Refactor Authelia configuration: remove unused files and update docker-compose to eliminate Authelia service
This commit is contained in:
Mohmmed Elfateh Sabry
4
authelia/.gitignore
vendored
4
authelia/.gitignore
vendored
@@ -1,4 +0,0 @@
|
||||
# Ignore Authelia runtime/state files
|
||||
# SQLite database and notification artifacts stored after switching to directory bind mount
|
||||
/db.sqlite3
|
||||
/notification.txt
|
||||
@@ -1,117 +0,0 @@
|
||||
# authelia/configuration.yml
|
||||
# Authelia v4 for: auth.gate.3launchpad.com
|
||||
# Behind Traefik (forward-auth), Redis sessions, SQLite storage.
|
||||
|
||||
#########################################################
|
||||
# Server & Logging
|
||||
#########################################################
|
||||
server:
|
||||
address: "tcp://0.0.0.0:9091"
|
||||
buffers:
|
||||
read: 4096
|
||||
write: 4096
|
||||
|
||||
log:
|
||||
level: info
|
||||
|
||||
theme: auto
|
||||
|
||||
# Where to send users if they hit a protected resource without a Referer
|
||||
default_redirection_url: "https://traefik.gate.3launchpad.com/"
|
||||
|
||||
#########################################################
|
||||
# Secrets (use env vars in production)
|
||||
#########################################################
|
||||
# Prefer env vars:
|
||||
# AUTHELIA_JWT_SECRET, AUTHELIA_SESSION_SECRET, AUTHELIA_STORAGE_ENCRYPTION_KEY
|
||||
jwt_secret: "changeme_jwt_secret"
|
||||
|
||||
#########################################################
|
||||
# Authentication Backend (local file)
|
||||
#########################################################
|
||||
authentication_backend:
|
||||
file:
|
||||
path: /config/users_database.yml
|
||||
password:
|
||||
algorithm: argon2id
|
||||
iterations: 3
|
||||
memory: 64
|
||||
parallelism: 4
|
||||
salt_length: 16
|
||||
key_length: 32
|
||||
|
||||
#########################################################
|
||||
# Access Control
|
||||
#########################################################
|
||||
access_control:
|
||||
default_policy: deny
|
||||
rules:
|
||||
- domain: "status.gate.3launchpad.com"
|
||||
policy: bypass
|
||||
|
||||
- domain: "traefik.gate.3launchpad.com"
|
||||
subject: ["group:admins"]
|
||||
policy: two_factor
|
||||
|
||||
- domain: "portainer.gate.3launchpad.com"
|
||||
subject: ["group:admins"]
|
||||
policy: two_factor
|
||||
|
||||
- domain_regex: "(grafana|prometheus|umami)\\.gate\\.3launchpad\\.com"
|
||||
subject:
|
||||
- "group:admins"
|
||||
- "group:devs"
|
||||
policy: one_factor
|
||||
|
||||
- domain: "*.gate.3launchpad.com"
|
||||
subject:
|
||||
- "group:users"
|
||||
- "group:admins"
|
||||
- "group:devs"
|
||||
policy: one_factor
|
||||
|
||||
#########################################################
|
||||
# Session (cookies + Redis)
|
||||
#########################################################
|
||||
session:
|
||||
name: authelia_session
|
||||
domain: "gate.3launchpad.com"
|
||||
same_site: lax
|
||||
expiration: 1h
|
||||
inactivity: 30m
|
||||
remember_me_duration: 1M
|
||||
secret: "changeme_session_secret"
|
||||
redis:
|
||||
host: redis
|
||||
port: 6379
|
||||
|
||||
#########################################################
|
||||
# Regulation (anti-bruteforce)
|
||||
#########################################################
|
||||
regulation:
|
||||
max_retries: 3
|
||||
find_time: 2m
|
||||
ban_time: 10m
|
||||
|
||||
#########################################################
|
||||
# Storage (SQLite on persistent volume)
|
||||
#########################################################
|
||||
storage:
|
||||
encryption_key: "changeme_storage_key"
|
||||
local:
|
||||
path: /config/db.sqlite3
|
||||
|
||||
#########################################################
|
||||
# Notifier
|
||||
#########################################################
|
||||
notifier:
|
||||
filesystem:
|
||||
filename: /config/notification.txt
|
||||
|
||||
#########################################################
|
||||
# 2FA: TOTP
|
||||
#########################################################
|
||||
totp:
|
||||
issuer: "3launchpad.com"
|
||||
period: 30
|
||||
skew: 1
|
||||
@@ -1,23 +0,0 @@
|
||||
# authelia/users_database.yml
|
||||
# User database for Authelia authentication
|
||||
# Passwords are hashed with argon2id algorithm
|
||||
# Use: authelia crypto hash generate argon2 --password 'your_password'
|
||||
|
||||
users:
|
||||
# Admin user with full access
|
||||
admin:
|
||||
displayname: "Administrator"
|
||||
password: "$argon2id$v=19$m=65536,t=3,p=4$BpLnfgDsc2WD8F2q$o/vzA4myCqZZ36bUGsDY//8mKUYNZZaR0t1MF//X73A" # password: admin123
|
||||
email: admin@3launchpad.com
|
||||
groups:
|
||||
- admins
|
||||
- users
|
||||
|
||||
# Developer user with dev and user access
|
||||
developer:
|
||||
displayname: "Developer"
|
||||
password: "$argon2id$v=19$m=65536,t=3,p=4$BpLnfgDsc2WD8F2q$o/vzA4myCqZZ36bUGsDY//8mKUYNZZaR0t1MF//X73A" # password: dev123
|
||||
email: dev@3launchpad.com
|
||||
groups:
|
||||
- devs
|
||||
- users
|
||||
Reference in New Issue
Block a user