Keys and passwords are stored as Podman secrets.
This setup uses SMTP but you can modify back to notifications.txt if you wish. I left those settings in the configuration file.
Create files and folders
Or don’t create them in advance. Whatever works for you.
|
1 2 3 4 |
mkdir ./config touch ./config/configuration.yml touch ./config/users_database.yml touch ./config/notification.txt |
Create the Authelia container
I use “p-container-name” so it’s easier to find them in systemctl later.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 |
[Unit] [Container] ContainerName=p-authelia Image=docker.io/authelia/authelia:latest Environment=TZ=America/New_York Volume=/podman/p-authelia/config:/config Secret=AUTHELIA_SESSION_SECRET,type=mount Secret=AUTHELIA_STORAGE_ENCRYPTION_KEY,type=mount Secret=AUTHELIA_JWT_SECRET,type=mount Secret=AUTHELIA_NOTIFIER_SMTP_PASSWORD,type=mount Environment=AUTHELIA_SESSION_SECRET_FILE=/run/secrets/AUTHELIA_SESSION_SECRET Environment=AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE=/run/secrets/AUTHELIA_STORAGE_ENCRYPTION_KEY Environment=AUTHELIA_IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET_FILE=/run/secrets/AUTHELIA_JWT_SECRET Environment=AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE=/run/secrets/AUTHELIA_NOTIFIER_SMTP_PASSWORD Network=proxy [Service] Restart=on-failure RestartSec=5 [Install] WantedBy=multi-user.target |
Edit the Authelia config file
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 |
theme: auto server: address: tcp://0.0.0.0:9091/ log: level: info totp: issuer: avegy.com period: 30 skew: 1 authentication_backend: file: path: /config/users_database.yml password: algorithm: argon2id access_control: default_policy: deny rules: - domain: auth.avegy.com policy: bypass - domain: "*.avegy.com" policy: two_factor session: cookies: - domain: avegy.com authelia_url: https://auth.avegy.com default_redirection_url: https://avegy.com expiration: 168h # How long the session can live (7 days) inactivity: 24h # Log out after 24 hours of inactivity remember_me: 30d # If "Remember Me" is checked storage: local: path: /config/db.sqlite3 ## Disabled since I have SMTP enabled. ## If you do not have SMTP you need to enable this to ## intercept authorization codes that would be sent to an e-mail address. # # notifier: # filesystem: # filename: /config/notification.txt notifier: smtp: address: submission://smtp.fastmail.com:587 username: steve@avegy.com subject: "[Authelia] {title}" startup_check_address: steve@avegy.com disable_require_tls: false disable_html_emails: false ## Disabled the reset password option since I can change it at the console. # # identity_validation: # reset_password: {} |
This is box title
|
1 2 3 |
openssl rand -base64 64 | podman secret create AUTHELIA_SESSION_SECRET - openssl rand -base64 64 | podman secret create AUTHELIA_STORAGE_ENCRYPTION_KEY - openssl rand -base64 64 | podman secret create AUTHELIA_JWT_SECRET - |
This is box title
Skip this if you intend to use local notifications instead of SMTP.
|
1 |
printf '%s' 'your-smtp-password' | podman secret create AUTHELIA_NOTIFIER_SMTP_PASSWORD - |
————–
template
xxxxx