elfateh/launchpad-gateway
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update Authelia configuration to use environment variables for secrets and remove deprecated settings

Browse Source
This commit is contained in:
Mohmmed Elfateh Sabry
2025-08-11 13:20:51 +03:00
parent dc7871c9ec
commit aceeab4cd3
3 changed files with 32 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.env.example
View File

@@ -13,6 +13,7 @@ ACME_EMAIL=admin@your-domain.com
# Generate with: openssl rand -hex 32 # Generate with: openssl rand -hex 32
AUTHELIA_JWT_SECRET=your_jwt_secret_here_at_least_32_chars_generate_this AUTHELIA_JWT_SECRET=your_jwt_secret_here_at_least_32_chars_generate_this
AUTHELIA_SESSION_SECRET=your_session_secret_here_at_least_32_chars_generate_this AUTHELIA_SESSION_SECRET=your_session_secret_here_at_least_32_chars_generate_this
AUTHELIA_STORAGE_ENCRYPTION_KEY=your_storage_encryption_key_32+_chars
# SMTP Configuration for Authelia (optional) # SMTP Configuration for Authelia (optional)
AUTHELIA_SMTP_HOST=smtp.gmail.com AUTHELIA_SMTP_HOST=smtp.gmail.com

14
.github/workflows/deploy.yml vendored
View File

@@ -78,6 +78,17 @@ jobs:
# --- Grafana --- # --- Grafana ---
GRAFANA_ADMIN_USER=${{ secrets.GRAFANA_ADMIN_USER }} GRAFANA_ADMIN_USER=${{ secrets.GRAFANA_ADMIN_USER }}
GRAFANA_ADMIN_PASS=${{ secrets.GRAFANA_ADMIN_PASS }} GRAFANA_ADMIN_PASS=${{ secrets.GRAFANA_ADMIN_PASS }}
# --- Authelia ---
AUTHELIA_JWT_SECRET=${{ secrets.AUTHELIA_JWT_SECRET }}
AUTHELIA_SESSION_SECRET=${{ secrets.AUTHELIA_SESSION_SECRET }}
AUTHELIA_STORAGE_ENCRYPTION_KEY=${{ secrets.AUTHELIA_STORAGE_ENCRYPTION_KEY }}
# (Optional SMTP if configured)
AUTHELIA_SMTP_HOST=${{ secrets.AUTHELIA_SMTP_HOST }}
AUTHELIA_SMTP_PORT=${{ secrets.AUTHELIA_SMTP_PORT }}
AUTHELIA_SMTP_USER=${{ secrets.AUTHELIA_SMTP_USER }}
AUTHELIA_SMTP_PASS=${{ secrets.AUTHELIA_SMTP_PASS }}
AUTHELIA_SMTP_FROM=${{ secrets.AUTHELIA_SMTP_FROM }}
ENVVARS ENVVARS
EOF EOF
@@ -112,7 +123,8 @@ jobs:
echo "Deployed to ${{ secrets.SSH_HOST }}:${{ secrets.SSH_PORT }} → ${REMOTE_DIR}" echo "Deployed to ${{ secrets.SSH_HOST }}:${{ secrets.SSH_PORT }} → ${REMOTE_DIR}"
echo "Traefik: https://traefik.gate.${{ secrets.DOMAIN }}" echo "Traefik: https://traefik.gate.${{ secrets.DOMAIN }}"
echo "Portainer: https://portainer.gate.${{ secrets.DOMAIN }}" echo "Portainer: https://portainer.gate.${{ secrets.DOMAIN }}"
echo "Status (Kuma): https://status.gate.${{ secrets.DOMAIN }}" echo "Uptime Kuma: https://uptime.gate.${{ secrets.DOMAIN }}"
echo "Authelia: https://auth.gate.${{ secrets.DOMAIN }}"
echo "Grafana: https://grafana.gate.${{ secrets.DOMAIN }}" echo "Grafana: https://grafana.gate.${{ secrets.DOMAIN }}"
echo "Prometheus: https://prometheus.gate.${{ secrets.DOMAIN }}" echo "Prometheus: https://prometheus.gate.${{ secrets.DOMAIN }}"
echo "Umami: https://umami.gate.${{ secrets.DOMAIN }}" echo "Umami: https://umami.gate.${{ secrets.DOMAIN }}"

38
authelia/configuration.yml
View File

@@ -5,7 +5,7 @@
server: server:
## Server options ## Server options
address: 'tcp://:9091' address: 'tcp://:9091'
asset_path: '/config/assets/' # asset_path removed (directory didn't exist). Re-add if you mount custom portal assets.
## Endpoints ## Endpoints
endpoints: endpoints:
@@ -21,11 +21,10 @@ log:
## Theme Configuration ## Theme Configuration
theme: 'light' theme: 'light'
## JWT Secret ## Identity Validation / Password Reset JWT (replaces deprecated jwt_secret)
jwt_secret: '5812e26c776947f2fae8a9cc80605e59a895b7b6df573af284a4c3db9115411c' identity_validation:
reset_password:
## Default Redirection URL jwt_secret: '${AUTHELIA_JWT_SECRET}'
default_redirection_url: 'https://3launchpad.com'
## TOTP Configuration ## TOTP Configuration
totp: totp:
@@ -42,7 +41,8 @@ webauthn:
disable: false disable: false
display_name: 'Authelia' display_name: 'Authelia'
attestation_conveyance_preference: 'indirect' attestation_conveyance_preference: 'indirect'
user_verification: 'preferred' selection_criteria:
user_verification: 'preferred' # migrated from deprecated webauthn.user_verification
timeout: '60s' timeout: '60s'
## Duo Push API Configuration (optional) ## Duo Push API Configuration (optional)
@@ -113,7 +113,7 @@ access_control:
## Rules ## Rules
rules: rules:
## Authelia itself ## Authelia itself
- domain: 'auth.gate.3la' - domain: 'auth.gate.3launchpad.com'
policy: 'bypass' policy: 'bypass'
## Admin access ## Admin access
@@ -133,20 +133,17 @@ session:
## Session Name ## Session Name
name: 'authelia_session' name: 'authelia_session'
## Session Domain ## Session Secret (do not hardcode; provided via env var)
domain: 'gate.3launchpad.com' secret: '${AUTHELIA_SESSION_SECRET}'
## Session Secret ## Session Expiration / Activity
secret: 'dcc8a066488b44cf185777f12a56bc0540bce2b3034e0b77c6118a9545dac831' expiration: 1h
inactivity: 5m
## Session Expiration ## Remember Me (replaces deprecated remember_me_duration)
expiration: '1h' remember_me: 1M
inactivity: '5m'
## Remember Me ## Cookie-based configuration (domain key removed to avoid conflict)
remember_me_duration: '1M'
## Cookies Configuration
cookies: cookies:
- domain: 'gate.3launchpad.com' - domain: 'gate.3launchpad.com'
authelia_url: 'https://auth.gate.3launchpad.com' authelia_url: 'https://auth.gate.3launchpad.com'
@@ -169,7 +166,8 @@ regulation:
## Storage Configuration ## Storage Configuration
storage: storage:
## Database Engine ## Encryption key is required (newer versions). Provide via env var.
encryption_key: '${AUTHELIA_STORAGE_ENCRYPTION_KEY}'
local: local:
path: '/config/db.sqlite3' path: '/config/db.sqlite3'