Merge remote-tracking branch 'origin/master' into feat-settings-ui
commit
8c057f65a5
|
@ -25,3 +25,5 @@ authelia-image-dev.tar
|
||||||
|
|
||||||
/authelia
|
/authelia
|
||||||
__debug_bin
|
__debug_bin
|
||||||
|
|
||||||
|
internal/suites/common/pki/ca/ca.private.pem
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
# ===================================
|
# ===================================
|
||||||
# ===== Authelia official image =====
|
# ===== Authelia official image =====
|
||||||
# ===================================
|
# ===================================
|
||||||
FROM alpine:3.17.1
|
FROM alpine:3.17.2
|
||||||
|
|
||||||
ARG TARGETOS
|
ARG TARGETOS
|
||||||
ARG TARGETARCH
|
ARG TARGETARCH
|
||||||
|
|
|
@ -46,7 +46,7 @@ RUN \
|
||||||
# ===================================
|
# ===================================
|
||||||
# ===== Authelia official image =====
|
# ===== Authelia official image =====
|
||||||
# ===================================
|
# ===================================
|
||||||
FROM alpine:3.17.1
|
FROM alpine:3.17.2
|
||||||
|
|
||||||
RUN apk --no-cache add ca-certificates tzdata
|
RUN apk --no-cache add ca-certificates tzdata
|
||||||
|
|
||||||
|
|
|
@ -43,7 +43,7 @@ RUN \
|
||||||
# ===================================
|
# ===================================
|
||||||
# ===== Authelia official image =====
|
# ===== Authelia official image =====
|
||||||
# ===================================
|
# ===================================
|
||||||
FROM alpine:3.17.1
|
FROM alpine:3.17.2
|
||||||
|
|
||||||
WORKDIR /app
|
WORKDIR /app
|
||||||
|
|
||||||
|
|
|
@ -772,3 +772,7 @@ Layouts:
|
||||||
ANSIC: Mon Jan _2 15:04:05 2006
|
ANSIC: Mon Jan _2 15:04:05 2006
|
||||||
Date: 2006-01-02`
|
Date: 2006-01-02`
|
||||||
)
|
)
|
||||||
|
|
||||||
|
const (
|
||||||
|
fmtLogServerListening = "Server is listening for %s connections on '%s' path '%s'"
|
||||||
|
)
|
||||||
|
|
|
@ -9,7 +9,6 @@ import (
|
||||||
"github.com/sirupsen/logrus"
|
"github.com/sirupsen/logrus"
|
||||||
"github.com/spf13/cobra"
|
"github.com/spf13/cobra"
|
||||||
"github.com/spf13/pflag"
|
"github.com/spf13/pflag"
|
||||||
"golang.org/x/sync/errgroup"
|
|
||||||
|
|
||||||
"github.com/authelia/authelia/v4/internal/authentication"
|
"github.com/authelia/authelia/v4/internal/authentication"
|
||||||
"github.com/authelia/authelia/v4/internal/authorization"
|
"github.com/authelia/authelia/v4/internal/authorization"
|
||||||
|
@ -35,14 +34,8 @@ import (
|
||||||
func NewCmdCtx() *CmdCtx {
|
func NewCmdCtx() *CmdCtx {
|
||||||
ctx := context.Background()
|
ctx := context.Background()
|
||||||
|
|
||||||
ctx, cancel := context.WithCancel(ctx)
|
|
||||||
|
|
||||||
group, ctx := errgroup.WithContext(ctx)
|
|
||||||
|
|
||||||
return &CmdCtx{
|
return &CmdCtx{
|
||||||
Context: ctx,
|
Context: ctx,
|
||||||
cancel: cancel,
|
|
||||||
group: group,
|
|
||||||
log: logging.Logger(),
|
log: logging.Logger(),
|
||||||
providers: middlewares.Providers{
|
providers: middlewares.Providers{
|
||||||
Random: &random.Cryptographical{},
|
Random: &random.Cryptographical{},
|
||||||
|
@ -55,9 +48,6 @@ func NewCmdCtx() *CmdCtx {
|
||||||
type CmdCtx struct {
|
type CmdCtx struct {
|
||||||
context.Context
|
context.Context
|
||||||
|
|
||||||
cancel context.CancelFunc
|
|
||||||
group *errgroup.Group
|
|
||||||
|
|
||||||
log *logrus.Logger
|
log *logrus.Logger
|
||||||
|
|
||||||
config *schema.Configuration
|
config *schema.Configuration
|
||||||
|
|
|
@ -2,21 +2,13 @@ package commands
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"net"
|
|
||||||
"os"
|
"os"
|
||||||
"os/signal"
|
|
||||||
"path/filepath"
|
|
||||||
"strings"
|
"strings"
|
||||||
"syscall"
|
|
||||||
|
|
||||||
"github.com/fsnotify/fsnotify"
|
|
||||||
"github.com/spf13/cobra"
|
"github.com/spf13/cobra"
|
||||||
"github.com/valyala/fasthttp"
|
|
||||||
|
|
||||||
"github.com/authelia/authelia/v4/internal/authentication"
|
|
||||||
"github.com/authelia/authelia/v4/internal/logging"
|
"github.com/authelia/authelia/v4/internal/logging"
|
||||||
"github.com/authelia/authelia/v4/internal/model"
|
"github.com/authelia/authelia/v4/internal/model"
|
||||||
"github.com/authelia/authelia/v4/internal/server"
|
|
||||||
"github.com/authelia/authelia/v4/internal/utils"
|
"github.com/authelia/authelia/v4/internal/utils"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -95,195 +87,11 @@ func (ctx *CmdCtx) RootRunE(_ *cobra.Command, _ []string) (err error) {
|
||||||
|
|
||||||
ctx.cconfig = nil
|
ctx.cconfig = nil
|
||||||
|
|
||||||
runServices(ctx)
|
servicesRun(ctx)
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
//nolint:gocyclo // Complexity is required in this function.
|
|
||||||
func runServices(ctx *CmdCtx) {
|
|
||||||
defer ctx.cancel()
|
|
||||||
|
|
||||||
quit := make(chan os.Signal, 1)
|
|
||||||
|
|
||||||
signal.Notify(quit, syscall.SIGINT, syscall.SIGTERM)
|
|
||||||
|
|
||||||
defer signal.Stop(quit)
|
|
||||||
|
|
||||||
var (
|
|
||||||
mainServer, metricsServer *fasthttp.Server
|
|
||||||
mainListener, metricsListener net.Listener
|
|
||||||
)
|
|
||||||
|
|
||||||
ctx.group.Go(func() (err error) {
|
|
||||||
defer func() {
|
|
||||||
if r := recover(); r != nil {
|
|
||||||
ctx.log.WithError(recoverErr(r)).Errorf("Server (main) critical error caught (recovered)")
|
|
||||||
}
|
|
||||||
}()
|
|
||||||
|
|
||||||
if mainServer, mainListener, err = server.CreateDefaultServer(*ctx.config, ctx.providers); err != nil {
|
|
||||||
ctx.log.WithError(err).Error("Create Server (main) returned error")
|
|
||||||
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
|
|
||||||
if err = mainServer.Serve(mainListener); err != nil {
|
|
||||||
ctx.log.WithError(err).Error("Server (main) returned error")
|
|
||||||
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
|
|
||||||
return nil
|
|
||||||
})
|
|
||||||
|
|
||||||
ctx.group.Go(func() (err error) {
|
|
||||||
if ctx.providers.Metrics == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
defer func() {
|
|
||||||
if r := recover(); r != nil {
|
|
||||||
ctx.log.WithError(recoverErr(r)).Errorf("Server (metrics) critical error caught (recovered)")
|
|
||||||
}
|
|
||||||
}()
|
|
||||||
|
|
||||||
if metricsServer, metricsListener, err = server.CreateMetricsServer(ctx.config.Telemetry.Metrics); err != nil {
|
|
||||||
ctx.log.WithError(err).Error("Create Server (metrics) returned error")
|
|
||||||
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
|
|
||||||
if err = metricsServer.Serve(metricsListener); err != nil {
|
|
||||||
ctx.log.WithError(err).Error("Server (metrics) returned error")
|
|
||||||
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
|
|
||||||
return nil
|
|
||||||
})
|
|
||||||
|
|
||||||
if ctx.config.AuthenticationBackend.File != nil && ctx.config.AuthenticationBackend.File.Watch {
|
|
||||||
provider := ctx.providers.UserProvider.(*authentication.FileUserProvider)
|
|
||||||
if watcher, err := runServiceFileWatcher(ctx, ctx.config.AuthenticationBackend.File.Path, provider); err != nil {
|
|
||||||
ctx.log.WithError(err).Errorf("File Watcher (user database) start returned error")
|
|
||||||
} else {
|
|
||||||
defer func(watcher *fsnotify.Watcher) {
|
|
||||||
if err := watcher.Close(); err != nil {
|
|
||||||
ctx.log.WithError(err).Errorf("File Watcher (user database) close returned error")
|
|
||||||
}
|
|
||||||
}(watcher)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
select {
|
|
||||||
case s := <-quit:
|
|
||||||
switch s {
|
|
||||||
case syscall.SIGINT:
|
|
||||||
ctx.log.Debugf("Shutdown started due to SIGINT")
|
|
||||||
case syscall.SIGQUIT:
|
|
||||||
ctx.log.Debugf("Shutdown started due to SIGQUIT")
|
|
||||||
}
|
|
||||||
case <-ctx.Done():
|
|
||||||
ctx.log.Debugf("Shutdown started due to context completion")
|
|
||||||
}
|
|
||||||
|
|
||||||
ctx.cancel()
|
|
||||||
|
|
||||||
ctx.log.Infof("Shutting down")
|
|
||||||
|
|
||||||
var err error
|
|
||||||
|
|
||||||
if mainServer != nil {
|
|
||||||
if err = mainServer.Shutdown(); err != nil {
|
|
||||||
ctx.log.WithError(err).Errorf("Error occurred shutting down the server")
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if metricsServer != nil {
|
|
||||||
if err = metricsServer.Shutdown(); err != nil {
|
|
||||||
ctx.log.WithError(err).Errorf("Error occurred shutting down the metrics server")
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if err = ctx.providers.StorageProvider.Close(); err != nil {
|
|
||||||
ctx.log.WithError(err).Errorf("Error occurred closing the database connection")
|
|
||||||
}
|
|
||||||
|
|
||||||
if err = ctx.group.Wait(); err != nil {
|
|
||||||
ctx.log.WithError(err).Errorf("Error occurred waiting for shutdown")
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
type ReloadFilter func(path string) (skipped bool)
|
|
||||||
|
|
||||||
type ProviderReload interface {
|
|
||||||
Reload() (reloaded bool, err error)
|
|
||||||
}
|
|
||||||
|
|
||||||
func runServiceFileWatcher(ctx *CmdCtx, path string, reload ProviderReload) (watcher *fsnotify.Watcher, err error) {
|
|
||||||
if watcher, err = fsnotify.NewWatcher(); err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
|
|
||||||
failed := make(chan struct{})
|
|
||||||
|
|
||||||
var directory, filename string
|
|
||||||
|
|
||||||
if path != "" {
|
|
||||||
directory, filename = filepath.Dir(path), filepath.Base(path)
|
|
||||||
}
|
|
||||||
|
|
||||||
ctx.group.Go(func() error {
|
|
||||||
for {
|
|
||||||
select {
|
|
||||||
case <-failed:
|
|
||||||
return nil
|
|
||||||
case event, ok := <-watcher.Events:
|
|
||||||
if !ok {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
if filename != filepath.Base(event.Name) {
|
|
||||||
ctx.log.WithField("file", event.Name).WithField("op", event.Op).Tracef("File modification detected to irrelevant file")
|
|
||||||
break
|
|
||||||
}
|
|
||||||
|
|
||||||
switch {
|
|
||||||
case event.Op&fsnotify.Write == fsnotify.Write, event.Op&fsnotify.Create == fsnotify.Create:
|
|
||||||
ctx.log.WithField("file", event.Name).WithField("op", event.Op).Debug("File modification detected")
|
|
||||||
|
|
||||||
switch reloaded, err := reload.Reload(); {
|
|
||||||
case err != nil:
|
|
||||||
ctx.log.WithField("file", event.Name).WithField("op", event.Op).WithError(err).Error("Error occurred reloading file")
|
|
||||||
case reloaded:
|
|
||||||
ctx.log.WithField("file", event.Name).Info("Reloaded file successfully")
|
|
||||||
default:
|
|
||||||
ctx.log.WithField("file", event.Name).Debug("Reload of file was triggered but it was skipped")
|
|
||||||
}
|
|
||||||
case event.Op&fsnotify.Remove == fsnotify.Remove:
|
|
||||||
ctx.log.WithField("file", event.Name).WithField("op", event.Op).Debug("Remove of file was detected")
|
|
||||||
}
|
|
||||||
case err, ok := <-watcher.Errors:
|
|
||||||
if !ok {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
ctx.log.WithError(err).Errorf("Error while watching files")
|
|
||||||
}
|
|
||||||
}
|
|
||||||
})
|
|
||||||
|
|
||||||
if err := watcher.Add(directory); err != nil {
|
|
||||||
failed <- struct{}{}
|
|
||||||
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
|
|
||||||
ctx.log.WithField("directory", directory).WithField("file", filename).Debug("Directory is being watched for changes to the file")
|
|
||||||
|
|
||||||
return watcher, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
func doStartupChecks(ctx *CmdCtx) {
|
func doStartupChecks(ctx *CmdCtx) {
|
||||||
var (
|
var (
|
||||||
failures []string
|
failures []string
|
||||||
|
|
|
@ -0,0 +1,311 @@
|
||||||
|
package commands
|
||||||
|
|
||||||
|
import (
|
||||||
|
"context"
|
||||||
|
"fmt"
|
||||||
|
"net"
|
||||||
|
"os"
|
||||||
|
"os/signal"
|
||||||
|
"path/filepath"
|
||||||
|
"strings"
|
||||||
|
"sync"
|
||||||
|
"syscall"
|
||||||
|
|
||||||
|
"github.com/fsnotify/fsnotify"
|
||||||
|
"github.com/sirupsen/logrus"
|
||||||
|
"github.com/valyala/fasthttp"
|
||||||
|
"golang.org/x/sync/errgroup"
|
||||||
|
|
||||||
|
"github.com/authelia/authelia/v4/internal/authentication"
|
||||||
|
"github.com/authelia/authelia/v4/internal/server"
|
||||||
|
)
|
||||||
|
|
||||||
|
// NewServerService creates a new ServerService with the appropriate logger etc.
|
||||||
|
func NewServerService(name string, server *fasthttp.Server, listener net.Listener, paths []string, isTLS bool, log *logrus.Logger) (service *ServerService) {
|
||||||
|
return &ServerService{
|
||||||
|
server: server,
|
||||||
|
listener: listener,
|
||||||
|
paths: paths,
|
||||||
|
isTLS: isTLS,
|
||||||
|
log: log.WithFields(map[string]any{"service": "server", "server": name}),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// NewFileWatcherService creates a new FileWatcherService with the appropriate logger etc.
|
||||||
|
func NewFileWatcherService(name, path string, reload ProviderReload, log *logrus.Logger) (service *FileWatcherService, err error) {
|
||||||
|
if path == "" {
|
||||||
|
return nil, fmt.Errorf("path must be specified")
|
||||||
|
}
|
||||||
|
|
||||||
|
var info os.FileInfo
|
||||||
|
|
||||||
|
if info, err = os.Stat(path); err != nil {
|
||||||
|
return nil, fmt.Errorf("error stating file '%s': %w", path, err)
|
||||||
|
}
|
||||||
|
|
||||||
|
if path, err = filepath.Abs(path); err != nil {
|
||||||
|
return nil, fmt.Errorf("error determining absolute path of file '%s': %w", path, err)
|
||||||
|
}
|
||||||
|
|
||||||
|
var watcher *fsnotify.Watcher
|
||||||
|
|
||||||
|
if watcher, err = fsnotify.NewWatcher(); err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
entry := log.WithFields(map[string]any{"service": "watcher", "watcher": name})
|
||||||
|
|
||||||
|
if info.IsDir() {
|
||||||
|
service = &FileWatcherService{
|
||||||
|
watcher: watcher,
|
||||||
|
reload: reload,
|
||||||
|
log: entry,
|
||||||
|
directory: filepath.Clean(path),
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
service = &FileWatcherService{
|
||||||
|
watcher: watcher,
|
||||||
|
reload: reload,
|
||||||
|
log: entry,
|
||||||
|
directory: filepath.Dir(path),
|
||||||
|
file: filepath.Base(path),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if err = service.watcher.Add(service.directory); err != nil {
|
||||||
|
return nil, fmt.Errorf("failed to add path '%s' to watch list: %w", path, err)
|
||||||
|
}
|
||||||
|
|
||||||
|
return service, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// ProviderReload represents the required methods to support reloading a provider.
|
||||||
|
type ProviderReload interface {
|
||||||
|
Reload() (reloaded bool, err error)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Service represents the required methods to support handling a service.
|
||||||
|
type Service interface {
|
||||||
|
Run() (err error)
|
||||||
|
Shutdown()
|
||||||
|
}
|
||||||
|
|
||||||
|
// ServerService is a Service which runs a webserver.
|
||||||
|
type ServerService struct {
|
||||||
|
server *fasthttp.Server
|
||||||
|
paths []string
|
||||||
|
isTLS bool
|
||||||
|
listener net.Listener
|
||||||
|
log *logrus.Entry
|
||||||
|
}
|
||||||
|
|
||||||
|
// Run the ServerService.
|
||||||
|
func (service *ServerService) Run() (err error) {
|
||||||
|
defer func() {
|
||||||
|
if r := recover(); r != nil {
|
||||||
|
service.log.WithError(recoverErr(r)).Error("Critical error caught (recovered)")
|
||||||
|
}
|
||||||
|
}()
|
||||||
|
|
||||||
|
service.log.Infof(fmtLogServerListening, connectionType(service.isTLS), service.listener.Addr().String(), strings.Join(service.paths, "' and '"))
|
||||||
|
|
||||||
|
if err = service.server.Serve(service.listener); err != nil {
|
||||||
|
service.log.WithError(err).Error("Error returned attempting to serve requests")
|
||||||
|
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// Shutdown the ServerService.
|
||||||
|
func (service *ServerService) Shutdown() {
|
||||||
|
if err := service.server.Shutdown(); err != nil {
|
||||||
|
service.log.WithError(err).Error("Error occurred during shutdown")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// FileWatcherService is a Service that watches files for changes.
|
||||||
|
type FileWatcherService struct {
|
||||||
|
watcher *fsnotify.Watcher
|
||||||
|
reload ProviderReload
|
||||||
|
|
||||||
|
log *logrus.Entry
|
||||||
|
file string
|
||||||
|
directory string
|
||||||
|
}
|
||||||
|
|
||||||
|
// Run the FileWatcherService.
|
||||||
|
func (service *FileWatcherService) Run() (err error) {
|
||||||
|
defer func() {
|
||||||
|
if r := recover(); r != nil {
|
||||||
|
service.log.WithError(recoverErr(r)).Error("Critical error caught (recovered)")
|
||||||
|
}
|
||||||
|
}()
|
||||||
|
|
||||||
|
service.log.WithField("file", filepath.Join(service.directory, service.file)).Info("Watching for file changes to the file")
|
||||||
|
|
||||||
|
for {
|
||||||
|
select {
|
||||||
|
case event, ok := <-service.watcher.Events:
|
||||||
|
if !ok {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
if service.file != "" && service.file != filepath.Base(event.Name) {
|
||||||
|
service.log.WithFields(map[string]any{"file": event.Name, "op": event.Op}).Tracef("File modification detected to irrelevant file")
|
||||||
|
break
|
||||||
|
}
|
||||||
|
|
||||||
|
switch {
|
||||||
|
case event.Op&fsnotify.Write == fsnotify.Write, event.Op&fsnotify.Create == fsnotify.Create:
|
||||||
|
service.log.WithFields(map[string]any{"file": event.Name, "op": event.Op}).Debug("File modification was detected")
|
||||||
|
|
||||||
|
var reloaded bool
|
||||||
|
|
||||||
|
switch reloaded, err = service.reload.Reload(); {
|
||||||
|
case err != nil:
|
||||||
|
service.log.WithFields(map[string]any{"file": event.Name, "op": event.Op}).WithError(err).Error("Error occurred during reload")
|
||||||
|
case reloaded:
|
||||||
|
service.log.WithField("file", event.Name).Info("Reloaded successfully")
|
||||||
|
default:
|
||||||
|
service.log.WithField("file", event.Name).Debug("Reload of was triggered but it was skipped")
|
||||||
|
}
|
||||||
|
case event.Op&fsnotify.Remove == fsnotify.Remove:
|
||||||
|
service.log.WithFields(map[string]any{"file": event.Name, "op": event.Op}).Debug("File remove was detected")
|
||||||
|
}
|
||||||
|
case err, ok := <-service.watcher.Errors:
|
||||||
|
if !ok {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
service.log.WithError(err).Errorf("Error while watching files")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Shutdown the FileWatcherService.
|
||||||
|
func (service *FileWatcherService) Shutdown() {
|
||||||
|
if err := service.watcher.Close(); err != nil {
|
||||||
|
service.log.WithError(err).Error("Error occurred during shutdown")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func svcSvrMainFunc(ctx *CmdCtx) (service Service) {
|
||||||
|
switch svr, listener, paths, isTLS, err := server.CreateDefaultServer(ctx.config, ctx.providers); {
|
||||||
|
case err != nil:
|
||||||
|
ctx.log.WithError(err).Fatal("Create Server Service (main) returned error")
|
||||||
|
case svr != nil && listener != nil:
|
||||||
|
service = NewServerService("main", svr, listener, paths, isTLS, ctx.log)
|
||||||
|
default:
|
||||||
|
ctx.log.Fatal("Create Server Service (main) failed")
|
||||||
|
}
|
||||||
|
|
||||||
|
return service
|
||||||
|
}
|
||||||
|
|
||||||
|
func svcSvrMetricsFunc(ctx *CmdCtx) (service Service) {
|
||||||
|
switch svr, listener, paths, isTLS, err := server.CreateMetricsServer(ctx.config, ctx.providers); {
|
||||||
|
case err != nil:
|
||||||
|
ctx.log.WithError(err).Fatal("Create Server Service (metrics) returned error")
|
||||||
|
case svr != nil && listener != nil:
|
||||||
|
service = NewServerService("metrics", svr, listener, paths, isTLS, ctx.log)
|
||||||
|
default:
|
||||||
|
ctx.log.Debug("Create Server Service (metrics) skipped")
|
||||||
|
}
|
||||||
|
|
||||||
|
return service
|
||||||
|
}
|
||||||
|
|
||||||
|
func svcWatcherUsersFunc(ctx *CmdCtx) (service Service) {
|
||||||
|
var err error
|
||||||
|
|
||||||
|
if ctx.config.AuthenticationBackend.File != nil && ctx.config.AuthenticationBackend.File.Watch {
|
||||||
|
provider := ctx.providers.UserProvider.(*authentication.FileUserProvider)
|
||||||
|
|
||||||
|
if service, err = NewFileWatcherService("users", ctx.config.AuthenticationBackend.File.Path, provider, ctx.log); err != nil {
|
||||||
|
ctx.log.WithError(err).Fatal("Create Watcher Service (users) returned error")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return service
|
||||||
|
}
|
||||||
|
|
||||||
|
func connectionType(isTLS bool) string {
|
||||||
|
if isTLS {
|
||||||
|
return "TLS"
|
||||||
|
}
|
||||||
|
|
||||||
|
return "non-TLS"
|
||||||
|
}
|
||||||
|
|
||||||
|
func servicesRun(ctx *CmdCtx) {
|
||||||
|
cctx, cancel := context.WithCancel(ctx)
|
||||||
|
|
||||||
|
group, cctx := errgroup.WithContext(cctx)
|
||||||
|
|
||||||
|
defer cancel()
|
||||||
|
|
||||||
|
quit := make(chan os.Signal, 1)
|
||||||
|
|
||||||
|
signal.Notify(quit, syscall.SIGINT, syscall.SIGTERM)
|
||||||
|
|
||||||
|
defer signal.Stop(quit)
|
||||||
|
|
||||||
|
var (
|
||||||
|
services []Service
|
||||||
|
)
|
||||||
|
|
||||||
|
for _, serviceFunc := range []func(ctx *CmdCtx) Service{
|
||||||
|
svcSvrMainFunc, svcSvrMetricsFunc,
|
||||||
|
svcWatcherUsersFunc,
|
||||||
|
} {
|
||||||
|
if service := serviceFunc(ctx); service != nil {
|
||||||
|
services = append(services, service)
|
||||||
|
|
||||||
|
group.Go(service.Run)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
ctx.log.Info("Startup Complete")
|
||||||
|
|
||||||
|
select {
|
||||||
|
case s := <-quit:
|
||||||
|
switch s {
|
||||||
|
case syscall.SIGINT:
|
||||||
|
ctx.log.WithField("signal", "SIGINT").Debugf("Shutdown started due to signal")
|
||||||
|
case syscall.SIGTERM:
|
||||||
|
ctx.log.WithField("signal", "SIGTERM").Debugf("Shutdown started due to signal")
|
||||||
|
}
|
||||||
|
case <-cctx.Done():
|
||||||
|
ctx.log.Debugf("Shutdown started due to context completion")
|
||||||
|
}
|
||||||
|
|
||||||
|
cancel()
|
||||||
|
|
||||||
|
ctx.log.Infof("Shutting down")
|
||||||
|
|
||||||
|
wgShutdown := &sync.WaitGroup{}
|
||||||
|
|
||||||
|
for _, service := range services {
|
||||||
|
go func() {
|
||||||
|
service.Shutdown()
|
||||||
|
|
||||||
|
wgShutdown.Done()
|
||||||
|
}()
|
||||||
|
|
||||||
|
wgShutdown.Add(1)
|
||||||
|
}
|
||||||
|
|
||||||
|
wgShutdown.Wait()
|
||||||
|
|
||||||
|
var err error
|
||||||
|
|
||||||
|
if err = ctx.providers.StorageProvider.Close(); err != nil {
|
||||||
|
ctx.log.WithError(err).Error("Error occurred closing database connections")
|
||||||
|
}
|
||||||
|
|
||||||
|
if err = group.Wait(); err != nil {
|
||||||
|
ctx.log.WithError(err).Errorf("Error occurred waiting for shutdown")
|
||||||
|
}
|
||||||
|
}
|
|
@ -83,12 +83,3 @@ const (
|
||||||
tmplCSPSwaggerNonce = "default-src 'self'; img-src 'self' https://validator.swagger.io data:; object-src 'none'; script-src 'self' 'unsafe-inline' 'nonce-%s'; style-src 'self' 'nonce-%s'; base-uri 'self'"
|
tmplCSPSwaggerNonce = "default-src 'self'; img-src 'self' https://validator.swagger.io data:; object-src 'none'; script-src 'self' 'unsafe-inline' 'nonce-%s'; style-src 'self' 'nonce-%s'; base-uri 'self'"
|
||||||
tmplCSPSwagger = "default-src 'self'; img-src 'self' https://validator.swagger.io data:; object-src 'none'; script-src 'self' 'unsafe-inline'; style-src 'self'; base-uri 'self'"
|
tmplCSPSwagger = "default-src 'self'; img-src 'self' https://validator.swagger.io data:; object-src 'none'; script-src 'self' 'unsafe-inline'; style-src 'self'; base-uri 'self'"
|
||||||
)
|
)
|
||||||
|
|
||||||
const (
|
|
||||||
connNonTLS = "non-TLS"
|
|
||||||
connTLS = "TLS"
|
|
||||||
)
|
|
||||||
|
|
||||||
const (
|
|
||||||
fmtLogServerInit = "Initializing %s for %s connections on '%s' path '%s'"
|
|
||||||
)
|
|
||||||
|
|
|
@ -92,10 +92,10 @@ func handleNotFound(next fasthttp.RequestHandler) fasthttp.RequestHandler {
|
||||||
}
|
}
|
||||||
|
|
||||||
//nolint:gocyclo
|
//nolint:gocyclo
|
||||||
func handleRouter(config schema.Configuration, providers middlewares.Providers) fasthttp.RequestHandler {
|
func handleRouter(config *schema.Configuration, providers middlewares.Providers) fasthttp.RequestHandler {
|
||||||
log := logging.Logger()
|
log := logging.Logger()
|
||||||
|
|
||||||
optsTemplatedFile := NewTemplatedFileOptions(&config)
|
optsTemplatedFile := NewTemplatedFileOptions(config)
|
||||||
|
|
||||||
serveIndexHandler := ServeTemplatedFile(providers.Templates.GetAssetIndexTemplate(), optsTemplatedFile)
|
serveIndexHandler := ServeTemplatedFile(providers.Templates.GetAssetIndexTemplate(), optsTemplatedFile)
|
||||||
serveOpenAPIHandler := ServeTemplatedOpenAPI(providers.Templates.GetAssetOpenAPIIndexTemplate(), optsTemplatedFile)
|
serveOpenAPIHandler := ServeTemplatedOpenAPI(providers.Templates.GetAssetOpenAPIIndexTemplate(), optsTemplatedFile)
|
||||||
|
@ -104,7 +104,7 @@ func handleRouter(config schema.Configuration, providers middlewares.Providers)
|
||||||
handlerPublicHTML := newPublicHTMLEmbeddedHandler()
|
handlerPublicHTML := newPublicHTMLEmbeddedHandler()
|
||||||
handlerLocales := newLocalesEmbeddedHandler()
|
handlerLocales := newLocalesEmbeddedHandler()
|
||||||
|
|
||||||
bridge := middlewares.NewBridgeBuilder(config, providers).
|
bridge := middlewares.NewBridgeBuilder(*config, providers).
|
||||||
WithPreMiddlewares(middlewares.SecurityHeaders).Build()
|
WithPreMiddlewares(middlewares.SecurityHeaders).Build()
|
||||||
|
|
||||||
policyCORSPublicGET := middlewares.NewCORSPolicyBuilder().
|
policyCORSPublicGET := middlewares.NewCORSPolicyBuilder().
|
||||||
|
@ -141,16 +141,16 @@ func handleRouter(config schema.Configuration, providers middlewares.Providers)
|
||||||
r.GET("/api/"+file, handlerPublicHTML)
|
r.GET("/api/"+file, handlerPublicHTML)
|
||||||
}
|
}
|
||||||
|
|
||||||
middlewareAPI := middlewares.NewBridgeBuilder(config, providers).
|
middlewareAPI := middlewares.NewBridgeBuilder(*config, providers).
|
||||||
WithPreMiddlewares(middlewares.SecurityHeaders, middlewares.SecurityHeadersNoStore, middlewares.SecurityHeadersCSPNone).
|
WithPreMiddlewares(middlewares.SecurityHeaders, middlewares.SecurityHeadersNoStore, middlewares.SecurityHeadersCSPNone).
|
||||||
Build()
|
Build()
|
||||||
|
|
||||||
middleware1FA := middlewares.NewBridgeBuilder(config, providers).
|
middleware1FA := middlewares.NewBridgeBuilder(*config, providers).
|
||||||
WithPreMiddlewares(middlewares.SecurityHeaders, middlewares.SecurityHeadersNoStore, middlewares.SecurityHeadersCSPNone).
|
WithPreMiddlewares(middlewares.SecurityHeaders, middlewares.SecurityHeadersNoStore, middlewares.SecurityHeadersCSPNone).
|
||||||
WithPostMiddlewares(middlewares.Require1FA).
|
WithPostMiddlewares(middlewares.Require1FA).
|
||||||
Build()
|
Build()
|
||||||
|
|
||||||
middleware2FA := middlewares.NewBridgeBuilder(config, providers).
|
middleware2FA := middlewares.NewBridgeBuilder(*config, providers).
|
||||||
WithPreMiddlewares(middlewares.SecurityHeaders, middlewares.SecurityHeadersNoStore, middlewares.SecurityHeadersCSPNone).
|
WithPreMiddlewares(middlewares.SecurityHeaders, middlewares.SecurityHeadersNoStore, middlewares.SecurityHeadersCSPNone).
|
||||||
WithPostMiddlewares(middlewares.Require2FAWithAPIResponse).
|
WithPostMiddlewares(middlewares.Require2FAWithAPIResponse).
|
||||||
Build()
|
Build()
|
||||||
|
@ -167,7 +167,7 @@ func handleRouter(config schema.Configuration, providers middlewares.Providers)
|
||||||
for name, endpoint := range config.Server.Endpoints.Authz {
|
for name, endpoint := range config.Server.Endpoints.Authz {
|
||||||
uri := path.Join(pathAuthz, name)
|
uri := path.Join(pathAuthz, name)
|
||||||
|
|
||||||
authz := handlers.NewAuthzBuilder().WithConfig(&config).WithEndpointConfig(endpoint).Build()
|
authz := handlers.NewAuthzBuilder().WithConfig(config).WithEndpointConfig(endpoint).Build()
|
||||||
|
|
||||||
handler := middlewares.Wrap(metricsVRMW, bridge(authz.Handler))
|
handler := middlewares.Wrap(metricsVRMW, bridge(authz.Handler))
|
||||||
|
|
||||||
|
@ -275,7 +275,7 @@ func handleRouter(config schema.Configuration, providers middlewares.Providers)
|
||||||
}
|
}
|
||||||
|
|
||||||
if providers.OpenIDConnect != nil {
|
if providers.OpenIDConnect != nil {
|
||||||
bridgeOIDC := middlewares.NewBridgeBuilder(config, providers).WithPreMiddlewares(
|
bridgeOIDC := middlewares.NewBridgeBuilder(*config, providers).WithPreMiddlewares(
|
||||||
middlewares.SecurityHeaders, middlewares.SecurityHeadersCSPNoneOpenIDConnect, middlewares.SecurityHeadersNoStore,
|
middlewares.SecurityHeaders, middlewares.SecurityHeadersCSPNoneOpenIDConnect, middlewares.SecurityHeadersNoStore,
|
||||||
).Build()
|
).Build()
|
||||||
|
|
||||||
|
|
|
@ -7,7 +7,6 @@ import (
|
||||||
"net"
|
"net"
|
||||||
"os"
|
"os"
|
||||||
"strconv"
|
"strconv"
|
||||||
"strings"
|
|
||||||
|
|
||||||
"github.com/sirupsen/logrus"
|
"github.com/sirupsen/logrus"
|
||||||
"github.com/valyala/fasthttp"
|
"github.com/valyala/fasthttp"
|
||||||
|
@ -18,9 +17,9 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
// CreateDefaultServer Create Authelia's internal webserver with the given configuration and providers.
|
// CreateDefaultServer Create Authelia's internal webserver with the given configuration and providers.
|
||||||
func CreateDefaultServer(config schema.Configuration, providers middlewares.Providers) (server *fasthttp.Server, listener net.Listener, err error) {
|
func CreateDefaultServer(config *schema.Configuration, providers middlewares.Providers) (server *fasthttp.Server, listener net.Listener, paths []string, isTLS bool, err error) {
|
||||||
if err = providers.Templates.LoadTemplatedAssets(assets); err != nil {
|
if err = providers.Templates.LoadTemplatedAssets(assets); err != nil {
|
||||||
return nil, nil, fmt.Errorf("failed to load templated assets: %w", err)
|
return nil, nil, nil, false, fmt.Errorf("failed to load templated assets: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
server = &fasthttp.Server{
|
server = &fasthttp.Server{
|
||||||
|
@ -38,15 +37,14 @@ func CreateDefaultServer(config schema.Configuration, providers middlewares.Prov
|
||||||
address := net.JoinHostPort(config.Server.Host, strconv.Itoa(config.Server.Port))
|
address := net.JoinHostPort(config.Server.Host, strconv.Itoa(config.Server.Port))
|
||||||
|
|
||||||
var (
|
var (
|
||||||
connectionType string
|
|
||||||
connectionScheme string
|
connectionScheme string
|
||||||
)
|
)
|
||||||
|
|
||||||
if config.Server.TLS.Certificate != "" && config.Server.TLS.Key != "" {
|
if config.Server.TLS.Certificate != "" && config.Server.TLS.Key != "" {
|
||||||
connectionType, connectionScheme = connTLS, schemeHTTPS
|
isTLS, connectionScheme = true, schemeHTTPS
|
||||||
|
|
||||||
if err = server.AppendCert(config.Server.TLS.Certificate, config.Server.TLS.Key); err != nil {
|
if err = server.AppendCert(config.Server.TLS.Certificate, config.Server.TLS.Key); err != nil {
|
||||||
return nil, nil, fmt.Errorf("unable to load tls server certificate '%s' or private key '%s': %w", config.Server.TLS.Certificate, config.Server.TLS.Key, err)
|
return nil, nil, nil, false, fmt.Errorf("unable to load tls server certificate '%s' or private key '%s': %w", config.Server.TLS.Certificate, config.Server.TLS.Key, err)
|
||||||
}
|
}
|
||||||
|
|
||||||
if len(config.Server.TLS.ClientCertificates) > 0 {
|
if len(config.Server.TLS.ClientCertificates) > 0 {
|
||||||
|
@ -56,7 +54,7 @@ func CreateDefaultServer(config schema.Configuration, providers middlewares.Prov
|
||||||
|
|
||||||
for _, path := range config.Server.TLS.ClientCertificates {
|
for _, path := range config.Server.TLS.ClientCertificates {
|
||||||
if cert, err = os.ReadFile(path); err != nil {
|
if cert, err = os.ReadFile(path); err != nil {
|
||||||
return nil, nil, fmt.Errorf("unable to load tls client certificate '%s': %w", path, err)
|
return nil, nil, nil, false, fmt.Errorf("unable to load tls client certificate '%s': %w", path, err)
|
||||||
}
|
}
|
||||||
|
|
||||||
caCertPool.AppendCertsFromPEM(cert)
|
caCertPool.AppendCertsFromPEM(cert)
|
||||||
|
@ -69,51 +67,51 @@ func CreateDefaultServer(config schema.Configuration, providers middlewares.Prov
|
||||||
}
|
}
|
||||||
|
|
||||||
if listener, err = tls.Listen("tcp", address, server.TLSConfig.Clone()); err != nil {
|
if listener, err = tls.Listen("tcp", address, server.TLSConfig.Clone()); err != nil {
|
||||||
return nil, nil, fmt.Errorf("unable to initialize tcp listener: %w", err)
|
return nil, nil, nil, false, fmt.Errorf("unable to initialize tcp listener: %w", err)
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
connectionType, connectionScheme = connNonTLS, schemeHTTP
|
connectionScheme = schemeHTTP
|
||||||
|
|
||||||
if listener, err = net.Listen("tcp", address); err != nil {
|
if listener, err = net.Listen("tcp", address); err != nil {
|
||||||
return nil, nil, fmt.Errorf("unable to initialize tcp listener: %w", err)
|
return nil, nil, nil, false, fmt.Errorf("unable to initialize tcp listener: %w", err)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if err = writeHealthCheckEnv(config.Server.DisableHealthcheck, connectionScheme, config.Server.Host,
|
if err = writeHealthCheckEnv(config.Server.DisableHealthcheck, connectionScheme, config.Server.Host,
|
||||||
config.Server.Path, config.Server.Port); err != nil {
|
config.Server.Path, config.Server.Port); err != nil {
|
||||||
return nil, nil, fmt.Errorf("unable to configure healthcheck: %w", err)
|
return nil, nil, nil, false, fmt.Errorf("unable to configure healthcheck: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
paths := []string{"/"}
|
paths = []string{"/"}
|
||||||
|
|
||||||
if config.Server.Path != "" {
|
if config.Server.Path != "" {
|
||||||
paths = append(paths, config.Server.Path)
|
paths = append(paths, config.Server.Path)
|
||||||
}
|
}
|
||||||
|
|
||||||
logging.Logger().Infof(fmtLogServerInit, "server", connectionType, listener.Addr().String(), strings.Join(paths, "' and '"))
|
return server, listener, paths, isTLS, nil
|
||||||
|
|
||||||
return server, listener, nil
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// CreateMetricsServer creates a metrics server.
|
// CreateMetricsServer creates a metrics server.
|
||||||
func CreateMetricsServer(config schema.TelemetryMetricsConfig) (server *fasthttp.Server, listener net.Listener, err error) {
|
func CreateMetricsServer(config *schema.Configuration, providers middlewares.Providers) (server *fasthttp.Server, listener net.Listener, paths []string, tls bool, err error) {
|
||||||
if listener, err = config.Address.Listener(); err != nil {
|
if providers.Metrics == nil {
|
||||||
return nil, nil, err
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
server = &fasthttp.Server{
|
server = &fasthttp.Server{
|
||||||
ErrorHandler: handleError(),
|
ErrorHandler: handleError(),
|
||||||
NoDefaultServerHeader: true,
|
NoDefaultServerHeader: true,
|
||||||
Handler: handleMetrics(),
|
Handler: handleMetrics(),
|
||||||
ReadBufferSize: config.Buffers.Read,
|
ReadBufferSize: config.Telemetry.Metrics.Buffers.Read,
|
||||||
WriteBufferSize: config.Buffers.Write,
|
WriteBufferSize: config.Telemetry.Metrics.Buffers.Write,
|
||||||
ReadTimeout: config.Timeouts.Read,
|
ReadTimeout: config.Telemetry.Metrics.Timeouts.Read,
|
||||||
WriteTimeout: config.Timeouts.Write,
|
WriteTimeout: config.Telemetry.Metrics.Timeouts.Write,
|
||||||
IdleTimeout: config.Timeouts.Idle,
|
IdleTimeout: config.Telemetry.Metrics.Timeouts.Idle,
|
||||||
Logger: logging.LoggerPrintf(logrus.DebugLevel),
|
Logger: logging.LoggerPrintf(logrus.DebugLevel),
|
||||||
}
|
}
|
||||||
|
|
||||||
logging.Logger().Infof(fmtLogServerInit, "server (metrics)", connNonTLS, listener.Addr().String(), "/metrics")
|
if listener, err = config.Telemetry.Metrics.Address.Listener(); err != nil {
|
||||||
|
return nil, nil, nil, false, err
|
||||||
return server, listener, nil
|
}
|
||||||
|
|
||||||
|
return server, listener, []string{"/metrics"}, false, nil
|
||||||
}
|
}
|
||||||
|
|
|
@ -152,7 +152,7 @@ func NewTLSServerContext(configuration schema.Configuration) (serverContext *TLS
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
s, listener, err := CreateDefaultServer(configuration, providers)
|
s, listener, _, _, err := CreateDefaultServer(&configuration, providers)
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
|
|
|
@ -10,8 +10,8 @@ default_redirection_url: https://home.example.com:8080/
|
||||||
server:
|
server:
|
||||||
port: 9091
|
port: 9091
|
||||||
tls:
|
tls:
|
||||||
certificate: /config/ssl/public.backend.crt
|
certificate: /pki/public.backend.crt
|
||||||
key: /config/ssl/private.backend.pem
|
key: /pki/private.backend.pem
|
||||||
|
|
||||||
log:
|
log:
|
||||||
level: debug
|
level: debug
|
||||||
|
|
|
@ -4,5 +4,5 @@ services:
|
||||||
authelia-backend:
|
authelia-backend:
|
||||||
volumes:
|
volumes:
|
||||||
- './ActiveDirectory/configuration.yml:/config/configuration.yml:ro'
|
- './ActiveDirectory/configuration.yml:/config/configuration.yml:ro'
|
||||||
- './common/pki:/config/ssl:ro'
|
- './common/pki:/pki:ro'
|
||||||
...
|
...
|
||||||
|
|
|
@ -6,8 +6,8 @@
|
||||||
server:
|
server:
|
||||||
port: 9091
|
port: 9091
|
||||||
tls:
|
tls:
|
||||||
certificate: /config/ssl/public.backend.crt
|
certificate: /pki/public.backend.crt
|
||||||
key: /config/ssl/private.backend.pem
|
key: /pki/private.backend.pem
|
||||||
|
|
||||||
log:
|
log:
|
||||||
level: debug
|
level: debug
|
||||||
|
|
|
@ -5,5 +5,5 @@ services:
|
||||||
volumes:
|
volumes:
|
||||||
- './BypassAll/configuration.yml:/config/configuration.yml:ro'
|
- './BypassAll/configuration.yml:/config/configuration.yml:ro'
|
||||||
- './BypassAll/users.yml:/config/users.yml'
|
- './BypassAll/users.yml:/config/users.yml'
|
||||||
- './common/pki:/config/ssl:ro'
|
- './common/pki:/pki:ro'
|
||||||
...
|
...
|
||||||
|
|
|
@ -6,8 +6,8 @@
|
||||||
server:
|
server:
|
||||||
port: 9091
|
port: 9091
|
||||||
tls:
|
tls:
|
||||||
certificate: /config/ssl/public.backend.crt
|
certificate: /pki/public.backend.crt
|
||||||
key: /config/ssl/private.backend.pem
|
key: /pki/private.backend.pem
|
||||||
|
|
||||||
log:
|
log:
|
||||||
level: debug
|
level: debug
|
||||||
|
|
|
@ -6,7 +6,7 @@ services:
|
||||||
- './CLI/configuration.yml:/config/configuration.yml:ro'
|
- './CLI/configuration.yml:/config/configuration.yml:ro'
|
||||||
- './CLI/storage.yml:/config/configuration.storage.yml:ro'
|
- './CLI/storage.yml:/config/configuration.storage.yml:ro'
|
||||||
- './CLI/users.yml:/config/users.yml'
|
- './CLI/users.yml:/config/users.yml'
|
||||||
- './common/pki:/config/ssl:ro'
|
- './common/pki:/pki:ro'
|
||||||
- '/tmp:/tmp'
|
- '/tmp:/tmp'
|
||||||
user: ${USER_ID}:${GROUP_ID}
|
user: ${USER_ID}:${GROUP_ID}
|
||||||
...
|
...
|
||||||
|
|
|
@ -9,8 +9,8 @@ server:
|
||||||
port: 9091
|
port: 9091
|
||||||
asset_path: /config/assets/
|
asset_path: /config/assets/
|
||||||
tls:
|
tls:
|
||||||
certificate: /config/ssl/public.backend.crt
|
certificate: /pki/public.backend.crt
|
||||||
key: /config/ssl/private.backend.pem
|
key: /pki/private.backend.pem
|
||||||
endpoints:
|
endpoints:
|
||||||
authz:
|
authz:
|
||||||
caddy:
|
caddy:
|
||||||
|
|
|
@ -5,5 +5,5 @@ services:
|
||||||
volumes:
|
volumes:
|
||||||
- './Caddy/configuration.yml:/config/configuration.yml:ro'
|
- './Caddy/configuration.yml:/config/configuration.yml:ro'
|
||||||
- './Caddy/users.yml:/config/users.yml'
|
- './Caddy/users.yml:/config/users.yml'
|
||||||
- './common/pki:/config/ssl:ro'
|
- './common/pki:/pki:ro'
|
||||||
...
|
...
|
||||||
|
|
|
@ -9,8 +9,8 @@ default_redirection_url: https://home.example.com:8080/
|
||||||
server:
|
server:
|
||||||
port: 9091
|
port: 9091
|
||||||
tls:
|
tls:
|
||||||
certificate: /config/ssl/public.backend.crt
|
certificate: /pki/public.backend.crt
|
||||||
key: /config/ssl/private.backend.pem
|
key: /pki/private.backend.pem
|
||||||
|
|
||||||
log:
|
log:
|
||||||
level: debug
|
level: debug
|
||||||
|
|
|
@ -5,5 +5,5 @@ services:
|
||||||
volumes:
|
volumes:
|
||||||
- './Docker/configuration.yml:/config/configuration.yml:ro'
|
- './Docker/configuration.yml:/config/configuration.yml:ro'
|
||||||
- './Docker/users.yml:/config/users.yml'
|
- './Docker/users.yml:/config/users.yml'
|
||||||
- './common/pki:/config/ssl:ro'
|
- './common/pki:/pki:ro'
|
||||||
...
|
...
|
||||||
|
|
|
@ -9,8 +9,8 @@ default_redirection_url: https://home.example.com:8080/
|
||||||
server:
|
server:
|
||||||
port: 9091
|
port: 9091
|
||||||
tls:
|
tls:
|
||||||
certificate: /config/ssl/public.backend.crt
|
certificate: /pki/public.backend.crt
|
||||||
key: /config/ssl/private.backend.pem
|
key: /pki/private.backend.pem
|
||||||
|
|
||||||
log:
|
log:
|
||||||
level: trace
|
level: trace
|
||||||
|
|
|
@ -5,7 +5,7 @@ services:
|
||||||
volumes:
|
volumes:
|
||||||
- './DuoPush/configuration.yml:/config/configuration.yml:ro'
|
- './DuoPush/configuration.yml:/config/configuration.yml:ro'
|
||||||
- './DuoPush/users.yml:/config/users.yml'
|
- './DuoPush/users.yml:/config/users.yml'
|
||||||
- './common/pki:/config/ssl:ro'
|
- './common/pki:/pki:ro'
|
||||||
- '/tmp:/tmp'
|
- '/tmp:/tmp'
|
||||||
user: ${USER_ID}:${GROUP_ID}
|
user: ${USER_ID}:${GROUP_ID}
|
||||||
...
|
...
|
||||||
|
|
|
@ -9,8 +9,8 @@ server:
|
||||||
port: 9091
|
port: 9091
|
||||||
asset_path: /config/assets/
|
asset_path: /config/assets/
|
||||||
tls:
|
tls:
|
||||||
certificate: /config/ssl/public.backend.crt
|
certificate: /pki/public.backend.crt
|
||||||
key: /config/ssl/private.backend.pem
|
key: /pki/private.backend.pem
|
||||||
endpoints:
|
endpoints:
|
||||||
authz:
|
authz:
|
||||||
ext-authz:
|
ext-authz:
|
||||||
|
|
|
@ -5,5 +5,5 @@ services:
|
||||||
volumes:
|
volumes:
|
||||||
- './Envoy/configuration.yml:/config/configuration.yml:ro'
|
- './Envoy/configuration.yml:/config/configuration.yml:ro'
|
||||||
- './Envoy/users.yml:/config/users.yml'
|
- './Envoy/users.yml:/config/users.yml'
|
||||||
- './common/pki:/config/ssl:ro'
|
- './common/pki:/pki:ro'
|
||||||
...
|
...
|
||||||
|
|
|
@ -8,8 +8,8 @@ jwt_secret: unsecure_secret
|
||||||
server:
|
server:
|
||||||
port: 9091
|
port: 9091
|
||||||
tls:
|
tls:
|
||||||
certificate: /config/ssl/public.backend.crt
|
certificate: /pki/public.backend.crt
|
||||||
key: /config/ssl/private.backend.pem
|
key: /pki/private.backend.pem
|
||||||
|
|
||||||
log:
|
log:
|
||||||
level: debug
|
level: debug
|
||||||
|
|
|
@ -5,5 +5,5 @@ services:
|
||||||
volumes:
|
volumes:
|
||||||
- './HAProxy/configuration.yml:/config/configuration.yml:ro'
|
- './HAProxy/configuration.yml:/config/configuration.yml:ro'
|
||||||
- './HAProxy/users.yml:/config/users.yml'
|
- './HAProxy/users.yml:/config/users.yml'
|
||||||
- './common/pki:/config/ssl:ro'
|
- './common/pki:/pki:ro'
|
||||||
...
|
...
|
||||||
|
|
|
@ -8,8 +8,8 @@ jwt_secret: unsecure_secret
|
||||||
server:
|
server:
|
||||||
port: 9091
|
port: 9091
|
||||||
tls:
|
tls:
|
||||||
certificate: /config/ssl/public.backend.crt
|
certificate: /pki/public.backend.crt
|
||||||
key: /config/ssl/private.backend.pem
|
key: /pki/private.backend.pem
|
||||||
|
|
||||||
log:
|
log:
|
||||||
level: debug
|
level: debug
|
||||||
|
|
|
@ -4,5 +4,5 @@ services:
|
||||||
authelia-backend:
|
authelia-backend:
|
||||||
volumes:
|
volumes:
|
||||||
- './HighAvailability/configuration.yml:/config/configuration.yml:ro'
|
- './HighAvailability/configuration.yml:/config/configuration.yml:ro'
|
||||||
- './common/pki:/config/ssl:ro'
|
- './common/pki:/pki:ro'
|
||||||
...
|
...
|
||||||
|
|
|
@ -10,8 +10,8 @@ default_redirection_url: https://home.example.com:8080/
|
||||||
server:
|
server:
|
||||||
port: 9091
|
port: 9091
|
||||||
tls:
|
tls:
|
||||||
certificate: /config/ssl/public.backend.crt
|
certificate: /pki/public.backend.crt
|
||||||
key: /config/ssl/private.backend.pem
|
key: /pki/private.backend.pem
|
||||||
|
|
||||||
log:
|
log:
|
||||||
level: debug
|
level: debug
|
||||||
|
|
|
@ -4,5 +4,5 @@ services:
|
||||||
authelia-backend:
|
authelia-backend:
|
||||||
volumes:
|
volumes:
|
||||||
- './LDAP/configuration.yml:/config/configuration.yml:ro'
|
- './LDAP/configuration.yml:/config/configuration.yml:ro'
|
||||||
- './common/pki:/config/ssl:ro'
|
- './common/pki:/pki:ro'
|
||||||
...
|
...
|
||||||
|
|
|
@ -9,8 +9,8 @@ default_redirection_url: https://home.example.com:8080/
|
||||||
server:
|
server:
|
||||||
port: 9091
|
port: 9091
|
||||||
tls:
|
tls:
|
||||||
certificate: /config/ssl/public.backend.crt
|
certificate: /pki/public.backend.crt
|
||||||
key: /config/ssl/private.backend.pem
|
key: /pki/private.backend.pem
|
||||||
|
|
||||||
log:
|
log:
|
||||||
level: debug
|
level: debug
|
||||||
|
|
|
@ -5,5 +5,5 @@ services:
|
||||||
volumes:
|
volumes:
|
||||||
- './MariaDB/configuration.yml:/config/configuration.yml:ro'
|
- './MariaDB/configuration.yml:/config/configuration.yml:ro'
|
||||||
- './MariaDB/users.yml:/config/users.yml'
|
- './MariaDB/users.yml:/config/users.yml'
|
||||||
- './common/pki:/config/ssl:ro'
|
- './common/pki:/pki:ro'
|
||||||
...
|
...
|
||||||
|
|
|
@ -9,8 +9,8 @@ theme: auto
|
||||||
server:
|
server:
|
||||||
port: 9091
|
port: 9091
|
||||||
tls:
|
tls:
|
||||||
certificate: /config/ssl/public.backend.crt
|
certificate: /pki/public.backend.crt
|
||||||
key: /config/ssl/private.backend.pem
|
key: /pki/private.backend.pem
|
||||||
|
|
||||||
telemetry:
|
telemetry:
|
||||||
metrics:
|
metrics:
|
||||||
|
|
|
@ -5,5 +5,5 @@ services:
|
||||||
volumes:
|
volumes:
|
||||||
- './MultiCookieDomain/configuration.yml:/config/configuration.yml:ro'
|
- './MultiCookieDomain/configuration.yml:/config/configuration.yml:ro'
|
||||||
- './MultiCookieDomain/users.yml:/config/users.yml'
|
- './MultiCookieDomain/users.yml:/config/users.yml'
|
||||||
- './common/pki:/config/ssl:ro'
|
- './common/pki:/pki:ro'
|
||||||
...
|
...
|
||||||
|
|
|
@ -6,8 +6,8 @@
|
||||||
server:
|
server:
|
||||||
port: 9091
|
port: 9091
|
||||||
tls:
|
tls:
|
||||||
certificate: /config/ssl/public.backend.crt
|
certificate: /pki/public.backend.crt
|
||||||
key: /config/ssl/private.backend.pem
|
key: /pki/private.backend.pem
|
||||||
|
|
||||||
log:
|
log:
|
||||||
level: debug
|
level: debug
|
||||||
|
|
|
@ -5,5 +5,5 @@ services:
|
||||||
volumes:
|
volumes:
|
||||||
- './MySQL/configuration.yml:/config/configuration.yml:ro'
|
- './MySQL/configuration.yml:/config/configuration.yml:ro'
|
||||||
- './MySQL/users.yml:/config/users.yml'
|
- './MySQL/users.yml:/config/users.yml'
|
||||||
- './common/pki:/config/ssl:ro'
|
- './common/pki:/pki:ro'
|
||||||
...
|
...
|
||||||
|
|
|
@ -6,8 +6,8 @@
|
||||||
server:
|
server:
|
||||||
port: 9091
|
port: 9091
|
||||||
tls:
|
tls:
|
||||||
certificate: /config/ssl/public.backend.crt
|
certificate: /pki/public.backend.crt
|
||||||
key: /config/ssl/private.backend.pem
|
key: /pki/private.backend.pem
|
||||||
|
|
||||||
log:
|
log:
|
||||||
level: debug
|
level: debug
|
||||||
|
|
|
@ -5,5 +5,5 @@ services:
|
||||||
volumes:
|
volumes:
|
||||||
- './NetworkACL/configuration.yml:/config/configuration.yml:ro'
|
- './NetworkACL/configuration.yml:/config/configuration.yml:ro'
|
||||||
- './NetworkACL/users.yml:/config/users.yml'
|
- './NetworkACL/users.yml:/config/users.yml'
|
||||||
- './common/pki:/config/ssl:ro'
|
- './common/pki:/pki:ro'
|
||||||
...
|
...
|
||||||
|
|
|
@ -2,8 +2,8 @@
|
||||||
server:
|
server:
|
||||||
port: 9091
|
port: 9091
|
||||||
tls:
|
tls:
|
||||||
certificate: /config/ssl/public.backend.crt
|
certificate: /pki/public.backend.crt
|
||||||
key: /config/ssl/private.backend.pem
|
key: /pki/private.backend.pem
|
||||||
|
|
||||||
log:
|
log:
|
||||||
level: debug
|
level: debug
|
||||||
|
@ -64,72 +64,6 @@ identity_providers:
|
||||||
oidc:
|
oidc:
|
||||||
enable_client_debug_messages: true
|
enable_client_debug_messages: true
|
||||||
hmac_secret: IVPWBkAdJHje3uz7LtFTDU2pFUfh39Xm
|
hmac_secret: IVPWBkAdJHje3uz7LtFTDU2pFUfh39Xm
|
||||||
issuer_certificate_chain: |
|
|
||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
MIIC6DCCAdCgAwIBAgIRAIxvm0gFgsbh3D22rSZLuFQwDQYJKoZIhvcNAQELBQAw
|
|
||||||
EzERMA8GA1UEChMIQXV0aGVsaWEwIBcNMjIxMDAyMDAzMDQyWhgPMjEyMjA5MDgw
|
|
||||||
MDMwNDJaMBMxETAPBgNVBAoTCEF1dGhlbGlhMIIBIjANBgkqhkiG9w0BAQEFAAOC
|
|
||||||
AQ8AMIIBCgKCAQEAy71EOkV3jOpVQtVTH5HYcI4PryUCiAEyxAIuO+66gaAa4aCd
|
|
||||||
UCRr8iO/pt5nOwPxjPo+hMHhkcKpX7evj+wgYXAccpIQFSCYWTJkaXFL0jL7yFuE
|
|
||||||
5xpjgRM/x6FfK0IbN5WmVWO9EjesbyMCyDoYpjwzIrxnB70F9Y0nrXst1SnW/Sy0
|
|
||||||
01BQZNzD1tky1KDvEkw7L5mMPZFZMr5wV+ELvbo1LLvvrGYhhzbXWk7pPbxT0gAa
|
|
||||||
7yVvQbDKuCDqssAUyQa2JdlDaQocpldtK6l+dc3IsSWKd2UMouta75ngr9E1igy3
|
|
||||||
t7owMRqH8NjwKHt6KQeDVSdBnWNjG572vaRimQIDAQABozUwMzAOBgNVHQ8BAf8E
|
|
||||||
BAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADANBgkqhkiG
|
|
||||||
9w0BAQsFAAOCAQEAaZJ09yGa+DGr/iTqshGdPKNCtcf/CXCkL52xiI7DzLxDt30P
|
|
||||||
8vCuXXrrTGBY7eWYupcNy/MyqaUrz1ED+map3nQzZQBJ9vWIfr01B9phkg/WSaNJ
|
|
||||||
1DlYtbPYzr86BlGP1V5d3Wv6JqF3tkWHI0kI38CT68fWdDKrfa5j3JdZGIVJW+51
|
|
||||||
U0IE3Nqhfc76YzwQ3sNX5FT2Fr55RowH+l5OBPk0Bcztq58XmyPR/bvPfDASt8iS
|
|
||||||
DBT+0iiDiwk6LvOkasL8p7nuh5Grc9LMEYXY/QMUbkIWhIVRFlqyJA9s8vGHx1D4
|
|
||||||
96iYKudj+yvO17Szzr/NNmcwETbCs4j6P6QeiA==
|
|
||||||
-----END CERTIFICATE-----
|
|
||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
MIIDBTCCAe2gAwIBAgIQAK/NIAl3Bdg4Xk0y/ZGL7jANBgkqhkiG9w0BAQsFADAT
|
|
||||||
MREwDwYDVQQKEwhBdXRoZWxpYTAgFw0yMjEwMDIwMDMwMjFaGA8yMTIyMDkwODAw
|
|
||||||
MzAyMVowEzERMA8GA1UEChMIQXV0aGVsaWEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
|
|
||||||
DwAwggEKAoIBAQCg7jdO1HmydfkPzTtz57pvAS3YOdBT0hlNjJ4N2lrKhNnixrzK
|
|
||||||
+4R1dWQDP2SHbZQ0TskF8eQ8HhTr7AsApotTthJFkUgV2g+bv7wVroz0Hok5xtd4
|
|
||||||
bnpOvG3YUCP13Nk3ZVxdQXqR3/G3MrbyiXVPcgU+0giJ8EBykbtMu8L79/1iyk+m
|
|
||||||
w4fZfzTOeorRgspO3z3+pTAib2MCTA7bby1dX9qI/ysFPLdbJYfNQDxij8SzNLyJ
|
|
||||||
EkQ4kh3jKXf1VcZjbQTtYTZ3JJDqM08OxGMKuXUxPHd72Xlb+Fzql8LjYdEy/YKA
|
|
||||||
3r8FMf14lzcjvxtLnFXh//hiXh4+xgXMkrLZAgMBAAGjUzBRMA4GA1UdDwEB/wQE
|
|
||||||
AwICpDAPBgNVHSUECDAGBgRVHSUAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE
|
|
||||||
FGKpXiZA+8VQyMBqTTep+dVTthSbMA0GCSqGSIb3DQEBCwUAA4IBAQAE4DJg+Rb4
|
|
||||||
iiocvxxQ85lhh94ql++E8MKuzIdN7ORs+ybUnsDD1WFDebubroTQuTSBkFrNuGNJ
|
|
||||||
8B7NZsHiWWLvNsrnxxeC5CicqfhSDti0rKWsbGyeoq7Kqok5E4pwOzeRsxL2e/Hm
|
|
||||||
G6LsUQuQMUG2vxKNynqmJS4VpgSVkiGhUfURFuRRDuRpVQ/XTl7jDIGf/ls7TAZq
|
|
||||||
1AnmnSi4Cqy4hrTnwYUYkFCcH69onUKAoaVNl1eAH7ogxakz32WyWObY98NBrjzA
|
|
||||||
I6VQlaQNSHtdFqDpu7NWJZZZSgN4BknbMYQEPNYCm701cPB4ahJbpg5C3pVPFSql
|
|
||||||
Bc9iI6nN3PCr
|
|
||||||
-----END CERTIFICATE-----
|
|
||||||
issuer_private_key: |
|
|
||||||
-----BEGIN RSA PRIVATE KEY-----
|
|
||||||
MIIEowIBAAKCAQEAy71EOkV3jOpVQtVTH5HYcI4PryUCiAEyxAIuO+66gaAa4aCd
|
|
||||||
UCRr8iO/pt5nOwPxjPo+hMHhkcKpX7evj+wgYXAccpIQFSCYWTJkaXFL0jL7yFuE
|
|
||||||
5xpjgRM/x6FfK0IbN5WmVWO9EjesbyMCyDoYpjwzIrxnB70F9Y0nrXst1SnW/Sy0
|
|
||||||
01BQZNzD1tky1KDvEkw7L5mMPZFZMr5wV+ELvbo1LLvvrGYhhzbXWk7pPbxT0gAa
|
|
||||||
7yVvQbDKuCDqssAUyQa2JdlDaQocpldtK6l+dc3IsSWKd2UMouta75ngr9E1igy3
|
|
||||||
t7owMRqH8NjwKHt6KQeDVSdBnWNjG572vaRimQIDAQABAoIBAA/EhhM8bRQqzo5t
|
|
||||||
lBFNaELNu8kCRD/iV9tzj8BzqVt+2JW9qG8bYn9K5Po1HCglFfyjIVOE7cAqIJGX
|
|
||||||
1a59x8PCuXDkfPolm6TLkZnXeta5u2K2MoLwN+M1aio5AvSGGTUkD8tr/KX8SQwQ
|
|
||||||
2ZZFaML0xcBadF7U8jEey4NRlSp5/voiIAB+FrJHepZBz2XJYCX5s2vYLPMn+51R
|
|
||||||
1HyO0n2aQ9H1Na8aBjTfAp9GDKJWBV3bSM7cVaLGlMFj/HNXUNVnSsVsJj0tdWKz
|
|
||||||
K6r9zPskLnS+eNjCgqrOtZSqJ7M3PL0/PoTFPrr1Fevr+soKWCaPF94Ib94O9SEq
|
|
||||||
scvP3kECgYEA0HBdGab0HjcZgFtsIaMm+eBcDhUmUrvMPUw6FmspKnc8wplscONW
|
|
||||||
wrDGhR0dpT8+aAMD5jFC2pvyHjI5AWkW+53LB15j6SVzUlUMfS3VTwE2prLtDHDs
|
|
||||||
nCDW2+fXY2kjv45efZGpMGbLJVePx2RCPzUlAlc14lzxnHgpo7eho1cCgYEA+jpi
|
|
||||||
Eo/Jqa5CNd4hrXqFxZTFtU2Mn38ZKI3QK/l47/347yHLebjsYIIwJRoHenxWxNlz
|
|
||||||
Y+BZ38vkP+f9BGAVGiRcyMmIJU0X305wKwl26Y2Q/tEm2OpwmDboD2pL9byi9vfY
|
|
||||||
bz7pQGK/l9j86KofRwVJJRLsofPI1SsjnC8c448CgYAkpg0IjJ1RjriSJADwLSKW
|
|
||||||
PseQxlE1rMVtZbC07mSPjeWGBbnWY3KGytQs5YCn5GXRne4alEC/9Tlt68CwKc0b
|
|
||||||
spPXGNaSUL5lFIUcoWlm+bylNMKPNG+1x+RfR/VMCll5vcuJYooP85L2Xt3t3gfz
|
|
||||||
2yFFtxXHVjY5H7uaiJgIAwKBgQDvkGXEj5TqtsL8/6YOiHb6Kuz+Hzi6mtxjTyI2
|
|
||||||
d6mpWuWxTBGaf8kOvJWLb9gpFFGeNPGcdXaWJIZqCJjcT4Dkflu2f/uwepaYXGhX
|
|
||||||
S8Bk6fwfee5PTmRt1mNmHsaKhgcfmznDh9+YnPIBVuULe5RmUlEtBWk3xEZKj/qP
|
|
||||||
1Ss7UQKBgAwZQz+h5Z/XOJH3Qs5nJBKAZUiYkj3ux7G6tjx0cz7XcUYd/6enBpkY
|
|
||||||
JeqVHB6G+bMRLwb+Hc5Vgpbd5GdaUWo8udaghHgSGPUVcn0lK38XhYek6ACGz7Lo
|
|
||||||
xEfgtKoBlUq+uPb8H05HY0t9KybA3LA5wkRYYnJ17/nkZtrrJAmX
|
|
||||||
-----END RSA PRIVATE KEY-----
|
|
||||||
clients:
|
clients:
|
||||||
- id: oidc-tester-app
|
- id: oidc-tester-app
|
||||||
secret: foobar
|
secret: foobar
|
||||||
|
|
|
@ -2,9 +2,11 @@
|
||||||
version: '3'
|
version: '3'
|
||||||
services:
|
services:
|
||||||
authelia-backend:
|
authelia-backend:
|
||||||
|
environment:
|
||||||
|
AUTHELIA_IDENTITY_PROVIDERS_OIDC_ISSUER_CERTIFICATE_CHAIN_FILE: /pki/public.oidc.bundle.crt
|
||||||
|
AUTHELIA_IDENTITY_PROVIDERS_OIDC_ISSUER_PRIVATE_KEY_FILE: /pki/private.oidc.pem
|
||||||
volumes:
|
volumes:
|
||||||
- './OIDC/configuration.yml:/config/configuration.yml:ro'
|
- './OIDC/configuration.yml:/config/configuration.yml:ro'
|
||||||
- './OIDC/users.yml:/config/users.yml'
|
- './OIDC/users.yml:/config/users.yml'
|
||||||
- './OIDC/keypair/key.pem:/config/issuer.pem:ro'
|
- './common/pki:/pki:ro'
|
||||||
- './common/pki:/config/ssl:ro'
|
|
||||||
...
|
...
|
||||||
|
|
|
@ -1,27 +0,0 @@
|
||||||
-----BEGIN RSA PRIVATE KEY-----
|
|
||||||
MIIEogIBAAKCAQEAvOFmoEJFt1JkfdlwM3vJFg5rrY9d6LyyqezjZkBZDQ4qdEEU
|
|
||||||
dCrbW8ISFTtg9sfbrS3qingUzVP9VOfYPMC3r0ugjJXjhvJdBSaoLlzL3saeyrXk
|
|
||||||
frOOvkcWKzeOynqUNPhKy9dchmuLALFfd/Jy7Wzq0y7XxGeNidEmFjMAf9dwf6/+
|
|
||||||
PjQjbG7zBFu/XSajITPHlDXPVDd0j2qw2wu5Z9iqn4LRXnAFnC438hZZKZU/+JxU
|
|
||||||
2ezr6Sefiy8XTC2kDiq3cgLeEjSywlJOs+4TLjVS/3h75sh2Wk0xVaSwjPEjCOgm
|
|
||||||
a+2E3GJrGdQBiAjMSu101VBVwHUHaLDCn1T4NwIDAQABAoIBADWkupXnXI99Ogc4
|
|
||||||
GxK0JF88Rz6qyhwQg5mZKthejCwWCt6roRiBF33O933KOHa+OljMAqHDCv1pzjgw
|
|
||||||
BIz0mvaRPw7OfylTajHNUdShDFHADVc7I6MMcgz+eYBarhY5jCAjKHMOPjv7DSZs
|
|
||||||
OdYCKLvfxC2oTyV714n9uZhyccDcvQpkgZuBDL0oxPom1GOI8TGhPjxvFOovEHWA
|
|
||||||
Q8q9XY4cUVNDikZmvpgeUkJHWYHYb+11vKeSupnYD03yJ3sDy+F6+m+3/XmzFbXb
|
|
||||||
1p43ermHQsMfDlxPyulUUI0viSo2UhlMC/moAb9FusOv+dTl2lt0gGqzDJ9gg1z1
|
|
||||||
XpHRnwkCgYEA5x48dyxd4lydtVYef9sBmbLJEYozsYyOwLcnrLSNaZxeCza1exyR
|
|
||||||
QIRogswoLDacxrYvO8FY6LtAEMkisv732M29zthBPm5wyoSZiM1X2YfQXKsmyh2h
|
|
||||||
x1/yCWv/BQjj68A8IAxToaXxSG4WAr/X00RGUkXgkgw122FxcmGuFyUCgYEA0TcR
|
|
||||||
dnt/oRMK4aCZHcBgTknzDfxKlJh4S0C9WjxKgr8IlW4LTeVSBuuqOObOQYImEhtw
|
|
||||||
TRTKZIViL0roDF79cioQSp1Tk5h6uy8wr6VyhWRnWfTz2/azoTHnmQ780rtAuEI/
|
|
||||||
NvE6FiqwikJLjma1YJoRfr/bfmgMdxcYbJI1MSsCgYAEZ5Yda1IKu1siFpcUNrdM
|
|
||||||
F5UvaWPc0WHzGEqARxye06UTL6K7yuqVwTBAteVaGlxYiSZTTDcGkHMDHuIzaRqO
|
|
||||||
HjWs2IA90VsC8Q4ABnHTKnx1F6nwlin8I774IP/GN8ooNwyuS63YWdJEYBy5RrC1
|
|
||||||
TQrODJjgD62DFdNUq7nmpQKBgFMJEzI+Q+KPJ0NztTG8t7x61y/W0Vb2yM+9Syn0
|
|
||||||
QfJwlZyRR4VMHelHQZFB8dzIJgoLv9+n/8gztEtm5IB8dwUHst2aYaBz5UpDqYQd
|
|
||||||
Gz3cIrTuZpcH7DVvFCeIbknJLh+zk1lgFpjTqqvFMi27kANeQtFWnmwmKcRec0As
|
|
||||||
K1ZvAoGAV/3YB44/zIoB590+yhpx2HTmDPVHH+J+5O71Pi1D9W13ClBFLrE69wo+
|
|
||||||
IQLIstBI5tGOGeuQNjXhDKJ1U30xppZXcnebrkA+oOo+6dy20zghFR2maAGXfWFU
|
|
||||||
pM4GsSnSTm0bXPebVouQFqhj7LqcQQzCqRDThmw/Lp1tJUmu40g=
|
|
||||||
-----END RSA PRIVATE KEY-----
|
|
|
@ -1,9 +0,0 @@
|
||||||
-----BEGIN RSA PUBLIC KEY-----
|
|
||||||
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvOFmoEJFt1JkfdlwM3vJ
|
|
||||||
Fg5rrY9d6LyyqezjZkBZDQ4qdEEUdCrbW8ISFTtg9sfbrS3qingUzVP9VOfYPMC3
|
|
||||||
r0ugjJXjhvJdBSaoLlzL3saeyrXkfrOOvkcWKzeOynqUNPhKy9dchmuLALFfd/Jy
|
|
||||||
7Wzq0y7XxGeNidEmFjMAf9dwf6/+PjQjbG7zBFu/XSajITPHlDXPVDd0j2qw2wu5
|
|
||||||
Z9iqn4LRXnAFnC438hZZKZU/+JxU2ezr6Sefiy8XTC2kDiq3cgLeEjSywlJOs+4T
|
|
||||||
LjVS/3h75sh2Wk0xVaSwjPEjCOgma+2E3GJrGdQBiAjMSu101VBVwHUHaLDCn1T4
|
|
||||||
NwIDAQAB
|
|
||||||
-----END RSA PUBLIC KEY-----
|
|
|
@ -2,8 +2,8 @@
|
||||||
server:
|
server:
|
||||||
port: 9091
|
port: 9091
|
||||||
tls:
|
tls:
|
||||||
certificate: /config/ssl/public.backend.crt
|
certificate: /pki/public.backend.crt
|
||||||
key: /config/ssl/private.backend.pem
|
key: /pki/private.backend.pem
|
||||||
|
|
||||||
log:
|
log:
|
||||||
level: debug
|
level: debug
|
||||||
|
@ -65,72 +65,6 @@ identity_providers:
|
||||||
oidc:
|
oidc:
|
||||||
enable_client_debug_messages: true
|
enable_client_debug_messages: true
|
||||||
hmac_secret: IVPWBkAdJHje3uz7LtFTDU2pFUfh39Xm
|
hmac_secret: IVPWBkAdJHje3uz7LtFTDU2pFUfh39Xm
|
||||||
issuer_certificate_chain: |
|
|
||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
MIIC6DCCAdCgAwIBAgIRAIxvm0gFgsbh3D22rSZLuFQwDQYJKoZIhvcNAQELBQAw
|
|
||||||
EzERMA8GA1UEChMIQXV0aGVsaWEwIBcNMjIxMDAyMDAzMDQyWhgPMjEyMjA5MDgw
|
|
||||||
MDMwNDJaMBMxETAPBgNVBAoTCEF1dGhlbGlhMIIBIjANBgkqhkiG9w0BAQEFAAOC
|
|
||||||
AQ8AMIIBCgKCAQEAy71EOkV3jOpVQtVTH5HYcI4PryUCiAEyxAIuO+66gaAa4aCd
|
|
||||||
UCRr8iO/pt5nOwPxjPo+hMHhkcKpX7evj+wgYXAccpIQFSCYWTJkaXFL0jL7yFuE
|
|
||||||
5xpjgRM/x6FfK0IbN5WmVWO9EjesbyMCyDoYpjwzIrxnB70F9Y0nrXst1SnW/Sy0
|
|
||||||
01BQZNzD1tky1KDvEkw7L5mMPZFZMr5wV+ELvbo1LLvvrGYhhzbXWk7pPbxT0gAa
|
|
||||||
7yVvQbDKuCDqssAUyQa2JdlDaQocpldtK6l+dc3IsSWKd2UMouta75ngr9E1igy3
|
|
||||||
t7owMRqH8NjwKHt6KQeDVSdBnWNjG572vaRimQIDAQABozUwMzAOBgNVHQ8BAf8E
|
|
||||||
BAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADANBgkqhkiG
|
|
||||||
9w0BAQsFAAOCAQEAaZJ09yGa+DGr/iTqshGdPKNCtcf/CXCkL52xiI7DzLxDt30P
|
|
||||||
8vCuXXrrTGBY7eWYupcNy/MyqaUrz1ED+map3nQzZQBJ9vWIfr01B9phkg/WSaNJ
|
|
||||||
1DlYtbPYzr86BlGP1V5d3Wv6JqF3tkWHI0kI38CT68fWdDKrfa5j3JdZGIVJW+51
|
|
||||||
U0IE3Nqhfc76YzwQ3sNX5FT2Fr55RowH+l5OBPk0Bcztq58XmyPR/bvPfDASt8iS
|
|
||||||
DBT+0iiDiwk6LvOkasL8p7nuh5Grc9LMEYXY/QMUbkIWhIVRFlqyJA9s8vGHx1D4
|
|
||||||
96iYKudj+yvO17Szzr/NNmcwETbCs4j6P6QeiA==
|
|
||||||
-----END CERTIFICATE-----
|
|
||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
MIIDBTCCAe2gAwIBAgIQAK/NIAl3Bdg4Xk0y/ZGL7jANBgkqhkiG9w0BAQsFADAT
|
|
||||||
MREwDwYDVQQKEwhBdXRoZWxpYTAgFw0yMjEwMDIwMDMwMjFaGA8yMTIyMDkwODAw
|
|
||||||
MzAyMVowEzERMA8GA1UEChMIQXV0aGVsaWEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
|
|
||||||
DwAwggEKAoIBAQCg7jdO1HmydfkPzTtz57pvAS3YOdBT0hlNjJ4N2lrKhNnixrzK
|
|
||||||
+4R1dWQDP2SHbZQ0TskF8eQ8HhTr7AsApotTthJFkUgV2g+bv7wVroz0Hok5xtd4
|
|
||||||
bnpOvG3YUCP13Nk3ZVxdQXqR3/G3MrbyiXVPcgU+0giJ8EBykbtMu8L79/1iyk+m
|
|
||||||
w4fZfzTOeorRgspO3z3+pTAib2MCTA7bby1dX9qI/ysFPLdbJYfNQDxij8SzNLyJ
|
|
||||||
EkQ4kh3jKXf1VcZjbQTtYTZ3JJDqM08OxGMKuXUxPHd72Xlb+Fzql8LjYdEy/YKA
|
|
||||||
3r8FMf14lzcjvxtLnFXh//hiXh4+xgXMkrLZAgMBAAGjUzBRMA4GA1UdDwEB/wQE
|
|
||||||
AwICpDAPBgNVHSUECDAGBgRVHSUAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE
|
|
||||||
FGKpXiZA+8VQyMBqTTep+dVTthSbMA0GCSqGSIb3DQEBCwUAA4IBAQAE4DJg+Rb4
|
|
||||||
iiocvxxQ85lhh94ql++E8MKuzIdN7ORs+ybUnsDD1WFDebubroTQuTSBkFrNuGNJ
|
|
||||||
8B7NZsHiWWLvNsrnxxeC5CicqfhSDti0rKWsbGyeoq7Kqok5E4pwOzeRsxL2e/Hm
|
|
||||||
G6LsUQuQMUG2vxKNynqmJS4VpgSVkiGhUfURFuRRDuRpVQ/XTl7jDIGf/ls7TAZq
|
|
||||||
1AnmnSi4Cqy4hrTnwYUYkFCcH69onUKAoaVNl1eAH7ogxakz32WyWObY98NBrjzA
|
|
||||||
I6VQlaQNSHtdFqDpu7NWJZZZSgN4BknbMYQEPNYCm701cPB4ahJbpg5C3pVPFSql
|
|
||||||
Bc9iI6nN3PCr
|
|
||||||
-----END CERTIFICATE-----
|
|
||||||
issuer_private_key: |
|
|
||||||
-----BEGIN RSA PRIVATE KEY-----
|
|
||||||
MIIEowIBAAKCAQEAy71EOkV3jOpVQtVTH5HYcI4PryUCiAEyxAIuO+66gaAa4aCd
|
|
||||||
UCRr8iO/pt5nOwPxjPo+hMHhkcKpX7evj+wgYXAccpIQFSCYWTJkaXFL0jL7yFuE
|
|
||||||
5xpjgRM/x6FfK0IbN5WmVWO9EjesbyMCyDoYpjwzIrxnB70F9Y0nrXst1SnW/Sy0
|
|
||||||
01BQZNzD1tky1KDvEkw7L5mMPZFZMr5wV+ELvbo1LLvvrGYhhzbXWk7pPbxT0gAa
|
|
||||||
7yVvQbDKuCDqssAUyQa2JdlDaQocpldtK6l+dc3IsSWKd2UMouta75ngr9E1igy3
|
|
||||||
t7owMRqH8NjwKHt6KQeDVSdBnWNjG572vaRimQIDAQABAoIBAA/EhhM8bRQqzo5t
|
|
||||||
lBFNaELNu8kCRD/iV9tzj8BzqVt+2JW9qG8bYn9K5Po1HCglFfyjIVOE7cAqIJGX
|
|
||||||
1a59x8PCuXDkfPolm6TLkZnXeta5u2K2MoLwN+M1aio5AvSGGTUkD8tr/KX8SQwQ
|
|
||||||
2ZZFaML0xcBadF7U8jEey4NRlSp5/voiIAB+FrJHepZBz2XJYCX5s2vYLPMn+51R
|
|
||||||
1HyO0n2aQ9H1Na8aBjTfAp9GDKJWBV3bSM7cVaLGlMFj/HNXUNVnSsVsJj0tdWKz
|
|
||||||
K6r9zPskLnS+eNjCgqrOtZSqJ7M3PL0/PoTFPrr1Fevr+soKWCaPF94Ib94O9SEq
|
|
||||||
scvP3kECgYEA0HBdGab0HjcZgFtsIaMm+eBcDhUmUrvMPUw6FmspKnc8wplscONW
|
|
||||||
wrDGhR0dpT8+aAMD5jFC2pvyHjI5AWkW+53LB15j6SVzUlUMfS3VTwE2prLtDHDs
|
|
||||||
nCDW2+fXY2kjv45efZGpMGbLJVePx2RCPzUlAlc14lzxnHgpo7eho1cCgYEA+jpi
|
|
||||||
Eo/Jqa5CNd4hrXqFxZTFtU2Mn38ZKI3QK/l47/347yHLebjsYIIwJRoHenxWxNlz
|
|
||||||
Y+BZ38vkP+f9BGAVGiRcyMmIJU0X305wKwl26Y2Q/tEm2OpwmDboD2pL9byi9vfY
|
|
||||||
bz7pQGK/l9j86KofRwVJJRLsofPI1SsjnC8c448CgYAkpg0IjJ1RjriSJADwLSKW
|
|
||||||
PseQxlE1rMVtZbC07mSPjeWGBbnWY3KGytQs5YCn5GXRne4alEC/9Tlt68CwKc0b
|
|
||||||
spPXGNaSUL5lFIUcoWlm+bylNMKPNG+1x+RfR/VMCll5vcuJYooP85L2Xt3t3gfz
|
|
||||||
2yFFtxXHVjY5H7uaiJgIAwKBgQDvkGXEj5TqtsL8/6YOiHb6Kuz+Hzi6mtxjTyI2
|
|
||||||
d6mpWuWxTBGaf8kOvJWLb9gpFFGeNPGcdXaWJIZqCJjcT4Dkflu2f/uwepaYXGhX
|
|
||||||
S8Bk6fwfee5PTmRt1mNmHsaKhgcfmznDh9+YnPIBVuULe5RmUlEtBWk3xEZKj/qP
|
|
||||||
1Ss7UQKBgAwZQz+h5Z/XOJH3Qs5nJBKAZUiYkj3ux7G6tjx0cz7XcUYd/6enBpkY
|
|
||||||
JeqVHB6G+bMRLwb+Hc5Vgpbd5GdaUWo8udaghHgSGPUVcn0lK38XhYek6ACGz7Lo
|
|
||||||
xEfgtKoBlUq+uPb8H05HY0t9KybA3LA5wkRYYnJ17/nkZtrrJAmX
|
|
||||||
-----END RSA PRIVATE KEY-----
|
|
||||||
clients:
|
clients:
|
||||||
- id: oidc-tester-app
|
- id: oidc-tester-app
|
||||||
secret: foobar
|
secret: foobar
|
||||||
|
|
|
@ -2,9 +2,11 @@
|
||||||
version: '3'
|
version: '3'
|
||||||
services:
|
services:
|
||||||
authelia-backend:
|
authelia-backend:
|
||||||
|
environment:
|
||||||
|
AUTHELIA_IDENTITY_PROVIDERS_OIDC_ISSUER_CERTIFICATE_CHAIN_FILE: /pki/public.oidc.bundle.crt
|
||||||
|
AUTHELIA_IDENTITY_PROVIDERS_OIDC_ISSUER_PRIVATE_KEY_FILE: /pki/private.oidc.pem
|
||||||
volumes:
|
volumes:
|
||||||
- './OIDCTraefik/configuration.yml:/config/configuration.yml:ro'
|
- './OIDCTraefik/configuration.yml:/config/configuration.yml:ro'
|
||||||
- './OIDCTraefik/users.yml:/config/users.yml'
|
- './OIDCTraefik/users.yml:/config/users.yml'
|
||||||
- './OIDCTraefik/keypair/key.pem:/config/issuer.pem:ro'
|
- './common/pki:/pki:ro'
|
||||||
- './common/pki:/config/ssl:ro'
|
|
||||||
...
|
...
|
||||||
|
|
|
@ -1,27 +0,0 @@
|
||||||
-----BEGIN RSA PRIVATE KEY-----
|
|
||||||
MIIEogIBAAKCAQEAvOFmoEJFt1JkfdlwM3vJFg5rrY9d6LyyqezjZkBZDQ4qdEEU
|
|
||||||
dCrbW8ISFTtg9sfbrS3qingUzVP9VOfYPMC3r0ugjJXjhvJdBSaoLlzL3saeyrXk
|
|
||||||
frOOvkcWKzeOynqUNPhKy9dchmuLALFfd/Jy7Wzq0y7XxGeNidEmFjMAf9dwf6/+
|
|
||||||
PjQjbG7zBFu/XSajITPHlDXPVDd0j2qw2wu5Z9iqn4LRXnAFnC438hZZKZU/+JxU
|
|
||||||
2ezr6Sefiy8XTC2kDiq3cgLeEjSywlJOs+4TLjVS/3h75sh2Wk0xVaSwjPEjCOgm
|
|
||||||
a+2E3GJrGdQBiAjMSu101VBVwHUHaLDCn1T4NwIDAQABAoIBADWkupXnXI99Ogc4
|
|
||||||
GxK0JF88Rz6qyhwQg5mZKthejCwWCt6roRiBF33O933KOHa+OljMAqHDCv1pzjgw
|
|
||||||
BIz0mvaRPw7OfylTajHNUdShDFHADVc7I6MMcgz+eYBarhY5jCAjKHMOPjv7DSZs
|
|
||||||
OdYCKLvfxC2oTyV714n9uZhyccDcvQpkgZuBDL0oxPom1GOI8TGhPjxvFOovEHWA
|
|
||||||
Q8q9XY4cUVNDikZmvpgeUkJHWYHYb+11vKeSupnYD03yJ3sDy+F6+m+3/XmzFbXb
|
|
||||||
1p43ermHQsMfDlxPyulUUI0viSo2UhlMC/moAb9FusOv+dTl2lt0gGqzDJ9gg1z1
|
|
||||||
XpHRnwkCgYEA5x48dyxd4lydtVYef9sBmbLJEYozsYyOwLcnrLSNaZxeCza1exyR
|
|
||||||
QIRogswoLDacxrYvO8FY6LtAEMkisv732M29zthBPm5wyoSZiM1X2YfQXKsmyh2h
|
|
||||||
x1/yCWv/BQjj68A8IAxToaXxSG4WAr/X00RGUkXgkgw122FxcmGuFyUCgYEA0TcR
|
|
||||||
dnt/oRMK4aCZHcBgTknzDfxKlJh4S0C9WjxKgr8IlW4LTeVSBuuqOObOQYImEhtw
|
|
||||||
TRTKZIViL0roDF79cioQSp1Tk5h6uy8wr6VyhWRnWfTz2/azoTHnmQ780rtAuEI/
|
|
||||||
NvE6FiqwikJLjma1YJoRfr/bfmgMdxcYbJI1MSsCgYAEZ5Yda1IKu1siFpcUNrdM
|
|
||||||
F5UvaWPc0WHzGEqARxye06UTL6K7yuqVwTBAteVaGlxYiSZTTDcGkHMDHuIzaRqO
|
|
||||||
HjWs2IA90VsC8Q4ABnHTKnx1F6nwlin8I774IP/GN8ooNwyuS63YWdJEYBy5RrC1
|
|
||||||
TQrODJjgD62DFdNUq7nmpQKBgFMJEzI+Q+KPJ0NztTG8t7x61y/W0Vb2yM+9Syn0
|
|
||||||
QfJwlZyRR4VMHelHQZFB8dzIJgoLv9+n/8gztEtm5IB8dwUHst2aYaBz5UpDqYQd
|
|
||||||
Gz3cIrTuZpcH7DVvFCeIbknJLh+zk1lgFpjTqqvFMi27kANeQtFWnmwmKcRec0As
|
|
||||||
K1ZvAoGAV/3YB44/zIoB590+yhpx2HTmDPVHH+J+5O71Pi1D9W13ClBFLrE69wo+
|
|
||||||
IQLIstBI5tGOGeuQNjXhDKJ1U30xppZXcnebrkA+oOo+6dy20zghFR2maAGXfWFU
|
|
||||||
pM4GsSnSTm0bXPebVouQFqhj7LqcQQzCqRDThmw/Lp1tJUmu40g=
|
|
||||||
-----END RSA PRIVATE KEY-----
|
|
|
@ -1,9 +0,0 @@
|
||||||
-----BEGIN RSA PUBLIC KEY-----
|
|
||||||
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvOFmoEJFt1JkfdlwM3vJ
|
|
||||||
Fg5rrY9d6LyyqezjZkBZDQ4qdEEUdCrbW8ISFTtg9sfbrS3qingUzVP9VOfYPMC3
|
|
||||||
r0ugjJXjhvJdBSaoLlzL3saeyrXkfrOOvkcWKzeOynqUNPhKy9dchmuLALFfd/Jy
|
|
||||||
7Wzq0y7XxGeNidEmFjMAf9dwf6/+PjQjbG7zBFu/XSajITPHlDXPVDd0j2qw2wu5
|
|
||||||
Z9iqn4LRXnAFnC438hZZKZU/+JxU2ezr6Sefiy8XTC2kDiq3cgLeEjSywlJOs+4T
|
|
||||||
LjVS/3h75sh2Wk0xVaSwjPEjCOgma+2E3GJrGdQBiAjMSu101VBVwHUHaLDCn1T4
|
|
||||||
NwIDAQAB
|
|
||||||
-----END RSA PUBLIC KEY-----
|
|
|
@ -9,8 +9,8 @@ default_redirection_url: https://home.example.com:8080/
|
||||||
server:
|
server:
|
||||||
port: 9091
|
port: 9091
|
||||||
tls:
|
tls:
|
||||||
certificate: /config/ssl/public.backend.crt
|
certificate: /pki/public.backend.crt
|
||||||
key: /config/ssl/private.backend.pem
|
key: /pki/private.backend.pem
|
||||||
|
|
||||||
log:
|
log:
|
||||||
level: debug
|
level: debug
|
||||||
|
|
|
@ -5,5 +5,5 @@ services:
|
||||||
volumes:
|
volumes:
|
||||||
- './OneFactorOnly/configuration.yml:/config/configuration.yml:ro'
|
- './OneFactorOnly/configuration.yml:/config/configuration.yml:ro'
|
||||||
- './OneFactorOnly/users.yml:/config/users.yml'
|
- './OneFactorOnly/users.yml:/config/users.yml'
|
||||||
- './common/pki:/config/ssl:ro'
|
- './common/pki:/pki:ro'
|
||||||
...
|
...
|
||||||
|
|
|
@ -9,8 +9,8 @@ server:
|
||||||
port: 9091
|
port: 9091
|
||||||
path: auth
|
path: auth
|
||||||
tls:
|
tls:
|
||||||
certificate: /config/ssl/public.backend.crt
|
certificate: /pki/public.backend.crt
|
||||||
key: /config/ssl/private.backend.pem
|
key: /pki/private.backend.pem
|
||||||
|
|
||||||
log:
|
log:
|
||||||
level: debug
|
level: debug
|
||||||
|
|
|
@ -5,5 +5,5 @@ services:
|
||||||
volumes:
|
volumes:
|
||||||
- './PathPrefix/configuration.yml:/config/configuration.yml:ro'
|
- './PathPrefix/configuration.yml:/config/configuration.yml:ro'
|
||||||
- './PathPrefix/users.yml:/config/users.yml'
|
- './PathPrefix/users.yml:/config/users.yml'
|
||||||
- './common/pki:/config/ssl:ro'
|
- './common/pki:/pki:ro'
|
||||||
...
|
...
|
||||||
|
|
|
@ -9,8 +9,8 @@ default_redirection_url: https://home.example.com:8080/
|
||||||
server:
|
server:
|
||||||
port: 9091
|
port: 9091
|
||||||
tls:
|
tls:
|
||||||
certificate: /config/ssl/public.backend.crt
|
certificate: /pki/public.backend.crt
|
||||||
key: /config/ssl/private.backend.pem
|
key: /pki/private.backend.pem
|
||||||
|
|
||||||
log:
|
log:
|
||||||
level: debug
|
level: debug
|
||||||
|
|
|
@ -5,5 +5,5 @@ services:
|
||||||
volumes:
|
volumes:
|
||||||
- './Postgres/configuration.yml:/config/configuration.yml:ro'
|
- './Postgres/configuration.yml:/config/configuration.yml:ro'
|
||||||
- './Postgres/users.yml:/config/users.yml'
|
- './Postgres/users.yml:/config/users.yml'
|
||||||
- './common/pki:/config/ssl:ro'
|
- './common/pki:/pki:ro'
|
||||||
...
|
...
|
||||||
|
|
|
@ -9,8 +9,8 @@ default_redirection_url: https://home.example.com:8080/
|
||||||
server:
|
server:
|
||||||
port: 9091
|
port: 9091
|
||||||
tls:
|
tls:
|
||||||
certificate: /config/ssl/public.backend.crt
|
certificate: /pki/public.backend.crt
|
||||||
key: /config/ssl/private.backend.pem
|
key: /pki/private.backend.pem
|
||||||
|
|
||||||
log:
|
log:
|
||||||
level: debug
|
level: debug
|
||||||
|
|
|
@ -5,5 +5,5 @@ services:
|
||||||
volumes:
|
volumes:
|
||||||
- './ShortTimeouts/configuration.yml:/config/configuration.yml:ro'
|
- './ShortTimeouts/configuration.yml:/config/configuration.yml:ro'
|
||||||
- './ShortTimeouts/users.yml:/config/users.yml'
|
- './ShortTimeouts/users.yml:/config/users.yml'
|
||||||
- './common/pki:/config/ssl:ro'
|
- './common/pki:/pki:ro'
|
||||||
...
|
...
|
||||||
|
|
|
@ -8,8 +8,8 @@ theme: auto
|
||||||
server:
|
server:
|
||||||
port: 9091
|
port: 9091
|
||||||
tls:
|
tls:
|
||||||
certificate: /config/ssl/public.backend.crt
|
certificate: /pki/public.backend.crt
|
||||||
key: /config/ssl/private.backend.pem
|
key: /pki/private.backend.pem
|
||||||
|
|
||||||
telemetry:
|
telemetry:
|
||||||
metrics:
|
metrics:
|
||||||
|
|
|
@ -8,7 +8,7 @@ services:
|
||||||
volumes:
|
volumes:
|
||||||
- './Standalone/configuration.yml:/config/configuration.yml:ro'
|
- './Standalone/configuration.yml:/config/configuration.yml:ro'
|
||||||
- './Standalone/users.yml:/config/users.yml'
|
- './Standalone/users.yml:/config/users.yml'
|
||||||
- './common/pki:/config/ssl:ro'
|
- './common/pki:/pki:ro'
|
||||||
- '/tmp:/tmp'
|
- '/tmp:/tmp'
|
||||||
user: ${USER_ID}:${GROUP_ID}
|
user: ${USER_ID}:${GROUP_ID}
|
||||||
...
|
...
|
||||||
|
|
|
@ -9,8 +9,8 @@ server:
|
||||||
port: 9091
|
port: 9091
|
||||||
asset_path: /config/assets/
|
asset_path: /config/assets/
|
||||||
tls:
|
tls:
|
||||||
certificate: /config/ssl/public.backend.crt
|
certificate: /pki/public.backend.crt
|
||||||
key: /config/ssl/private.backend.pem
|
key: /pki/private.backend.pem
|
||||||
|
|
||||||
log:
|
log:
|
||||||
level: debug
|
level: debug
|
||||||
|
|
|
@ -5,5 +5,5 @@ services:
|
||||||
volumes:
|
volumes:
|
||||||
- './Traefik/configuration.yml:/config/configuration.yml:ro'
|
- './Traefik/configuration.yml:/config/configuration.yml:ro'
|
||||||
- './Traefik/users.yml:/config/users.yml'
|
- './Traefik/users.yml:/config/users.yml'
|
||||||
- './common/pki:/config/ssl:ro'
|
- './common/pki:/pki:ro'
|
||||||
...
|
...
|
||||||
|
|
|
@ -9,8 +9,8 @@ server:
|
||||||
port: 9091
|
port: 9091
|
||||||
asset_path: /config/assets/
|
asset_path: /config/assets/
|
||||||
tls:
|
tls:
|
||||||
certificate: /config/ssl/public.backend.crt
|
certificate: /pki/public.backend.crt
|
||||||
key: /config/ssl/private.backend.pem
|
key: /pki/private.backend.pem
|
||||||
endpoints:
|
endpoints:
|
||||||
authz:
|
authz:
|
||||||
forward-auth:
|
forward-auth:
|
||||||
|
|
|
@ -7,5 +7,5 @@ services:
|
||||||
- './Traefik2/users.yml:/config/users.yml'
|
- './Traefik2/users.yml:/config/users.yml'
|
||||||
- './Traefik2/favicon.ico:/config/assets/favicon.ico'
|
- './Traefik2/favicon.ico:/config/assets/favicon.ico'
|
||||||
- './Traefik2/logo.png:/config/assets/logo.png'
|
- './Traefik2/logo.png:/config/assets/logo.png'
|
||||||
- './common/pki:/config/ssl:ro'
|
- './common/pki:/pki:ro'
|
||||||
...
|
...
|
||||||
|
|
|
@ -0,0 +1,21 @@
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIDhTCCAm2gAwIBAgIRAPl83YWFsuwIwxBRmdJyLLQwDQYJKoZIhvcNAQELBQAw
|
||||||
|
WzERMA8GA1UEChMIQXV0aGVsaWExFDASBgNVBAsTC0RldmVsb3BtZW50MTAwLgYD
|
||||||
|
VQQDEydBdXRoZWxpYSBEZXZlbG9wbWVudCBTdGFuZGFsb25lIFJvb3QgQ0EwIBcN
|
||||||
|
MDAwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMFsxETAPBgNVBAoTCEF1dGhl
|
||||||
|
bGlhMRQwEgYDVQQLEwtEZXZlbG9wbWVudDEwMC4GA1UEAxMnQXV0aGVsaWEgRGV2
|
||||||
|
ZWxvcG1lbnQgU3RhbmRhbG9uZSBSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOC
|
||||||
|
AQ8AMIIBCgKCAQEA2RtD74ISXHruAIIkIRTLGf5VK0b7iN5+CPW8qWjg74PCnid1
|
||||||
|
3DOqVCZ3HSXMP0iaH5rd+WAYojQo5Z1uZ75tXgzYjt6tyXG5H1nN1fkmjkHyNORP
|
||||||
|
abOZtngVaixvlT/hsONXszFdqogXhhI4DtEo0lvxJcnOHER4QVylM4YgDMF85jXi
|
||||||
|
VD893Y6Luik9B6FXLVK9iAJ5MfvD/r8kEPLsDTl2u/Ye0q4igVDJq9tOtb2enhlz
|
||||||
|
HtipYhzzNwEzQwy3tjzP9xpQG6XE6/JW20gQaBvoRBN64DMgRlh1/8ZVyYE8v/B1
|
||||||
|
vRVpSgmyCdDJeaRYZ6J+hO3LXBXU20CVZsM5VQIDAQABo0IwQDAOBgNVHQ8BAf8E
|
||||||
|
BAMCAqQwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUlrBVtyTWJQWRimLeZXr2
|
||||||
|
mrOzy2gwDQYJKoZIhvcNAQELBQADggEBAKXjAw5v8VTM6EDiUvR8XdiikYkycAG/
|
||||||
|
hcEt+QLkkBb72+tUNYbr57YJeJuqQcaPTBUQrIXsID8JV5dQJFfyIG2s3G0iuN70
|
||||||
|
W4fSRPqsSBIcyOK+2APLjkYV8qwLdh03Lyll4SZo7PCK8ItemsIK1NWhd74N49fm
|
||||||
|
+a8eyY5bgfA0FMkjY/ts4gAnYExGRoLOQRu/CgOvBlj2KQUrSNptze1rNlP32b63
|
||||||
|
eUv1wf/ajK2TxI1pQgkeu2lM3Tyu7q7J4UVn0UY0wtZvHtw2+UBGKZB3ok6ejBy2
|
||||||
|
HMjgLGuayGjhyUN8zRkuSvBynuI2wGhIlHklEbaQW5oFKbniXRqdzc4=
|
||||||
|
-----END CERTIFICATE-----
|
|
@ -1,5 +1,7 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
go run ./cmd/authelia crypto certificate rsa generate --directory ./internal/suites/common/pki -n 'Authelia Development Standalone Root CA' --not-before 'Jan 1 00:00:00 2000' --not-after 'Jan 1 00:00:00 2100' -o 'Authelia' --organizational-unit 'Development' --ca
|
# go run ./cmd/authelia crypto certificate rsa generate --directory ./internal/suites/common/pki/ca -n 'Authelia Development Standalone Root CA' --not-before 'Jan 1 00:00:00 2000' --not-after 'Jan 1 00:00:00 2100' -o 'Authelia' --organizational-unit 'Development' --ca
|
||||||
go run ./cmd/authelia crypto certificate rsa generate --directory ./internal/suites/common/pki --path.ca ./internal/suites/common/pki/ -n '*.example.com' --sans '*.example.com,example.com' --not-before 'Jan 1 00:00:00 2000' --not-after 'Jan 1 00:00:00 2100' -o 'Authelia' --organizational-unit 'Development' --bundle
|
# cp ./internal/suites/common/pki/ca/ca.public.crt ./internal/suites/common/pki/ca.public.crt
|
||||||
go run ./cmd/authelia crypto certificate rsa generate --directory ./internal/suites/common/pki --path.ca ./internal/suites/common/pki/ --file.certificate public.backend.crt --file.certificate-bundle public.backend.bundle.crt --file.private-key private.backend.pem -n 'login.example.com' --sans 'login.example.com,authelia' --not-before 'Jan 1 00:00:00 2000' --not-after 'Jan 1 00:00:00 2100' -o 'Authelia' --organizational-unit 'Development' --bundle
|
go run ./cmd/authelia crypto certificate rsa generate --directory ./internal/suites/common/pki --path.ca ./internal/suites/common/pki/ca -n '*.example.com' --sans '*.example.com,example.com' --not-before 'Jan 1 00:00:00 2000' --not-after 'Jan 1 00:00:00 2100' -o 'Authelia' --organizational-unit 'Development' --bundle
|
||||||
|
go run ./cmd/authelia crypto certificate rsa generate --directory ./internal/suites/common/pki --path.ca ./internal/suites/common/pki/ca --file.certificate public.backend.crt --file.certificate-bundle public.backend.bundle.crt --file.private-key private.backend.pem -n 'login.example.com' --sans 'login.example.com,authelia' --not-before 'Jan 1 00:00:00 2000' --not-after 'Jan 1 00:00:00 2100' -o 'Authelia' --organizational-unit 'Development' --bundle
|
||||||
|
go run ./cmd/authelia crypto certificate rsa generate --directory ./internal/suites/common/pki --path.ca ./internal/suites/common/pki/ca --file.certificate public.oidc.crt --file.certificate-bundle public.oidc.bundle.crt --file.private-key private.oidc.pem -n 'login.example.com' --sans 'login.example.com,login.example1.com,login.example2.com,login.example3,com' --not-before 'Jan 1 00:00:00 2000' --not-after 'Jan 1 00:00:00 2100' -o 'Authelia' --organizational-unit 'Development' --bundle
|
||||||
|
|
|
@ -0,0 +1,27 @@
|
||||||
|
-----BEGIN RSA PRIVATE KEY-----
|
||||||
|
MIIEowIBAAKCAQEA0x+u2Kkd1VZGkj7FDwgoXQp0fx1mx5VXd2VEJN9yYTXzlNRZ
|
||||||
|
Taw8WrOcud7hsBPw3DkhbCjEzvw0Ee+DjwtSCotKbtsBwjyLCegjluPHKUvsVNYZ
|
||||||
|
m19TxYY2erx7gohdEcmCGnpWSPRUAKBasIfpM0q6LXG70o8vTuKS82Ub++Sgl1Pa
|
||||||
|
kRL/e/KBUYFZksGEMK1oiPiOtRoJF+vUhRf46ZBg3aZ/HLNvcT5TAMgRRws+K3ek
|
||||||
|
C5+h5oXFexUosj2DCxcjTbsL7C5nqfR3jwmjrBaGN8KnloEDvC84+OsN/nE2PLa5
|
||||||
|
c1kTlRCvKd0gmRuucOKsJ6zvYf/hAqp/WCj1MQIDAQABAoIBAAOHCP3XvYbd/Sne
|
||||||
|
YJ6CrWH4lb+19wyooyB8kanoDdov85TuA1v3375IN/snDTBK9QBI+BT9jWRD9H7E
|
||||||
|
OLeAIevJLgIyKJJdPpl4xndz8NTwzs8QELd23Uh0mJ5uXcXtj1iHvGPC3YQ0iN7F
|
||||||
|
zx4Z9zyDKB8wQkofWFQCFyB39QK9ZGDW4ZstVb57fS62SuqFPW/rO2qSpsuUUwgy
|
||||||
|
Z2P2NqoqtqLIyw3qbsJCArzGoHuMCtjKDYenf8wJxORAsAGAREj71w2bQ20cMMIA
|
||||||
|
w30jgoXtEC9zS2BOb3mUBHiDOKnn4vwlNd7wiLPdZIGP75G4EkI4AHLhJQ1a5YuF
|
||||||
|
8E6V9AECgYEA1LSQVdWggvHTQnj5PHr5k7+YkL/MeIvOkLW5s0r7Lt3x45bAFaQh
|
||||||
|
XVZIXrynv62IZmTzCPwOwrXGJJieT0Ctom0XHgtp8nu7Okxk4AISRfjy7J03EXsJ
|
||||||
|
cS508IJ1B3HZepGvVwp+geJ0r9JmQ19JqZsJ7VENYoPKtYRZ9aV7CUECgYEA/hi1
|
||||||
|
Yw2FcSBk/kXVlcWvKtohY6NISgI5U1Kp7T16ZH3anpew6WwQ3GfueVet714BdwaZ
|
||||||
|
knqiiMvaTAOG66KYHCzRBSeXOozT/0N9AfKqS1y7xW+mR2nUrAiWCL95uZpB9SxE
|
||||||
|
3gylWULV4/+wlF006tEcJ5qiXymAAYv+wEg+f/ECgYBu2XLm6J/v3esFF1p8RHJQ
|
||||||
|
p2bw+KOspt+N1sbiQ09IC26F9wg/vvuMUu0AQj0BzYPqKO3nXsSqgGS0qbzG/KQA
|
||||||
|
o+2KQNSEBCt8pFdlzm6LfMPMv9n1CDPRgi57MOGgcZqvH8FLETMAqW26O2ID9mLD
|
||||||
|
OwMfZEAfeSNpGYJwXD8UgQKBgQC+0k1+Csx47YwKzOUeqivncZL7occLFWp5oa3N
|
||||||
|
ZYsB5uYEjgSk96wd6ctUwzzzc1SET6eLMp/XPcg9p7RuR1gWaK28QkQ3C0W2ALfj
|
||||||
|
e5raJ9U366YjIV4+p+AMx8chVLBN8CXz3+lZBHFe3Ul90hWIduu+7kkcUC06fCkf
|
||||||
|
u+F78QKBgFajhBPESe344ixG/fASpsVe2Yg14SgYCeWkinOe856zABY8dkfWWBIq
|
||||||
|
KX2eq1WJXErHWDuuNPP3Jol1CouqqHseqYQ+SaOhlHdoGws70bsIvBHrtj7NiEQZ
|
||||||
|
HFLhEk+OnnG+wJ1jQ5cseA4kbTuPjEL0NNVk7OSndiuxnnDbe91R
|
||||||
|
-----END RSA PRIVATE KEY-----
|
|
@ -0,0 +1,44 @@
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIID3zCCAsegAwIBAgIQZjmlbZI+QaeqQpApxA2eDjANBgkqhkiG9w0BAQsFADBb
|
||||||
|
MREwDwYDVQQKEwhBdXRoZWxpYTEUMBIGA1UECxMLRGV2ZWxvcG1lbnQxMDAuBgNV
|
||||||
|
BAMTJ0F1dGhlbGlhIERldmVsb3BtZW50IFN0YW5kYWxvbmUgUm9vdCBDQTAgFw0w
|
||||||
|
MDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowRTERMA8GA1UEChMIQXV0aGVs
|
||||||
|
aWExFDASBgNVBAsTC0RldmVsb3BtZW50MRowGAYDVQQDExFsb2dpbi5leGFtcGxl
|
||||||
|
LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANMfrtipHdVWRpI+
|
||||||
|
xQ8IKF0KdH8dZseVV3dlRCTfcmE185TUWU2sPFqznLne4bAT8Nw5IWwoxM78NBHv
|
||||||
|
g48LUgqLSm7bAcI8iwnoI5bjxylL7FTWGZtfU8WGNnq8e4KIXRHJghp6Vkj0VACg
|
||||||
|
WrCH6TNKui1xu9KPL07ikvNlG/vkoJdT2pES/3vygVGBWZLBhDCtaIj4jrUaCRfr
|
||||||
|
1IUX+OmQYN2mfxyzb3E+UwDIEUcLPit3pAufoeaFxXsVKLI9gwsXI027C+wuZ6n0
|
||||||
|
d48Jo6wWhjfCp5aBA7wvOPjrDf5xNjy2uXNZE5UQryndIJkbrnDirCes72H/4QKq
|
||||||
|
f1go9TECAwEAAaOBsjCBrzAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYB
|
||||||
|
BQUHAwEwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBSWsFW3JNYlBZGKYt5levaa
|
||||||
|
s7PLaDBZBgNVHREEUjBQghFsb2dpbi5leGFtcGxlLmNvbYISbG9naW4uZXhhbXBs
|
||||||
|
ZTEuY29tghJsb2dpbi5leGFtcGxlMi5jb22CDmxvZ2luLmV4YW1wbGUzggNjb20w
|
||||||
|
DQYJKoZIhvcNAQELBQADggEBAH46LB6fFF+5dbFhEa8rsDX17oZPVsIMHi+vhmMh
|
||||||
|
aS5IACOpmc3q/yyhZelNwB/MRzlPziQwpqwr9B5SQ9UOBvZDuv9ESXYHlVHSIGo9
|
||||||
|
+3Ax9fvxLVpF3E62whr+d8YHjXE85UgUKaDAWYCAVB7fkY7WfyS3t8IxgJVa+oMZ
|
||||||
|
sLeI4YmheKdgRZsE+83VcNUVuGhsh3R5NKFo46tonpbdx13Eg2k3IInKAkZmTA5D
|
||||||
|
YoPfPTDbd1BOC+h2C0s+guUyoG1Fi5DzS/x8xNoRcZ7/fkdcboAXa8dlVZeqGRky
|
||||||
|
ddYggjZYnqGaD9qKFAox4EqkCYB1XwNeUPUapdvGICC7UGc=
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIDhTCCAm2gAwIBAgIRAPl83YWFsuwIwxBRmdJyLLQwDQYJKoZIhvcNAQELBQAw
|
||||||
|
WzERMA8GA1UEChMIQXV0aGVsaWExFDASBgNVBAsTC0RldmVsb3BtZW50MTAwLgYD
|
||||||
|
VQQDEydBdXRoZWxpYSBEZXZlbG9wbWVudCBTdGFuZGFsb25lIFJvb3QgQ0EwIBcN
|
||||||
|
MDAwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMFsxETAPBgNVBAoTCEF1dGhl
|
||||||
|
bGlhMRQwEgYDVQQLEwtEZXZlbG9wbWVudDEwMC4GA1UEAxMnQXV0aGVsaWEgRGV2
|
||||||
|
ZWxvcG1lbnQgU3RhbmRhbG9uZSBSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOC
|
||||||
|
AQ8AMIIBCgKCAQEA2RtD74ISXHruAIIkIRTLGf5VK0b7iN5+CPW8qWjg74PCnid1
|
||||||
|
3DOqVCZ3HSXMP0iaH5rd+WAYojQo5Z1uZ75tXgzYjt6tyXG5H1nN1fkmjkHyNORP
|
||||||
|
abOZtngVaixvlT/hsONXszFdqogXhhI4DtEo0lvxJcnOHER4QVylM4YgDMF85jXi
|
||||||
|
VD893Y6Luik9B6FXLVK9iAJ5MfvD/r8kEPLsDTl2u/Ye0q4igVDJq9tOtb2enhlz
|
||||||
|
HtipYhzzNwEzQwy3tjzP9xpQG6XE6/JW20gQaBvoRBN64DMgRlh1/8ZVyYE8v/B1
|
||||||
|
vRVpSgmyCdDJeaRYZ6J+hO3LXBXU20CVZsM5VQIDAQABo0IwQDAOBgNVHQ8BAf8E
|
||||||
|
BAMCAqQwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUlrBVtyTWJQWRimLeZXr2
|
||||||
|
mrOzy2gwDQYJKoZIhvcNAQELBQADggEBAKXjAw5v8VTM6EDiUvR8XdiikYkycAG/
|
||||||
|
hcEt+QLkkBb72+tUNYbr57YJeJuqQcaPTBUQrIXsID8JV5dQJFfyIG2s3G0iuN70
|
||||||
|
W4fSRPqsSBIcyOK+2APLjkYV8qwLdh03Lyll4SZo7PCK8ItemsIK1NWhd74N49fm
|
||||||
|
+a8eyY5bgfA0FMkjY/ts4gAnYExGRoLOQRu/CgOvBlj2KQUrSNptze1rNlP32b63
|
||||||
|
eUv1wf/ajK2TxI1pQgkeu2lM3Tyu7q7J4UVn0UY0wtZvHtw2+UBGKZB3ok6ejBy2
|
||||||
|
HMjgLGuayGjhyUN8zRkuSvBynuI2wGhIlHklEbaQW5oFKbniXRqdzc4=
|
||||||
|
-----END CERTIFICATE-----
|
|
@ -0,0 +1,23 @@
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIID3zCCAsegAwIBAgIQZjmlbZI+QaeqQpApxA2eDjANBgkqhkiG9w0BAQsFADBb
|
||||||
|
MREwDwYDVQQKEwhBdXRoZWxpYTEUMBIGA1UECxMLRGV2ZWxvcG1lbnQxMDAuBgNV
|
||||||
|
BAMTJ0F1dGhlbGlhIERldmVsb3BtZW50IFN0YW5kYWxvbmUgUm9vdCBDQTAgFw0w
|
||||||
|
MDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowRTERMA8GA1UEChMIQXV0aGVs
|
||||||
|
aWExFDASBgNVBAsTC0RldmVsb3BtZW50MRowGAYDVQQDExFsb2dpbi5leGFtcGxl
|
||||||
|
LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANMfrtipHdVWRpI+
|
||||||
|
xQ8IKF0KdH8dZseVV3dlRCTfcmE185TUWU2sPFqznLne4bAT8Nw5IWwoxM78NBHv
|
||||||
|
g48LUgqLSm7bAcI8iwnoI5bjxylL7FTWGZtfU8WGNnq8e4KIXRHJghp6Vkj0VACg
|
||||||
|
WrCH6TNKui1xu9KPL07ikvNlG/vkoJdT2pES/3vygVGBWZLBhDCtaIj4jrUaCRfr
|
||||||
|
1IUX+OmQYN2mfxyzb3E+UwDIEUcLPit3pAufoeaFxXsVKLI9gwsXI027C+wuZ6n0
|
||||||
|
d48Jo6wWhjfCp5aBA7wvOPjrDf5xNjy2uXNZE5UQryndIJkbrnDirCes72H/4QKq
|
||||||
|
f1go9TECAwEAAaOBsjCBrzAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYB
|
||||||
|
BQUHAwEwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBSWsFW3JNYlBZGKYt5levaa
|
||||||
|
s7PLaDBZBgNVHREEUjBQghFsb2dpbi5leGFtcGxlLmNvbYISbG9naW4uZXhhbXBs
|
||||||
|
ZTEuY29tghJsb2dpbi5leGFtcGxlMi5jb22CDmxvZ2luLmV4YW1wbGUzggNjb20w
|
||||||
|
DQYJKoZIhvcNAQELBQADggEBAH46LB6fFF+5dbFhEa8rsDX17oZPVsIMHi+vhmMh
|
||||||
|
aS5IACOpmc3q/yyhZelNwB/MRzlPziQwpqwr9B5SQ9UOBvZDuv9ESXYHlVHSIGo9
|
||||||
|
+3Ax9fvxLVpF3E62whr+d8YHjXE85UgUKaDAWYCAVB7fkY7WfyS3t8IxgJVa+oMZ
|
||||||
|
sLeI4YmheKdgRZsE+83VcNUVuGhsh3R5NKFo46tonpbdx13Eg2k3IInKAkZmTA5D
|
||||||
|
YoPfPTDbd1BOC+h2C0s+guUyoG1Fi5DzS/x8xNoRcZ7/fkdcboAXa8dlVZeqGRky
|
||||||
|
ddYggjZYnqGaD9qKFAox4EqkCYB1XwNeUPUapdvGICC7UGc=
|
||||||
|
-----END CERTIFICATE-----
|
|
@ -42,7 +42,7 @@ func waitUntilAutheliaBackendIsReady(dockerEnvironment *DockerEnvironment) error
|
||||||
90*time.Second,
|
90*time.Second,
|
||||||
dockerEnvironment,
|
dockerEnvironment,
|
||||||
"authelia-backend",
|
"authelia-backend",
|
||||||
[]string{"Initializing server for"})
|
[]string{"Startup Complete"})
|
||||||
}
|
}
|
||||||
|
|
||||||
func waitUntilAutheliaFrontendIsReady(dockerEnvironment *DockerEnvironment) error {
|
func waitUntilAutheliaFrontendIsReady(dockerEnvironment *DockerEnvironment) error {
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
FROM alpine:3.17.1
|
FROM alpine:3.17.2
|
||||||
|
|
||||||
RUN \
|
RUN \
|
||||||
apk add --no-cache \
|
apk add --no-cache \
|
||||||
|
|
|
@ -33,7 +33,7 @@ spec:
|
||||||
mountPath: /config/configuration.yml
|
mountPath: /config/configuration.yml
|
||||||
readOnly: true
|
readOnly: true
|
||||||
- name: authelia-ssl
|
- name: authelia-ssl
|
||||||
mountPath: /config/ssl
|
mountPath: /pki
|
||||||
readOnly: true
|
readOnly: true
|
||||||
- name: secrets
|
- name: secrets
|
||||||
mountPath: /config/secrets
|
mountPath: /config/secrets
|
||||||
|
|
|
@ -8,8 +8,8 @@ default_redirection_url: https://home.example.com:8080
|
||||||
server:
|
server:
|
||||||
port: 443
|
port: 443
|
||||||
tls:
|
tls:
|
||||||
certificate: /config/ssl/public.backend.crt
|
certificate: /pki/public.backend.crt
|
||||||
key: /config/ssl/private.backend.pem
|
key: /pki/private.backend.pem
|
||||||
|
|
||||||
log:
|
log:
|
||||||
level: debug
|
level: debug
|
||||||
|
|
|
@ -54,7 +54,7 @@ func TestShouldNotReturnErrWhenX509DirectoryExist(t *testing.T) {
|
||||||
func TestShouldReadCertsFromDirectoryButNotKeys(t *testing.T) {
|
func TestShouldReadCertsFromDirectoryButNotKeys(t *testing.T) {
|
||||||
pool, warnings, errors := NewX509CertPool("../suites/common/pki/")
|
pool, warnings, errors := NewX509CertPool("../suites/common/pki/")
|
||||||
assert.NotNil(t, pool)
|
assert.NotNil(t, pool)
|
||||||
require.Len(t, errors, 2)
|
require.Len(t, errors, 3)
|
||||||
|
|
||||||
if runtime.GOOS == "windows" {
|
if runtime.GOOS == "windows" {
|
||||||
require.Len(t, warnings, 1)
|
require.Len(t, warnings, 1)
|
||||||
|
@ -64,7 +64,8 @@ func TestShouldReadCertsFromDirectoryButNotKeys(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
assert.EqualError(t, errors[0], "could not import certificate private.backend.pem")
|
assert.EqualError(t, errors[0], "could not import certificate private.backend.pem")
|
||||||
assert.EqualError(t, errors[1], "could not import certificate private.pem")
|
assert.EqualError(t, errors[1], "could not import certificate private.oidc.pem")
|
||||||
|
assert.EqualError(t, errors[2], "could not import certificate private.pem")
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestShouldGenerateCertificateAndPersistIt(t *testing.T) {
|
func TestShouldGenerateCertificateAndPersistIt(t *testing.T) {
|
||||||
|
|
Loading…
Reference in New Issue