diff --git a/provision.sh b/provision.sh new file mode 100755 index 0000000..d1518ba --- /dev/null +++ b/provision.sh @@ -0,0 +1 @@ +ANSIBLE_VAULT_PASSWORD_FILE=(pass show ansible-homelab | psub) vagrant provision \ No newline at end of file diff --git a/roles/authelia/templates/authelia.conf.j2 b/roles/authelia/templates/authelia.conf.j2 index 463c3dc..c8cb9d2 100644 --- a/roles/authelia/templates/authelia.conf.j2 +++ b/roles/authelia/templates/authelia.conf.j2 @@ -1,5 +1,6 @@ server { listen 80; + server_name auth.{{ base_domain }}; return 301 https://$host$request_uri; } diff --git a/roles/authelia/templates/configuration.yml.j2 b/roles/authelia/templates/configuration.yml.j2 index fbd72a0..0c7d6d4 100644 --- a/roles/authelia/templates/configuration.yml.j2 +++ b/roles/authelia/templates/configuration.yml.j2 @@ -28,8 +28,10 @@ access_control: default_policy: deny rules: - domain: + - "{{ base_domain }}" + - "*.{{ base_domain }}" - "keycloak.{{ base_domain }}" - policy: one_factor + policy: deny session: name: authelia_session secret: somerandomsecret diff --git a/roles/nginx/templates/snippets/proxy.conf.j2 b/roles/nginx/templates/snippets/proxy.conf.j2 index 26461f5..329c492 100644 --- a/roles/nginx/templates/snippets/proxy.conf.j2 +++ b/roles/nginx/templates/snippets/proxy.conf.j2 @@ -27,6 +27,9 @@ proxy_buffers 64 256k; # If behind reverse proxy, forwards the correct IP set_real_ip_from 10.0.0.0/8; set_real_ip_from 172.16.0.0/12; +set_real_ip_from 172.17.0.0/16; +set_real_ip_from 172.18.0.0/16; +set_real_ip_from 172.19.0.0/16; set_real_ip_from 192.168.0.0/16; set_real_ip_from fc00::/7; real_ip_header X-Forwarded-For;