authelia: Install Authelia
Authelia is a general authentication provider that works (primarily) by integrating with *nginx* using its subrequest mechanism. It works great with Kubernetes/*ingress-nginx* to provide authentication for services running in the cluster, especially those that do not provide their own authentication system. Authelia needs a database to store session data. It supports various engines, but since we're only running a very small instance with no real need for HA, SQLite on a Longhorn persistent volume is sufficient. Configuration is done mostly through a YAML document, although some secret values are stored in separate files, which are pointed to by environment variables.
This commit is contained in:
30
authelia/configuration.yml
Normal file
30
authelia/configuration.yml
Normal file
@@ -0,0 +1,30 @@
|
||||
access_control:
|
||||
default_policy: one_factor
|
||||
|
||||
authentication_backend:
|
||||
ldap:
|
||||
base_dn: DC=pyrocufflink,DC=blue
|
||||
implementation: activedirectory
|
||||
tls:
|
||||
minimum_version: TLS1.2
|
||||
url: ldaps://pyrocufflink.blue
|
||||
user: CN=svc.authelia,CN=Users,DC=pyrocufflink,DC=blue
|
||||
|
||||
log:
|
||||
level: trace
|
||||
|
||||
notifier:
|
||||
smtp:
|
||||
disable_require_tls: true
|
||||
host: mail.pyrocufflink.blue
|
||||
port: 25
|
||||
sender: auth@pyrocufflink.net
|
||||
|
||||
session:
|
||||
domain: pyrocufflink.blue
|
||||
expiration: 1d
|
||||
inactivity: 4h
|
||||
|
||||
storage:
|
||||
local:
|
||||
path: /var/lib/authelia/db.sqlite3
|
||||
Reference in New Issue
Block a user