2018-10-13 08:46:13 +00:00
|
|
|
# Getting Started
|
2018-08-26 21:46:15 +00:00
|
|
|
|
|
|
|
**Authelia** can be tested in a matter of seconds with docker-compose based
|
2018-11-16 07:39:57 +00:00
|
|
|
on the latest image available on [Dockerhub].
|
2018-08-26 21:46:15 +00:00
|
|
|
|
|
|
|
## Pre-requisites
|
|
|
|
|
|
|
|
In order to test **Authelia**, we need to make sure that:
|
2018-11-16 07:39:57 +00:00
|
|
|
- **Docker** and **docker-compose** are installed on your computer.
|
|
|
|
- Ports 8080 and 8085 are not already used on your machine.
|
|
|
|
- Some subdomains of **example.com** redirect to your test infrastructure.
|
2018-08-26 21:46:15 +00:00
|
|
|
|
|
|
|
### Docker & docker-compose
|
|
|
|
|
|
|
|
Make sure you have **docker** and **docker-compose** installed on your
|
|
|
|
machine.
|
|
|
|
Here are the versions used for testing in Travis:
|
|
|
|
|
2018-11-16 07:39:57 +00:00
|
|
|
$ docker --version
|
|
|
|
Docker version 17.03.1-ce, build c6d412e
|
2018-08-26 21:46:15 +00:00
|
|
|
|
2018-11-16 07:39:57 +00:00
|
|
|
$ docker-compose --version
|
|
|
|
docker-compose version 1.14.0, build c7bdf9e
|
2018-08-26 21:46:15 +00:00
|
|
|
|
|
|
|
### Available port
|
|
|
|
|
|
|
|
Make sure you don't have anything listening on port 8080 and 8085.
|
|
|
|
|
2018-11-16 07:39:57 +00:00
|
|
|
The port 8080 will be our frontend load balancer serving both **Authelia**'s portal and the applications we want to protect.
|
2018-08-26 21:46:15 +00:00
|
|
|
|
2018-11-16 07:39:57 +00:00
|
|
|
The port 8085 is serving a webmail used to receive fake emails sent by **Authelia**
|
2018-08-26 21:46:15 +00:00
|
|
|
to validate your identity when registering U2F or TOTP secrets or when
|
|
|
|
resetting your password.
|
|
|
|
|
|
|
|
### Subdomain aliases
|
|
|
|
|
2018-11-16 07:39:57 +00:00
|
|
|
In order to simulate the behavior of a DNS resolving some test subdomains of **example.com** to your machine, we
|
|
|
|
need to add the following lines to your **/etc/hosts**. It will alias the
|
|
|
|
subdomains so that nginx can redirect requests to the correct virtual host.
|
2018-08-26 21:46:15 +00:00
|
|
|
|
|
|
|
127.0.0.1 home.example.com
|
|
|
|
127.0.0.1 public.example.com
|
|
|
|
127.0.0.1 dev.example.com
|
|
|
|
127.0.0.1 admin.example.com
|
|
|
|
127.0.0.1 mx1.mail.example.com
|
|
|
|
127.0.0.1 mx2.mail.example.com
|
|
|
|
127.0.0.1 single_factor.example.com
|
|
|
|
127.0.0.1 login.example.com
|
|
|
|
|
2018-11-16 07:39:57 +00:00
|
|
|
## Deploy
|
2018-08-26 21:46:15 +00:00
|
|
|
|
|
|
|
To deploy **Authelia** using the latest image from [Dockerhub], run the
|
|
|
|
following command:
|
|
|
|
|
|
|
|
./scripts/example-dockerhub/deploy-example.sh
|
|
|
|
|
|
|
|
## Test it!
|
|
|
|
|
|
|
|
After few seconds the services should be running and you should be able to
|
|
|
|
visit [https://home.example.com:8080/](https://home.example.com:8080/).
|
|
|
|
|
2018-11-16 07:39:57 +00:00
|
|
|
When accessing the login page, since this is a test environment a
|
|
|
|
self-signed certificate exception should appear, it has to be trusted
|
|
|
|
before you can get to the home page.
|
2018-08-26 21:46:15 +00:00
|
|
|
The certificate must also be trusted for each subdomain, therefore it is
|
|
|
|
normal to see this exception several times.
|
|
|
|
|
2018-11-16 07:39:57 +00:00
|
|
|
Below is what the login page looks like after you accepted all exceptions:
|
2018-08-26 21:46:15 +00:00
|
|
|
|
|
|
|
<p align="center">
|
|
|
|
<img src="../images/first_factor.png" width="400">
|
|
|
|
</p>
|
|
|
|
|
2018-11-16 07:39:57 +00:00
|
|
|
You can use one of the users listed in [https://home.example.com:8080/](https://home.example.com:8080/). The rights granted to each user and
|
|
|
|
group is also provided there.
|
|
|
|
|
|
|
|
At some point, you'll be required to register your second factor, either
|
|
|
|
U2F or TOTP. Since your security is **Authelia**'s priority, it will send
|
|
|
|
an email to the email address of the user to confirm the user identity.
|
|
|
|
Since we're running a test environment, we provide a fake webmail called
|
|
|
|
*MailCatcher* from which you can checkout the email and confirm
|
|
|
|
your identity.
|
|
|
|
The webmail is accessible from
|
|
|
|
[http://localhost:8085](http://localhost:8085).
|
2018-08-26 21:46:15 +00:00
|
|
|
|
|
|
|
**Note:** If you cannot deploy the fake webmail for any reason. You can
|
|
|
|
configure **Authelia** to use the filesystem notifier (option available
|
|
|
|
in [config.template.yml]) that will send the content of the email in a
|
|
|
|
file instead of sending an email. It is advised to use this option
|
|
|
|
for testing only.
|
|
|
|
|
|
|
|
Enjoy!
|
|
|
|
|
2018-10-13 08:46:13 +00:00
|
|
|
[config.template.yml]: ../config.template.yml
|
2018-08-26 21:46:15 +00:00
|
|
|
[DockerHub]: https://hub.docker.com/r/clems4ever/authelia/
|
2018-10-13 08:46:13 +00:00
|
|
|
[Build]: ./build.md
|