Mastering Authelia Installation ft. NGINX Proxy Manager
Рет қаралды 41,891
Күн бұрынDive deeper into Authelia with today's step-by-step tutorial! Authelia is an open-source server that enhances your applications through a web portal with 2-factor authentication and single sign-on (SSO) capabilities.
Perfectly complementing reverse proxies like Nginx, Traefik, or HAProxy, Authelia ensures that only authenticated users access your applications, redirecting others to its sign-in portal.
Website: www.authelia.com/
Docs: www.authelia.com/docs/
Git: github.com/authelia/authelia
Install instructions: docs.ibracorp.io/authelia
Key generator: randomkeygen.com/
Argon2id: argon2.online/
🔔 Subscribe for more tech tips and tutorials: @IBRACORP
👍 Like this video if you find it helpful, and tell us in the comments what other tutorials you'd like to see.
🚀 Timestamps:
0:00 Intro
1:19 What is Authelia
2:55 Getting Started
3:30 Redis
4:20 Create a Docker Network
6:15 MariaDB
7:33 Adminer
11:50 Changing Startup Order
13:33 Authelia
26:35 Test/Troubleshoot
27:40 NGINX Proxy Manager
33:53 Two-Factor Enable
📌 Follow us on social media for the latest updates:
Website: ibracorp.io/
Discord: / discord
Reddit: / ibracorp
Twitter: / ibracorp_io
Facebook: / ibracorp
💖 Support Us:
Your support helps us to keep producing high-quality tech tutorials and content. If you've found value in our videos, consider supporting us in the following ways:
PayPal: www.paypal.com/donate/?hosted...
Shop: shop.ibracorp.io/
Subscribe and share our videos with friends and colleagues.
Every bit of support makes a huge difference and enables us to continue delivering content that helps you make the most of the latest technology!
For business enquiries, please email support@ibracorp.io
#authelia #Authentication #oauth #security #twofactorauthentication #unraid #2fa #unraidtutorial #cybersecurity #authenticationvsauthorization #freeipa #deepdive #identityprovider #jwtauthentication #authorization ldap laravel
@IBRACORP 3 жыл бұрын
Thank you for watching our video! What are your thoughts on Authelia? Would you use it to protect your precious internal sites and applications? Let us know! EDIT: You can find our updated 2022 Guide right here: kzfaq.info/get/bejne/f71-rNN8l73ccmQ.html
@rrpedrigal 2 жыл бұрын
Any chance that I can do this without LDAP FREEIPA? I don't have enough resources to run another VM and only 1 user will be created which will be the admin account. Thank you.
@IBRACORP 2 жыл бұрын
Yes, you can use a file with the users in it. Check our docs out at docs.ibracorp.io
@humphreychizunumamadi7349 3 жыл бұрын
Great video
@IBRACORP 3 жыл бұрын
Thank you
@Banner1986 3 жыл бұрын
Honestly the fact that you've made written instructions to go along with the video makes this SOOOO much more useful to me than just a multimedia (youtuve) tutorial. I feel like this is the absolute most effective way to teach - a written guide for technical reference, and a video to explain that whats and why's. This isnt to say that any one channel is better than any other - SpaceInvader blazed the trail, with his tutorials being the gateway that enabled so many folks, as well as attracting tons of new people to unraid. I see this as more of an evolution, the "next step" so to speak. Great work, man! Kudos 👍
@IBRACORP 3 жыл бұрын
Thank you mate that mean a lot. I put a lot of work into Authelia for myself initially and just wanted to make easier for others. Spaceinvaderone is the OG I respect him and his work, he taught me everything at the start. I look forward to making more with the style in future. Cheers!
@SoNeeK85TD 2 жыл бұрын
This whole channel is a wealth of excellent, clear cut, thought out, well presented information. Keep up the good work mate!
@IBRACORP 2 жыл бұрын
Thank you very much ❤️
@JuniorReveron 3 жыл бұрын
This was Awesome I got this working like a charm, I love the pace you use and how you explain things.
@IBRACORP 3 жыл бұрын
Cheers Hose! Glad you enjoyed it mate thanks for watching 🙂
@lukeyboiable 3 жыл бұрын
I don't think you could comprehend how helpful this was!
@IBRACORP 3 жыл бұрын
I don't think I can, which is why I appreciate when people tell me! Cheers
@hawks5196 3 жыл бұрын
Bro.... how do you not have more subscribers? These videos are gold! Not only got me set up but now I understand the process along the way! Seriously can't thank you enough
@IBRACORP 3 жыл бұрын
Thank you mate really appreciate that. Help share my work and hopefully the word will spread :) Look forward to more soon
@hawks5196 3 жыл бұрын
Is it possible to use this set up for VM’s/external servers on the same network? It seems the authelia set up (with the configuration in the video) is only suited to docker containers. Would it be possible to adjust it for external servers or VM’s? For example, I would like to push my HomeAssistant VM web access public but am not willing to do it unless it’s secured with Authelia
@hawks5196 3 жыл бұрын
Also to note, you can add a few rules to the authelia configuration file to block web access but allow api access. That allows you to use phone applications that access sonarr/radarr/home assistant without compromising security as the web page is still blocked
@IBRACORP 3 жыл бұрын
@@hawks5196 You sure can mate. Doesn't have to be a container, you would just use hostnames and IP's of the VM's to my knowledge
@IBRACORP 3 жыл бұрын
@@hawks5196 Spot on thank you for sharing! This is a very important point and easier than doing it in each proxy config.
@Kornimar 3 жыл бұрын
Something important in case the web-ui doesn't come up for you as it did for me. At the very top of the configuration do NOT change the HOST and the PORT numbers. These must always be 0.0.0.0 and 9091 even if you have specified different port for your container (I had to change it cause I run transmission on that port). It took me an hour to realize my mistake... Other than that... I really appreciate the time and effort you put for this guide and video IBRACORP (twice). I followed your instructions and I now have it running on my openmediavault server. Thanks!!! Subscribed*
@IBRACORP 3 жыл бұрын
Hi Kornimar, thank you for the kind words and for subscribing it's greatly appreciated. And thank you for sharing your solution, I wasn't aware of this tip so hopefully it will help others out. Welcome aboard!
@abderrahmanes323 2 жыл бұрын
Thank you so much for all your content, big thank to all the team
@IBRACORP 2 жыл бұрын
Thanks for the kind words and for watching 🙂
@abderrahmanes323 2 жыл бұрын
Does this method works if i use only local acces ? Without the need to open port & port forwarding. Will acces the app remotely via tailscale
@marcosnajera5651 3 жыл бұрын
Thanks for the guide btw! Very useful! 🙂
@IBRACORP 3 жыл бұрын
Thank you for watching :)
@officialismailshah 2 жыл бұрын
Awesome and unique content..... ❤️❤️❤️❤️
@q8rix 3 жыл бұрын
Thank you for your video , you helped me alot
@IBRACORP 3 жыл бұрын
Hey there q8rix, you're welcome thank you for watching/subscribing
@xisop 3 жыл бұрын
Nice. In the first 10 minutes I was like "nah, don't need this.." Later on I was like "hmm.. Interesting 🤔" Now I'm like "f*c|< yeah. Want this" Thanks for the video 😘
@IBRACORP 3 жыл бұрын
Haha you're welcome. It's free and you've got nothing better to do so why not
@905jay 3 жыл бұрын
Thanks for the deep dive bro! Very much appreciated
@IBRACORP 3 жыл бұрын
Very welcome mate thank you for the suggestion
@905jay 3 жыл бұрын
@@IBRACORP I seem to have come across a small issue that I can't isolate. I can authenticate via authelia, for example when I hit sonarr.mydomain.com however after authentication, I get a screen that says I've authenticated, that's it. It doesn't redirect me to sonarr.mydomain.com. Any suggestions?
@IBRACORP 3 жыл бұрын
Have you tried checking the protected endpoint configuration in NPM? The redirection line should be in there, just check it. I do believe this has been come across before, the unraid forum might have the answer (in description). I'll see if I find it
@IBRACORP 3 жыл бұрын
Also what do the logs tell you for Authelia?
@905jay 3 жыл бұрын
@@IBRACORP hey I was able to figure it out. I missed the YOUR DOMAIN part lol...oversight...
@rachid59 3 жыл бұрын
Hello, thank you for all of your video. The cloudflare video allowed me to secure my server. Thanks
@IBRACORP 3 жыл бұрын
Hey Rachid, thank you for the kind feedback and support, really appreciate it.
@IBRACORP 3 жыл бұрын
I just noticed your donation, thank you again for your support. Look forward to getting more content out for you.
@rachid59 3 жыл бұрын
@@IBRACORP no problem with pleasure. 😁😁😁
@RagaiMeena 2 жыл бұрын
you are amazing
@lancejenkinson Жыл бұрын
Hey, as of March 2023 can't seem to get past the Redis install on 6.11.x. Getting permission denied in the logs for the Redis docker. Tried following a forum post about using install command for folder prior to install but still not working. In fact, seems to have created a redis folder somewhere else on the server I can't find. Can you provide updated instructions with the change in non-root dockers?
@marcosnajera5651 3 жыл бұрын
Anyone else having an issue with radarr and sonarr not sending data back to the host once connected? I.e. saving settings or trying to download new media on the domain does nothing on the host side? I have other dockers that run with no problems (overseerrr, SABnzbd, nextcloud, etc.).
@carltonwbrooks 3 жыл бұрын
Finally got it working, the one thing that messed me up was the yml code. In other yml/yaml coding I have done if anything that you use contains a non alpha character you need to use (") quotes. Almost all my passwords do and that took me hours to figure out. Something about forest and trees. LOL
@CliffKarlsson 3 жыл бұрын
I have set up two "proxies" one fore overseer and one for guacamole. I configuration.yml I have only entries for domain and policy:one_factor. If I go to my overseerr domain i get to log in using authelia. But ig I close the overseerr window and try to go to my overseerr domain again I get a authelia message saying that I am already logged in and only gives me the option to logout. If I want to access overseerr again I have to click logout, wait for the login page to show. I then need to close that window and enter my overseerr domain again. Is there something I have missed ?
@Puuuchkie 3 жыл бұрын
hey, thanks for the video. ive tried to implement this in my server, but when i try to access radarr it asks me to connect and after i put in the username+password is just says "Authenticated" and doesnt move on to radarr. i tried to re-install, re-configure all configs that you added to the guide and nothing.. can anyone help me fix thix? :(
@boriss282 2 жыл бұрын
Thanks for cool video ,but i dont have any config file after created docker ?!?
@cooksterni 2 жыл бұрын
my config file is asking for a storage encryption_key but I can't see it being mentioned here? The template from the website looks a good bit different to the one you use.
@DevilDriver665 3 жыл бұрын
great content - for your future videos you could increase the font size a little bit, especially when showing config files in text editor (like notepad++ and so on).
@IBRACORP 3 жыл бұрын
Thank you mate, you're definitely right I didn't pick up on that. I will make it easier in future
@q8rix 3 жыл бұрын
@@IBRACORP also you can attach text files
@Ruuustyy_ 4 ай бұрын
how do you move the containers i tried doing it just now and all it did was highlight the words
@jhmc93 Жыл бұрын
having a lot of problems when starting mine: getting follow errors: - authentication_backend: you must ensure either the 'file' or 'ldap' authentication backend is configured" "Configuration: access control: 'default_policy' option 'deny' is invalid: when no rules are specified it must be 'two_factor' or 'one_factor'" Configuration: storage: configuration for a 'local', 'mysql' or 'postgres' database must be provided" "Configuration: storage: option 'encryption_key' is required" notifier: you must ensure either the 'smtp' or 'filesystem' notifier is configured"
@amlucent 3 жыл бұрын
question for you, what do I need to change in the Protected Endpoint.conf to point to a non-container item.. say another address on my local network? What do I replace CONTAINERNAME with?
@IBRACORP 3 жыл бұрын
Should just be the hostname mate
@Bobokun 3 жыл бұрын
Thank you for this guide! Will you be able to create a guide to switch the username/password database from file to LDAP? Currently I have Authelia set up but I would want to expand to more users and with a file I will have to create each user account manually.
@IBRACORP 3 жыл бұрын
Hi Bobokun, you're very welcome! yeah it's definitely on the list because I will actually install a LDAP server then configure Authelia to use it
@dhmarkley 2 жыл бұрын
First let me say i love your channel! Second, I have tried this guide 3 times now from scratch and i can't get it to start up. It keeps saying Provide JWT secret. I have gone though the video countless times and still get the same result. I know it will end up being a user error since i am new to docker and unraid, it's just frustrating. One sugestion for future videos if i may, use the same configuration file that you provide (not truncated). It makes it confusing when half the config options are not shown on your screen. (for a Noob at least) Thanks for the great content and i will keep plugging along until i figure it out.
@amlucent 3 жыл бұрын
Using this video and your other freeIPA one, I banged my head against a wall attempting to authenticate this from my AD domain for a couple days. I couldnt figure out why it wouldnt work. Finally I commented out the additional_users and additional_groups entries and BAM! What I discovered is if all your users and groups are in the OU=Users and OU=Groups OUs respectively (As I suspect many home labs are) it will just silently fail if you point the "additional" entries to those same OUs. Gotta just comment it out. Thought I would share and save someone else heart ache
@IBRACORP 3 жыл бұрын
Thanks for sharing Anthony great tips! It's important to note that my template for LDAP is based on FreeIPA LDAP scheme and so the search queries will be different if using MS Active Directory for example
@amlucent 3 жыл бұрын
@@IBRACORP understood, I would be happy to share my working (2016) AD conf entries if you would like them to disseminate them
@IBRACORP 3 жыл бұрын
That would be great! I could share them in the instructions for people running AD as their backend. If you like you can email them, support @ ibracorp . io
@noorberty 3 жыл бұрын
Thank you, but how can I use authelia with nextcloud, hassio, bitwarden android apps?
@DmitriyKhazansky 3 жыл бұрын
Use SWAG as your reverse proxy and enable the sites you have in proxy configs
@TRANCEP0RT 2 жыл бұрын
Do you plan to make a video about setting up LDAP for Authelia and Windows auth? Thats a project i want to implement since ages ago, but i never found a combination of tutorials and (free, selfhosted) software for that.
@IBRACORP 2 жыл бұрын
We are actually yes. We'll be covering Authelia in depth and up to date, including LDAP, very soon 😉
@drewgi7543 3 жыл бұрын
I recently updated the app and now i'm getting time="2021-04-16T19:49:31+01:00" level=error msg="invalid configuration key 'notifier.smtp.disable_verify_cert' was replaced by 'notifier.smtp.tls.skip_verify'" time="2021-04-16T19:49:31+01:00" level=error msg="invalid configuration key `notifier.smtp.trusted_cert` it has been removed, option has been replaced by the global option `certificates_directory`" how do I deal with this?
@IBRACORP 3 жыл бұрын
I will be updating the config files soon but you can comment out the first part and replace the key with the one it's telling you in logs. EDIT: Files updated on Git!
@Shaq2k 2 жыл бұрын
Nice job. But.. when reaching overseer, you will still need to log in there as well? No single sign-on?
@IBRACORP 2 жыл бұрын
This will be covered in an upcoming video
@JoffreyAbeilard 3 жыл бұрын
Thanks a lot for this tuorial, it helped a lot ! With this configuration, I have an issue when I go to auth.mydomain.com, it does not force a redirection to https (Even though "Force SSL" is active on the Nginx Proxy Manager. Is this caused by a setting in the custom Nginx configuration ? I don't have this issue with my other services
@IBRACORP 3 жыл бұрын
Hey there, thanks for watching. I'm glad you found it useful. That's odd, there should always been https active. Are you using my config exactly as is? Might be worth checking your Authelia logs to see if anything is happening. If you read the advanced config it should be https as far as I remember
@danielcmacedo 3 жыл бұрын
Great video, as the other ones. You rock!!!! Do you know if it's some way to use authelia and bitwarden together, with the app - windows, firefox, android, ios etc? Thanks
@IBRACORP 3 жыл бұрын
Thanks Daniel, appreciate the feedback. I do have bitwarden myself but I chose not to use Authelia. It will likely work except for maybe the apps. Usually, if there's an app that uses an API, in NGINX Proxy Manager, under the location section of a proxy, you can tell it to ignore authentication for the API. This is usually what allows the apps to function unrestricted. I think I'll need to make a video on it
@Aceriz 3 жыл бұрын
@@IBRACORP I just finished watching video at your recommendation in the other cloudfare video. .. It would be great if you could make a video that explained this process of setting up ignore for API!. I am thinking of converting over from SWAG to NginxProxy manager... and with authelia being able to do the fail 2ban stuff... and then cloudflare the geoIP blocking would have coverage with a lot more flexibility within nginxproxy manager.. I do wonder with the setup for the MariaDB and adminer... I already had a MariaDB setup from a Spaceinvader video for nextcloud. This was without the adminer which looks alot nicer for config.. Would adding the adminer docker pickup or mess up the mariaDB I previously created? Thanks in advance your videos and responses have been awesome
@IBRACORP 3 жыл бұрын
I think I'll need to do a follow up on it. I've added it to my list to do, thank you for the suggestion. I'll explain how to bypass APIs so you can seperate protection in it so give me some time and you'll see it :) As for Admininer it will not hurt your existing config. All it does is provide a GUI to work with your databases. As long as it's a supported database type (which there are plenty) you can connect to it and manage it
@josopus 3 жыл бұрын
When you setup adminer, shouldn't it be better to just give the docker net ip:port instead your LAN port?
@IBRACORP 3 жыл бұрын
That's a good idea, never tried it actually. Thanks for the tip!
@sebastianeliassen3658 3 жыл бұрын
i have got authelia up and running after your great video. now i have a problem with getting api key from the different services i have to bypass it. lets say sonarr i want a more secure login, but i would want the api key from sonarr to work with other applications. how would i do this? i dont really understand how to set that up.
@IBRACORP 3 жыл бұрын
Hmm if you watch my latest Organizr video for server auth it should be similar by bypassing the URL for an API endpoint in your reverse proxy. Check it out and let me know if that's what you mean
@SeanAnthony 3 жыл бұрын
I finally attempted this awesome tutorial. However I must be the only one that failed at it. When I log into Authelia to authenticate Jackett I get a 403 error. Any clues as why this is happening? I did pick a plain text word and used the HASH generator.
@IBRACORP 3 жыл бұрын
Check your rules section in Authelia config file Sean. Try using a wildcard rule like "*.domain.tld"
@marshy.. 3 жыл бұрын
Can't seem to edit the config.yml authelia creates. Every other container I can edit anything in, including mariadb which was just installed. Windows saying I don't have read permission, to exclusively that folder.
@IBRACORP 3 жыл бұрын
Hi Marshy, yeah permissions can be annoying sometimes. You can run commands in unraid to give yourself permission or use Krusader to navigate to the file and change permissions of there too. The easiest thing I find is use Krusader to delete it from appdata and create your own one on your local machine then paste that in.
@marshy.. 3 жыл бұрын
@@IBRACORP that's all it was. Cheese mate
@SeanAnthony 3 жыл бұрын
I have a question about MariaDB, I see Authelia requires a database but so does Nextcloud and Nginx how does that work? Can there be multiple database in the one MariaDB container and these DBs handle difference applications? If so, can you do a video on that if time permits? Great tutorial I trying to follow along and have a similar setup for my HomeLab. Going forward I will ask question at your email addy above. Again thank you for all your hard work on the videos. They are truly helpful!
@IBRACORP 3 жыл бұрын
Hi Sean, thanks for watching! To answer your question, yes you really only need one mariadb container (usually) because you can have multiple databases inside of it by simply creating more. An advantage of creating a whole new container might be for having it on a different VLAN but usually the one is enough for us homelabbers. Please don't worry you can ask questions here on our KZfaq, for anything too hard to answer here we have Discord too. Thank you for coming back and checking out the channel appreciate your support
@sterling3371 2 жыл бұрын
no dice. i commented out the ldap but still getting fatal ldap error 200.
@IBRACORP 2 жыл бұрын
Are you still having issues with this? We have an updated video/guide if you want to try again.
@MrJWMutant 3 жыл бұрын
The config you are editing in the video is different to the config.template on the github. Are you using the default config or the one from github?
@IBRACORP 3 жыл бұрын
The config on our Git is always up to date. Use that
@Torpeg 2 жыл бұрын
How would I put a virtual machine or another machine behind NGINX/authelia? I have HASSIO installed as a virtual machine on unraid. I want to expose it behind authelia. I plan to move it to a proxmox installation eventually although it will keep the same IP. Is this possible?
@IBRACORP 2 жыл бұрын
If it has a reverse proxy address you just apply the config just like anything else!
@Torpeg 2 жыл бұрын
@@IBRACORP Hey! Thanks for replying. I'm referring specifically to where the authelia config uses the docker name: i.e. "location / { set $upstream_XXXXXXX $forward_scheme://$server:$port; proxy_pass $upstream_XXXXXXXl;" I'm not sure how to redirect that to 192.169.x.xxx:XXXX or homeassistant.local:XXXX I'm read the authelia docs and unfortunately it's not annotated well enough for it to quite click
@IBRACORP 2 жыл бұрын
The upstream can be anything so just put hassio for example. Everything else is on the reverse proxy ✌️
@Torpeg 2 жыл бұрын
@@IBRACORP yep. yep. That was the first thing I tried and somehow it didn't work. Works perfectly, thanks.
@sparten9999 3 жыл бұрын
how were you able to just open the config in windows. always tells me i need permission
@NorthhtroN 3 жыл бұрын
Check your share permissions in unraid, if it's protected when you go to access that share you need to make sure you are providing the credential of a user with permission
@mariobraun7568 3 жыл бұрын
Thanks for the awesome video. I would be interested in how you setup FreeIPA
@IBRACORP 3 жыл бұрын
Thanks Mario. FreeIPA is in the works. I hope to do it soon
@mariobraun7568 3 жыл бұрын
@@IBRACORP Nice, looking forward! I just installed FreeIPA for learning purposes. Havent really figured out if the domain and realm should/could be a subomain of my regular domain or something like .localdomain/.local. Keep up the great content!
@IBRACORP 3 жыл бұрын
It can definitely be part of your existing domain. I'll show you how. Give me some time to prepare for it and I'll get one out there
@grandinhosting4281 3 жыл бұрын
Hi Thx a lot for the overview for Authelia. I just have one issue will this install. The argon2id part does not work. I did change the name and did all the things u said we needed to change but it will not start Authelia. Any idea´s??
@IBRACORP 3 жыл бұрын
What sort of issue are you facing? Do the logs tell you anything?
@grandinhosting4281 3 жыл бұрын
@@IBRACORP Hi thx for replay. The Argon2id didnt work for me so I went on will LDAP. Now the problem I have is that authelia doesnot take the user and password I have in FreeIPA, but in Organizer it works... I have to look in to that and see what that can be... Best Regards André
@IBRACORP 3 жыл бұрын
It will be the user and group filters. I have example on my Github that can use for FreeIPA
@grandinhosting4281 3 жыл бұрын
@@IBRACORP Q... Do I need users_database even with LDAP??
@IBRACORP 3 жыл бұрын
Nope
@arseniobrown7744 5 ай бұрын
Where can we go for the to replace the key generator it has been changed now thank you in advance.
@IBRACORP 5 ай бұрын
Here's a good one: randomkeygen.com/
@arseniobrown7744 5 ай бұрын
@@IBRACORP Awesome thank you this is where I ended up at.
@homerogonzalez2909 3 жыл бұрын
hey ibracorp when i try to start authelia i get a "Error malformed yaml: line 228: did not find expected key" thats the "file" part of the config.yml i have tried different passwords and hash's i have put the plain text password in the password field and left it blank like in your video but nothing seems to work. any ideas?
@IBRACORP 3 жыл бұрын
usually it means you have an extra space or wrong indentation. YAML is very particular :)
@homerogonzalez2909 3 жыл бұрын
@@IBRACORP thanks for the reply! i still cant figure it out :( i have it open on visual studio and it says theres a bad indentation mapping on 229 which is "file:" but i dont think thats the real cause because the template has the same "error" man i wish u could see what im seeing i feel like its going to be something dumb lol
@IBRACORP 3 жыл бұрын
@@homerogonzalez2909 Join our Discord mate we'd love to help discord.gg/VWAG7rZ
@homerogonzalez2909 3 жыл бұрын
@@IBRACORP thanks man will do!
@homerogonzalez2909 3 жыл бұрын
@@IBRACORP thanks for the great videos and awesome discord community thanks you guys i got it figured out!
@narutogamer 3 жыл бұрын
great video, I didn't manage to make it work with only your github and now i'm stuck with mariadb, I put password in it but adminer can't connect to it and when I connect to mariadb container, and try mysql or mysql -u root -p mypassword, it just says access denied using password YES. Version of MariaDB mysql Ver 15.1 Distrib 10.4.18-MariaDB, for debian-linux-gnu (x86_64) using readline 5.2. It's not the first time it does this to me with mysql
@IBRACORP 3 жыл бұрын
Is the mariadb empty? Might be easier to just blow it away and start again to make sure the password is correct
@narutogamer 3 жыл бұрын
@@IBRACORP yes empty. I tried to remove the container and the image so nothing should be kept ? And start over but it does the same thing :/ maybe I need to do a deeper cleaning but I don't know how
@IBRACORP 3 жыл бұрын
Ok so you need to remember that your appdata folder holds persistent data for containers and it is not removed when you delete a container. 1. Go to the community app store and install the plugin called "Cleanup Appdata" 2. Delete your mariadb container and image as usual through the Docker tab 3. Go to Settings > Cleanup Appdata plugin 4. Check the box next to the container and delete Be very careful that you select only the one you want to delete, the plugin is unforgiving. But it's a great tool to remove the folder without worrying about permissions issues
@spmusic7866 3 жыл бұрын
Hello Mate, thanks for the video. Very helpful! Just wondering if you can help me please, I have setup duplicati on Unraid and created a subdomain on cloudflare and setup a proxy host in NPM. When I go to my subdomain "backups.mydomain.com" it works absolutely fine but when I enter the authelia protect endpoint config in NPM and enter the access control rules in authelia config and then go to my subdomain I get to authelia login screen and I sign in and it doesn't open the duplicati page. I can see authelia redirected me to my subdomain in the address bar but it gives me a HTTP 400 error. I have had a look in authelia logs and this is what it says "level=debug msg="Redirection URL backups.mydomain.com/ is safe" method=POST path=/api/firstfactor remote_ip=XX.XX.XXX.XXX". I'm using the same protect endpoint config with Nextcloud and PsiTransfer and just change the container name in the config and they are working fine without any isues. Can you please help mate? Am I missing something here? It'll be much appreciated. Thank you
@IBRACORP 3 жыл бұрын
Hi mate, thank you for watching firstly. Have you tried through a incognito session to see if it's a cache issue? Also check the URL it's trying to forward you to see what protocol is being used (http or https) make sure that all matches your setup in NPM. You can join our Discord and ask there too. I haven't got duplicati running ATM but I can look it later. Might need more logs etc. Jump in discord and ask there then I can give you an email to send logs
@spmusic7866 3 жыл бұрын
@@IBRACORP Right no worries mate, I'll message you on Discord then. Thank you!
@elcoyote189 3 жыл бұрын
Hello All Great guide. I do have an issue where its not redirecting to Overserr. I follow d the guide to the letter, When I log in it does show the Hi Marvin! Authenticated but it does not redirect
@IBRACORP 3 жыл бұрын
Hi Marvin, please check the code pasted into NGINX Proxy Manager for both Authelia and Overseer. There's is likely a placeholder that's hasn't been changed yet. Otherwise please check Authelia logs and see what it says
@elcoyote189 3 жыл бұрын
@@IBRACORP The message I am getting from the logs are the target URL "MYURL" is not under the protected domain "myDomain". By the way thanks so much for the help.
@IBRACORP 3 жыл бұрын
Ok so that means in your config yml file the protected domain field is either missing or different to the one you are trying to protect. They need to be the same
@elcoyote189 3 жыл бұрын
@@IBRACORP Ha thanks for the help found the issue was a capital letters in my domain name, Also you have some extra spaces in "Protected endpoint" @ the end of "proxy_pass $upstream_authelia;" Thanks so much for the support you rock dude !!
@IBRACORP 3 жыл бұрын
My absolute pleasure glad it's all sorted my friend. Enjoy :) And thanks I'll take a look after work and fix it
@alexanderjenkins 3 жыл бұрын
Is it possible that you could help me get two-factor fixed? It states "There was a problem initiating the registration process" whenever I try to use it.
@IBRACORP 3 жыл бұрын
Still having issues? Feel free to ask in our Discord!
@alexanderjenkins 3 жыл бұрын
@@IBRACORP Thanks for replying, but I managed to figure it out! Turned out I had a silly typo in my configuration.yml file
@IBRACORP 3 жыл бұрын
The number one root cause haha. Glad you got it sorted
@alexanderjenkins 3 жыл бұрын
@@IBRACORP As am I. Thanks a lot for the incredibly useful video!
@IBRACORP 3 жыл бұрын
My pleasure thank you for watching once again, it means a lot
@DestinyKey13 3 жыл бұрын
Greetings from Australia! Followed this as close as possible but can't get Authelia to start. Logs give "Unable to initialize SQL database: Error 1045: Access denied for user 'authelia'@'172.18.0.1' (using password: YES)". Any idea what I'm doing wrong?
@IBRACORP 3 жыл бұрын
Hi mate, have you configured your SQL server in the Authelia config file? It's trying to connect to a 172.18.0.1 address. It should be the the unraid servers IP along with the port of your SQL database. Also, confirm your credentials are correct as it might also be a password or username issue.
@DestinyKey13 3 жыл бұрын
@@IBRACORP hey mate, i've definitely amended the config with the correct info. Upon further inspection, i think it may be an issue with mariadb. Logging in to the authelia user in Adminer shows the following "Warning: PDO::query(): SQLSTATE[42000]: Syntax error or access violation: 1044 Access denied for user 'authelia'@'172.17.0.1' to database 'information_schema' in /var/www/html/adminer.php on line 185". Sorry if this is something silly!
@IBRACORP 3 жыл бұрын
Definitely a password issue in my opinion then. You should just reset the password for that database user and make sure you've given the user full privileges as I've shown
@DestinyKey13 3 жыл бұрын
@@IBRACORP Got it! In the end the problem was twofold. Both Redis and mariadb didn't seem to like my passwords consisting exclusively of just numbers (0-9). Also it seems creating the database with Adminer using any other sequence than the one shown in the video will cause problems setting privileges. Appreciate the hands-on support!
@IBRACORP 3 жыл бұрын
Interesting find, never came across that before. Thanks for coming back with the solution, might help others in future. And no worries glad to help
@Erik1erik1 3 жыл бұрын
hi everyone i just set up authelia, but i have 2 problems with apache guacamole and radarr, the question is when i tip first time my adress guacamole, login in authelia and login in apache guacamole, and everything works fine, but second time when i close the page and retype the adress, give to me a blank page and don't show anything (in adress bar show this adress guacamole.*******.com/#/ i hide my adress for security), to show page correctly i need to clear the cache of my web browser the second doubt its, i type my radarr adress the adress show the authelia login page, i login and show the radarr login page, but when i click on the login buton they return whit page error HTTP ERROR 400, can anyone support me, i'm a newbie, i was learning to make a nice reverse proxy
@IBRACORP 3 жыл бұрын
Hi Eric, Does this happen without authelia in use? If not please check all your settings in Authelia config file making sure the cookie sections are correct and and your domain is correct. Do you have any logs for Authelia? What do they say?
@Erik1erik1 3 жыл бұрын
i dont change anything on cookies section on config.yml (appdata), when i try to reach the adress of my apache guacamole the log show this time="2021-03-14T02:40:29-03:00" level=info msg="Access to guacamole.******.com/api/languages (method unknown) is not authorized to user , sending 401 response" method=GET path=/api/verify remote_ip=172.68.25.163
@IBRACORP 3 жыл бұрын
Like I said your rules are incorrect. Check your config file rules section. See the official Authelia docs for more information
@IBRACORP 3 жыл бұрын
You might want to use a wildcard rule. Example: "*.domain.com"
@Erik1erik1 3 жыл бұрын
hi man the bug of acess to guacamole its solved, if i just tip the adress they show me the blank page, if before i just tip and refresh page, show for me the login page correctly, but the radarr bug its not solved, i use the authelia login and the login form (login page) who came with radarr, if i just disable the form (login page), and just stay only authelia autentication page, before login in authelia redirectly with no problem to radarr homepage, but if i enable the form (login page) before i make the login, they return with page HTTP ERROR 400, anyone have this bug
@clementchang4990 3 жыл бұрын
your unraid ip is 192.168.1.101 and why the custom network ip is still 192.168.1.101? all of your dockers are running in bridge mode.
@IBRACORP 3 жыл бұрын
Because they are bridged. But they talk to eachother on the customer docker network on the left side of the mapping
@caTaffDur 3 жыл бұрын
Very good video! I am curious to know if I can use authenlia to log in nextcloud. Specialy when Nextcloud has multiple user account . Anyway good work.
@IBRACORP 3 жыл бұрын
You sure can mate. The hard part is getting the Nextcloud app to connect, but if you know the API details you can configure in proxy to bypass Authelia. You can also use LDAP like I do for both Nextcloud and Authelia so they share the same users. I will be making a video on this soon
@caTaffDur 3 жыл бұрын
@@IBRACORP bypass Authelia ? You cannot use Authelia SSO for nextcloud ?
@IBRACORP 3 жыл бұрын
I believe you can but I don't know for sure as I haven't implemented it over Nextcloud for myself personally. I know some of my members have though, sorry I can't say for sure
@caTaffDur 3 жыл бұрын
@@IBRACORP thank you for your answer and all your work.
@IBRACORP 3 жыл бұрын
My pleasure
@godarayudhvir 3 жыл бұрын
Finally i can now have 2FA 😋
@IBRACORP 3 жыл бұрын
The best option!
@savageaus81 2 жыл бұрын
Where is the link to the current config files?
@IBRACORP 2 жыл бұрын
In the description
@savageaus81 2 жыл бұрын
@@IBRACORP i must be going blind. Either way Authelia is back up and running, now on to Traefik
@IBRACORP 2 жыл бұрын
No worries! You can find them in our docs which is updated often docs.ibracorp.io
@onestopviewfiles 2 жыл бұрын
15:57 rickroll
@905jay 3 жыл бұрын
Would there be any chance you can link a doc /video, or advise how I can use this with something like bitwarden? my bitwarden client (phone /tablet /laptops etc...) use my exposed service bitwarden.mydomain.com on my home network, and remotely. Everything works fine. I login, enter my 2FA and i'm golden. But with Authelia, it (obviously) no longer works because the clients can't login (at home or remotely) because of the extra authentication mechanisms in place. Been pulling my hair on this all afternoon, for both Bitwarden and Nextcloud, both hosted on unRAID
@IBRACORP 3 жыл бұрын
The only way to get around it to my knowledge is bypassing auth for the API of each application (if supported). For an example, you can look at Organizr which explains how to bypass it for Sonarr and Radarr
@905jay 3 жыл бұрын
@@IBRACORP I'll look into that, thank you
Securing NGinX Proxy Manager - follow up - securing your admin console for this Open Source Software
Awesome Open Source
Рет қаралды 87 М.
Awesome Open Source
Рет қаралды 132 М.
MaviGadget
Рет қаралды 1,6 МЛН
😍 Таких шикарных и гибких телевизоров, тем более за такую копеечную цену вы больше нигде не найдете.
Любимый WB
Рет қаралды 803 М.
GLAZOV
Рет қаралды 83 М.