Compare commits

..

5 Commits

6 changed files with 36 additions and 44 deletions

View File

@ -1 +1,2 @@
#!/bin/env fish
ANSIBLE_VAULT_PASSWORD_FILE=(pass show ansible-homelab | psub) vagrant provision

View File

@ -1,14 +1,5 @@
# Basic Authelia Config
# Send a subsequent request to Authelia to verify if the user is authenticated
# and has the right permissions to access the resource.
auth_request /authelia;
# Set the `target_url` variable based on the request. It will be used to build the portal
# URL with the correct redirection parameter.
auth_request /authelia/api/verify;
auth_request_set $target_url $scheme://$http_host$request_uri;
# Set the X-Forwarded-User and X-Forwarded-Groups with the headers
# returned by Authelia for the backends which can consume them.
# This is not safe, as the backend must make sure that they come from the
# proxy. In the future, it's gonna be safe to just use OAuth.
auth_request_set $user $upstream_http_remote_user;
auth_request_set $groups $upstream_http_remote_groups;
auth_request_set $name $upstream_http_remote_name;
@ -17,7 +8,4 @@ proxy_set_header Remote-User $user;
proxy_set_header Remote-Groups $groups;
proxy_set_header Remote-Name $name;
proxy_set_header Remote-Email $email;
# If Authelia returns 401, then nginx redirects the user to the login portal.
# If it returns 200, then the request pass through to the backend.
# For other type of errors, nginx will handle them as usual.
error_page 401 =302 https://auth.{{ base_domain }}/?rd=$target_url;
error_page 401 =302 https://$http_host/authelia/?rd=$target_url;

View File

@ -1,10 +1,17 @@
set $upstream_authelia http://authelia:9091/api/verify;
location ^~ /authelia {
include /etc/nginx/snippets/proxy.conf;
set $upstream_authelia authelia;
proxy_pass http://$upstream_authelia:9091;
}
# Virtual endpoint created by nginx to forward auth requests.
location /authelia {
location = /authelia/api/verify {
internal;
if ($request_uri ~ [^a-zA-Z0-9_+-=\!@$%&*?~.:#'\;\(\)\[\]]) {
return 401;
}
set $upstream_authelia authelia;
proxy_pass_request_body off;
proxy_pass $upstream_authelia;
proxy_pass http://$upstream_authelia:9091;
proxy_set_header Content-Length "";
# Timeout if the real server is dead
@ -19,11 +26,11 @@ location /authelia {
proxy_set_header Host $host;
proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Method $request_method;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-Uri $request_uri;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Ssl on;
proxy_redirect http:// $scheme://;
proxy_http_version 1.1;

View File

@ -9,8 +9,8 @@ server {
listen 443 ssl http2;
location / {
include /etc/nginx/snippets/proxy.conf;
set $upstream_authelia http://authelia:9091; # This example assumes a Docker deployment
proxy_pass $upstream_authelia;
include /etc/nginx/snippets/proxy.conf;
}
}

View File

@ -27,12 +27,8 @@ authentication_backend:
access_control:
default_policy: deny
rules:
- domain:
- "{{ base_domain }}"
- "*.{{ base_domain }}"
- "keycloak.{{ base_domain }}"
policy: deny
session:
- domain: "*.{{ base_domain }}"
policy: bypass
name: authelia_session
secret: somerandomsecret
expiration: 1h

View File

@ -1,19 +1,19 @@
$ANSIBLE_VAULT;1.1;AES256
30346235333931303864373164626134343138306564323034633139363931653066326263333063
6532376231363635613930376137326439306437636433370a643535356131363164373764613531
36363735323930306338623164636563626334653532386632303936343737363731323166323530
3439353635343236350a663261636633633033396262333164363062396464366135306135386337
37333232376531353332373930306462393634386533636363343736646537666665633262633363
64373434633963316365306562333765313439366431313234313563376630643931386363383233
33363665613937366433643133613565646364303362626433396339313535383166326138313139
61616333333530333761393631323461376536363733323764333631346338393166613531666335
35373764376434346638356439393964313436366439366363393766643333623165353266386634
66326434333165663630326332333061626366356363313538393130356365343738363237653565
63613439373930326165326538386566636466306137636336663736333063613238356137346630
31643064623563656438613665393332656435636233623265323063366139643937633132656337
65326137396134333230616262333337373833663439313635663438396461373130396332316331
66613933343365363335653135663237363538353863623534373563626166313034323039396334
61383766343264313438353261306233373562343939663232383466336232373865356561316139
38316466306531326165343265393262646463626563306363353765343462316534323336356432
34373661363562636137393235323839616430376163393362313363626636343064663739313963
3361333438346265623738393431346433353436666262396264
35356537316639386637316365393533643061363734323630393363313237643935666639653963
3734376266353938653631323266663139306335646635660a373233663964623335663366333434
34386136656530386639646234316238326132616131616632346537613963636637393839613661
6366326639643632320a386436316165343166366134633464393461653434323934326238313430
39323439306637306134326635323138616337646336653238636539643538613664303764303661
39636661353538393532663937396363656664613334383261336664336237356366663334633430
36356235383930653835393439373737623036613565313131626462363034303062323662663832
66613833613336646633383835653161386363386136663764653734313763383231626434393864
63313061346335383933623630396336336561633938613237643238616531343766613734666132
32306362616131396266656162653563356137383239616464306662643032623438373764306361
32363133626662633435626232653061373831626563323861626635383039613136303632613335
61363265316534653033393763646565393330633063323634353932353936303638356433306362
65383938306637333765383263653939633964613230613835326630313761323561376162646439
62323035323634323766393233326363383364653531306432663263303831623936616139306639
64303863386265343165666435363761653464386366636366323261353731643263356635383536
66326666616339653731633530663161363933383334376238313637356331663431336433643338
64313861306161373538363332663363623131303561373237326436373838393965306663333835
3764356534323963303832653964666431626538316361613137