Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Authelia #632

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

Add Authelia #632

wants to merge 4 commits into from

Conversation

anarion80
Copy link
Contributor

What this PR does / why we need it:
Adds Authelia

Which issue (if any) this PR fixes:
None
Fixes #
None
Any other useful info:

Copy link
Owner

@davestephens davestephens left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the contribution! With the minimal description in the PR I'm struggling to piece together how this would work, or what the PR provides.

Few thoughts:

  • There are numerous hard-coded assumptions (ie whitelisted network ranges)
  • Why is there an additional docker network created?
  • Why are some of the containers named "example"?
  • I don't like the "edit the configuration.yml" instruction - it's a big ansible-nas anti-pattern. As soon as people do that, it creates merge issues in the future. Also, the file is a template.

Currently, I'm not sure how we can proceed with this in a way that it's useful for people - perhaps if you can explain the thinking it'd help?

@anarion80
Copy link
Contributor Author

Yeeees, I was going alphebetically, and this difficult container was one of the first on the list ;)

  • The hardcoded assumptions are not needed, I removed them.
  • Docker network is needed since Authelia will act as a middleware for some of the other containers, so those containers to be secured by authelia need to be able to reach authelia
  • Containers are named example following the official example: https://github.com/authelia/authelia/blob/master/examples/compose/local/docker-compose.yml. They are not really needed.
  • Yes, agreed. One would need to create many many more Ansible variables to truly configure Authelia or template the configuration file. As it is now, is rather a good starting point for advanced uers.

To be able to truly integrate Authelia using traefik labels, the whole playbook would probably need to be reworked, Authelia set up as some high-level condition, etc. I'm not willing to go there now, so feel free to close this.

@lpkampen
Copy link

lpkampen commented Oct 1, 2023

Hi, I agree that Authelia should be part of this project, I\ve had it running now since february last year.
Did you test what you committed and no other settings are needed on each app?
I haven't looked too closely on your coding but I added this to all my instances I wantet to reach externally:

traefik.http.routers.overseerr.entryPoints: websecure
traefik.http.routers.overseerr.middlewares: auth@file

I also set it up with different levels of security so that my router, codeserver and a few other apps needs multiple factors for login and other only username and password.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants