${AUTHELIA\_JWT\_SECRET\_FILE}  
    

  • @selfhost @selfhosting @selfhosted @linux Authelia docker-compose.yml:

    services:  
     authelia:  
     image: authelia/authelia:latest  
     container\_name: authelia  
     volumes:  
     \- ./config:/config  
     \- ./logs:/var/log/authelia  
     networks:  
     \- web  
     \- authelia\_internal  
     environment:  
     \- TZ=America/Chicago  
     \- AUTHELIA\_JWT\_SECRET\_FILE=/config/secrets/jwt\_secret  
     \- AUTHELIA\_SESSION\_SECRET\_FILE=/config/secrets/session\_secret  
     \- AUTHELIA\_STORAGE\_ENCRYPTION\_KEY\_FILE=/config/secrets/storage\_encryption\_key  
     labels:  
     \- "traefik.enable=true"  
     \- "traefik.http.routers.authelia.rule=Host(`auth.laniesplace.us`)"  
     \- "traefik.http.routers.authelia.entrypoints=websecure"  
     \- "traefik.http.routers.authelia.tls.certresolver=le"  
     \- "traefik.http.middlewares.authelia.forwardauth.authRequestHeaders=X-Forwarded-Proto,X-Forwarded-Host"  
     \- "traefik.http.middlewares.authelia-basic.forwardauth.authResponseHeaders=Remote-User,Remote-Name,Remote-Email"  
     \- "traefik.http.middlewares.authelia.forwardauth.tls.insecureSkipVerify=true"  
     \- "traefik.http.services.authelia.loadbalancer.server.port=9091"  
     \- "traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/verify?rd=%5Bhttps%3A%2F%2Fauth.laniesplace.us%5D%28https%3A%2F%2Fauth.laniesplace.us%29"  
     \- "traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true"  
     \- "traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email"
    
     restart: unless-stopped  
     security\_opt:  
     \- no-new-privileges:true  
     depends\_on:  
     \- redis  
     healthcheck:  
     test: ["CMD", "wget", "--no-check-certificate", "--quiet", "--tries=1", "--spider", "http://localhost:9091/api/health"]  
     interval: 30s  
     timeout: 10s  
     retries: 3  
     start\_period: 60s
    
     redis:  
     image: redis:alpine  
     container\_name: authelia\_redis  
     networks:  
     \- authelia\_internal  
     restart: unless-stopped  
     volumes:  
     \- ./redis:/data  
     command: redis-server --save 60 1 --loglevel warning  
     healthcheck:  
     test: ["CMD", "redis-cli", "ping"]  
     interval: 30s  
     timeout: 10s  
     retries: 3  
     security\_opt:  
     \- no-new-privileges:true
    
    networks:  
     web:  
     external: true  
     authelia\_internal:  
     internal: true  
    



  • @selfhost @selfhosting @selfhosted @linux traefik routers.yml:

    http:  
     routers:  
     dashboard:  
     rule: "Host(`traefik.laniesplace.us`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"  
     service: api@internal  
     entryPoints:  
     \- websecure  
     tls:  
     certResolver: le  
     middlewares:  
     \- dashboard-auth
    
     homer:  
     rule: "Host(`laniesplace.us`)"  
     service: homer  
     entryPoints:  
     \- websecure  
     tls:  
     certResolver: le  
     middlewares:  
     \- authelia@docker  
     headers:  
     customRequestHeaders:  
     X-Forwarded-Proto: "https"  
     X-Forwarded-Host: "laniesplace.us"  
     X-Forwarded-Uri: "/"  
     X-Forwarded-For: "true"
    
     glances:  
     rule: "Host(`glances.laniesplace.us`)"  
     service: glances  
     entryPoints:  
     \- websecure  
     tls:  
     certResolver: le  
     middlewares:  
     \- authelia@docker  
     headers:  
     customRequestHeaders:  
     X-Forwarded-Proto: "https"  
     X-Forwarded-Host: "glances.laniesplace.us"  
     X-Forwarded-Uri: "/"  
     X-Forwarded-For: "true"
    
     uptime-kuma:  
     rule: "Host(`uptime.laniesplace.us`)"  
     service: uptime-kuma  
     entryPoints:  
     \- websecure  
     tls:  
     certResolver: le  
     middlewares:  
     \- authelia@docker  
     headers:  
     customRequestHeaders:  
     X-Forwarded-Proto: "https"  
     X-Forwarded-Host: "uptime.laniesplace.us"  
     X-Forwarded-Uri: "/"  
     X-Forwarded-For: "true"
    
     miniflux:  
     rule: "Host(`rss.laniesplace.us`)"  
     service: miniflux  
     entryPoints:  
     \- websecure  
     tls:  
     certResolver: le  
     middlewares:  
     \- authelia@docker  
     headers:  
     customRequestHeaders:  
     X-Forwarded-Proto: "https"  
     X-Forwarded-Host: "rss.laniesplace.us"  
     X-Forwarded-Uri: "/"  
     X-Forwarded-For: "true"
    
     pihole:  
     rule: "Host(`pihole.laniesplace.us`)"  
     service: pihole  
     entryPoints:  
     \- websecure  
     tls:  
     certResolver: le  
     middlewares:  
     \- authelia@docker  
     \- pihole-redirect  
     headers:  
     customRequestHeaders:  
     X-Forwarded-Proto: "https"  
     X-Forwarded-Host: "pihole.laniesplace.us"  
     X-Forwarded-Uri: "/"  
     X-Forwarded-For: "true"
    
     portainer:  
     rule: "Host(`portainer.laniesplace.us`)"  
     service: portainer  
     entryPoints:  
     \- websecure  
     tls:  
     certResolver: le  
     middlewares:  
     \- authelia@docker  
     headers:  
     customRequestHeaders:  
     X-Forwarded-Proto: "https"  
     X-Forwarded-Host: "portainer.laniesplace.us"  
     X-Forwarded-Uri: "/"  
     X-Forwarded-For: "true"
    
     linkding:  
     rule: "Host(`bookmarks.laniesplace.us`)"  
     service: linkding  
     entryPoints:  
     \- websecure  
     tls:  
     certResolver: le  
     middlewares:  
     \- authelia@docker  
     headers:  
     customRequestHeaders:  
     X-Forwarded-Proto: "https"  
     X-Forwarded-Host: "bookmarks.laniesplace.us"  
     X-Forwarded-Uri: "/"  
     X-Forwarded-For: "true"  
     Remote-User: "{{ .Request.Headers.Remote-User }}"
    
     filebrowser:  
     rule: "Host(`files.laniesplace.us`)"  
     service: filebrowser  
     entryPoints:  
     \- websecure  
     tls:  
     certResolver: le  
     middlewares:  
     \- authelia@docker  
     headers:  
     customRequestHeaders:  
     X-Forwarded-Proto: "https"  
     X-Forwarded-Host: "files.laniesplace.us"  
     X-Forwarded-Uri: "/"  
     X-Forwarded-For: "true"
    
     netdata:  
     rule: "Host(`netdata.laniesplace.us`)"  
     service: netdata  
     entryPoints:  
     \- websecure  
     tls:  
     certResolver: le  
     middlewares:  
     \- authelia@docker  
     headers:  
     customRequestHeaders:  
     X-Forwarded-Proto: "https"  
     X-Forwarded-Host: "netdata.laniesplace.us"  
     X-Forwarded-Uri: "/"  
     X-Forwarded-For: "true"
    
     forgejo:  
     rule: "Host(`git.laniesplace.us`)"  
     service: forgejo  
     entryPoints:  
     \- websecure  
     tls:  
     certResolver: le  
     middlewares:  
     \- authelia@docker  
     headers:  
     customRequestHeaders:  
     X-Forwarded-Proto: "https"  
     X-Forwarded-Host: "git.laniesplace.us"  
     X-Forwarded-Uri: "/"  
     X-Forwarded-For: "true"
    
     dokuwiki:  
     rule: "Host(`wiki.laniesplace.us`)"  
     service: dokuwiki  
     entryPoints:  
     \- websecure  
     tls:  
     certResolver: le  
     middlewares:  
     \- authelia@docker  
     headers:  
     customRequestHeaders:  
     X-Forwarded-Proto: "https"  
     X-Forwarded-Host: "wiki.laniesplace.us"  
     X-Forwarded-Uri: "/"  
     X-Forwarded-For: "true"
    
     cockpit:  
     rule: "Host(`cockpit.laniesplace.us`)"  
     service: cockpit  
     entryPoints:  
     \- websecure  
     tls:  
     certResolver: le  
     middlewares:  
     \- authelia@docker  
     headers:  
     customRequestHeaders:  
     X-Forwarded-Proto: "https"  
     X-Forwarded-Host: "cockpit.laniesplace.us"  
     X-Forwarded-Uri: "/"  
     X-Forwarded-For: "true"