Additional Self-Hosted Security with Authelia on NGINX Proxy Manager
Рет қаралды 105,087
2 жыл бұрынIn this video we're going to take a look at installing Authelia via Docker and Portainer so that we can add another level of authentication security to other subdomains on our self-hosted server(s).
REFERENCE MATERIAL:
Authelia Configs:
dbte.ch/authelia
NGINX Proxy Manager
• Secure Your Domain wit...
Install CloudFlare SSLs in NGINX Proxy Manager
• Install Cloudflare SSL...
/=========================================/
✨Find all my social accounts here:
✅ dbte.ch/
✨Join this channel to get access to perks:
✅ / @dbtechyt
✨Come chat in Discord:
✅ dbte.ch/discord
✨Services (Affiliate Links):
✅ PrivadoVPN: dbte.ch/privadovpn
✅ Digital Ocean: dbte.ch/do
✅ Bunny CDN: dbte.ch/bunnycdn
✅ Private Internet Access (PIA) VPN: dbte.ch/piavpn
✅ Amazon: dbte.ch/amazonaffiliate
✨Hardware (Affiliate Links):
✅ TinyPilot KVM: dbte.ch/tpkvm
✅ LattePanda Delta 432: dbte.ch/dfrobot
✅ Lotmaxx SC-10 Shark: dbte.ch/sc10shark
✅ EchoGear 10U Rack: dbte.ch/echogear10u
The hardware in my current home server is:
✔ Synology DS1621xs+ (provided by Synology): amzn.to/2ZwTMgl
✔ 6x8TB Seagate Exos Enterprise HDDs (provided by Synology): amzn.to/3auLdcb
✔ 16GB DDR4 ECC RAM (provided by Synology): amzn.to/3do7avd
✔ 2TB NVMe Caching Drive (provided by Sabrent): amzn.to/3dwPCxj
All amzn.to links are affiliate links.
/=========================================/
Remember to leave a like on this video and subscribe if you want to see more!
/=========================================/
Like what I do? Want to be generous and help support my channel? Here are some ways to support:
✅ Patreon: dbte.ch/patreon
✅ PayPal: dbte.ch/paypal
✅ Ko-fi: dbte.ch/kofi
/=========================================/
Here's my Amazon Influencer Shop Link:
✅ dbte.ch/amazonshop
@DBTechYT 2 жыл бұрын
Be sure to watch this video if the container wont' deploy and you you get errors in your container logs: kzfaq.info/get/bejne/f9ugdNZ8lcvFnok.html
@miggywiggy1988 2 жыл бұрын
Hi DB Tech, I follow most of your videos for guidance in deploying my containers. Can you possibly do a video on Authentik? I haven't been able to get it up and running. I've been using Authelia using this video but I'd like to try Authentik.
@naveenchandra6526 Жыл бұрын
@@miggywiggy1988 Authentik is way messier than Authelia, only if you need multiple flows switch to Authentik.
@philwalker5268 2 жыл бұрын
I'm very late to this tutorial, as it's only something I've felt the need for recently. That said, thanks for another great tutorial (I know I've used at least one of your's before for something else, but I forget which one). I could trawl through all of the documentation for Authelia, and figure it out myself *eventually*, but it's always really time consuming. Your vids are a huge timesaver, as you condense things down to what we need to know, and you explain it really well; pretty quickly, but step by step and comprehensively. Easy to follow, even for beginners in the home server space. Bookmarked, and I'll go through this tomorrow (although it'll take some time to get through my 23 container setup). Thank you.
@afrosheenix 2 жыл бұрын
PRO TIP ---- If you're using a Gmail account, before you enter your configuration details at 18:00 go into your Google account settings, then security, then generate an App Password. This ensures that you have a single-use password for this program with it's own unique identifier, and it is not the same as your "normal" email password, and it also won't be challenged the same. It'll break if you don't do it this way with many old fashioned authentication schemes.
@DipanGhosh 2 жыл бұрын
This worked like a charm. Thank you SO MUCH for putting this together. There is very little info on how to set this combo up, but your documentation has proved invaluable.
@DBTechYT 2 жыл бұрын
Great to hear!
@jamesdanielelliott Жыл бұрын
@@DBTechYT There's actual an official guide now which has a method to simplify the advanced tab. That being said it is not geared towards portainer (more docker compose) and it requires a manual mount of a snippets directory that you add files, other than that it's very simple to implement.
@258JUAN Жыл бұрын
Very helpful. Got me throught and was able to get Authelia up and running on my end. Tutorial still relevant as of July 2023
@johnpetro6661 2 жыл бұрын
This is gonna be REALLY helpful. Lots of great info here. Thank you so much for putting this together. As always, it was well explained. I definitely feel like I have a somewhat better understanding of what's going on here.
@DBTechYT 2 жыл бұрын
You are so welcome!
@markc7933 2 жыл бұрын
Right this is going to be a rewatch till I get it. But it’s what I’ve been looking for. This is the best channel to pick this stuff up!
@jasonmeehan6080 2 жыл бұрын
superb video, I thought setting this up was going to be a nightmare, but you've made it very manageable
@Jeroenus90 2 жыл бұрын
This is a great tutorial!! Was looking to set up Authelia with Nginx Proxy Manager for a while but didn't find anything useful until I checked your channel. Great video as always ❤
@DBTechYT 2 жыл бұрын
Glad it was helpful!
@DBTechYT 2 жыл бұрын
🎆🎆🎆 Find me on social media or support the channel here: dbte.ch/
@Pickledeggs3000 10 ай бұрын
Fantastic guide! Thank you so much, helped me get this all running in no time after struggling with other options :)
@Galakyllz Жыл бұрын
This video was super helpful! Thank you for putting all of this together. I really appreciate it.
@egorzakharov1896 Жыл бұрын
Thank you! Very inspiring video! I'll use this auth in my serup. Love your content bro, you are laways amazing. You save me so much time researching
@Glatze603 2 жыл бұрын
Thanks for this video about this awesome open source tool. I installiert it a few weeks ago and I love it! Now I have 2fa for every software that I would like to reach from outside my homelab! It‘s really great!
@DBTechYT 2 жыл бұрын
Very cool!
@florent4668 Жыл бұрын
There is a tabulation before the comment line in "users_database.yml". My authelia container wouldn't start at all, removed the tab that's did the trick. Thank you very nice vid and well explained !
@sajeeshnair 2 жыл бұрын
This is the best Authelia tutorial have come across. All my doubts are absolutely clear. Cheers!
@DBTechYT 2 жыл бұрын
Wow, thanks!
@Rakiga 11 ай бұрын
Easily one of the best videos for setting this up. Even using a different OS (TrueNAS), I was able to set it up without issue. Thanks!
@DBTechYT 11 ай бұрын
Glad it helped!
@TerenceKearns 8 ай бұрын
Well done. Thanks for all your hard work. I won't be implementing this right away but I watched it through just to get an idea of what's involved.
@scottfrancis3601 2 жыл бұрын
Best tutorial on KZfaq, Thank you I tried other tutorials and they all failed to work for me. Brilliant and really well presented... Subscribed Thank you.
@DBTechYT 2 жыл бұрын
Great to hear!
@tiagoriserio6334 2 жыл бұрын
Thank you very much!! Absloutelly incredible job. I've seen the video twice: once for preparing, the second time for action and it worked flawless!!!
@DBTechYT 2 жыл бұрын
That's awesome!! I'm glad it was helpful!!
@tiagoriserio6334 2 жыл бұрын
@@DBTechYT Any tips on how to fix 403 forbidden? The first two containers I tried had no issues, but then I'm suffering with 403 forbidden after filling authelia. For example: it worked perfectly on Radarr or Bazarr, but there's no way to make it work on sonarr or homer dashboard. Thanks in advance!
@reneb.6682 Жыл бұрын
respect for all of your hard work and wunderful help to get this running at my side, you made my day. its working fine.
@whoisvince Жыл бұрын
Fantastic!! This video was great, worked like a charm
@MyAeia 9 ай бұрын
Thank you very much. Thanks to your tutorial I finally got Authelia up and running. Very good explanation that could be taken over 1 to 1 so with me without problems
@DBTechYT 9 ай бұрын
Glad it helped!
@yasaralzakout7691 8 ай бұрын
I really like the way you explain things. you have a great talent to deliver the message in a simple way, and make everything looks easy. Thank you.
@DBTechYT 8 ай бұрын
I appreciate that!
@jupiter00009 Ай бұрын
Thank you! This is what I've been looking for for so long.
@DBTechYT Ай бұрын
Glad I could help!
@omgMBP 2 жыл бұрын
Fantastic walkthrough. I had commented on this topic on another authelia video of yours, promising I'd come back and review this video on nginx proxy and authelia working together. I've had this working on my personal stuff for about 6 months now without issue... but I went through absolute hell getting it going at first because of the limited and/or poor documentation on the topic. I'm rather proud to say that my solution was effectively the same as yours - but I could have saved about three days of slamming my head against nginx proxy manager to get it going if I had your video and templates to get me going. Your formatting is better than mine on your templates, so Im going to be going through all subdomains and just use yours. This was an excellent video making a fairly advanced topic manageable for a newer power user. Thanks for the great solution and the templates!
@DBTechYT 2 жыл бұрын
Thank you so much for this! It took me a while to figure out and I wanted to try to explain it in a way that made it easier for others :)
@omgMBP 2 жыл бұрын
@@DBTechYT yeah. This video should be a sticky over at authelia. Seriously. Ps: maybe worth adding a comment pin that this config will fail without adding that new requirement for a secret key in authelia config? Or have you updated the template? Edit: ohh. Hahaha I see you already did. Nice!
@DBTechYT 2 жыл бұрын
Yep. Even made a follow-up video about it :)
@hbhamilton3 Жыл бұрын
Great video! I dumped Traefik when I found NGINX Proxy Manager and this video is perfect for integrating Authelia. Thank you!
@DBTechYT Жыл бұрын
Outstanding! Really glad to hear it! If you find my content helpful and would like to get ad-free access to a growing library of content, you can join my Patreon: www.patreon.com/dbtech or my private member site: dbtech.fans
@BobbieERay Жыл бұрын
This was very helpful thank you. In regards to the "sessions:" variables @ 00:16:02. You can actually fill in minutes, or hours. You just have to denominate them differently, e.g. "expiration: 5m", or "expiration: 1h", instead of "expiration: 3600" And as @glassman3333 has pointed already, changing the name, as shown @ 00:29:43, is obsolete. You're just a changing a variable name that is being referenced in the next line. So all you have to do, is to make sure that it is consistent between the two, but you don't have to adjust it.
@LyuboslavPetrov 2 ай бұрын
It was very helpful and I spend today to secure all my services behind authelia and SSL. Thank you so much.
@DBTechYT 2 ай бұрын
Great to hear!
@arrogantpublisher 2 жыл бұрын
Bloody beautiful work man! Cheers!
@DBTechYT 2 жыл бұрын
Thank you! Cheers!
@TanmayPathak22 2 жыл бұрын
This was great! Thank you so much!
@laduzi3940 Жыл бұрын
OMG FINALLY. I GOT IT WORKING FOLLOWING YOU GUYS!!! YOU ARE LEGEND AND A SAINT
@renorono 3 ай бұрын
Thank you! This tutorial helped me so much! I've spent countless hours trying to get Authelia running with NPM, with no luck. I've tried so many different variations, trying it with mariadb and whoami etc, following various tutorials. All of it was very hard to understand, and had zero success. This was by far the easiest to follow and most successful for me. I did have to make some changes to configuration.yml to get it working properly. I think some of the syntax you've used has changed. Some of it was just deprecated, but in other places, it just didn't work. After reading the logs though and comparing them with the Autherlia documentation, these were easy fixes. Just thought I'd mention it in case you wanted to update the config examples on your website. I learnt a lot from the process though, so these were "good" errors for me. Thanks again.
@Professional_Human 10 ай бұрын
Love your guide got it working on my homelab thanks to you
@Ohmygodzilla 2 жыл бұрын
Thank you so much for this! Great tutorial.
@cxl520 Жыл бұрын
Great video for Nginx Manager users!😃
@jcdock 2 жыл бұрын
Amazing video. Very well explained, made it super simple to get this set up. Many thanks
@DBTechYT 2 жыл бұрын
Thanks for watching
@ungeekenmunich 2 жыл бұрын
This video has been extremely helpful! Now my apps are finally secured :) Thanks!
@DBTechYT 2 жыл бұрын
Great to hear!
@jakewhitworth5813 2 жыл бұрын
Thanks for this! Well worth the wait got it rolled out this evening and it solved my biggest problem!
@DBTechYT 2 жыл бұрын
That's awesome!! Glad to hear it!
@jakewhitworth5813 2 жыл бұрын
@@DBTechYT being able to reach out for help was really refreshing, do you run a discord server or anything? Its something I'd pay a subscription fee to especially if it meant discussing ideas like this?
@DBTechYT 2 жыл бұрын
I've got a Patreon with different levels of access and some of them include Discord benefits: dbte.ch/patreon
@SimionChis 2 жыл бұрын
I just discovered your channel. I liked, subscribed and this video is bookmarked. Thanks
@Weirlive 2 жыл бұрын
so happy to hear I'm not the only one that isn't a huge fan of Traefik.. I think NPM is just easier to use. Great video!!!!
@DBTechYT 2 жыл бұрын
Thanks!! And, yeah, I REALLY prefer NPM over Traefik for my use-case.
@aratz_ 2 жыл бұрын
So many thanks for this awesome tutorial. 😃
@DBTechYT 2 жыл бұрын
Glad it was helpful!
@jasonchurchward9723 2 жыл бұрын
Excellent video I was able to get it working without too much trouble. btw, I think you should build on this further with another video showing full SSO into some standard applications like Bookstack and Portainer as to show the power of it all working together.
@DBTechYT 2 жыл бұрын
Thanks for the tip!
@gswhite 2 жыл бұрын
Reallly, really fantastic video, and I am using this configuration now for my sites and containers. I woudl love to see a follow (Part 2) showing 2FA and DUO Push?
@pkoptik Жыл бұрын
Massiv Video Thanks a lot for this very good video and updated configs!
@DBTechYT Жыл бұрын
Happy to help
@WRod1464 2 жыл бұрын
great instructions. keep up the good work
@wawefr Жыл бұрын
Hi very good job, much appreciate. I'm using nginx + Cloudflare as you explained in another video, but the integration with Authelia isn't working. Authelia works on its own, but the redirection system in the 'advanced' settings isn't functioning. I read that I also need to create redirect transformation rules in Cloudflare, but it's difficult for me. If you have any ideas, I'd appreciate it. Thanks again for your help
@rsdosev 2 жыл бұрын
Hi there! Great video! I have a question for you. Is there a way to disable all published ports for the secured containers and let them be accessible only from authelia, and not from the other local hosts in the local network?
@cereal_experiments 2 жыл бұрын
this is great! i would love a part 2 on setting up an ldap backend for the user accounts using something like freeipa or glauth.
@IBRACORP 2 жыл бұрын
We already covered this a while back, check it out: kzfaq.info/get/bejne/od2Po9KZx7GpY40.html We also have the config for FreeIPA/Authelia in our docs: docs.ibracorp.io
@neo85271 2 жыл бұрын
@@IBRACORP Your video skips ldap configuration entirely. Did you reply to the wrong person?
@leoprisionero Жыл бұрын
many many thanks this worked awesome!
@DBTechYT Жыл бұрын
Glad it helped
@kras_mazov 2 жыл бұрын
You can use docker container names instead of ip's in nginx proxy manager, just connect your containers to a network with user specified subnet.
@iwinger 8 ай бұрын
the video is awesome, i'll put it on my joplin note for now
2 жыл бұрын
Great tutorial! I will love to see a second part video setting a yubikey or any sort of 2FA
@DBTechYT 2 жыл бұрын
Definitely planning on this! :)
@iamrage4753 Жыл бұрын
@@DBTechYT can you refresh this guide to use caddy v2 instead of nginx please
@DBTechYT Жыл бұрын
@@iamrage4753 Thanks for your comment, but I have zero interest in Caddy. for that matter, I don't use Nginx Proxy Manager any longer either.
@iamrage4753 Жыл бұрын
@@DBTechYT so what do you now use? thanks
@DBTechYT Жыл бұрын
I use CloudFlare Tunnels for my remote access. Doesn't require any ports to be open on my network, I can control access to my services based on things like IP address, email address, and more. I don't use single-sign-on, so I've never investigated whether or not CloudFlare Tunnels supports it.
@glassman3333 Жыл бұрын
Thank you so much for all your work on this. It was a great video. The one part I was a little confused about was in the section where you made the protected domain conf. After looking at it for quite a while, I believe you can set your "set $upstream_" to whatever name you want, as long as the line below it matches, because we're setting a variable, correct? Also, I found that if you then simply define that variable name to "$forward_scheme://$server:$port;" to finish out the line (like you had it initially), it will always work (instead of putting in the actual server name and port). This is because $server and $port are already defined as the "Forward Hostname / IP*" and "Forward Port" values that we setup in the initial Proxy Host entry. I'm really just looking for some clarification, because I set it up this way, and it seems to be working. This is probably what you meant, and I just misunderstood along the way. Again, thank you for all your really hard work. I don't think there's any way I could've set this up successfully without your video.
@FreddieDK Жыл бұрын
This should be a pinned comment. Saved time and confusion.
@BobbieERay Жыл бұрын
I agree and I was puzzled about this as well. In essence, you're just a changing a variable name that is being referenced in the next line. So all you have to do, is to make sure that it is consistent between the two, but changing the name is obsolete.
@rdvanaltun7668 2 жыл бұрын
Thanks for the good content, I hit subscribe button
@DBTechYT 2 жыл бұрын
Awesome, thank you!
@bluesquadron593 2 жыл бұрын
Thank you for the video!
@DBTechYT 2 жыл бұрын
My pleasure!
@GSGWillSmith 2 жыл бұрын
Thanks for your tutorial. In the "protected-domain-conf" you have set "set_real_ip_from 192.168.1.0/16; #make sure this matches your network setup" at the very bottom. Shouldn't the /16 be /24 as in the authelia-conf? I kept getting the error "low address bits of 192.168.178.0/16 are meaningless", so I changed it to /24 and the error disappeared.
@olivierdeschenes3052 2 жыл бұрын
Hello, thanks for all your content, it's very helpful and well explained. I don't know if I'm the only one, but the port 587 for the smtp configuration of gmail doesn't work, I've to use the port 465. And if you have a firewall on your system, don't forget to open the port 9091 ;)
@ozzeedaboss 2 жыл бұрын
Awesome tutorial thank you! One bit that I cannot overcome is finding the configuration.yml file after deploying the Authelia stack. I know it may be a stupid issue but I am a newbie and for the life of me I simply cannot go further with the setup. On your video you ssh to your server and I get that, but how do I find this configuration.yml file in Docker Desktop (Windows 11)? Do I need a WSL distro installed as well? In the docker-compose script I have the mount location exactly as in your video but when I go there the folder, it is empty (!) Any help would be greatly appreciated :)
@ajschot 2 жыл бұрын
in this way it does not matter which ip adress you fill in to forward to in Proxy manager because when i change it it always go to what filled in in the custom config right
@ngriz7 2 жыл бұрын
Hi dude great video! I want to ask a question, is it possible to set up a subdomain which is on another server that hasn't nginx proxy manager?
@vidx9 Жыл бұрын
How to get Authelia to work with Nextcloud or Vaultwarden when the apps need to sync on various platforms or browser extensions?
@ravine9083 Жыл бұрын
Can I use NGINX through a cloudflare tunnel and use authelia? I am removing Ubunu server and I will use proxmox.
@Armetron 3 ай бұрын
excellent video. If your using a web app that comes with it's own login configuration (jellyfin) is it possible to get Authelia to log in for you?
@IbrahimBachir 2 жыл бұрын
Great tutorial, man. Just one question. It's returning a 403 Forbidden error after Authelia authentication. I don't know if you have a clue about what can be the problem. I have been following your tutorial entirely. Thanks in advance.
@berrabe3917 Жыл бұрын
i think this is like using HTTP basic auth on nginx, let's say if i want SSO to my private gitlab, how to achieve that? because i'm pretty sure after entering my user pass on the authelia, the gitlab login page still prompt me to enter the username and password
@ajschot 2 жыл бұрын
i tried to add 2nd verification but it is not possible i can not get it to work... EDIt: mistake in the auth proxy host
@liamriley2100 2 жыл бұрын
Thanks for the tutorial! Everything worked great, except now I'm trying to make a LAN bypass rule, which doesn't work for some reason. I feel like this is probably down to me not setting the correct values in the nginx proxy manager config for the protected domain, specifcally this section: set_real_ip_from 192.168.1.0/16; #make sure this matches your network setup real_ip_header CF-Connecting-IP; real_ip_recursive on; If my servers are on the 192.168.5.0/24 subnet and my home devices are on the 192.168.10.0/24 subnet, what would be the correct value for the "set_real_ip_from" directive? Also, if not using Cloudflare proxy, can I remove the "real_ip_header CF-Connecting-IP;" line?
@Happypillz 2 жыл бұрын
How do you create server by ip forward instead of container?
@anthonyburning8603 9 ай бұрын
THANKS !
@N0AGI 2 жыл бұрын
excellent content - thanks for sharing
@DBTechYT 2 жыл бұрын
Much appreciated!
@Asbasnowe 10 ай бұрын
Hey dbtech, thx for the tutorial! I cant access your domain. Where can i find the authelia configuration files?
@jokurinopoloski 2 жыл бұрын
Have you ever gotten Remote Desktop Gateway to work with reverse proxy manager?
@jumpingwang 2 жыл бұрын
very good job, thanks for your tech share!😃
@DBTechYT 2 жыл бұрын
Thank you! Cheers!
@bitzzzbytemedia Жыл бұрын
Great video, thanks so much. For some reason setting domain in nginx does not work for me. I could access authelia via locval iip and port but not hte domain. I also have about 5 other apps that I access with domain creating on cloudflare and proxy manager. The only one I can not get to work is authelia.
@larsskage5584 2 жыл бұрын
This is really helpful! Does this setup prevent direct access via the ip and port, while on the internal nw, or is that handled separately?
@DBTechYT 2 жыл бұрын
You can still access locally without Authelia. This is just a layer of protection when you're accessing from the internet
@Henkie0011 2 жыл бұрын
Thanks for the explanation I've got it working on one subdomain. So lets see if we can two factor authentication running also, because the we have the best security for now.
@DBTechYT 2 жыл бұрын
Fantastic! Definitely going to look at adding an authenticator app or hardware key to the setup soon!
@alotalot94 2 жыл бұрын
Great Video ! Thanks ! I also saw your video about Nginx + Fail2ban + Cloudflare but had too much ban with the filter regex npm - docker (just browsing my containers with a VPN makes me banned whereas I don't do anything suspicious). So i wanted to add an extra layer of security to my server with Authelia, but the question is : is it possible to log in to Nextcloud or Bitwarden through their phone app (or add on apps on firefox) with authelia enabled ??? Thanks for your answer and thanks again for the video !
@user-cu7us4vj1j 2 жыл бұрын
Hi! I have the same question ⁉️ Did you figured out an answer?
@michaell7511 2 жыл бұрын
Great tutorial as always. Question and a pointer: 1. Does this work on Raspberry pi as it throws error on it? 2. You omitted the need to add restart: unless-stopped (or always) on the docker compose else if the docker host restarts, Authelia container wouldn't restart automatically and that means all hosted apps will become inaccessible/unreachable
@VinodBaliga Жыл бұрын
Works on Rpi for me. Except for different issues I faced (posted in my comment earlier today).
@RobKraut 4 ай бұрын
Thanks so much for posting this! I’ve been searching for a while for a more succinct video that just gets through the basics. Yours is the first I’ve found that checks all the boxes I was looking for. But since this is a couple years old already, hoping you even see this comment, is there any aspect of this that has changed since then that could bork my set up? I’m thinking about giving this a shot tomorrow.
@DBTechYT 4 ай бұрын
Thanks. This video was a pain to shoot, so I'm glad it's helpful. I haven't used this setup since a couple of months after I shot it. I use Cloudflare Tunnels for all my remote access needs.
@RobKraut 4 ай бұрын
@@DBTechYT yeah. I’ve been hearing about those as well. Not entirely sure what they are, but if you use them, do you not need Authelia at all? The single sign on with 2FA option is what I’ve been after since right now I just have reverse proxies set up through my own domain and using my NAS as the web server, using each app’s auth options (a pain). The goal is to be a little more portable with my setup, and not tied to Synology’s infrastructure as much. Also, just trying to learn more about this. I caught the self-hosting bug instead of COVID during the pandemic. 😜
@RobKraut 3 ай бұрын
@@DBTechYT FYI, apparently they made changes to the Authelia config a few weeks ago. Your template files are unfortunately out of date now. I'm working on changing my setup to match the new structure, and if I ever get t figured out, I will share it with you to update your templates, if you'd like. (you might be faster at it than me to be honest... I'm still trying to get it up and running in the first place)
@bootifulghost8624 2 жыл бұрын
Thanks a bunch for this Tutorial David. Been waiting for such a Tutorial. Going to try it this coming weekend. Now all I wonder is, can I also make Authelia authenticate for containers that already include authentication, like bookstack?
@DBTechYT 2 жыл бұрын
I'm not sure if that's possible, but it would be cool if it did. I think you would need something like LDAP setup for all of the involved containers, but I might be mistaken on that.
@bootifulghost8624 2 жыл бұрын
@@DBTechYT Yeah this would solve a big issue I currently have, as we're running multiple services with authentication and for every service it's a new login... thanks I'll see if I can find something with ldap
@MatthewMalleo Жыл бұрын
First, I love all of your videos, I would not be here now if they did not work. I got everything working. Thank you. BUT, for the life of me, I can not get any of the authelia enabled NGINX hosts to work for devices on other ip's!
@clarke6808 7 ай бұрын
Aweome..
@ChrisRider 10 ай бұрын
Your video helped me out. I was watching other tutorials that were overly complicated for my use. Now, I would like to figure out if I can use single-sign on and not have to login. As an example, Jellyseer has its own user/password. Right now, I get Authelia asking me a password - then get Jellyseer's.
@fragoulisnaval 2 жыл бұрын
Why use Authelia instead of setting up the access lists in NginxProxyManager? Why we need to run an additional container to add that extra layer of security? Is there something more to gain?
@DBTechYT 2 жыл бұрын
Honestly I've had mixed results with access lists on NPM. Authelia also allows you to add people to groups and then assign access to different applications based on those groups. Authelia also has a feature that will block people from accessing your server if they use incorrect credentials too many times. Again, this tutorial/application may not be for everyone, but it's been requested for more than a year in my comments section and I thought it was time to make a video about it :)
@fragoulisnaval 2 жыл бұрын
@@DBTechYT You are right, blocking people out cannot be done using access lists. I will try setting this up over weekend if I find some spare time... Thanks again for this video!
@alanstedman6716 2 жыл бұрын
Another great tutorial - thank you
@DBTechYT 2 жыл бұрын
Glad it was helpful!
@Animizio2024 10 ай бұрын
Thank you and everything works well. So just a short question: Why do I need to match the upstream for the container name? It also works if i just type a random name inside the config. Would be cool to understand it :)
@DBTechYT 10 ай бұрын
I never actually used authelia for any time. I leaned just enough about it to show people how to install it and do the basics. I encourage you to check out their online resources for more information
@Animizio2024 10 ай бұрын
@@DBTechYT thank you
@Prime_Tecnologia_Automacao Ай бұрын
Excellent video, I put my Authelia to the test with it, but to make it part of my structure I need to resolve some situations. I can't get the NOVNC CONSOLE inside PROXMOX to work with NPM + Authelia... it always says connection. Has anyone found a solution they can share?
@themightyapefish Жыл бұрын
Please do a video on how to get authelia to work with Navidrome so one can use apps on your phone with it
@boggie26 Жыл бұрын
Great video, everything works great up until added the CONF to the proxies. I use the code and change it as suggested, but as soon as I do, it sets the proxy to offline. Not sure what I am missing here?
@techsolo121 Жыл бұрын
I know the solution! Whoaa after 4 hours of searching... In CONF for proxied host which should be protected, it isnt't allowed to have a character like a minus. NPM don't realise that the chars after the minus belongs to the variable. Also you don't need to set the dcontainer_name to the $upstream var, because it set by "Forward Hostname / IP*" and "Forward Port" in the previous step. Wrong: location / { set $upstream_uptime-kuma $forward_scheme://$server:$port; proxy_pass $upstream_uptime-kuma; Right: location / { set $upstream $forward_scheme://$server:$port; proxy_pass $upstream; Thanks at @glassman3333 for your comment, it helps me a lot! :)
@ncstr5842 9 ай бұрын
@@techsolo121 you / glassman3333 are goats, it finally worked! tysm
@juancarlosgonzalez2616 Жыл бұрын
Could you take a look at Ory Katros? Thank you!
@rivetthelombax7009 7 ай бұрын
What do i change in the nginx proxy configs for non docker-container items? That was not explained in the video despite being mentioned. for example I have a proxy set up for my servers cockpit instance, which is not run on docker. what would I change for that?
@DBTechYT 7 ай бұрын
I never pointed authelia to anything other than docker-related containers, but I would assume the process would be the same. I can't validate that, though since I only used this for about a month before getting tired of dealing with it and moving on to a different solution entirely.
@rivetthelombax7009 7 ай бұрын
@@DBTechYT Understandable! been wracking my brain trying to figure out which section to change to get it to work but get SSL errors pretty quickly. thankfully its an easy fix, just remove the config from the advanced tab to restore it. Guess ill have o check what i can find out elsewhere. good to know!
@macihun93 2 ай бұрын
broadly speaking, would this be a more secure approach than using cloudflare zero trust tunnels and their built in auth apps?
@DBTechYT 2 ай бұрын
There are a lot of things that can weigh on both sides of the answer here. I used authelia for a while. Then I found Cloudflare tunnels. With tunnels, there is no port forwarding and you've got world-class DDOS protection and security
@evertythingtechrelated9715 2 жыл бұрын
Wish the username could random then setup 2FA to display the entered username on duo app. That way I can see who's trying to get access and accept/deny.
@okanerdem 2 жыл бұрын
Just a small question, we already can a password with access list on the nginx proxy manager, what's different? Why we should authelia for password authentication? We can do it basicy on the nginx proxy with access list username/password
@FanouLive 2 жыл бұрын
Indeed, something similar
@okanerdem 2 жыл бұрын
@@FanouLive then we can use nginix proxy access list
@FanouLive 2 жыл бұрын
@@okanerdem Yes, but it's a really basic authentication form, and there is less available configuration options like explained @DB Tech in another comment
@michaeldooley231 Ай бұрын
Hello, is there a way to make this work for NGINX PM Admin Panel? I have tried before but ended up messing it up and loosing access to everything.
@DBTechYT Ай бұрын
Point the Ip address to you server's IP. Point the port to your NPM port. Make sure you have ports 80 and 443 forwarded from your modem/router to your server with NPM on it.
@MarcusZurhorst 2 жыл бұрын
Again a very excellent video. But this time, I really am stuck when you do the advanced configuration. I am using Docker, not Cloudflare. What do I have to change at the bottom? Thank you.
@DBTechYT 2 жыл бұрын
Docker and CloudFlare aren't the same thing at all. CloudFlare is a reverse proxy service to help add security to your hosting. Docker is the platform we're installing our containers on. I HIGHLY encourage CloudFlare to hide your home's IP address from the public as well as adding DDOS protection, DNS management, SSLs, and more.
@MarcusZurhorst 2 жыл бұрын
@@DBTechYT thanks. I am bisecting the issue. Really strange. I checked 20 times, I have no typo. As soon as I add a few lines starting from "proxy_set_header Host $host; onwards, NPM displays the status as offline; When I comment those out, the status is online again. -- Does NPM itself write some kind of error log when it parses the advanced config? -- I only see access logs and error logs, but they do not cover this aspect.
@ShofiqulYT 2 жыл бұрын
Thanks a lot
@DBTechYT 2 жыл бұрын
Thanks for watching!
@stephblanc5581 Жыл бұрын
Hello, I really like your videos, I have a more particular configuration, maybe you can help me, because, I can't make it work: - I have a dynamic IP - I had to create tunnels with cloudflare (if I don't create the tunnel in cloudflare, I can't access my containers) - I use nginx proxy manager (no use if I don't have the tunnels created on cloudflare) My issue is that, I can log into authelia, but I only get redirected to the default_redirection_url (like the page that I'n looking for is not found) I have search all over the internet, I haven't found the combine settings : dynamic ISP, cloudflare tunnels, authelia. The problem with the cloudflare tunnels, is that I can't point to a subdomain to that tunnel, I have to create a new tunnel with the subdomain. Thank you for your time
@MrSnyaify 2 жыл бұрын
Thank you so much for listening your subscribers:) btw, it’s much easier with traefik an you are wrong. With traefik and file config it’s very easy to config services on other VMs. (Just 2 blocks in config that defines router and service behind it) I have 1 file with all configuration, editing it with file browser or VScode, and you don’t need to use docker labels at all, (dam I hate this labels and always recreate containers when I’m screwed with it)
@AntonStolov 2 жыл бұрын
On the contrary, I really like the label format.
@DBTechYT 2 жыл бұрын
This is good info! Thanks!
@MrSnyaify 2 жыл бұрын
@@DBTechYT another + to traefik is backup, just copy 1 config from traefik container and place it anywhere where you want to reproduce your environment. This is so by the way. And one more thing, traefik middlwares + chains, work like a charm. I don't like syntax of Ngnix when you need something to tune... as for me it's hard :(
@AntonStolov 2 жыл бұрын
@@MrSnyaifythats right, 'bout backup of your proxy stuff with traefik it's super easy
@yohannn2635 2 жыл бұрын
Great video ! thanks for the tuto, I'm having only one issue at the end, after the redirection of auth to my apps I'm getting 403 forbidden openresty, any idea ?
@DBTechYT 2 жыл бұрын
Are you trying to access more than one root domain on your Authelia setup?
Awesome Open Source
Рет қаралды 55 М.
Securing NGinX Proxy Manager - follow up - securing your admin console for this Open Source Software
Awesome Open Source
Рет қаралды 87 М.
DB Tech
Рет қаралды 50 М.
One More German
Рет қаралды 1,5 МЛН
Тима Бичевский
Рет қаралды 1,5 МЛН