Add Authelia #44
|
@ -0,0 +1 @@
|
||||||
|
ANSIBLE_VAULT_PASSWORD_FILE=(pass show ansible-homelab | psub) vagrant provision
|
|
@ -1,5 +1,6 @@
|
||||||
server {
|
server {
|
||||||
listen 80;
|
listen 80;
|
||||||
|
server_name auth.{{ base_domain }};
|
||||||
return 301 https://$host$request_uri;
|
return 301 https://$host$request_uri;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -28,8 +28,10 @@ access_control:
|
||||||
default_policy: deny
|
default_policy: deny
|
||||||
rules:
|
rules:
|
||||||
- domain:
|
- domain:
|
||||||
|
- "{{ base_domain }}"
|
||||||
|
- "*.{{ base_domain }}"
|
||||||
- "keycloak.{{ base_domain }}"
|
- "keycloak.{{ base_domain }}"
|
||||||
policy: one_factor
|
policy: deny
|
||||||
session:
|
session:
|
||||||
name: authelia_session
|
name: authelia_session
|
||||||
secret: somerandomsecret
|
secret: somerandomsecret
|
||||||
|
|
|
@ -27,6 +27,9 @@ proxy_buffers 64 256k;
|
||||||
# If behind reverse proxy, forwards the correct IP
|
# If behind reverse proxy, forwards the correct IP
|
||||||
set_real_ip_from 10.0.0.0/8;
|
set_real_ip_from 10.0.0.0/8;
|
||||||
set_real_ip_from 172.16.0.0/12;
|
set_real_ip_from 172.16.0.0/12;
|
||||||
|
set_real_ip_from 172.17.0.0/16;
|
||||||
|
set_real_ip_from 172.18.0.0/16;
|
||||||
|
set_real_ip_from 172.19.0.0/16;
|
||||||
set_real_ip_from 192.168.0.0/16;
|
set_real_ip_from 192.168.0.0/16;
|
||||||
set_real_ip_from fc00::/7;
|
set_real_ip_from fc00::/7;
|
||||||
real_ip_header X-Forwarded-For;
|
real_ip_header X-Forwarded-For;
|
||||||
|
|
Loading…
Reference in New Issue