authelia/README.md

<p align="center">
  <img src="./docs/images/authelia-title.png" width="350" title="Authelia">
</p>

  [![Docker Tag](https://images.microbadger.com/badges/version/authelia/authelia.svg)](https://microbadger.com/images/authelia/authelia)
  [![Docker Size](https://img.shields.io/microbadger/image-size/authelia/authelia?style=flat-square&=blue&logo=docker)](https://microbadger.com/images/authelia/authelia)
  [![GitHub Release](https://img.shields.io/github/release/authelia/authelia.svg?style=flat-square&color=blue&logo=github&logoColor=FFFFFF)](https://github.com/authelia/authelia/releases)
  [![License](https://img.shields.io/badge/license-Apache%202.0-blue.svg?style=flat-square)][Apache 2.0]
  [![Build](https://img.shields.io/buildkite/d6543d3ece3433f46dbe5fd9fcfaf1f68a6dbc48eb1048bc22/master?style=flat-square&color=brightgreen)](https://buildkite.com/authelia/authelia)
  [![Gitter](https://img.shields.io/gitter/room/badges/shields.svg?style=flat-square&color=brightgreen)](https://gitter.im/authelia/general?utm_source=share-link&utm_medium=link&utm_campaign=share-link)

**Authelia** is an open-source authentication and authorization server
providing 2-factor authentication and single sign-on (SSO) for your
applications via a web portal.
It acts as a companion of reverse proxies like [nginx] or [Traefik] to let them know whether queries should pass through. Unauthenticated user are
redirected to Authelia Sign-in portal instead.

The architecture is shown in the diagram below.

<p align="center" style="margin:50px">
  <img src="./docs/images/archi.png"/>
</p>

**BREAKING NEWS: Authelia v4 has been released!
Please read BREAKING.md if you want to migrate from v3 to v4. Otherwise, start fresh in v4 and enjoy!**

**Authelia** can be installed as a standalone service using Docker or NPM
but can also be deployed easily on [Kubernetes] leveraging ingress controllers and ingress configuration.

<p align="center">
  <img src="./docs/images/logos/kubernetes.logo.png" height="100"/>
  <img src="./docs/images/logos/docker.logo.png" width="100">
</p>

Here is what Authelia's portal looks like

<p align="center">
  <img src="./docs/images/1FA.png" width="400" />
  <img src="./docs/images/2FA-METHODS.png" width="400" />
</p>

## Features summary

Here is the list of the main available features:

* Several kind of second factor:
  * **[Security Key (U2F)](./docs/2factor/security-key.md)** with [Yubikey].
  * **[Time-based One-Time password](./docs/2factor/time-based-one-time-password.md)** with [Google Authenticator].
  * **[Mobile Push Notifications](./docs/2factor/duo-push-notifications.md)** with [Duo](https://duo.com/).
* Password reset with identity verification using email confirmation.
* Single-factor only authentication method available.
* Access restriction after too many authentication attempts.
* Fine-grained access control per subdomain, user, resource and network.
* Support of basic authentication for endpoints protected by single factor.
* Highly available using a remote database and Redis as a highly available KV store.
* Compatible with Kubernetes [ingress-nginx](https://github.com/kubernetes/ingress-nginx) controller out of the box.

For more details about the features, follow [Features](./docs/features.md).

## Proxy support

Authelia works in combination with [nginx], [Traefik] or [HAProxy]. It can be deployed on bare metal with
Docker or directly in [Kubernetes].

<p align="center">
  <img src="./docs/images/logos/nginx.logo.png" height="50"/>
  <img src="./docs/images/logos/traefik.logo.png" height="50"/>
  <img src="./docs/images/logos/haproxy.logo.png" height="50"/>  
  <img src="./docs/images/logos/kubernetes.logo.png" height="50"/> 
</p>

## Getting Started

You can start off with

    git clone https://github.com/authelia/authelia.git && cd authelia
    source bootstrap.sh

If you want to go further, please read [Getting Started](./docs/getting-started.md).

## Deployment

Now that you have tested **Authelia** and you want to try it out in your own infrastructure,
you can learn how to deploy and use it with [Deployment](./docs/deployment-production.md).
This guide will show you how to deploy it on bare metal as well as on
[Kubernetes](https://kubernetes.io/).

## Security

If you want more information about the security measures applied by
**Authelia** and some tips on how to set up **Authelia** in a secure way,
refer to [Security](./docs/security.md).

## Changelog & Breaking changes

See [CHANGELOG.md](./CHANGELOG.md) and [BREAKING.md](./BREAKING.md).

## Contribute

Anybody willing to contribute to the project either with code, 
documentation, security reviews or whatever, are very welcome to issue
or review pull requests and take part to discussions in
[Gitter](https://gitter.im/authelia/general?utm_source=share-link&utm_medium=link&utm_campaign=share-link).

I am very grateful to contributors for their contributions to the project. Don't hesitate, be the next!

## Build Authelia

If you want to contribute with code, you should follow the documentation explaining how to [build](./docs/build-and-dev.md) the application.

## License

**Authelia** is **licensed** under the **[Apache 2.0]** license. The terms of the license are detailed
in [LICENSE](./LICENSE).


[Apache 2.0]: https://www.apache.org/licenses/LICENSE-2.0
[TOTP]: https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm
[Security Key]: https://www.yubico.com/about/background/fido/
[Yubikey]: https://www.yubico.com/products/yubikey-hardware/yubikey4/
[auth_request]: http://nginx.org/en/docs/http/ngx_http_auth_request_module.html
[Google Authenticator]: https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=en
[config.template.yml]: ./config.template.yml
[nginx]: https://www.nginx.com/
[Traefik]: https://traefik.io/
[HAproxy]: http://www.haproxy.org/
[Kubernetes]: https://kubernetes.io/
Refactor README into several documents unders docs directory. (#265) 2018-08-26 21:46:15 +00:00			`<p align="center">`
Update README and documentation to close refactoring. 2019-12-05 20:52:04 +00:00			`<img src="./docs/images/authelia-title.png" width="350" title="Authelia">`
Refactor README into several documents unders docs directory. (#265) 2018-08-26 21:46:15 +00:00			`</p>`
Adding build status to README and fix title in npm 2016-12-18 11:35:56 +00:00
Remove Travis and promote Buildkite (#545) * Remove Travis and promote Buildkite * Add Docker Size badge to README.md * Call MicroBadger webhook to update metadata for shields Add updateMicroBadger function and refactor publishDockerReadme to be called explicitly instead of on every deployManifest call. 2020-01-16 20:57:44 +00:00			`[![Docker Tag](https://images.microbadger.com/badges/version/authelia/authelia.svg)](https://microbadger.com/images/authelia/authelia)`
			`[![Docker Size](https://img.shields.io/microbadger/image-size/authelia/authelia?style=flat-square&=blue&logo=docker)](https://microbadger.com/images/authelia/authelia)`
			`[![GitHub Release](https://img.shields.io/github/release/authelia/authelia.svg?style=flat-square&color=blue&logo=github&logoColor=FFFFFF)](https://github.com/authelia/authelia/releases)`
			`[![License](https://img.shields.io/badge/license-Apache%202.0-blue.svg?style=flat-square)][Apache 2.0]`
			`[![Build](https://img.shields.io/buildkite/d6543d3ece3433f46dbe5fd9fcfaf1f68a6dbc48eb1048bc22/master?style=flat-square&color=brightgreen)](https://buildkite.com/authelia/authelia)`
			`[![Gitter](https://img.shields.io/gitter/room/badges/shields.svg?style=flat-square&color=brightgreen)](https://gitter.im/authelia/general?utm_source=share-link&utm_medium=link&utm_campaign=share-link)`
Adding README, LICENSE and CONTRIBUTORS files 2016-12-17 19:19:10 +00:00
Update the documentation to include information on Duo. 2019-03-24 17:45:32 +00:00			`Authelia is an open-source authentication and authorization server`
			`providing 2-factor authentication and single sign-on (SSO) for your`
Update README to mention nginx and Traefik and update images. 2019-04-17 21:02:10 +00:00			`applications via a web portal.`
Update README.md 2020-01-17 23:41:29 +00:00			`It acts as a companion of reverse proxies like [nginx] or [Traefik] to let them know whether queries should pass through. Unauthenticated user are`
Introduce architecture schema in the README. 2019-12-09 21:34:33 +00:00			`redirected to Authelia Sign-in portal instead.`
Update README to mention nginx and Traefik and update images. 2019-04-17 21:02:10 +00:00
Introduce architecture schema in the README. 2019-12-09 21:34:33 +00:00			`The architecture is shown in the diagram below.`
Add documentation on Authelia v4 in README and add a migration document. 2019-10-28 22:41:21 +00:00
Introduce architecture schema in the README. 2019-12-09 21:34:33 +00:00			`<p align="center" style="margin:50px">`
			`<img src="./docs/images/archi.png"/>`
Update README to mention nginx and Traefik and update images. 2019-04-17 21:02:10 +00:00			`</p>`
Update README to mention kubernetes in the description Also add a link to the wiki. 2018-04-26 07:22:40 +00:00
Introduce architecture schema in the README. 2019-12-09 21:34:33 +00:00			`**BREAKING NEWS: Authelia v4 has been released!`
			`Please read BREAKING.md if you want to migrate from v3 to v4. Otherwise, start fresh in v4 and enjoy!**`

Refactor README into several documents unders docs directory. (#265) 2018-08-26 21:46:15 +00:00			`Authelia can be installed as a standalone service using Docker or NPM`
Update README to mention nginx and Traefik and update images. 2019-04-17 21:02:10 +00:00			`but can also be deployed easily on [Kubernetes] leveraging ingress controllers and ingress configuration.`

			`<p align="center">`
Update README and documentation to close refactoring. 2019-12-05 20:52:04 +00:00			`<img src="./docs/images/logos/kubernetes.logo.png" height="100"/>`
			`<img src="./docs/images/logos/docker.logo.png" width="100">`
Update README to mention nginx and Traefik and update images. 2019-04-17 21:02:10 +00:00			`</p>`

			`Here is what Authelia's portal looks like`
Update README to mention kubernetes in the description Also add a link to the wiki. 2018-04-26 07:22:40 +00:00
Refactor README into several documents unders docs directory. (#265) 2018-08-26 21:46:15 +00:00			`<p align="center">`
Update README and documentation to close refactoring. 2019-12-05 20:52:04 +00:00			`<img src="./docs/images/1FA.png" width="400" />`
			`<img src="./docs/images/2FA-METHODS.png" width="400" />`
Refactor README into several documents unders docs directory. (#265) 2018-08-26 21:46:15 +00:00			`</p>`
Update the README with U2F support and new screenshots 2017-01-29 15:29:36 +00:00
Refactor README into several documents unders docs directory. (#265) 2018-08-26 21:46:15 +00:00			`## Features summary`
Update README with session management and add a table of contents 2017-07-13 22:52:07 +00:00
Refactor README into several documents unders docs directory. (#265) 2018-08-26 21:46:15 +00:00			`Here is the list of the main available features:`
Update README with session management and add a table of contents 2017-07-13 22:52:07 +00:00
Update the documentation to include information on Duo. 2019-03-24 17:45:32 +00:00			`* Several kind of second factor:`
Update README and documentation to close refactoring. 2019-12-05 20:52:04 +00:00			`* [Security Key (U2F)](./docs/2factor/security-key.md) with [Yubikey].`
			`* [Time-based One-Time password](./docs/2factor/time-based-one-time-password.md) with [Google Authenticator].`
			`* [Mobile Push Notifications](./docs/2factor/duo-push-notifications.md) with [Duo](https://duo.com/).`
Update README to mention nginx and Traefik and update images. 2019-04-17 21:02:10 +00:00			`* Password reset with identity verification using email confirmation.`
Refactor README into several documents unders docs directory. (#265) 2018-08-26 21:46:15 +00:00			`* Single-factor only authentication method available.`
Update the README with U2F support and new screenshots 2017-01-29 15:29:36 +00:00			`* Access restriction after too many authentication attempts.`
Add network criteria in ACLs to specify policy based on network subnet. 2019-03-27 22:09:01 +00:00			`* Fine-grained access control per subdomain, user, resource and network.`
Update README to mention nginx and Traefik and update images. 2019-04-17 21:02:10 +00:00			`* Support of basic authentication for endpoints protected by single factor.`
Update README.md 2019-12-07 13:39:21 +00:00			`* Highly available using a remote database and Redis as a highly available KV store.`
Update README to mention nginx and Traefik and update images. 2019-04-17 21:02:10 +00:00			`* Compatible with Kubernetes [ingress-nginx](https://github.com/kubernetes/ingress-nginx) controller out of the box.`
Adding README, LICENSE and CONTRIBUTORS files 2016-12-17 19:19:10 +00:00
Update README and documentation to close refactoring. 2019-12-05 20:52:04 +00:00			`For more details about the features, follow [Features](./docs/features.md).`
Update the README to take example environment changes and new deployment command into account 2017-06-29 09:51:52 +00:00
Update README to mention nginx and Traefik and update images. 2019-04-17 21:02:10 +00:00			`## Proxy support`

Remove Travis and promote Buildkite (#545) * Remove Travis and promote Buildkite * Add Docker Size badge to README.md * Call MicroBadger webhook to update metadata for shields Add updateMicroBadger function and refactor publishDockerReadme to be called explicitly instead of on every deployManifest call. 2020-01-16 20:57:44 +00:00			`Authelia works in combination with [nginx], [Traefik] or [HAProxy]. It can be deployed on bare metal with`
Update README to mention nginx and Traefik and update images. 2019-04-17 21:02:10 +00:00			`Docker or directly in [Kubernetes].`

			`<p align="center">`
Update README and documentation to close refactoring. 2019-12-05 20:52:04 +00:00			`<img src="./docs/images/logos/nginx.logo.png" height="50"/>`
Update README.md for HAProxy references 2020-01-10 05:03:58 +00:00			`<img src="./docs/images/logos/traefik.logo.png" height="50"/>`
			`<img src="./docs/images/logos/haproxy.logo.png" height="50"/>`
Update README and documentation to close refactoring. 2019-12-05 20:52:04 +00:00			`<img src="./docs/images/logos/kubernetes.logo.png" height="50"/>`
Update README to mention nginx and Traefik and update images. 2019-04-17 21:02:10 +00:00			`</p>`

Refactor README into several documents unders docs directory. (#265) 2018-08-26 21:46:15 +00:00			`## Getting Started`
Update the README with U2F support and new screenshots 2017-01-29 15:29:36 +00:00
[BREAKING] Create a suite for kubernetes tests. Authelia client uses hash router instead of browser router in order to work with Kubernetes nginx-ingress-controller. This is also better for users having old browsers. This commit is breaking because it requires to change the configuration of the proxy to include the # in the URL of the login portal. 2019-03-03 22:51:52 +00:00			`You can start off with`

Rename org from clems4ever to authelia Also fix references from config.yml to configuration.yml 2019-12-24 02:14:52 +00:00			`git clone https://github.com/authelia/authelia.git && cd authelia`
[BREAKING] Create a suite for kubernetes tests. Authelia client uses hash router instead of browser router in order to work with Kubernetes nginx-ingress-controller. This is also better for users having old browsers. This commit is breaking because it requires to change the configuration of the proxy to include the # in the URL of the login portal. 2019-03-03 22:51:52 +00:00			`source bootstrap.sh`

Update README and documentation to close refactoring. 2019-12-05 20:52:04 +00:00			`If you want to go further, please read [Getting Started](./docs/getting-started.md).`
Add details on how to deploy Authelia in a dev environment. Also improve some part of the documentation. 2018-11-16 07:39:57 +00:00
			`## Deployment`

[BREAKING] Create a suite for kubernetes tests. Authelia client uses hash router instead of browser router in order to work with Kubernetes nginx-ingress-controller. This is also better for users having old browsers. This commit is breaking because it requires to change the configuration of the proxy to include the # in the URL of the login portal. 2019-03-03 22:51:52 +00:00			`Now that you have tested Authelia and you want to try it out in your own infrastructure,`
Update README and documentation to close refactoring. 2019-12-05 20:52:04 +00:00			`you can learn how to deploy and use it with [Deployment](./docs/deployment-production.md).`
[BREAKING] Create a suite for kubernetes tests. Authelia client uses hash router instead of browser router in order to work with Kubernetes nginx-ingress-controller. This is also better for users having old browsers. This commit is breaking because it requires to change the configuration of the proxy to include the # in the URL of the login portal. 2019-03-03 22:51:52 +00:00			`This guide will show you how to deploy it on bare metal as well as on`
			`[Kubernetes](https://kubernetes.io/).`
Update README with session management and add a table of contents 2017-07-13 22:52:07 +00:00
Add notes on security measures deployed in Authelia in README 2017-10-15 15:57:12 +00:00			`## Security`

Refactor README into several documents unders docs directory. (#265) 2018-08-26 21:46:15 +00:00			`If you want more information about the security measures applied by`
			`Authelia and some tips on how to set up Authelia in a secure way,`
Update README and documentation to close refactoring. 2019-12-05 20:52:04 +00:00			`refer to [Security](./docs/security.md).`
Add notes on security measures deployed in Authelia in README 2017-10-15 15:57:12 +00:00
Add a link to the breaking changes markdown in README. 2019-04-16 20:58:45 +00:00			`## Changelog & Breaking changes`
Update the README with U2F support and new screenshots 2017-01-29 15:29:36 +00:00
Update README and documentation to close refactoring. 2019-12-05 20:52:04 +00:00			`See [CHANGELOG.md](./CHANGELOG.md) and [BREAKING.md](./BREAKING.md).`
Update README to mention kubernetes in the description Also add a link to the wiki. 2018-04-26 07:22:40 +00:00
Improve CONTRIBUTE section of the README. 2018-11-15 21:47:27 +00:00			`## Contribute`
Update the README with U2F support and new screenshots 2017-01-29 15:29:36 +00:00
Improve CONTRIBUTE section of the README. 2018-11-15 21:47:27 +00:00			`Anybody willing to contribute to the project either with code,`
			`documentation, security reviews or whatever, are very welcome to issue`
			`or review pull requests and take part to discussions in`
			`[Gitter](https://gitter.im/authelia/general?utm_source=share-link&utm_medium=link&utm_campaign=share-link).`

Fix typo in Readme 2019-12-05 10:10:02 +00:00			`I am very grateful to contributors for their contributions to the project. Don't hesitate, be the next!`
Add details on how to deploy Authelia in a dev environment. Also improve some part of the documentation. 2018-11-16 07:39:57 +00:00
			`## Build Authelia`

Update README and documentation to close refactoring. 2019-12-05 20:52:04 +00:00			`If you want to contribute with code, you should follow the documentation explaining how to [build](./docs/build-and-dev.md) the application.`
Adding README, LICENSE and CONTRIBUTORS files 2016-12-17 19:19:10 +00:00
			`## License`
Refactor README into several documents unders docs directory. (#265) 2018-08-26 21:46:15 +00:00
Change license from MIT to Apache 2.0. 2019-04-16 21:40:15 +00:00			`Authelia is licensed under the [Apache 2.0] license. The terms of the license are detailed`
Update README and documentation to close refactoring. 2019-12-05 20:52:04 +00:00			`in [LICENSE](./LICENSE).`
Adding README, LICENSE and CONTRIBUTORS files 2016-12-17 19:19:10 +00:00

Change license from MIT to Apache 2.0. 2019-04-16 21:40:15 +00:00			`[Apache 2.0]: https://www.apache.org/licenses/LICENSE-2.0`
Update the README with U2F support and new screenshots 2017-01-29 15:29:36 +00:00			`[TOTP]: https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm`
Update the documentation to include information on Duo. 2019-03-24 17:45:32 +00:00			`[Security Key]: https://www.yubico.com/about/background/fido/`
Update the README with U2F support and new screenshots 2017-01-29 15:29:36 +00:00			`[Yubikey]: https://www.yubico.com/products/yubikey-hardware/yubikey4/`
Update the README to take example environment changes and new deployment command into account 2017-06-29 09:51:52 +00:00			`[auth_request]: http://nginx.org/en/docs/http/ngx_http_auth_request_module.html`
			`[Google Authenticator]: https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=en`
Update README and documentation to close refactoring. 2019-12-05 20:52:04 +00:00			`[config.template.yml]: ./config.template.yml`
Update README to mention nginx and Traefik and update images. 2019-04-17 21:02:10 +00:00			`[nginx]: https://www.nginx.com/`
			`[Traefik]: https://traefik.io/`
			`[HAproxy]: http://www.haproxy.org/`
Update README.md 2020-01-17 23:41:29 +00:00			`[Kubernetes]: https://kubernetes.io/`