In this Authelia setup I will be configuring Authelia to have local authentication and it enforces Smart Card authentication via WedAuthn for secure remote access
This guide is created with the help of Florian Mullers guide that can be found here and has been modified with improvements
Run the below command in the UnRAID console and save the output somewhere safe, we will need these later. Put the random string/ key in a file in plain text on the first line.
Create JWT Secret and save it in /mnt/user/appdata/Authelia/secrets/jwtsecret
Create Session Secret and save it in /mnt/user/appdata/Authelia/secrets/session
Storage Encryption Key and save it in /mnt/user/appdata/Authelia/secrets/storage
MariaDB Password and save it in /mnt/user/appdata/Authelia/secrets/mariadb
SMTP Password and save it in /mnt/user/appdata/Authelia/secrets/smtp
OIDC HMAC Secret and save it in /mnt/user/appdata/Authelia/secrets/oidcsecret
OIDC Private Key
We need to map each of the secret files we created above and map them to an environment variable. You can find a list of all Authelia Environment Variables here
Create the below variables on the Authelia Docker container for all the secrets required. This removes the need for them to be in your configuration.yml file for more security
Once all Environment Variables are correct, your UnRAID configuration should look like the below
This guide assumes you have Authelia, Redis and SQL already running and the site is accessible from auth.<domain-name>
We will now be doing the advanced configuration to get OpenID Connect and WebAuthn working securely. We will be utilising Docker Enviroment Variables to input our Certificates, Secrets and Tokens for this
Refer to the OIDC - configuration.yml page for a copy of our Authelia configuration file. Please input your Authelia domain name, SMTP server and OIDC Shared Secret NOTE: OIDC Shared Secret is not working as a Environemnt Variable in Authelia v4.37.5 and needs to be put directly into the configuration.yml file in plain text
Create a OIDC Shared Secret, this will be shared with Cloudflare for OIDC to function.
Replace the <OIDC Secret> in the configuration.yml file with the string generated above
Authelia should now succesfully boot, if there is an error check the logs and troubleshoot