copied over basic configs from my settings
This commit is contained in:
@@ -0,0 +1,113 @@
|
||||
---
|
||||
###############################################################
|
||||
# Authelia configuration #
|
||||
###############################################################
|
||||
|
||||
theme: dark
|
||||
|
||||
server:
|
||||
address: 'tcp://:9091'
|
||||
endpoints:
|
||||
authz:
|
||||
forward-auth:
|
||||
implementation: 'ForwardAuth'
|
||||
|
||||
log:
|
||||
level: 'info'
|
||||
|
||||
totp:
|
||||
issuer: 'authelia.com'
|
||||
|
||||
identity_validation:
|
||||
reset_password:
|
||||
jwt_secret: '2b8a78f3ac1784ef6aab3899c663e1010c60d3a9de694550879da349fe222923'
|
||||
|
||||
authentication_backend:
|
||||
file:
|
||||
path: '/config/users_database.yml'
|
||||
|
||||
access_control:
|
||||
default_policy: deny
|
||||
networks:
|
||||
- name: internal
|
||||
networks:
|
||||
- '10.0.0.0/8'
|
||||
- '172.16.0.0/12'
|
||||
- '192.168.0.0/16'
|
||||
rules:
|
||||
## bypass all domains and subdomains from local ips
|
||||
- domain:
|
||||
- aknlw.com
|
||||
- wettsten.com
|
||||
- "*.wettsten.com"
|
||||
networks:
|
||||
- 'internal'
|
||||
policy: bypass
|
||||
# bypass api for subdomains
|
||||
- domain:
|
||||
- "*.wettsten.com"
|
||||
resources:
|
||||
- "^/api([/?].*)?$"
|
||||
- "^/add([/?].*)?$"
|
||||
- "^/public([/?].*)?$"
|
||||
policy: bypass
|
||||
# bypass specific subdomains
|
||||
- domain:
|
||||
- aknlw.com
|
||||
- bitwarden.wettsten.com
|
||||
- gitea.wettsten.com
|
||||
- nextcloud.wettsten.com
|
||||
policy: bypass
|
||||
# bypass filebrowser shares
|
||||
- domain:
|
||||
- "filebrowser.wettsten.com"
|
||||
resources:
|
||||
- "^/api([/?].*)?$"
|
||||
- "^/share([/?].*)?$"
|
||||
- "^/static([/?].*)?$"
|
||||
policy: bypass
|
||||
# two_factor subdomains
|
||||
- domain:
|
||||
- wettsten.com
|
||||
- "*.wettsten.com"
|
||||
policy: two_factor
|
||||
|
||||
session:
|
||||
secret: 'ffc343d98b87910edcddb1f0dac4b492b62e29b5eafa92f1c213f37c4669f243'
|
||||
|
||||
cookies:
|
||||
- name: 'authelia_session'
|
||||
domain: 'wettsten.com'
|
||||
authelia_url: 'https://auth.wettsten.com'
|
||||
default_redirection_url: 'https://wettsten.com'
|
||||
expiration: '1 hour'
|
||||
inactivity: '5 minutes'
|
||||
|
||||
redis:
|
||||
host: 'redis'
|
||||
port: 6379
|
||||
password: 'bc4eb8df73776ba7716aeb60c0023ef6136b80680bb8ea1cf6c51a326dea2c43'
|
||||
|
||||
regulation:
|
||||
max_retries: 3
|
||||
find_time: '2 minutes'
|
||||
ban_time: '5 minutes'
|
||||
|
||||
storage:
|
||||
encryption_key: 'cbd7570c1795cba61f05baf419b7cee23fa144d512bda2ea57ba300afa6b33bf'
|
||||
local:
|
||||
path: '/config/db.sqlite3'
|
||||
|
||||
notifier:
|
||||
smtp:
|
||||
username: 'akanealw@gmail.com'
|
||||
password: 'qlvmffuzpscltdgz'
|
||||
address: 'smtp://smtp.gmail.com:587'
|
||||
sender: 'akanealw@gmail.com'
|
||||
|
||||
ntp:
|
||||
address: 'udp://time.windows.com:123'
|
||||
version: 3
|
||||
max_desync: '3s'
|
||||
disable_startup_check: false
|
||||
disable_failure: false
|
||||
|
||||
@@ -0,0 +1,14 @@
|
||||
users:
|
||||
wettsten:
|
||||
displayname: "wettsten"
|
||||
password: "$argon2id$v=19$m=65536,t=3,p=4$pdeSOsqnVZB7I03tvC5JvA$gfiVxDvz1NVQw2yqGwgcz/fOumms2+asiFi8QVk2D38"
|
||||
email: scott.wettstein@gmail.com
|
||||
groups:
|
||||
- admins
|
||||
|
||||
akanealw:
|
||||
displayname: "akanealw"
|
||||
password: "$argon2id$v=19$m=65536,t=1,p=8$ZWJ2UGVPUDE2SnU0YXNvNg$Q3LQfN90kPI5/3Yr06WmTUjFbvIBBZPJP44YLhysT0M"
|
||||
email: akanealw@gmail.com
|
||||
groups:
|
||||
- admins
|
||||
|
||||
@@ -0,0 +1,232 @@
|
||||
# --------------------------------------------------
|
||||
# global options
|
||||
# --------------------------------------------------
|
||||
{
|
||||
acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
|
||||
|
||||
# admin :2019
|
||||
# log {
|
||||
# output file caddy.log
|
||||
# level info
|
||||
# }
|
||||
|
||||
servers {
|
||||
trusted_proxies static private_ranges
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
# --------------------------------------------------
|
||||
# cloudflare tls snippet for sites
|
||||
# --------------------------------------------------
|
||||
|
||||
(cloudflare) {
|
||||
tls {
|
||||
dns cloudflare {env.DNS_PROVIDER_TOKEN}
|
||||
resolvers 1.1.1.1 1.0.0.1
|
||||
}
|
||||
}
|
||||
|
||||
# --------------------------------------------------
|
||||
# auth snippet for authelia
|
||||
# --------------------------------------------------
|
||||
|
||||
(auth) {
|
||||
forward_auth authelia:9091 {
|
||||
uri /api/authz/forward-auth
|
||||
copy_headers Remote-User Remote-Groups Remote-Email Remote-Name
|
||||
}
|
||||
}
|
||||
|
||||
# --------------------------------------------------
|
||||
# wettsten.com root domain
|
||||
# --------------------------------------------------
|
||||
|
||||
wettsten.com {
|
||||
import cloudflare
|
||||
@akanealwcom host wettsten.com
|
||||
handle @akanealwcom {
|
||||
import auth
|
||||
reverse_proxy 192.168.1.4:3005
|
||||
}
|
||||
}
|
||||
|
||||
# --------------------------------------------------
|
||||
# authelia subdomain
|
||||
# --------------------------------------------------
|
||||
|
||||
auth.wettsten.com {
|
||||
import cloudflare
|
||||
reverse_proxy authelia:9091
|
||||
}
|
||||
|
||||
# --------------------------------------------------
|
||||
# *.wettsten.com subdomains
|
||||
# --------------------------------------------------
|
||||
|
||||
*.wettsten.com {
|
||||
# --------------------------------------------------
|
||||
# internal only subdomains
|
||||
#
|
||||
#
|
||||
# @ host .wettsten.com
|
||||
# handle @ {
|
||||
# handle @internal {
|
||||
# reverse_proxy 192.168.1.
|
||||
# }
|
||||
# respond "ip range not allowed"
|
||||
# }
|
||||
#
|
||||
#
|
||||
# @ host .wettsten.com
|
||||
# handle @ {
|
||||
# handle @internal {
|
||||
# reverse_proxy https://192.168.1. {
|
||||
# transport http {
|
||||
# tls_insecure_skip_verify
|
||||
# }
|
||||
# }
|
||||
# }
|
||||
# respond "ip range not allowed"
|
||||
# }
|
||||
#
|
||||
#
|
||||
# --------------------------------------------------
|
||||
@internal client_ip 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8 127.0.0.1/8
|
||||
@external not client_ip 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8 127.0.0.1/8
|
||||
import cloudflare
|
||||
|
||||
@adguard1 host adguardserver1.wettsten.com
|
||||
handle @adguard1 {
|
||||
handle @internal {
|
||||
reverse_proxy 192.168.1.2:80
|
||||
}
|
||||
respond "ip range not allowed"
|
||||
}
|
||||
|
||||
@bale host bale.wettsten.com
|
||||
handle @bale {
|
||||
handle @internal {
|
||||
reverse_proxy 192.168.1.51:8080
|
||||
}
|
||||
respond "ip range not allowed"
|
||||
}
|
||||
|
||||
@dockerdockge host dockerserver-dockge.wettsten.com
|
||||
handle @dockerdockge {
|
||||
handle @internal {
|
||||
reverse_proxy 192.168.1.30:5001
|
||||
}
|
||||
respond "ip range not allowed"
|
||||
}
|
||||
|
||||
@dockerdozzle host dockerserver-dozzle.wettsten.com
|
||||
handle @dockerdozzle {
|
||||
handle @internal {
|
||||
reverse_proxy 192.168.1.30:8080
|
||||
}
|
||||
respond "ip range not allowed"
|
||||
}
|
||||
|
||||
@gluetun host gluetun.wettsten.com
|
||||
handle @gluetun {
|
||||
handle @internal {
|
||||
reverse_proxy 192.168.1.30:8777
|
||||
}
|
||||
respond "ip range not allowed"
|
||||
}
|
||||
|
||||
@proxmox1 host proxmox1.wettsten.com
|
||||
handle @proxmox1 {
|
||||
handle @internal {
|
||||
reverse_proxy https://192.168.1.51:8006 {
|
||||
transport http {
|
||||
tls_insecure_skip_verify
|
||||
}
|
||||
}
|
||||
}
|
||||
respond "ip range not allowed"
|
||||
}
|
||||
|
||||
@proxmoxbackup host proxmoxbackup.wettsten.com
|
||||
handle @proxmoxbackup {
|
||||
handle @internal {
|
||||
reverse_proxy https://192.168.1.51:8007 {
|
||||
transport http {
|
||||
tls_insecure_skip_verify
|
||||
}
|
||||
}
|
||||
}
|
||||
respond "ip range not allowed"
|
||||
}
|
||||
|
||||
@router host router.wettsten.com
|
||||
handle @router {
|
||||
handle @internal {
|
||||
reverse_proxy https://192.168.1.1:443 {
|
||||
transport http {
|
||||
tls_insecure_skip_verify
|
||||
}
|
||||
}
|
||||
}
|
||||
respond "ip range not allowed"
|
||||
}
|
||||
|
||||
@webmin host webmin.wettsten.com
|
||||
handle @webmin {
|
||||
handle @internal {
|
||||
reverse_proxy https://192.168.1.51:10000 {
|
||||
transport http {
|
||||
tls_insecure_skip_verify
|
||||
}
|
||||
}
|
||||
}
|
||||
respond "ip range not allowed"
|
||||
}
|
||||
|
||||
|
||||
|
||||
# --------------------------------------------------
|
||||
# external subdomains without authelia
|
||||
#
|
||||
#
|
||||
# @ host .wettsten.com
|
||||
# handle @ {
|
||||
# reverse_proxy 192.168.1.
|
||||
# }
|
||||
#
|
||||
#
|
||||
# --------------------------------------------------
|
||||
|
||||
@bitwarden host bitwarden.wettsten.com
|
||||
handle @bitwarden {
|
||||
reverse_proxy 192.168.1.4:8089
|
||||
}
|
||||
|
||||
@jellyfin host jellyfin.wettsten.com
|
||||
handle @jellyfin {
|
||||
reverse_proxy 192.168.1.42:8096
|
||||
}
|
||||
|
||||
# --------------------------------------------------
|
||||
# external subdomains with authelia
|
||||
#
|
||||
#
|
||||
# @ host .wettsten.com
|
||||
# handle @ {
|
||||
# import auth
|
||||
# reverse_proxy 192.168.1.
|
||||
# }
|
||||
#
|
||||
#
|
||||
# --------------------------------------------------
|
||||
|
||||
@whoami host whoami.wettsten.com
|
||||
handle @whoami {
|
||||
import auth
|
||||
reverse_proxy whoami:80
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user