authelia: secure portainer, keycloak, allow local

2021-06-21 11:32:24 +02:00 · 2021-06-21 11:32:24 +02:00 · 57c7b06f03
parent 11c96fe48d
commit 57c7b06f03
1 changed files with 8 additions and 0 deletions
--- a/roles/authelia/templates/configuration.yml.j2
+++ b/roles/authelia/templates/configuration.yml.j2
@ -26,11 +26,19 @@ authentication_backend:
    password: {{ vault_openldap_admin_password }}
 access_control:
  default_policy: deny
+  networks:
+    - name: local
+      networks:
+        - 192.168.0.0/24
  rules:
    - domain: "*.{{ base_domain }}"
+      networks:
+        - local
      policy: bypass
    - domain: portainer.{{ base_domain }}
      policy: one_factor
+    - domain: keycloak.{{ base_domain }}
+      policy: one_factor
 session:
  name: authelia_session
  secret: somerandomsecret