NGINX Proxy Manager + Authelia Installation Guide
Рет қаралды 22,450
Күн бұрынAuthelia is an open-source authentication and authorization server providing 2-factor authentication and single sign-on (SSO) for your applications via a web portal.
It is a companion of reverse proxies like Nginx, Traefik, or HAProxy to let them know whether queries should pass through. Unauthenticated users are redirected to the Authelia Sign-in portal instead.
Our written guide and config files can be found here:
docs.ibracorp.io
🔔 Subscribe for more tech tips and tutorials: @IBRACORP
👍 Like this video if you find it helpful, and tell us in the comments what other tutorials you'd like to see.
🚀 Timestamps:
0:00 Intro
0:31 What is Authelia
1:52 Installing
11:17 NGINX Proxy Manager
12:52 Protecting an Endpoint
📌 Follow us on social media for the latest updates:
Website: ibracorp.io/
Discord: / discord
Reddit: / ibracorp
Twitter: / ibracorp_io
Facebook: / ibracorp
💖 Support Us:
Your support helps us to keep producing high-quality tech tutorials and content. If you've found value in our videos, consider supporting us in the following ways:
PayPal: www.paypal.com/donate/?hosted...
Shop: shop.ibracorp.io/
Subscribe and share our videos with friends and colleagues.
Every bit of support makes a huge difference and enables us to continue delivering content that helps you make the most of the latest technology!
For business enquiries, please email support@ibracorp.io
#Authentication #authelia #authorization #computersecurity #jwtauthentication #oauth #twofactorauthentication #security #unraidinstall #unraid os #unraidtutorial #npm #nginxproxymanager #cybersecurity #2fa
@IBRACORP 3 жыл бұрын
Thank you for watching our video! What are your thoughts on Authelia? Would you use it to protect your precious internal sites and applications? Let us know! EDIT: You can find our updated 2022 Guide right here: kzfaq.info/get/bejne/f71-rNN8l73ccmQ.html
@IBRACORP 3 жыл бұрын
We have a in-depth guide for those beginners out there found here: kzfaq.info/get/bejne/od2Po9KZx7GpY40.html
@AwesomeOpenSource 3 жыл бұрын
Excellent Stuff! I learned a ton on this one. I've been looking at Authelia myself, and this gets me soooo much further. Thank you.
@IBRACORP 3 жыл бұрын
That's awesome (no pun intended). Glad I could help show you something new, if you need any more help with it just let me know. Thanks for the feedback
@jasonsell7172 2 жыл бұрын
Thank you!> I have been struggling for days to figure out why I kept getting 403s and this was the only source that pointed out the one thing i missed!
@r3dsouza 3 жыл бұрын
Excellent video! Thank you very much for sharing this and the written up instructions. One thing I noticed when setting this up myself is that after I add the script into the advanced tab within NPM, the access list that I had previously setup in NPM to only allow specific IP addresses to access the site and the setting to force ssl for that host disappeared. I noticed this because the first time I accessed the authelia host from a browser without typing https, it came back with an http response. You can confirm this by looking at the server script for the host in NPM at /data/nginx/proxy_hosts/n.conf, where n is a number assigned for each host you've setup in NPM. You will notice that the code blocks are missing for these 2 settings. To fix this I manually added these 2 bits of script as the first lines within the "location /" block of the Authelia host (i.e. Authelia Portal.conf) and each endpoint host (i.e. Protected Endpoint.conf) scripts respectively.
@IBRACORP 3 жыл бұрын
Thanks for the comment Roshan. Appreciate you coming and watching. That's a really good pick up and something I hadn't noticed before. I might need to do some testing and update the scripts to match. Thanks again
@905jay 3 жыл бұрын
I would love a visual deep(er)-dive. I tried to set it up and ran into some difficulties but will attempt it again in the morning. Thanks for the vid, excellently done!
@IBRACORP 3 жыл бұрын
Hi Jay, thanks for watching and subscribing. Great feedback, I do get a lot of questions about Authelia so I'll look into it. Thanks for stopping by
@d-popov 3 жыл бұрын
just saved my day. thanks!
@IBRACORP 3 жыл бұрын
My pleasure, thanks for watching
@Aiorus76 3 жыл бұрын
Awesome video! Would be great if we had a follow up on how to setup OpenLDAP in unraid.
@IBRACORP 3 жыл бұрын
Thanks Sergio, appreciate you watching and subscribing. Glad you enjoyed it. I have one in the pipeline for FreeIPA so I'll get that out there first then an OpenLDAP
@ne0nlightz 3 жыл бұрын
Thanks for this video! Quick question: At the 13:58 minute mark in your video, you got an error 403 from Nginx Proxy. I'm getting the same issue with securing my endpoint app. In the "access control" section of the config file, for my domain I just have it set as a wildcard: "*.subdomain.domain". In the instructions it says a wildcard could be used to match any subdomain as long as simple quotes " " are used outside of it. In light of that, I was wondering why you made separate entries than just using the wildcard option? In my case wiht my error do you think listing out the sub-domain itself would fix the problem? Also, what is the meaning of "ou=groups" or "cn=accounts" in the LDAP section? I have multiple accounts I want to create so does that mean I have to have "cn=accounts" added for the username and pass for the LDAP admin user section of the config file?
@IBRACORP 3 жыл бұрын
Hi mate, you can certainly use wildcard as an option I just wanted to show how the rules work when specifically allowing or denying something. The 403 can sometimes come about from cookies so always try incognito. If no luck, try explicitly allowing that subdomain in the rules and see if it works
@Manhole7130 3 жыл бұрын
This is great, I recently got Authelia up and running for my user account and now looking to swtich to LDAP like you said you did, could you do a video showing the LDAP setup and how to integrate that with Authelia?
@IBRACORP 3 жыл бұрын
Hey Oliver, thanks for the feedback and for watching/subscribing. Appreciate it. I would be more than happy to do that and it's actually on my to-do list so please keep an out for the notification. Cheers
@Manhole7130 3 жыл бұрын
@@IBRACORP Awesome thanks!
@AbhijitKarmokarCT 3 жыл бұрын
@@IBRACORP Thanks for the awesome videos so far (especially your cloudfare one .. got mine done and working seamlessly) ... Was keeping an eye out on the FreeIPA setup with Authelia and I fear I can't get it working on my setup ... folllowed your FreeIPA tutorial .. have FreIPA up and running .. but Authelia just doesn't work with it ... I am sure I am making a silly mistake ... would reiterate the request for a more in-depth tutorial with Authelia integration. Somehow your git config does not match what i see in your config files in the video (subtle differences in the ldap portion of your Authelia config file)
@IBRACORP 3 жыл бұрын
Hi mate check my channel because I have already done an in depth guide for Authelia since this one
@ned1869 3 жыл бұрын
Please do an unraid invoice ninja container/walkthrough. Love your work :)
@IBRACORP 3 жыл бұрын
In the list Ned! Thank you for watching mate
@rrpedrigal 2 жыл бұрын
I install authelia from CA plugins but when I check the configuration.yml file it is different from the file from github and on this video. So what should I follow? If github, should I copy all the lines in yml file to replace on the appdata folder?
@IBRACORP 2 жыл бұрын
Follow our latest docs and files from GitHub. docs.ibracorp.io
@waynethompson8795 2 жыл бұрын
trying to install redis with no look error ---docker: Error response from daemon: invalid volume specification: ' /mnt/user/appdata/redis/bitnami:bitnami/:rw': invalid mount config for type "volume": invalid mount path: 'bitnami/' mount path must be absolute. See 'docker run --help'. The command failed. container setup as per instruction added path /mnt/user/appdata/redis/bitnami dont know were im going wrong
@IBRACORP 2 жыл бұрын
There needs to be a “/“ before the container mount “bitnami/:rw”. So it should look like this “/mnt/user/appdata/redis/bitnami:/bitnami:rw”
@abitofrandom2789 2 жыл бұрын
Based on my logs as far as I can tell I have this all set up with FreeIPA. My issue now is that I get to the login screen at my subdomain but when I try to log in it just hangs for along time then eventually gives a bad credentials error. They are not incorrect though. Any idea where to start diag?
@IBRACORP 2 жыл бұрын
Jump in our Discord and share some logs mate, best way to help
@kenjibailly 3 жыл бұрын
Great tutorial, unfortunately I cannot install unraid as I have an ARM64 system. Would it be possible to make a tutorial or help me out getting authelia working with mariadb and nginx proxy manager?
@IBRACORP 3 жыл бұрын
Hi Kenji, thanks for watching mate. So I did write up instructions that will walk you through mariadb and NGINX Proxy Manager like I do here, should be able to be translated to most Linux environments: bit.ly/3onzEY3
@IBRACORP 3 жыл бұрын
I also just made a new video walking through each step. Check it out
@nicok.9371 2 жыл бұрын
Hi, I have a question: I want to use Authelia as the first Authentication step to use for example my nextcloud instance. Nextcloud itself is also protected by a Username and password. The problem is that I have no clue how I can still use my nextcloud android app if I set up Authelia in front of it?!?! Is there a possibility to bypass Authelia just for the app and not for the browser login? I know there are different bypass options but I'm completely clueless how I'm going to use them to achieve this specific bypassing of the app. It's not only for nextcloud, I also host different applications on my own who are accessible from an smartphone app. So in general: Is there an option to protect my setup and at the same time doesn't loose the functionality of connecting via smartphone app? I would appreciate an answer!!!
@IBRACORP 2 жыл бұрын
A lot of apps will have an API endpoint. These endpoints can be bypassed from within the Authelia configuration file. If you check out our configuration file on our GitHub you'll see we've added a lot of common endpoints for people in the file already. Not 100% sure we have one for Nextcloud but feel free to try the rules we have and see if it works. Otherwise you can modify them to suit you once you know what endpoint you want bypassed
@nicok.9371 2 жыл бұрын
@@IBRACORP wow thank you for the quick answer! That's amazing, I wasn't expecting such a quick response. I will check it out, maybe it solves the problem. Otherwise I will ask again :D Are you active on your discord? I would join, if there are still problems with the bypassing. It's easier then asking in YT comments XD
@IBRACORP 2 жыл бұрын
Sure are mate, plenty of us there who can help :) You're very welcome
@nicok.9371 2 жыл бұрын
@@IBRACORP Great, thanks I will try it and otherwise see you in the discord :D
@smsunday1 3 жыл бұрын
I like the idea of using this, but as other have said, its a bit more advanced that what I can figure out. Maybe set up a new unraid and go through the whole install and configuration instead of pointing at things that you have already set up on yours.
@IBRACORP 3 жыл бұрын
Hi Scott, thanks for watching. I agree with this and have a new unRAID setup which I'm using for future videos now. Thank you for the feedback
@elcoyote189 3 жыл бұрын
Hello mate, I have tried to bypass Local networks from authelia. Is this done on authelia or NPM
@IBRACORP 3 жыл бұрын
Hey Marvin, This should be done in the Authelia config file under the rules section. Check the official docs on this but that where it's done
@elcoyote189 3 жыл бұрын
@@IBRACORP Great thanks. Final question I should use my external IP not the internal segment my router assigns to my devices.
@IBRACORP 3 жыл бұрын
You can use either to my knowledge but it depends where you are accessing it. If accessing from the same subnet as your Authelia (i.e. 192.168.1.0) then use that one. You want limit it as much as possible.
@JuniorReveron 3 жыл бұрын
Hope you change your Redis password after you show it online.
@reloadfast 3 жыл бұрын
very interesting video. If you accept some criticism, you're need to work on your rhythm and delivery. Hope to see many more videos, great quality.
@ultrazSupporter 3 жыл бұрын
You've got a redirection bug, too. I have the same mistake. I don't know how to fix it. When you go to the address status.ibracorp.io Gives a erroneous redirect identity.ibracorp.io/?rd=status.ibracorp.io/ In the endpoint address, instead of https, comes out http, and it is necessary to put the sign S. It can be check with clear a cookie peeled and history. If one day you go to the auth.domain.ru, the redirect becomes normal.
@ultrazSupporter 3 жыл бұрын
otherwise Authelia Top
@IBRACORP 3 жыл бұрын
Hey mate! Good to see you again. Thank you for watching and subscribing. And thanks for the feedback I didn't notice and will change it in future! If that's is happening, the change would need to be done in the NGINX config so be sure to check both Authelia and Endpoint for the redirect reference. It works fine for me from what I can tell
@ultrazSupporter 3 жыл бұрын
@@IBRACORP clear the cookies and the story in the browser, then go to the protected point, and you'll see the error)
@pageb018 3 жыл бұрын
what is the fix here? I have everything set up, but am getting the following error: time="2021-01-13T13:06:16-05:00" level=error msg="Scheme of target URL sab.MYDOMAIN.org/ must be secure since cookies are only transported over a secure connection for security reasons
@pageb018 3 жыл бұрын
great video by the way!
@meccu19 3 жыл бұрын
Good videos !:) but unfortunately for advanced users
@IBRACORP 3 жыл бұрын
Hey thanks for watching. Your feedback is really important, could you tell me what could be different in this video to make it easier? Thank you
@meccu19 3 жыл бұрын
@@IBRACORP it's nothing wrong with video, i think your videos covering very small Unraid user group who already can be called as advance user. For more views you need to cover more basic things which most of people use and have difficulties/questions to setup. To be honest there is almost no videos about Unraid. Spaceinvader can't cover everything in this beautiful OS
@IBRACORP 3 жыл бұрын
@@meccu19 thank you for replying. I fully agree with you, and I didn't see it that way before but I can now. I will try to refocus for the beginners out there, which is what inspired me to do this. Space invader taught me a lot but you're right he couldn't do it all so had to learn a lot by trial and error. Hopefully we can change this. Thanks for the feedback!
@ultrazSupporter 3 жыл бұрын
@@meccu19 тут можешь посмотреть тоже инфу myunraid.ru
Braincatchers
Рет қаралды 14 МЛН
Techno Tim
Рет қаралды 84 М.
Awesome Open Source
Рет қаралды 53 М.
Tech with Marco
Рет қаралды 10 М.
MaviGadget
Рет қаралды 10 МЛН