2020-02-29 00:43:59 +00:00
|
|
|
---
|
|
|
|
layout: default
|
|
|
|
title: Deployment - Lite
|
|
|
|
parent: Deployment
|
2020-06-29 06:55:41 +00:00
|
|
|
nav_order: 1
|
2020-02-29 00:43:59 +00:00
|
|
|
---
|
|
|
|
|
|
|
|
# Lite Deployment
|
|
|
|
|
2020-03-26 23:43:10 +00:00
|
|
|
**Authelia** can be deployed as a lite setup with minimal external dependencies.
|
|
|
|
The setup is called lite because it reduces the number of components in the architecture
|
|
|
|
to a reverse proxy such as Nginx, Traefik or HAProxy, Authelia and Redis.
|
2020-02-29 00:43:59 +00:00
|
|
|
|
2020-03-26 23:43:10 +00:00
|
|
|
This setup assumes you have basic knowledge and understanding of IP addresses, DNS and port
|
|
|
|
forwarding. You should setup the domain you intend to protect with Authelia to point to your
|
|
|
|
external IP address and port forward ports `80` and `443` to the host you plan to host the
|
|
|
|
`docker-compose.yml` bundle.
|
2020-02-29 00:43:59 +00:00
|
|
|
|
2020-03-26 23:43:10 +00:00
|
|
|
Port 80 is utilised by LetsEncrypt for certificate challenges, this will [automatically
|
|
|
|
provision](https://docs.traefik.io/https/acme/) up-to-date certificates for your domain(s).
|
2020-02-29 00:43:59 +00:00
|
|
|
|
2020-03-26 23:43:10 +00:00
|
|
|
Traefik publishes the respective services with LetsEncrypt provided certificates on port `443`.
|
|
|
|
The provided examples protect the Traefik dashboard with Authelia's one-factor auth
|
|
|
|
(traefik.example.com) and two instances of the
|
2021-03-30 05:17:11 +00:00
|
|
|
[whoami container](https://hub.docker.com/r/traefik/whoami) with Authelia being
|
2020-03-26 23:43:10 +00:00
|
|
|
bypassed (public.example.com) and another with it's two-factor auth (secure.example.com).
|
2020-02-29 00:43:59 +00:00
|
|
|
|
2020-03-26 23:43:10 +00:00
|
|
|
If you happen to already have an external SQL instance (MariaDB, MySQL or Postgres) this
|
|
|
|
setup can easily be adapted to utilise said [service](../configuration/storage/index.md).
|
2020-02-29 00:43:59 +00:00
|
|
|
|
2020-03-26 23:43:10 +00:00
|
|
|
## Steps
|
2020-02-29 00:43:59 +00:00
|
|
|
|
2020-03-26 23:43:10 +00:00
|
|
|
- `git clone https://github.com/authelia/authelia.git`
|
2021-04-11 11:25:03 +00:00
|
|
|
- `cd authelia/examples/compose/lite`
|
2020-03-26 23:43:10 +00:00
|
|
|
- Modify the `users_database.yml` the default username and password is `authelia`
|
|
|
|
- Modify the `configuration.yml` and `docker-compose.yml` with your respective domains and secrets
|
|
|
|
- `docker-compose up -d`
|
2020-02-29 00:43:59 +00:00
|
|
|
|
2020-03-26 23:43:10 +00:00
|
|
|
## Reverse Proxy
|
2020-02-29 00:43:59 +00:00
|
|
|
|
2020-03-26 23:43:10 +00:00
|
|
|
The [Lite bundle](https://github.com/authelia/authelia/blob/master/compose/lite/docker-compose.yml)
|
|
|
|
provides pre-made examples with [Traefik2.x](./supported-proxies/traefik2.x.md), you can swap this
|
|
|
|
out for any of the [supported proxies](./supported-proxies/index.md).
|
2020-02-29 00:43:59 +00:00
|
|
|
|
|
|
|
## FAQ
|
|
|
|
|
|
|
|
### Can you give more details on why this is not suitable for production environments?
|
|
|
|
|
|
|
|
This documentation gives instructions that will make **Authelia** non
|
|
|
|
resilient to failures and non scalable by preventing you from running multiple
|
|
|
|
instances of the application. This means that **Authelia** won't be able to distribute
|
|
|
|
the load across multiple servers and it will prevent failover in case of a
|
2020-03-26 23:43:10 +00:00
|
|
|
crash or an hardware issue.
|