What is Authelia?
Authelia is an open-source authentication and authorization server providing two-factor authentication and single sign-on (SSO) for your applications via a web portal. It acts as a companion for reverse proxies like nginx, Traefik, caddy or HAProxy to let them know whether requests should either be allowed or redirected to Authelia's portal for authentication.Documentation is available at https://www.authelia.com/docs.
What is Nginx Proxy Manager?
The Nginx proxy manager (NPM) is a reverse proxy management system running on Docker. NPM is based on an Nginx server and provides users with a clean, efficient, and beautiful web interface for easier management.
Authelia + Nginx Proxy Manager
If you are self host any apps like me in your homelab, you may come across a need of a authentication mechanism to put in front of your application. this is where Authelia comes in. Authelia provides a web application for authentication (make sure you are someone who should be using an application) and authorization (make sure you're permitted to use it) in front of your existing web applications.
there are several ways to implement Authelia, I will be using Nginx Proxy Manager in this example.
What you'll need
- A Server with Docker, Docker-Compose, and Nginx Proxy Manager Installed and Ready
- A FQDN address domain/ Sub-domain you want to use for your Authelia install (e.g. auth.example.com)
- An A-record pointing to the Public IP address where your server is.
- And some time to spend
Installing Docker, Docker-Compose, and Nginx Proxy Manager
You can follow this guide to install NPM.
Create and Configure Authelia instance in NPM
Before we begin with the setup, you should have a valid FQDN address for your authentication instance, in our case it is Authelia. if not, create a CNAME entry that will serve as the endpoint. in this example, we are considering authelia instance as auth.example.com
. Install valid SSL certificate for this domain.
Add Authelia Host to Nginx Proxy Manager
make sure to replace the domain auth.example.com
, ip address
and port number
based on your setup.
Get SSL Certificate for your Authelia instance
Now, navigate to SSL tab and obtain a valid SSL certificate
Installing and Configure Authelia
For Authelia, you'll need 3 files:
- docker-compose.yml
- configuration.yml
- users_database.yml
Docker-Compose for Authelia
Create a directory called "authelia" and create necessary sub-directories and files
mkdir authelia
cd authelia
mkdir config
mkdir redis
Once we create these sub-directories, create the docker-compose.yml
file
nano docker-compose.yml
And paste the following text into it:
version: '3.3'
services:
authelia:
image: authelia/authelia
volumes:
- ./config:/config
ports:
- 9091:9091
restart: unless-stopped
healthcheck:
disable: true
environment:
- TZ=Asia/Kolkata #Change to your Time Zone
depends_on:
- redis
redis:
image: redis:alpine
volumes:
- ./redis:/data
expose:
- 6379
restart: unless-stopped
environment:
- TZ=Asia/Kolkata
Make sure to cross check the ports are free in your server and change the time zone accordingly.
The Configuration File
let's create the configuration.yml
file inside config
directory
cd config
nano configuration.yml
In that file, paste the following:
Please make sure that you have replaced below values.
- default_redirection_url:
https://auth.example.com
- username:
<email address>
- password:
<strong password>
- host:
<SMTP Server Address>
- sender:
<Sender Email Address>
- server_name:
<SMTP Server address>
The Users Database file
Now let's create user database, those who want to access your services
create users_database.yml
insider config
folder
paste the following into the file, and modify according to your needs.
users:
john:
displayname: "John Wick"
password: "$argon2id$v=19$m=65536,t=3,p=2$BpLnfgDsdfdsgdthgdsdfsdfdg6bUGsDY//8mKUYNZZaR0t4MFFSs+iM"
email: [email protected]
groups:
- admins
- dev
harry:
displayname: "Thanos Infinity"
password: "$argon2id$v=19$m=65536,t=3,p=2$BpLnfgjhfrtretasdfdfghja44sdfdfa/8mKUYNZZaR0t4MFFSs+iM"
email: [email protected]
groups: []
To Create hash password use below command
docker run authelia/authelia:latest authelia hash-password 'yourpassword'
Test Authelia Setup
Now you can test the authelia setup, to make sure that the server is configured properly. later stage you can add this to your services
run your authelia docker on parent directory by execute below command
docker-compose up
Now go to https://auth.example.com
You should be prompted with the login screen. You can now enter your username and password, and make sure you're able to login.
Setup our NGinX Proxy Manager sites for Authelia
Now the final part, You need to add below configuration file in each proxy host that you need to have a SSO login. Copy below code and make adjustments based on the application and past the same in Advanced
tab in Nginx Proxy Manager
You need to adjust below parts based on your setup.
<authelia internal ip address with port number>
<appname>
should be match with the application<your application internal ip address with port number>
https://auth.<example.com>/?rd=$target_url;
Now go to Advanced
tab Custom Nginx Configuration
of respective application.
Click Save
, Test Your applcaiton now.
If you need a Video guide, there is an Awesome guide you can follow the same.