Docker - Authelia

Page content

About

Authelia is an open-source authentication and authorization server and portal fulfilling the identity and access management (IAM) role of information security in providing multi-factor authentication and single sign-on (SSO) for your applications via a web portal. It acts as a companion for common reverse proxies.

https://www.authelia.com/

Requirements

  • Host with Public IP & Docker Running

  • Port 80 & 443 Public Reachable

  • FQDN pointing to your IP Adress. Best is a Wildcard Record like *.your.host.de -> 1.2.3.4

Clone the Repo

git clone https://github.com/authelia/authelia.git
cd examples/compose/lite

Update docker-compose.yml

  • edit TimeZone
  • edit Domain Name
sed -i 's#TZ=Australia/Melbourne#TZ=Europe/Zurich#g' docker-compose.yml
sed -i 's/example.com/your.domain.de/g' docker-compose.yml

Update Configuration File

  • set all secrets
  • set notifier: smtp relay or local file
sed -i 's/example.com/your.domain.de/g' authelia/configuration.yml
vim authelia/configuation.yml

Set Admin User

cat << 'EOF' > authelia/users_database.yml
---
###############################################################
#                         Users Database                      #
###############################################################

# This file can be used if you do not have an LDAP set up.

# List of users
users:
  admin:
    disabled: false
    displayname: "Admin User"
    # Password is authelia
    password: "$6$rounds=50000$BpLnfgDsc2WD8F2q$Zis.ixdg9s/UOJYrs56b5QEZFiZECu0qZVNsIYxBaNJ7ucIL.nlxVCT5tqh8KHG8X4tlwCFm5r6NTOZZ5qRFN/"
    email: [email protected]
    groups:
      - admins
      - dev
...
EOF

chmod 600 authelia/users_database.yml

Generate Password

you should, of course, generate you own Passwords.

# Password: password
docker run authelia/authelia:latest authelia crypto hash generate argon2 --password 'password'

# Random PW, Length 16
docker run authelia/authelia:latest authelia crypto hash generate argon2 --random --random.length 16

Build and Start Docker

docker compose up -d; docker compose logs -f

and check if all of them are running

docker compose ps

after a few Seconds, Let’s Encrypt should grab all the Certificates for your Webservers. You got now the following Services:

Happy Authelia … :)

sha256: 23e2e38cc0f8ae9c358f131d92ce84f2490b65603943c72602be6784872f5c02