Authelia https://www.authelia.com/
Authelia is an open-source, full-featured authentication and authorization server that provides two-factor authentication and single sign-on (SSO) capabilities. It’s designed to secure your web applications and can be used to protect your home network’s services. In this guide, we’ll cover how to set up Authelia with Docker on your home network.
Prerequisites
- Docker and Docker Compose: Ensure Docker and Docker Compose are installed on your system. Docker Compose will be used to define and run the multi-container Docker application.
- A Domain Name: For the purpose of this guide, it’s assumed you have a domain name for your home network, even if it’s a local one defined in your hosts file.
- Understanding of Docker and Basic Networking: Familiarity with Docker and basic networking concepts is assumed.
Step 1: Create the Docker Compose File
Create a docker-compose.yml
file in your chosen directory. This file will define the Authelia service along with any other services you wish to protect with Authelia. Here’s a simple example that only includes Authelia:
yamlCopy code
version: '3' services: authelia: image: authelia/authelia container_name: authelia volumes: - ./authelia:/config ports: - "9091:9091" restart: unless-stopped
This configuration sets up Authelia to run on port 9091 and stores its configuration in a local directory named authelia
.
Step 2: Configure Authelia
Before starting your container, you need to create an Authelia configuration file. In the directory you’ve chosen, create a subdirectory named authelia
and within it, create a file named configuration.yml
. Below is a very basic example of what this file could include:
yamlCopy code
host: 0.0.0.0 port: 9091 log_level: info jwt_secret: a_very_secure_secret_here default_redirection_url: https://your-home-domain.com/ authentication_backend: file: path: /config/users_database.yml access_control: default_policy: deny rules: - domain: "*.your-home-domain.com" policy: two_factor session: name: authelia_session secret: another_very_secure_secret expiration: 1h inactivity: 5m totp: issuer: your-home-network users_file: /config/users_database.yml
You will also need to create a users_database.yml
file in the same directory to define users and their passwords:
yamlCopy code
users: john: displayname: "John Doe" password: "$argon2id$v=19$m=65536,t=3,p=4$...+MVo" email: john.doe@example.com groups: - admins - users
Passwords need to be hashed; Authelia provides a script to hash passwords which can be found in their documentation.
Step 3: Start Authelia
With your docker-compose.yml
and configuration files in place, start Authelia by running:
bashCopy code
docker-compose up -d
This command will download the Authelia image and start it as a daemon.
Step 4: Configure Your Web Applications
With Authelia running, you need to configure your web applications to use it for authentication. This process varies depending on the application and the web server you are using (e.g., Nginx, Traefik).
For Nginx, as an example, you would add an auth_request
directive to your server block, pointing to the Authelia authentication endpoint:
nginxCopy code
server { listen 80; server_name your-web-app.your-home-domain.com; location / { auth_request /authelia; proxy_pass http://your-web-app:port; # Other proxy settings... } location /authelia { internal; proxy_pass_request_body off; proxy_pass http://authelia:9091/api/verify; proxy_set_header Content-Length ""; # Other proxy settings... } }
Step 5: Test Your Setup
Now, when you access your web application, you should be redirected to Authelia’s login page. After successfully logging in, you will be redirected back to your application.
Conclusion
You’ve now set up Authelia on your home network using Docker. This setup adds a robust layer of security to your home network services, providing both two-factor authentication and single sign-on capabilities. Remember to regularly update your Authelia and Docker configurations to keep your setup secure and efficient.
Recent Comments