Authelia

Authelia is an open-source authentication and authorization server providing two-factor authentication and single sign-on (SSO) for your applications via a web portal.

Please read our disclaimer https://docs.ibracorp.io/#disclaimer.

Feature List

Several second-factor methods:
- Security Key (U2F) with Yubikey.
- Time-based One-Time password with Google Authenticator.
- Mobile Push Notifications with Duo.
Password reset with identity verification using email confirmation.
Access restriction after too many invalid authentication attempts.
Fine-grained access control using rules which match criteria like subdomain, user, user group membership, request URI, the request method, and network.
The choice between one-factor and two-factor policies per-rule.
Support of basic authentication for endpoints protected by the one-factor policy.
Highly available using a remote database and Redis as a highly available KV store.
Compatible with Traefik out of the box using the ForwardAuth middleware.
Curated configuration from LinuxServer via their Swag container as well as a guide.
Kubernetes Support:
- Compatible with the ingress-Nginx, the Traefik Kubernetes CRD, and the Traefik Kubernetes Ingress controllers out of the box.
- Beta support for installing via Helm using our Charts.
Beta support for OpenID Connect.

Placeholders

To assist you in building your configuration, we have used frequent placeholders for you to easily find and replace with your own specific information. This allows a quick Find/Replace in your preferred text editor.

YOURPASSWORD - Password which you have set, with respect to the section you are reading. i.e. MySQL passwords should be different from your Redis password.
YOURSECRET - A secret 128-bit encryption key. You can use this site to generate them:
- https://www.allkeysgenerator.com/Random/Security-Encryption-Key-Generator.aspx
YOURDOMAIN - Your own domain name
SERVERIP - Local IP address of your host server. i.e. 192.168.1.50
CONTAINERPORT - Port the container is running on.
CONTAINERNAME - Name of the container to be proxied. i.e. 'monitorr'
CONTAINERIP - IP address of the container.

Final Words

We hope you enjoyed this guide. It was conceptualized, written, and implemented by our Admin Sycotix.

Support Us

Our work sometimes takes months to research and develop. If you want to help support us please consider:

Liking and Subscribing to our Youtube channel
Joining our Discord server
Becoming a paid member on our IBRACORP website
Donating via Paypal

Thank you for being part of our community!

NextInstallation

Last updated 1 year ago

Was this helpful?

Feature List

Several second-factor methods:

Security Key (U2F) with Yubikey.
Time-based One-Time password with Google Authenticator.
Mobile Push Notifications with Duo.

Password reset with identity verification using email confirmation.

Access restriction after too many invalid authentication attempts.

Fine-grained access control using rules which match criteria like subdomain, user, user group membership, request URI, the request method, and network.

The choice between one-factor and two-factor policies per-rule.

Support of basic authentication for endpoints protected by the one-factor policy.

Highly available using a remote database and Redis as a highly available KV store.

Compatible with Traefik out of the box using the ForwardAuth middleware.

Curated configuration from LinuxServer via their Swag container as well as a guide.

Kubernetes Support:

Compatible with the ingress-Nginx, the Traefik Kubernetes CRD, and the Traefik Kubernetes Ingress controllers out of the box.
Beta support for installing via Helm using our Charts.

Beta support for OpenID Connect.

Placeholders

YOURPASSWORD - Password which you have set, with respect to the section you are reading. i.e. MySQL passwords should be different from your Redis password.

YOURSECRET - A secret 128-bit encryption key. You can use this site to generate them:

https://www.allkeysgenerator.com/Random/Security-Encryption-Key-Generator.aspx

YOURDOMAIN - Your own domain name

SERVERIP - Local IP address of your host server. i.e. 192.168.1.50

CONTAINERPORT - Port the container is running on.

CONTAINERNAME - Name of the container to be proxied. i.e. 'monitorr'

CONTAINERIP - IP address of the container.