Edit README to make the user add more subdomains in /etc/hosts for testing the example locally
parent
b403cfe2f8
commit
7d21f8d5df
29
README.md
29
README.md
|
@ -40,6 +40,9 @@ Add the following lines to your /etc/hosts to simulate multiple subdomains
|
||||||
127.0.0.1 secret.test.local
|
127.0.0.1 secret.test.local
|
||||||
127.0.0.1 secret1.test.local
|
127.0.0.1 secret1.test.local
|
||||||
127.0.0.1 secret2.test.local
|
127.0.0.1 secret2.test.local
|
||||||
|
127.0.0.1 home.test.local
|
||||||
|
127.0.0.1 mx1.mail.test.local
|
||||||
|
127.0.0.1 mx2.mail.test.local
|
||||||
127.0.0.1 auth.test.local
|
127.0.0.1 auth.test.local
|
||||||
|
|
||||||
Then, type the following command to build and deploy the services:
|
Then, type the following command to build and deploy the services:
|
||||||
|
@ -48,20 +51,28 @@ Then, type the following command to build and deploy the services:
|
||||||
docker-compose up -d
|
docker-compose up -d
|
||||||
|
|
||||||
After few seconds the services should be running and you should be able to visit
|
After few seconds the services should be running and you should be able to visit
|
||||||
[https://secret.test.local:8080/](https://secret.test.local:8080/).
|
[https://home.test.local:8080/](https://home.test.local:8080/).
|
||||||
|
|
||||||
Normally, a self-signed certificate exception should appear, it has to be
|
Normally, a self-signed certificate exception should appear, it has to be
|
||||||
accepted before getting to the login page:
|
accepted before getting to the login page:
|
||||||
|
|
||||||
![first-factor-page](https://raw.githubusercontent.com/clems4ever/authelia/master/images/first_factor.png)
|
![first-factor-page](https://raw.githubusercontent.com/clems4ever/authelia/master/images/first_factor.png)
|
||||||
|
|
||||||
### 1st factor: LDAP
|
### 1st factor: LDAP and ACL
|
||||||
An LDAP server has been deployed for you with the following credentials:
|
An LDAP server has been deployed for you with the following credentials and
|
||||||
|
access control list:
|
||||||
|
|
||||||
- **john/password** is in the admin group and has access to every subdomain.
|
- **john / password** is in the admin group and has access to the secret from
|
||||||
- **bob/password** is in the dev group and has only access to *secret2.test.local*
|
any subdomain.
|
||||||
- **harry/password** is not in a group but has access to *secret1.test.local*
|
- **bob / password** is in the dev group and has access to the secret from
|
||||||
as per the configuration file.
|
- [secret.test.local](https://secret.test.local:8080/secret.html)
|
||||||
|
- [secret2.test.local](https://secret2.test.local:8080/secret.html)
|
||||||
|
- [home.test.local](https://home.test.local:8080/secret.html)
|
||||||
|
- [\*.mail.test.local](https://mx1.mail.test.local:8080/secret.html)
|
||||||
|
- **harry / password** is not in a group but has rules giving him has access to
|
||||||
|
the secret from
|
||||||
|
- [secret1.test.local](https://secret1.test.local:8080/secret.html)
|
||||||
|
- [home.test.local](https://home.test.local:8080/secret.html)
|
||||||
|
|
||||||
Type them in the login page and validate. Then, the second factor page should
|
Type them in the login page and validate. Then, the second factor page should
|
||||||
have appeared as shown below.
|
have appeared as shown below.
|
||||||
|
@ -107,8 +118,8 @@ Paste the link in your browser and you should be able to reset the password.
|
||||||
### Access Control
|
### Access Control
|
||||||
With **Authelia**, you can define your own access control rules for restricting
|
With **Authelia**, you can define your own access control rules for restricting
|
||||||
the access to certain subdomains to your users. Those rules are defined in the
|
the access to certain subdomains to your users. Those rules are defined in the
|
||||||
configuration file and are per-user or per-group. Check out the
|
configuration file and can be either default, per-user or per-group policies.
|
||||||
*config.template.yml* to see how they are defined.
|
Check out the *config.template.yml* to see how they are defined.
|
||||||
|
|
||||||
## Documentation
|
## Documentation
|
||||||
### Configuration
|
### Configuration
|
||||||
|
|
|
@ -36,12 +36,16 @@ ldap:
|
||||||
|
|
||||||
# Access Control
|
# Access Control
|
||||||
#
|
#
|
||||||
# Access control is a set of rules where you can specify a group-based
|
# Access control is a set of rules you can use to restrict the user access.
|
||||||
# subdomain restrictions.
|
# Default (anyone), per-user or per-group rules can be defined.
|
||||||
#
|
#
|
||||||
# If access_control is not defined, ACL rules are disabled and default policy
|
# If 'access_control' is not defined, ACL rules are disabled and default policy
|
||||||
# is allowed to everyone.
|
# is applied, i.e., access is allowed to anyone. Otherwise restrictions follow
|
||||||
# Otherwise, the default policy is denied for any user and any subdomain.
|
# the rules defined below.
|
||||||
|
# If no rule is provided, all domains are denied.
|
||||||
|
#
|
||||||
|
# '*' means 'any' subdomains and matches any string. It must stand at the
|
||||||
|
# beginning of the pattern.
|
||||||
access_control:
|
access_control:
|
||||||
default:
|
default:
|
||||||
- home.test.local
|
- home.test.local
|
||||||
|
|
Loading…
Reference in New Issue