2 Factor Auth and Single Sign On with Authelia
Рет қаралды 139,166
Күн бұрынAuthelia is an open source Single Sign On and 2FA companion for reverse proxies. It helps you secure your endpoints with single factor and 2 factor auth. It works with nginx, traefik, and HA proxy. Today, we'll configure Authelia with Portainer and Traefik and have 2 Factor up and running with brute force protection!
Video Notes: technotim.live/posts/authelia...
Support me on Patreon: / technotim
Sponsor me on GitHub: github.com/sponsors/timothyst...
Subscribe on Twitch: / technotim
Become a KZfaq member: / @technotim
Merch Shop: l.technotim.live/shop
Gear Recommendations: l.technotim.live/gear
Get Help in Our Discord Community: l.technotim.live/discord
2nd channel: / @technotimtalks
(Affiliate links may be included in this description. I may receive a small commission at no cost to you.)
00:00 - What is Authelia?
01:52 - Authelia configurations
02:43 - Their Docker Compose Example
04:14 - Our Docker Compose File
07:48 - Authelia Configuration File
09:14 - Users Database
11:08 - Password Hashing Algorithm
11:55 - More Configuration
14:46 - Notification Service
16:56 - Spin up your services on your service
18:12 - Authelia Sign In Screen
18:59 - Adding Auth to Containers
20:14 - Adding Auth to External Services
21:51 - Authelia 2 Factor Screen
22:34 - Getting Notification from File
23:11 - 2FA for the first time
23:32 - What do you think of Authelia?
24:37 - Stream Highlight - How's the Hair???
Traefik Tutorial:
• Put Wildcard Certifica...
Thank you for watching!
#Authelia #Traefik #Portainer
"Hyperchan" is from Harris Heller's album Rose.
l.technotim.live/sb-music-lic...
@TechnoTim 3 жыл бұрын
Are you using 2 Factor Auth yet???
@deancox5383 3 жыл бұрын
very soon to be now with your help !
@nbensa 3 жыл бұрын
The kind of users I have to deal at work get lost trying to convert Excel to CSV. If I implement 2FA, most of them will simple commit suicide but not before I lose my job :-)
@davidvpelt 3 жыл бұрын
Thank you Tim! I wanted to do this for a long time but I couldn’t get it to work!
@flahiker 3 жыл бұрын
Always wanted to, but needed a platform to interact with. Giving this a good look in my lab!
@ajhalili2006 3 жыл бұрын
Well yes! I also ditched Lastpass with Bitwarden (using an instance of Vaultwarden) as my TOTP and password manager.
@lazandrei_19 3 жыл бұрын
I've wanted to learn about authelia forever. thanks Tim!
@TechnoTim 3 жыл бұрын
Happy to help!
@NickSchlobohm 3 жыл бұрын
This video could not have come at a better time! Thank you so much Tim. Love the content as always!
@TechnoTim 3 жыл бұрын
Glad you enjoyed it!
@daysiewaysie Жыл бұрын
a great tutorial, many thanks Tim. it really helped me to get Authelia up and running and protecting NPM endpoints... the look of wonderment & satisfaction on your face at 23:16 was something i experienced as well. I feel a blast of accompanying techno music would not have been out of place at this juncture.
@westganton 3 жыл бұрын
Awesome channel. I just started learning Kubernetes and I'm glued to your videos at 1 AM on a Saturday morning. Thanks for all of the great primers
@TechnoTim 3 жыл бұрын
Thank you!
@fecalfetus7902 Жыл бұрын
Thanks Tim. Traefik clouds the mind to think about at first.. but watching this video a few times and going through their guides it made a lot more sense.
@rickgarcia1128 2 жыл бұрын
I've watched hundreds of self-hosted tutorials and this was by far the cleanest and easiest to understand! Good shit!
@TechnoTim 2 жыл бұрын
Thank you! I have plenty of self-hosted videos!
@gcmaudio 3 жыл бұрын
Love your channel, Tim! Have learned so much from it, and it's opened my eyes to lots of cool open-source stuff I didn't know existed. I discovered your channel looking for Kubernetes tutorials! Keep up the great work 👍
@TechnoTim 3 жыл бұрын
Great to hear!
@deancox5383 3 жыл бұрын
EXCELLENT !! I've been following the smart home tutorial and although being very detailed frankly has been very hard for me with the additions of Authelia and the mass of information to digest, going out to the internet for help has been a voyage of discovery with the realisation that I'm not alone in the pursuit. Perfect timing and again many thanks for taking the time. :D
@TechnoTim 3 жыл бұрын
You're very welcome!
@lexitusfish 2 жыл бұрын
Thanks for the inspiration Tim. I'm using Nginx, but your configs got me 80% of the way there, and the Authelia docs are pretty solid as well. The 2-factor setup is really smooth! 👍
@TechnoTim 2 жыл бұрын
Thank you! NP! Nice work!
@ppastur 2 жыл бұрын
Hi Ed, I was wondering if you could share how you got this working with NGINX. I have NGINX proxy manager already set up and working and would love to use Authelia instead of the basic authentication provided by NGINX. Tim- thanks for the informative and detailed video.
@NightingaleMage 2 жыл бұрын
Thanks for everything you do, Tim, you've gotten me so far in my container & home labbing journey so far to increase my skills. After doing digging into tons of potential options for MFA in front of my containers, Authelia has seemed to massively be changed compared to this review & example setup. Do you think you could look at doing a follow-up with the updated options / potential changes to the configuration options & install process?
@neolithic1990 2 жыл бұрын
After your amazing video about SSL with traefik i followed this one, man, i learn so much with you, i can't say enough thank you... Tyvm!
@TechnoTim 2 жыл бұрын
Thank you!!!
@sagarsriva 2 жыл бұрын
great video, thanks. just learned Traefik-love it, now going to setup authelia, needed just this video
@paolonervi2208 Жыл бұрын
Thank you very much for all the time you dedicate to making your super useful and super clear videos...
@430942 2 жыл бұрын
I convinced you are doing some QA before you release the final version from a video. It's not possible you to be so anticipated to every possible individual need. Congrats man, you are doing really good
@TechnoTim 2 жыл бұрын
I set up and QA everything before I create any tutorial. It's rare that I just wing it and do it live :)
@chrisdelucatube 9 ай бұрын
Another amazing video! My todo today is to use Authelia to protect my K3S based containers. Thanks again!!
@walideshtiwi6303 Жыл бұрын
perfect tutorial and clear step by step thank you, TIM excellent job
@Gosydelix 2 жыл бұрын
Good work Tim! Really helpful to be honest since I’ve had problems setting this up but unfortunately I don’t use traefik for reverse proxy. Id love to see a version with npm instead of traefik!
@magnoliaraoul 3 жыл бұрын
Great video as always, thanks a lot Tim !
@TechnoTim 3 жыл бұрын
Glad you enjoyed it
@sussudio4384 Жыл бұрын
Thanks TechnoTim, I simplified the configuration of my middleware thanks to you. I followed smarthomebeginner's but you should also see how others have set it up. Personally I've simplified my configuration.yml file to the bare minimum by indicating only the required options and leaving the non-required options by default.
@SelfSufficient08 2 жыл бұрын
Thank you for all your content ! I am hoping eventually someone does a similar video for Nginyx Proxy Manager and Authelia instead of Traefik.
@elwoseopenstepcrew1134 Жыл бұрын
amazing content, just what i need . regards from spain bro! :D
@LarsKniep 2 жыл бұрын
Nice! would be cool if you could make a video on how to implement authelia in a k3s / k8s cluster.
@user-kd7fw4hn4h 3 жыл бұрын
Just what I was looking for! Nice
@nissaar5249 2 жыл бұрын
Very interesting Video No beating around the bush Excellent !!! I was able to setup Authelia with Traffic using this video
@TechnoTim 2 жыл бұрын
Excellent!
@arkhadius1172 3 жыл бұрын
Thanks! very good explanation.
@simongillet2659 2 жыл бұрын
Awesome, thanks for sharing your files.
@localho 3 жыл бұрын
Thanks a lot, was able to create a Kubernetes deployment with this in a few hours ;)
@TechnoTim 3 жыл бұрын
Glad I could help!
@Emerald13 3 жыл бұрын
Incredible, will definitely try this
@jeremytaylor8825 3 жыл бұрын
Amazing! Thanks so much! You made this too easy.
@TechnoTim 3 жыл бұрын
You are so welcome!
@Techonsapevole 3 жыл бұрын
Impressive! What I was looking for.
@TechnoTim 3 жыл бұрын
Glad you liked it!
@squalazzo 3 жыл бұрын
Tim missing from youtube for 3 weeks? --> Tim is working on big stuff, well explained as always! :D
@TechnoTim 3 жыл бұрын
Thank you! Yup, always working on the next thing! This one took a little longer than expected!
@squalazzo 3 жыл бұрын
@@TechnoTim compare it with Pomerium :)
@JPEaglesandKatz Жыл бұрын
Awesome video!! Thanks!
@bohdanshcherbak6303 3 жыл бұрын
ok, you convinced me.... i'll migrate all of my vms to docker and authelia.
@michelangelop3923 3 жыл бұрын
That's what I have postponed for the last week! Now I will set it up!
@rdvanaltun7668 2 жыл бұрын
I was thinking setup 2FA auth is hard on Authelia but comes out it is too simple, thanks for the video
@boxinghistory82 3 жыл бұрын
I like you bro !! keep up !
@MikeDeSantis607 3 күн бұрын
Thanks!
@madhudson1 Жыл бұрын
great vid, would love to see a k8s + traefik implementation too
@DanielRolfe 3 жыл бұрын
Thanks Tim, very interesting 🤔
@TechnoTim 3 жыл бұрын
Glad you enjoyed it
@MestreDentistaGUC 3 жыл бұрын
Hey I like this! Gonna give it a go in my lab. 🤔
@dimaj1 2 жыл бұрын
Thanks for another great video! So, are you saying that by implementing Authelia, I can disable "native" auth of the protected endpoint? Or would you still recommend doing auth of the app you're trying to get to. In other words. if I were to put portainer behind authelia, would you still enable auth in portainer? Thanks!
@insomniac_coder 3 жыл бұрын
Woooow 🤩🤩🤩I just setup reverse proxy for my homelab and this 🤩🤩🤩
@TechnoTim 3 жыл бұрын
Nice!
@magnuslundquist2899 3 жыл бұрын
This works great, added 2FA to the traefik dashboard.
@JeanLucGARNIER 3 жыл бұрын
Nice video! I'll give it a try with my lab apps! If anyone already tweaked the script for Nginx Proxy Manager instead of Traefik, I'd like to get your advices! Thanks in advance and keep up the good work!
@DamjanKumin 3 жыл бұрын
I like the video and I like content.. I miss the old day TT videos and this one is like that (sorry for feeling nostalgic). So does this now mean you abandoned Rancher completely? Just docker and Portainer? Because this would mean that the rest of us will need to “augment” some of the config - not that this is a problem but just a thought.. I followed much of your tech tips and choices and am in proccess of lab upgrade and ofc thinking ahead and including your choices :) thx again for great soft choice and excellent video! Keep it up!
@TechnoTim 3 жыл бұрын
Thank you so much! Didn't abandon it at all! I still run Rancher and Kubernetes at home as well as Docker and Portainer (I always have). just trying to show love to both sides of the aisle!
@DamjanKumin 3 жыл бұрын
@@TechnoTim thx a million for reply! I look forward to future vids! Sometimes I have your videos playing in background :D so that I do not forget anything 🤷♂️🙃
@iAbdulla_AJ 3 жыл бұрын
That interesting tools, but I remember before you mentioned you used Keycloak for SSO in your lab! I hope you can make a video on that tools as well and if possible you compare them from your opinion and experience.
@TechnoTim 3 жыл бұрын
Thanks! I did mention Keycloak for Rancher Auth but I am using GitHub for that. This is my identity provider internally (rather than using an external provider).
@RonDLite 2 жыл бұрын
Tim keeps finding ways to save us money
@MsRope93 3 жыл бұрын
Thanks pretty cool
@mct0407 2 жыл бұрын
Hi Tim, great video thanks. Just wondering how you dealt with using Heimdall and the hosted pages behind it? Will the added authelia layer stop the enhanced features that Heimdall uses?
@TechnoTim 2 жыл бұрын
If you put a proxy between, it will. otherwise you will need to call the unproxied call, if you can
@budimanjojo4456 3 жыл бұрын
Great video. I've been using authelia for a year and yes it's super awesome because it's so easy. But there's one thing I hope you can cover in the future, it's to set authelia to authenticate services that have its own signin page. I always wanted to try it but it's complicated, the service need to support header authentication or something like that (that's why the compose file has the headers in the traefik middleware section). Also, I think you missed out one important part in the configuration, it's the time your session should end. It's important not to set your session to last forever in your cookies, the default is 30days if I remember correctly. 😁
@TechnoTim 3 жыл бұрын
Thank you!
@TechnoTim 3 жыл бұрын
You can do it now with Proxmox 7 and OpenID connect for Authelia!
@budimanjojo4456 3 жыл бұрын
@@TechnoTim waiting for your tutorial for that 😁
@emileclevers2178 3 жыл бұрын
Thanks for the very clear tutorial ! As always :) Could we deepdive in how to setup the OpenID Connect part when it will be officially released by Authelia ?
@TechnoTim 3 жыл бұрын
You can do it now with Proxmox 7 and OpenID connect for Authelia!
@bengerber4542 Жыл бұрын
I think it would be worth doing up updated version on this using OIDC SSO. It seems like it has come a long way
@systemofapwne 3 жыл бұрын
God dammit, I would like to have known about this about 6 months ago. Right now, I do use organizr for main login against an LDAP backend, which then creates a JWT-cookie for accessing other services. That actually took me some time, especially since Organizr's default JWT checking is slow, so I coded a "middleware" for checking the cookie my own. Authelia would just have had this out of the box :/
@Buxton252 Жыл бұрын
Thank you much. Was able to get Traefik up and running from your previous video, and now Authelia for authenticating my services. Awesome. One missing piece though. Could you do a video on a Cloudflare zero trust tunnel connecting into Traefik-- using Authelia as the traefik dashboard authenticator. I know I could just point Cloudflare DNS at my home gateway, but I like the idea of their Zero Trust tunnel allowing one to not open ports on one's router. Thanks again.
@ppastur 2 жыл бұрын
Great video Tim! Thanks. Any pointers as to how to get this working with NGINX proxy manager ?
@TechnoTim 2 жыл бұрын
Thank you! Not sure, I use traefik!
@thomask2580 2 жыл бұрын
Thanks
@TechnoTim 2 жыл бұрын
Thank yo so much!
@final182 3 жыл бұрын
This sounds amazing, I am going to deploy this on my homelab as well. Just wondering, what would happen if you use it with, for example, the nextcloud desktop app? I don't think It should be able to connect anymore
@nikhil96widhani 2 жыл бұрын
it will break all associated apps because the apps are not used to dual layer of authentication. I think you are looking for a solution such as LDAP. I will love to see a video on LDAP by Tim
@gkchimzz28 Жыл бұрын
Thanks for this. Is there a way to use this for Nextcloud and Home Assistant, such that the Mobile Apps still work?
@hawks5196 3 жыл бұрын
Could you go into the openID stuff and also are you able to log into applications that have their own user/pass by only inputting it into Authelia (and it somehow forwarding that on?)
@Hydridity 3 жыл бұрын
That's what I'm interested in, when for example protecting proxmox like that, if you don't have already active session for proxmox, it would ask you first for Authelia authentication , and after that proxmox would ask for user once again via it's own authentication by default
@simonostendorf6280 3 жыл бұрын
Same question.
@TheNorthRemember 3 жыл бұрын
same question
@TechnoTim 3 жыл бұрын
You can do it now with Proxmox 7 and OpenID connect for Authelia!
@Hydraulix 3 жыл бұрын
🙌🎉🙌🎉🙌🎉 YES!
@jvrietveld 3 жыл бұрын
Have you considered using the dynamic configuration of traefik instead of the static one? I find the use of labels per docker-compose file confusing and obscure. See Li Yangs video 'Understand File Provider in Traefik 2' Thanks for the great episode with useful examples
@TechnoTim 3 жыл бұрын
That's a great idea!
@lpkampen 2 жыл бұрын
I'm going to try this again, i tried a few weeks ago but somewhere I failed. You know about an Authelia alternative for Kemp?
@wstrater 3 жыл бұрын
Hello, nice video. I have a question about single sign-on. I understand that Authelia is protecting your access to the Proxmox website but how did it log you into Proxmox? Doesn’t Proxmox have it’s own credentials and log in page?
@TechnoTim 3 жыл бұрын
You can do it now with Proxmox 7 and OpenID connect for Authelia!
@mra282 2 жыл бұрын
Can you do a tutorial on enabling OpenID Connect in Authelia?
@peterkleingunnewiek5068 2 жыл бұрын
Thank you again Tim, for another nice KZfaq manual. I did follow both sessions wildcard ssl and this one. And everything works 2fa and certicates docker- and external websites except Proxmox. Is something changed in the meantime? I get after waiting for 10 seconds a message “gateway Timeout” on a empty page with the correct web address and with the correct certificate. If a make a A-Record pointing too the ip+port direct its works. But not with Traefik and Authelia. Could you or someone else help me this last mile :)?
@TechnoTim 2 жыл бұрын
I have examples on my docs site for both authelia and traefik. There is extra config you need to do. You might have to double auth to proxmox too though. Check it out and let me know.
@khemararab8588 3 жыл бұрын
You should try using push notifications with DUO ! You'll be more impressed.
@hawks5196 3 жыл бұрын
I second this!!
@erbmur Жыл бұрын
I might be a little late, but I've just been following along and had a question. I can see that the link you recieve for your 2FA is an https link. Why would my authelia be sending me an http link that just leads to a blank page or 404 not found?
@a6k7r2 3 жыл бұрын
Can you please do a video on installing and configuring kong apigateway on rancher!!
@ozzykampha2776 2 жыл бұрын
Can you do a video about authentik?
@lichtii1972 2 жыл бұрын
could you also show how to install this with the nginx proxy manager?
@damo_c 11 ай бұрын
Hey Tim Using the file backend, have you ran into Authelia crashing with an index out of range error? Mine was only up an hour before it crashed out
@zombievaliste Жыл бұрын
Hi Techno! Don't know if you'll see my comments but is that possible that Authelia/Crowdsec is "breaking" the auto-renew process of the cloudflare/let's encrypt certificate?
@FireBean8504 Жыл бұрын
Is there any chance you could create a video about Authentik? I'm currently comparing JumpCloud and Authentik as identity sources. I'm unsure whether I should type this up on my only server, as it could lead to a chicken and egg situation if the server reboots and I'm unable to access it to fix any issues. I've had a similar experience with a VM cluster that relied on NFS Storage through FQDN when all the DNS Servers went offline... It was a terrible situation!
@stevefrost831 3 жыл бұрын
I was getting frustrated managing a bunch of different docker-compose files so I did some hunting... I just found out yesterday that you can have one docker-compose.yml file and only call one container like this: docker-compose up -d authelia or docker-compose up -d --force-recreate traefik
@TechnoTim 3 жыл бұрын
Nice tip!
@fltngmmth 2 жыл бұрын
you can rename external networks. i usually declare my external traefik network and declare the name underneath since docker likes to rename duplicate network names like “traefik_traefik”
@TechnoTim 2 жыл бұрын
Thank you!
@BlazDGuitar Жыл бұрын
There is a problem with this approach or i'm missing something (probably the latter) In order for this to work there is need to disable auth for all services (what if a certain service is missing that option?) because if you don't disable then you receive 2 login screens and thats snnoying. and if you disable the service's login screen, you can just access the service directly with the local ip and port if someone was able to gain access directly to your home network, which under certain circumstances could be easy (a malicious guest, a hacker trying to crack the wifi, weak wifi password... etc)
@davidg4512 3 жыл бұрын
Super powerful. Do you have a tutorial for authelia on kubernetes? I heard it's not really supported yet.
@TechnoTim 3 жыл бұрын
I don't yet. They do have a helm chart but haven't implemented it yet!
@rafaelcampoverde 3 жыл бұрын
Hi! Thank you for your video... I have one question.. after authelia authentication... you got logged as “root” on Proxmox... Proxmox authentication was previously cached? or authelia sends a “token” to proxmox for your authentication?
@TechnoTim 3 жыл бұрын
You can do it now with Proxmox 7 and OpenID connect for Authelia!
@davidwestra8181 Жыл бұрын
Are there pros and cons of this compared to the zero trust applications from cloudflare that provide a similar service? Is there a reason to do both?
@michaell7511 2 жыл бұрын
Hi Tim, Great tutorial. My only issue with Traefik and this setting is the limitation (or headache) that it cannot be used across multiple instances of docker hosts..i:e, if one is running 3 different docker machines on 3 different vm with 3 different IP addresses. Can you show how to achieve the same perhaps with Nginx proxy manager with containers hosted on 2 or 3 different docker hosts?
@TechnoTim 2 жыл бұрын
It sounds like at this point you should use swarm or kubernetes, or just have traefik on one machine, and treat the other services like a remote service and create a route for them. I have route examples in the docs
@michaell7511 2 жыл бұрын
@@TechnoTim Do you plan on delivering a tutorial on that? I'm sure that lots of us following you will be interested in that. I meant tutorial on how to have traefik on one machine, and treating the other services (dockers in other host machines) like a remote service and create a route for them? Thanks for everything Tim.
@camerontgore 3 жыл бұрын
Two Auth all the things!!!
@ryanmalone2681 15 күн бұрын
As soon as I saw reverse proxy I thought "nope"! Spent something like 100 hours trying to get a reverse proxy working unsuccessfully.
@bhautikin 3 жыл бұрын
What you think about OAuth Proxy?
@Prostatafocal 10 ай бұрын
I’m trying to use 2FA with a yubikey 5 series but can’ register the yubikey. Any thoughts?
@Equality-and-Liberty 2 жыл бұрын
Yet another great video of you. This is what is was looking for but...... At the moment, i am using the reverse proxy of my Synology NAS. For that reason, i can't install another reverse proxy since ports 80 and 443 are forwarded to my Synology NAS for Let's Encrypt certification. I would love to use this solution if i know how to solve that problem with the ports 80 and 443 that are claimed by my Synology NAS.
@TechnoTim 2 жыл бұрын
I think you could put another between. Incoming 80/443 go to new reverse proxy, and then it forwards to your synology. It does complicate thing.
@Equality-and-Liberty 2 жыл бұрын
@@TechnoTim Thanks for the answer. I think I'm gonna remove the reverse proxy of the Synology completely and do my certification stuff on the new reverse proxy. In that case, i don't have to worry about ports 80 and 443 for Synology. That would make things less complicated.
@Equality-and-Liberty 2 жыл бұрын
Thanks to you again i am now running Pi-hole, Traefik (automatic SSL cert of my apps), and last but not least Authelia.I wanna thank you very much for that. All are running smoothly. Two comments i want to make though; Authelia is not for multiple domains. I have multiple domains but only one i can use with Authelia. Second is that i use 2FA for Proxmox but when i pass through the 2FA, i just end up in the login screen of Proxmox asking for my username and PW. I thought with the 2FA of Authelia it was SSO with Proxmox?
@TechnoTim 2 жыл бұрын
Thank you! I think there’s some additional config needed for proxmox.
@AlexandreAlonso 3 жыл бұрын
how to add personalized login theme? My projects requires to use customize login page for different sites
@ebrahimchalhoub9313 Жыл бұрын
I wonder how this would work with apps that need to connect to the service, like the jellyfin app on mobile or TV
@sumitmamoria 3 жыл бұрын
Great video. So...if a service already has a login of its own, will it get automatically authenticated after the authelia login is validated? Or will ask for two different logins?
@TechnoTim 3 жыл бұрын
You will have different sign ins unless you disable or pass the auth header
@Ne0_Vect0r 3 жыл бұрын
@@TechnoTim can you easily pass the auth header when using traefik?
@atrocitykings684 Жыл бұрын
I keep getting this message whenever i start the container up. I have copied all the files exactly as they are from your launchpad and still encounter an issue when the container starts up. It does not start up properly and assign a port in published ports section in portainer. Error message: level=info msg="Initializing server for non-TLS connections on '[::]:9091' path '/'"
@knoker666 2 жыл бұрын
My main doubt with with setup is how do api calls handle the authentication. For example home assistant connecting to transmission ip, or radarr connecting to emby.
@J.erem.y 2 жыл бұрын
Mainly what I do is have them on an additional network named something like API, it doesn't really matter as long as the containers can access each other via direct hostname. When you go to put in the address in the API settings, you use the direct hostname as the target and your API key. I have prowlarr, radarr, sonarr, readarr, lidarr and qbittorent all handled this way. If your apps are not going through the main entrypoint, you shouldn't be caught by the authentication.
@vcele 2 жыл бұрын
where do I point my auth subdomain at, or how do I get the IP-address of the proxy network
@amarul92 2 жыл бұрын
Hi TIm. I have hyper-v 2019 and on that I installed the Windows Admin Center. The Windows Admin Center is a web portal that lets me control the hypervisor (e.g spin up vm's). I want to expose the Windows Admin Center to the internet. If I put my server with Windows Admin Center behind a reverse proxy and utilized Authelia, would I be able to use Authelia to log into the Windows Admin Center?
@TechnoTim 2 жыл бұрын
You should be able to because authelia supports LDAP and OpenID Connect!
@doemaeries 2 жыл бұрын
14:40 will sqlite be fine for like 100-200 users or should I choose something else?
@TechnoTim 2 жыл бұрын
I would choose something else, especially if this is something critical so you can easily back up the db.
@Mythix2 2 жыл бұрын
this is not SSO. it does not sign you in to your proxmox or heimdal, it just allows you to access it. its additional to the auth built in the services, SSO would integrate/replace those.
@gmaclean1 3 жыл бұрын
My ISP modem (which I require) doesn't have NAT Reflection. Any hope of using external domains linked internally?
@Mr.Leeroy 3 жыл бұрын
yes, transparent DNS server that forwards external queries upstream and resolves local rebinds.
@kpatel4785 Жыл бұрын
Seems like so much has changed. Is there a way to make new guide? Like setting up all separately like traefik, authelia one by one. I am still confused on traefik and when I follow your guide on authelia, it is missing like secret, encryption and all.
@mrkesu 3 ай бұрын
Did you use the file examples from the repo he linked to in the description? I set it all up today and had no issues (except for my own spelling errors)
@ausafahmad8335 3 жыл бұрын
Hey, don't mind if this is a stupid question, but where do we supply the actual credentials to log into Proxmox ? Proxmox is running as a totally separate service and we didn't configure any auth endpoint (like we did for heimdall) for PVE. So once authelia authenticates us, how does PVE know that the user should be allowed logins ? (I'm trying to achieve this with eSXI)
@TechnoTim 3 жыл бұрын
You can do it now with Proxmox 7 and OpenID connect for Authelia!
@ausafahmad8335 3 жыл бұрын
@@TechnoTim Thanks ! But can you please explain how in this video Authelia is able to Authorize a user for Proxmox without using explicit trust relationship ?
@Ne0_Vect0r 3 жыл бұрын
@@TechnoTim the thing is.. I want to use SSO with 2FA, but it seems for this oauth or saml is needed.. but there are many apps which aren't compatible with oauth/saml also authelia can provide me free totp.. so I thought this may be the easy fix (login with LDAP + totp -> passing the normal user-creds (all my apps have LDAP as their backend). but it's not? so this is only login/"sso" for apps without auth/users?
@beoen180 8 ай бұрын
@@ausafahmad8335 I was wondering that as well... Not every service has OpenID or something like that, and even something like Heimdall has different users, I still don't get, how the authentication works on the actual service...
@ctyl5686 Жыл бұрын
Heimdall is not redirecting to the Authelia Login screen and instead, displays a 401 error. However, if I login into Authelia, I can then access my Heimdall front page. I appreciate this is an older video, but any suggestions would be welcome please.
@ctyl5686 Жыл бұрын
Solved my own mistake, I had not updated the Traefik data/config.yml file with the correct Authelia settings. Working fine after I did this.
Kirill Multitool
Рет қаралды 52 МЛН
Lawrence Systems
Рет қаралды 243 М.
Raid Owl
Рет қаралды 357 М.
GuiPoM - G. testé !
Рет қаралды 17 М.
PRO Hi-Tech
Рет қаралды 104 М.
LED Screen Factory-EagerLED
Рет қаралды 21 МЛН
Immersed
Рет қаралды 73 МЛН