Merge remote-tracking branch 'origin/master' into feat-settings-ui
commit
8c057f65a5
|
@ -25,3 +25,5 @@ authelia-image-dev.tar
|
|||
|
||||
/authelia
|
||||
__debug_bin
|
||||
|
||||
internal/suites/common/pki/ca/ca.private.pem
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
# ===================================
|
||||
# ===== Authelia official image =====
|
||||
# ===================================
|
||||
FROM alpine:3.17.1
|
||||
FROM alpine:3.17.2
|
||||
|
||||
ARG TARGETOS
|
||||
ARG TARGETARCH
|
||||
|
|
|
@ -46,7 +46,7 @@ RUN \
|
|||
# ===================================
|
||||
# ===== Authelia official image =====
|
||||
# ===================================
|
||||
FROM alpine:3.17.1
|
||||
FROM alpine:3.17.2
|
||||
|
||||
RUN apk --no-cache add ca-certificates tzdata
|
||||
|
||||
|
|
|
@ -43,7 +43,7 @@ RUN \
|
|||
# ===================================
|
||||
# ===== Authelia official image =====
|
||||
# ===================================
|
||||
FROM alpine:3.17.1
|
||||
FROM alpine:3.17.2
|
||||
|
||||
WORKDIR /app
|
||||
|
||||
|
|
|
@ -772,3 +772,7 @@ Layouts:
|
|||
ANSIC: Mon Jan _2 15:04:05 2006
|
||||
Date: 2006-01-02`
|
||||
)
|
||||
|
||||
const (
|
||||
fmtLogServerListening = "Server is listening for %s connections on '%s' path '%s'"
|
||||
)
|
||||
|
|
|
@ -9,7 +9,6 @@ import (
|
|||
"github.com/sirupsen/logrus"
|
||||
"github.com/spf13/cobra"
|
||||
"github.com/spf13/pflag"
|
||||
"golang.org/x/sync/errgroup"
|
||||
|
||||
"github.com/authelia/authelia/v4/internal/authentication"
|
||||
"github.com/authelia/authelia/v4/internal/authorization"
|
||||
|
@ -35,14 +34,8 @@ import (
|
|||
func NewCmdCtx() *CmdCtx {
|
||||
ctx := context.Background()
|
||||
|
||||
ctx, cancel := context.WithCancel(ctx)
|
||||
|
||||
group, ctx := errgroup.WithContext(ctx)
|
||||
|
||||
return &CmdCtx{
|
||||
Context: ctx,
|
||||
cancel: cancel,
|
||||
group: group,
|
||||
log: logging.Logger(),
|
||||
providers: middlewares.Providers{
|
||||
Random: &random.Cryptographical{},
|
||||
|
@ -55,9 +48,6 @@ func NewCmdCtx() *CmdCtx {
|
|||
type CmdCtx struct {
|
||||
context.Context
|
||||
|
||||
cancel context.CancelFunc
|
||||
group *errgroup.Group
|
||||
|
||||
log *logrus.Logger
|
||||
|
||||
config *schema.Configuration
|
||||
|
|
|
@ -2,21 +2,13 @@ package commands
|
|||
|
||||
import (
|
||||
"fmt"
|
||||
"net"
|
||||
"os"
|
||||
"os/signal"
|
||||
"path/filepath"
|
||||
"strings"
|
||||
"syscall"
|
||||
|
||||
"github.com/fsnotify/fsnotify"
|
||||
"github.com/spf13/cobra"
|
||||
"github.com/valyala/fasthttp"
|
||||
|
||||
"github.com/authelia/authelia/v4/internal/authentication"
|
||||
"github.com/authelia/authelia/v4/internal/logging"
|
||||
"github.com/authelia/authelia/v4/internal/model"
|
||||
"github.com/authelia/authelia/v4/internal/server"
|
||||
"github.com/authelia/authelia/v4/internal/utils"
|
||||
)
|
||||
|
||||
|
@ -95,195 +87,11 @@ func (ctx *CmdCtx) RootRunE(_ *cobra.Command, _ []string) (err error) {
|
|||
|
||||
ctx.cconfig = nil
|
||||
|
||||
runServices(ctx)
|
||||
servicesRun(ctx)
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
//nolint:gocyclo // Complexity is required in this function.
|
||||
func runServices(ctx *CmdCtx) {
|
||||
defer ctx.cancel()
|
||||
|
||||
quit := make(chan os.Signal, 1)
|
||||
|
||||
signal.Notify(quit, syscall.SIGINT, syscall.SIGTERM)
|
||||
|
||||
defer signal.Stop(quit)
|
||||
|
||||
var (
|
||||
mainServer, metricsServer *fasthttp.Server
|
||||
mainListener, metricsListener net.Listener
|
||||
)
|
||||
|
||||
ctx.group.Go(func() (err error) {
|
||||
defer func() {
|
||||
if r := recover(); r != nil {
|
||||
ctx.log.WithError(recoverErr(r)).Errorf("Server (main) critical error caught (recovered)")
|
||||
}
|
||||
}()
|
||||
|
||||
if mainServer, mainListener, err = server.CreateDefaultServer(*ctx.config, ctx.providers); err != nil {
|
||||
ctx.log.WithError(err).Error("Create Server (main) returned error")
|
||||
|
||||
return err
|
||||
}
|
||||
|
||||
if err = mainServer.Serve(mainListener); err != nil {
|
||||
ctx.log.WithError(err).Error("Server (main) returned error")
|
||||
|
||||
return err
|
||||
}
|
||||
|
||||
return nil
|
||||
})
|
||||
|
||||
ctx.group.Go(func() (err error) {
|
||||
if ctx.providers.Metrics == nil {
|
||||
return nil
|
||||
}
|
||||
|
||||
defer func() {
|
||||
if r := recover(); r != nil {
|
||||
ctx.log.WithError(recoverErr(r)).Errorf("Server (metrics) critical error caught (recovered)")
|
||||
}
|
||||
}()
|
||||
|
||||
if metricsServer, metricsListener, err = server.CreateMetricsServer(ctx.config.Telemetry.Metrics); err != nil {
|
||||
ctx.log.WithError(err).Error("Create Server (metrics) returned error")
|
||||
|
||||
return err
|
||||
}
|
||||
|
||||
if err = metricsServer.Serve(metricsListener); err != nil {
|
||||
ctx.log.WithError(err).Error("Server (metrics) returned error")
|
||||
|
||||
return err
|
||||
}
|
||||
|
||||
return nil
|
||||
})
|
||||
|
||||
if ctx.config.AuthenticationBackend.File != nil && ctx.config.AuthenticationBackend.File.Watch {
|
||||
provider := ctx.providers.UserProvider.(*authentication.FileUserProvider)
|
||||
if watcher, err := runServiceFileWatcher(ctx, ctx.config.AuthenticationBackend.File.Path, provider); err != nil {
|
||||
ctx.log.WithError(err).Errorf("File Watcher (user database) start returned error")
|
||||
} else {
|
||||
defer func(watcher *fsnotify.Watcher) {
|
||||
if err := watcher.Close(); err != nil {
|
||||
ctx.log.WithError(err).Errorf("File Watcher (user database) close returned error")
|
||||
}
|
||||
}(watcher)
|
||||
}
|
||||
}
|
||||
|
||||
select {
|
||||
case s := <-quit:
|
||||
switch s {
|
||||
case syscall.SIGINT:
|
||||
ctx.log.Debugf("Shutdown started due to SIGINT")
|
||||
case syscall.SIGQUIT:
|
||||
ctx.log.Debugf("Shutdown started due to SIGQUIT")
|
||||
}
|
||||
case <-ctx.Done():
|
||||
ctx.log.Debugf("Shutdown started due to context completion")
|
||||
}
|
||||
|
||||
ctx.cancel()
|
||||
|
||||
ctx.log.Infof("Shutting down")
|
||||
|
||||
var err error
|
||||
|
||||
if mainServer != nil {
|
||||
if err = mainServer.Shutdown(); err != nil {
|
||||
ctx.log.WithError(err).Errorf("Error occurred shutting down the server")
|
||||
}
|
||||
}
|
||||
|
||||
if metricsServer != nil {
|
||||
if err = metricsServer.Shutdown(); err != nil {
|
||||
ctx.log.WithError(err).Errorf("Error occurred shutting down the metrics server")
|
||||
}
|
||||
}
|
||||
|
||||
if err = ctx.providers.StorageProvider.Close(); err != nil {
|
||||
ctx.log.WithError(err).Errorf("Error occurred closing the database connection")
|
||||
}
|
||||
|
||||
if err = ctx.group.Wait(); err != nil {
|
||||
ctx.log.WithError(err).Errorf("Error occurred waiting for shutdown")
|
||||
}
|
||||
}
|
||||
|
||||
type ReloadFilter func(path string) (skipped bool)
|
||||
|
||||
type ProviderReload interface {
|
||||
Reload() (reloaded bool, err error)
|
||||
}
|
||||
|
||||
func runServiceFileWatcher(ctx *CmdCtx, path string, reload ProviderReload) (watcher *fsnotify.Watcher, err error) {
|
||||
if watcher, err = fsnotify.NewWatcher(); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
failed := make(chan struct{})
|
||||
|
||||
var directory, filename string
|
||||
|
||||
if path != "" {
|
||||
directory, filename = filepath.Dir(path), filepath.Base(path)
|
||||
}
|
||||
|
||||
ctx.group.Go(func() error {
|
||||
for {
|
||||
select {
|
||||
case <-failed:
|
||||
return nil
|
||||
case event, ok := <-watcher.Events:
|
||||
if !ok {
|
||||
return nil
|
||||
}
|
||||
|
||||
if filename != filepath.Base(event.Name) {
|
||||
ctx.log.WithField("file", event.Name).WithField("op", event.Op).Tracef("File modification detected to irrelevant file")
|
||||
break
|
||||
}
|
||||
|
||||
switch {
|
||||
case event.Op&fsnotify.Write == fsnotify.Write, event.Op&fsnotify.Create == fsnotify.Create:
|
||||
ctx.log.WithField("file", event.Name).WithField("op", event.Op).Debug("File modification detected")
|
||||
|
||||
switch reloaded, err := reload.Reload(); {
|
||||
case err != nil:
|
||||
ctx.log.WithField("file", event.Name).WithField("op", event.Op).WithError(err).Error("Error occurred reloading file")
|
||||
case reloaded:
|
||||
ctx.log.WithField("file", event.Name).Info("Reloaded file successfully")
|
||||
default:
|
||||
ctx.log.WithField("file", event.Name).Debug("Reload of file was triggered but it was skipped")
|
||||
}
|
||||
case event.Op&fsnotify.Remove == fsnotify.Remove:
|
||||
ctx.log.WithField("file", event.Name).WithField("op", event.Op).Debug("Remove of file was detected")
|
||||
}
|
||||
case err, ok := <-watcher.Errors:
|
||||
if !ok {
|
||||
return nil
|
||||
}
|
||||
ctx.log.WithError(err).Errorf("Error while watching files")
|
||||
}
|
||||
}
|
||||
})
|
||||
|
||||
if err := watcher.Add(directory); err != nil {
|
||||
failed <- struct{}{}
|
||||
|
||||
return nil, err
|
||||
}
|
||||
|
||||
ctx.log.WithField("directory", directory).WithField("file", filename).Debug("Directory is being watched for changes to the file")
|
||||
|
||||
return watcher, nil
|
||||
}
|
||||
|
||||
func doStartupChecks(ctx *CmdCtx) {
|
||||
var (
|
||||
failures []string
|
||||
|
|
|
@ -0,0 +1,311 @@
|
|||
package commands
|
||||
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"net"
|
||||
"os"
|
||||
"os/signal"
|
||||
"path/filepath"
|
||||
"strings"
|
||||
"sync"
|
||||
"syscall"
|
||||
|
||||
"github.com/fsnotify/fsnotify"
|
||||
"github.com/sirupsen/logrus"
|
||||
"github.com/valyala/fasthttp"
|
||||
"golang.org/x/sync/errgroup"
|
||||
|
||||
"github.com/authelia/authelia/v4/internal/authentication"
|
||||
"github.com/authelia/authelia/v4/internal/server"
|
||||
)
|
||||
|
||||
// NewServerService creates a new ServerService with the appropriate logger etc.
|
||||
func NewServerService(name string, server *fasthttp.Server, listener net.Listener, paths []string, isTLS bool, log *logrus.Logger) (service *ServerService) {
|
||||
return &ServerService{
|
||||
server: server,
|
||||
listener: listener,
|
||||
paths: paths,
|
||||
isTLS: isTLS,
|
||||
log: log.WithFields(map[string]any{"service": "server", "server": name}),
|
||||
}
|
||||
}
|
||||
|
||||
// NewFileWatcherService creates a new FileWatcherService with the appropriate logger etc.
|
||||
func NewFileWatcherService(name, path string, reload ProviderReload, log *logrus.Logger) (service *FileWatcherService, err error) {
|
||||
if path == "" {
|
||||
return nil, fmt.Errorf("path must be specified")
|
||||
}
|
||||
|
||||
var info os.FileInfo
|
||||
|
||||
if info, err = os.Stat(path); err != nil {
|
||||
return nil, fmt.Errorf("error stating file '%s': %w", path, err)
|
||||
}
|
||||
|
||||
if path, err = filepath.Abs(path); err != nil {
|
||||
return nil, fmt.Errorf("error determining absolute path of file '%s': %w", path, err)
|
||||
}
|
||||
|
||||
var watcher *fsnotify.Watcher
|
||||
|
||||
if watcher, err = fsnotify.NewWatcher(); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
entry := log.WithFields(map[string]any{"service": "watcher", "watcher": name})
|
||||
|
||||
if info.IsDir() {
|
||||
service = &FileWatcherService{
|
||||
watcher: watcher,
|
||||
reload: reload,
|
||||
log: entry,
|
||||
directory: filepath.Clean(path),
|
||||
}
|
||||
} else {
|
||||
service = &FileWatcherService{
|
||||
watcher: watcher,
|
||||
reload: reload,
|
||||
log: entry,
|
||||
directory: filepath.Dir(path),
|
||||
file: filepath.Base(path),
|
||||
}
|
||||
}
|
||||
|
||||
if err = service.watcher.Add(service.directory); err != nil {
|
||||
return nil, fmt.Errorf("failed to add path '%s' to watch list: %w", path, err)
|
||||
}
|
||||
|
||||
return service, nil
|
||||
}
|
||||
|
||||
// ProviderReload represents the required methods to support reloading a provider.
|
||||
type ProviderReload interface {
|
||||
Reload() (reloaded bool, err error)
|
||||
}
|
||||
|
||||
// Service represents the required methods to support handling a service.
|
||||
type Service interface {
|
||||
Run() (err error)
|
||||
Shutdown()
|
||||
}
|
||||
|
||||
// ServerService is a Service which runs a webserver.
|
||||
type ServerService struct {
|
||||
server *fasthttp.Server
|
||||
paths []string
|
||||
isTLS bool
|
||||
listener net.Listener
|
||||
log *logrus.Entry
|
||||
}
|
||||
|
||||
// Run the ServerService.
|
||||
func (service *ServerService) Run() (err error) {
|
||||
defer func() {
|
||||
if r := recover(); r != nil {
|
||||
service.log.WithError(recoverErr(r)).Error("Critical error caught (recovered)")
|
||||
}
|
||||
}()
|
||||
|
||||
service.log.Infof(fmtLogServerListening, connectionType(service.isTLS), service.listener.Addr().String(), strings.Join(service.paths, "' and '"))
|
||||
|
||||
if err = service.server.Serve(service.listener); err != nil {
|
||||
service.log.WithError(err).Error("Error returned attempting to serve requests")
|
||||
|
||||
return err
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// Shutdown the ServerService.
|
||||
func (service *ServerService) Shutdown() {
|
||||
if err := service.server.Shutdown(); err != nil {
|
||||
service.log.WithError(err).Error("Error occurred during shutdown")
|
||||
}
|
||||
}
|
||||
|
||||
// FileWatcherService is a Service that watches files for changes.
|
||||
type FileWatcherService struct {
|
||||
watcher *fsnotify.Watcher
|
||||
reload ProviderReload
|
||||
|
||||
log *logrus.Entry
|
||||
file string
|
||||
directory string
|
||||
}
|
||||
|
||||
// Run the FileWatcherService.
|
||||
func (service *FileWatcherService) Run() (err error) {
|
||||
defer func() {
|
||||
if r := recover(); r != nil {
|
||||
service.log.WithError(recoverErr(r)).Error("Critical error caught (recovered)")
|
||||
}
|
||||
}()
|
||||
|
||||
service.log.WithField("file", filepath.Join(service.directory, service.file)).Info("Watching for file changes to the file")
|
||||
|
||||
for {
|
||||
select {
|
||||
case event, ok := <-service.watcher.Events:
|
||||
if !ok {
|
||||
return nil
|
||||
}
|
||||
|
||||
if service.file != "" && service.file != filepath.Base(event.Name) {
|
||||
service.log.WithFields(map[string]any{"file": event.Name, "op": event.Op}).Tracef("File modification detected to irrelevant file")
|
||||
break
|
||||
}
|
||||
|
||||
switch {
|
||||
case event.Op&fsnotify.Write == fsnotify.Write, event.Op&fsnotify.Create == fsnotify.Create:
|
||||
service.log.WithFields(map[string]any{"file": event.Name, "op": event.Op}).Debug("File modification was detected")
|
||||
|
||||
var reloaded bool
|
||||
|
||||
switch reloaded, err = service.reload.Reload(); {
|
||||
case err != nil:
|
||||
service.log.WithFields(map[string]any{"file": event.Name, "op": event.Op}).WithError(err).Error("Error occurred during reload")
|
||||
case reloaded:
|
||||
service.log.WithField("file", event.Name).Info("Reloaded successfully")
|
||||
default:
|
||||
service.log.WithField("file", event.Name).Debug("Reload of was triggered but it was skipped")
|
||||
}
|
||||
case event.Op&fsnotify.Remove == fsnotify.Remove:
|
||||
service.log.WithFields(map[string]any{"file": event.Name, "op": event.Op}).Debug("File remove was detected")
|
||||
}
|
||||
case err, ok := <-service.watcher.Errors:
|
||||
if !ok {
|
||||
return nil
|
||||
}
|
||||
|
||||
service.log.WithError(err).Errorf("Error while watching files")
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Shutdown the FileWatcherService.
|
||||
func (service *FileWatcherService) Shutdown() {
|
||||
if err := service.watcher.Close(); err != nil {
|
||||
service.log.WithError(err).Error("Error occurred during shutdown")
|
||||
}
|
||||
}
|
||||
|
||||
func svcSvrMainFunc(ctx *CmdCtx) (service Service) {
|
||||
switch svr, listener, paths, isTLS, err := server.CreateDefaultServer(ctx.config, ctx.providers); {
|
||||
case err != nil:
|
||||
ctx.log.WithError(err).Fatal("Create Server Service (main) returned error")
|
||||
case svr != nil && listener != nil:
|
||||
service = NewServerService("main", svr, listener, paths, isTLS, ctx.log)
|
||||
default:
|
||||
ctx.log.Fatal("Create Server Service (main) failed")
|
||||
}
|
||||
|
||||
return service
|
||||
}
|
||||
|
||||
func svcSvrMetricsFunc(ctx *CmdCtx) (service Service) {
|
||||
switch svr, listener, paths, isTLS, err := server.CreateMetricsServer(ctx.config, ctx.providers); {
|
||||
case err != nil:
|
||||
ctx.log.WithError(err).Fatal("Create Server Service (metrics) returned error")
|
||||
case svr != nil && listener != nil:
|
||||
service = NewServerService("metrics", svr, listener, paths, isTLS, ctx.log)
|
||||
default:
|
||||
ctx.log.Debug("Create Server Service (metrics) skipped")
|
||||
}
|
||||
|
||||
return service
|
||||
}
|
||||
|
||||
func svcWatcherUsersFunc(ctx *CmdCtx) (service Service) {
|
||||
var err error
|
||||
|
||||
if ctx.config.AuthenticationBackend.File != nil && ctx.config.AuthenticationBackend.File.Watch {
|
||||
provider := ctx.providers.UserProvider.(*authentication.FileUserProvider)
|
||||
|
||||
if service, err = NewFileWatcherService("users", ctx.config.AuthenticationBackend.File.Path, provider, ctx.log); err != nil {
|
||||
ctx.log.WithError(err).Fatal("Create Watcher Service (users) returned error")
|
||||
}
|
||||
}
|
||||
|
||||
return service
|
||||
}
|
||||
|
||||
func connectionType(isTLS bool) string {
|
||||
if isTLS {
|
||||
return "TLS"
|
||||
}
|
||||
|
||||
return "non-TLS"
|
||||
}
|
||||
|
||||
func servicesRun(ctx *CmdCtx) {
|
||||
cctx, cancel := context.WithCancel(ctx)
|
||||
|
||||
group, cctx := errgroup.WithContext(cctx)
|
||||
|
||||
defer cancel()
|
||||
|
||||
quit := make(chan os.Signal, 1)
|
||||
|
||||
signal.Notify(quit, syscall.SIGINT, syscall.SIGTERM)
|
||||
|
||||
defer signal.Stop(quit)
|
||||
|
||||
var (
|
||||
services []Service
|
||||
)
|
||||
|
||||
for _, serviceFunc := range []func(ctx *CmdCtx) Service{
|
||||
svcSvrMainFunc, svcSvrMetricsFunc,
|
||||
svcWatcherUsersFunc,
|
||||
} {
|
||||
if service := serviceFunc(ctx); service != nil {
|
||||
services = append(services, service)
|
||||
|
||||
group.Go(service.Run)
|
||||
}
|
||||
}
|
||||
|
||||
ctx.log.Info("Startup Complete")
|
||||
|
||||
select {
|
||||
case s := <-quit:
|
||||
switch s {
|
||||
case syscall.SIGINT:
|
||||
ctx.log.WithField("signal", "SIGINT").Debugf("Shutdown started due to signal")
|
||||
case syscall.SIGTERM:
|
||||
ctx.log.WithField("signal", "SIGTERM").Debugf("Shutdown started due to signal")
|
||||
}
|
||||
case <-cctx.Done():
|
||||
ctx.log.Debugf("Shutdown started due to context completion")
|
||||
}
|
||||
|
||||
cancel()
|
||||
|
||||
ctx.log.Infof("Shutting down")
|
||||
|
||||
wgShutdown := &sync.WaitGroup{}
|
||||
|
||||
for _, service := range services {
|
||||
go func() {
|
||||
service.Shutdown()
|
||||
|
||||
wgShutdown.Done()
|
||||
}()
|
||||
|
||||
wgShutdown.Add(1)
|
||||
}
|
||||
|
||||
wgShutdown.Wait()
|
||||
|
||||
var err error
|
||||
|
||||
if err = ctx.providers.StorageProvider.Close(); err != nil {
|
||||
ctx.log.WithError(err).Error("Error occurred closing database connections")
|
||||
}
|
||||
|
||||
if err = group.Wait(); err != nil {
|
||||
ctx.log.WithError(err).Errorf("Error occurred waiting for shutdown")
|
||||
}
|
||||
}
|
|
@ -83,12 +83,3 @@ const (
|
|||
tmplCSPSwaggerNonce = "default-src 'self'; img-src 'self' https://validator.swagger.io data:; object-src 'none'; script-src 'self' 'unsafe-inline' 'nonce-%s'; style-src 'self' 'nonce-%s'; base-uri 'self'"
|
||||
tmplCSPSwagger = "default-src 'self'; img-src 'self' https://validator.swagger.io data:; object-src 'none'; script-src 'self' 'unsafe-inline'; style-src 'self'; base-uri 'self'"
|
||||
)
|
||||
|
||||
const (
|
||||
connNonTLS = "non-TLS"
|
||||
connTLS = "TLS"
|
||||
)
|
||||
|
||||
const (
|
||||
fmtLogServerInit = "Initializing %s for %s connections on '%s' path '%s'"
|
||||
)
|
||||
|
|
|
@ -92,10 +92,10 @@ func handleNotFound(next fasthttp.RequestHandler) fasthttp.RequestHandler {
|
|||
}
|
||||
|
||||
//nolint:gocyclo
|
||||
func handleRouter(config schema.Configuration, providers middlewares.Providers) fasthttp.RequestHandler {
|
||||
func handleRouter(config *schema.Configuration, providers middlewares.Providers) fasthttp.RequestHandler {
|
||||
log := logging.Logger()
|
||||
|
||||
optsTemplatedFile := NewTemplatedFileOptions(&config)
|
||||
optsTemplatedFile := NewTemplatedFileOptions(config)
|
||||
|
||||
serveIndexHandler := ServeTemplatedFile(providers.Templates.GetAssetIndexTemplate(), optsTemplatedFile)
|
||||
serveOpenAPIHandler := ServeTemplatedOpenAPI(providers.Templates.GetAssetOpenAPIIndexTemplate(), optsTemplatedFile)
|
||||
|
@ -104,7 +104,7 @@ func handleRouter(config schema.Configuration, providers middlewares.Providers)
|
|||
handlerPublicHTML := newPublicHTMLEmbeddedHandler()
|
||||
handlerLocales := newLocalesEmbeddedHandler()
|
||||
|
||||
bridge := middlewares.NewBridgeBuilder(config, providers).
|
||||
bridge := middlewares.NewBridgeBuilder(*config, providers).
|
||||
WithPreMiddlewares(middlewares.SecurityHeaders).Build()
|
||||
|
||||
policyCORSPublicGET := middlewares.NewCORSPolicyBuilder().
|
||||
|
@ -141,16 +141,16 @@ func handleRouter(config schema.Configuration, providers middlewares.Providers)
|
|||
r.GET("/api/"+file, handlerPublicHTML)
|
||||
}
|
||||
|
||||
middlewareAPI := middlewares.NewBridgeBuilder(config, providers).
|
||||
middlewareAPI := middlewares.NewBridgeBuilder(*config, providers).
|
||||
WithPreMiddlewares(middlewares.SecurityHeaders, middlewares.SecurityHeadersNoStore, middlewares.SecurityHeadersCSPNone).
|
||||
Build()
|
||||
|
||||
middleware1FA := middlewares.NewBridgeBuilder(config, providers).
|
||||
middleware1FA := middlewares.NewBridgeBuilder(*config, providers).
|
||||
WithPreMiddlewares(middlewares.SecurityHeaders, middlewares.SecurityHeadersNoStore, middlewares.SecurityHeadersCSPNone).
|
||||
WithPostMiddlewares(middlewares.Require1FA).
|
||||
Build()
|
||||
|
||||
middleware2FA := middlewares.NewBridgeBuilder(config, providers).
|
||||
middleware2FA := middlewares.NewBridgeBuilder(*config, providers).
|
||||
WithPreMiddlewares(middlewares.SecurityHeaders, middlewares.SecurityHeadersNoStore, middlewares.SecurityHeadersCSPNone).
|
||||
WithPostMiddlewares(middlewares.Require2FAWithAPIResponse).
|
||||
Build()
|
||||
|
@ -167,7 +167,7 @@ func handleRouter(config schema.Configuration, providers middlewares.Providers)
|
|||
for name, endpoint := range config.Server.Endpoints.Authz {
|
||||
uri := path.Join(pathAuthz, name)
|
||||
|
||||
authz := handlers.NewAuthzBuilder().WithConfig(&config).WithEndpointConfig(endpoint).Build()
|
||||
authz := handlers.NewAuthzBuilder().WithConfig(config).WithEndpointConfig(endpoint).Build()
|
||||
|
||||
handler := middlewares.Wrap(metricsVRMW, bridge(authz.Handler))
|
||||
|
||||
|
@ -275,7 +275,7 @@ func handleRouter(config schema.Configuration, providers middlewares.Providers)
|
|||
}
|
||||
|
||||
if providers.OpenIDConnect != nil {
|
||||
bridgeOIDC := middlewares.NewBridgeBuilder(config, providers).WithPreMiddlewares(
|
||||
bridgeOIDC := middlewares.NewBridgeBuilder(*config, providers).WithPreMiddlewares(
|
||||
middlewares.SecurityHeaders, middlewares.SecurityHeadersCSPNoneOpenIDConnect, middlewares.SecurityHeadersNoStore,
|
||||
).Build()
|
||||
|
||||
|
|
|
@ -7,7 +7,6 @@ import (
|
|||
"net"
|
||||
"os"
|
||||
"strconv"
|
||||
"strings"
|
||||
|
||||
"github.com/sirupsen/logrus"
|
||||
"github.com/valyala/fasthttp"
|
||||
|
@ -18,9 +17,9 @@ import (
|
|||
)
|
||||
|
||||
// CreateDefaultServer Create Authelia's internal webserver with the given configuration and providers.
|
||||
func CreateDefaultServer(config schema.Configuration, providers middlewares.Providers) (server *fasthttp.Server, listener net.Listener, err error) {
|
||||
func CreateDefaultServer(config *schema.Configuration, providers middlewares.Providers) (server *fasthttp.Server, listener net.Listener, paths []string, isTLS bool, err error) {
|
||||
if err = providers.Templates.LoadTemplatedAssets(assets); err != nil {
|
||||
return nil, nil, fmt.Errorf("failed to load templated assets: %w", err)
|
||||
return nil, nil, nil, false, fmt.Errorf("failed to load templated assets: %w", err)
|
||||
}
|
||||
|
||||
server = &fasthttp.Server{
|
||||
|
@ -38,15 +37,14 @@ func CreateDefaultServer(config schema.Configuration, providers middlewares.Prov
|
|||
address := net.JoinHostPort(config.Server.Host, strconv.Itoa(config.Server.Port))
|
||||
|
||||
var (
|
||||
connectionType string
|
||||
connectionScheme string
|
||||
)
|
||||
|
||||
if config.Server.TLS.Certificate != "" && config.Server.TLS.Key != "" {
|
||||
connectionType, connectionScheme = connTLS, schemeHTTPS
|
||||
isTLS, connectionScheme = true, schemeHTTPS
|
||||
|
||||
if err = server.AppendCert(config.Server.TLS.Certificate, config.Server.TLS.Key); err != nil {
|
||||
return nil, nil, fmt.Errorf("unable to load tls server certificate '%s' or private key '%s': %w", config.Server.TLS.Certificate, config.Server.TLS.Key, err)
|
||||
return nil, nil, nil, false, fmt.Errorf("unable to load tls server certificate '%s' or private key '%s': %w", config.Server.TLS.Certificate, config.Server.TLS.Key, err)
|
||||
}
|
||||
|
||||
if len(config.Server.TLS.ClientCertificates) > 0 {
|
||||
|
@ -56,7 +54,7 @@ func CreateDefaultServer(config schema.Configuration, providers middlewares.Prov
|
|||
|
||||
for _, path := range config.Server.TLS.ClientCertificates {
|
||||
if cert, err = os.ReadFile(path); err != nil {
|
||||
return nil, nil, fmt.Errorf("unable to load tls client certificate '%s': %w", path, err)
|
||||
return nil, nil, nil, false, fmt.Errorf("unable to load tls client certificate '%s': %w", path, err)
|
||||
}
|
||||
|
||||
caCertPool.AppendCertsFromPEM(cert)
|
||||
|
@ -69,51 +67,51 @@ func CreateDefaultServer(config schema.Configuration, providers middlewares.Prov
|
|||
}
|
||||
|
||||
if listener, err = tls.Listen("tcp", address, server.TLSConfig.Clone()); err != nil {
|
||||
return nil, nil, fmt.Errorf("unable to initialize tcp listener: %w", err)
|
||||
return nil, nil, nil, false, fmt.Errorf("unable to initialize tcp listener: %w", err)
|
||||
}
|
||||
} else {
|
||||
connectionType, connectionScheme = connNonTLS, schemeHTTP
|
||||
connectionScheme = schemeHTTP
|
||||
|
||||
if listener, err = net.Listen("tcp", address); err != nil {
|
||||
return nil, nil, fmt.Errorf("unable to initialize tcp listener: %w", err)
|
||||
return nil, nil, nil, false, fmt.Errorf("unable to initialize tcp listener: %w", err)
|
||||
}
|
||||
}
|
||||
|
||||
if err = writeHealthCheckEnv(config.Server.DisableHealthcheck, connectionScheme, config.Server.Host,
|
||||
config.Server.Path, config.Server.Port); err != nil {
|
||||
return nil, nil, fmt.Errorf("unable to configure healthcheck: %w", err)
|
||||
return nil, nil, nil, false, fmt.Errorf("unable to configure healthcheck: %w", err)
|
||||
}
|
||||
|
||||
paths := []string{"/"}
|
||||
paths = []string{"/"}
|
||||
|
||||
if config.Server.Path != "" {
|
||||
paths = append(paths, config.Server.Path)
|
||||
}
|
||||
|
||||
logging.Logger().Infof(fmtLogServerInit, "server", connectionType, listener.Addr().String(), strings.Join(paths, "' and '"))
|
||||
|
||||
return server, listener, nil
|
||||
return server, listener, paths, isTLS, nil
|
||||
}
|
||||
|
||||
// CreateMetricsServer creates a metrics server.
|
||||
func CreateMetricsServer(config schema.TelemetryMetricsConfig) (server *fasthttp.Server, listener net.Listener, err error) {
|
||||
if listener, err = config.Address.Listener(); err != nil {
|
||||
return nil, nil, err
|
||||
func CreateMetricsServer(config *schema.Configuration, providers middlewares.Providers) (server *fasthttp.Server, listener net.Listener, paths []string, tls bool, err error) {
|
||||
if providers.Metrics == nil {
|
||||
return
|
||||
}
|
||||
|
||||
server = &fasthttp.Server{
|
||||
ErrorHandler: handleError(),
|
||||
NoDefaultServerHeader: true,
|
||||
Handler: handleMetrics(),
|
||||
ReadBufferSize: config.Buffers.Read,
|
||||
WriteBufferSize: config.Buffers.Write,
|
||||
ReadTimeout: config.Timeouts.Read,
|
||||
WriteTimeout: config.Timeouts.Write,
|
||||
IdleTimeout: config.Timeouts.Idle,
|
||||
ReadBufferSize: config.Telemetry.Metrics.Buffers.Read,
|
||||
WriteBufferSize: config.Telemetry.Metrics.Buffers.Write,
|
||||
ReadTimeout: config.Telemetry.Metrics.Timeouts.Read,
|
||||
WriteTimeout: config.Telemetry.Metrics.Timeouts.Write,
|
||||
IdleTimeout: config.Telemetry.Metrics.Timeouts.Idle,
|
||||
Logger: logging.LoggerPrintf(logrus.DebugLevel),
|
||||
}
|
||||
|
||||
logging.Logger().Infof(fmtLogServerInit, "server (metrics)", connNonTLS, listener.Addr().String(), "/metrics")
|
||||
|
||||
return server, listener, nil
|
||||
if listener, err = config.Telemetry.Metrics.Address.Listener(); err != nil {
|
||||
return nil, nil, nil, false, err
|
||||
}
|
||||
|
||||
return server, listener, []string{"/metrics"}, false, nil
|
||||
}
|
||||
|
|
|
@ -152,7 +152,7 @@ func NewTLSServerContext(configuration schema.Configuration) (serverContext *TLS
|
|||
return nil, err
|
||||
}
|
||||
|
||||
s, listener, err := CreateDefaultServer(configuration, providers)
|
||||
s, listener, _, _, err := CreateDefaultServer(&configuration, providers)
|
||||
|
||||
if err != nil {
|
||||
return nil, err
|
||||
|
|
|
@ -10,8 +10,8 @@ default_redirection_url: https://home.example.com:8080/
|
|||
server:
|
||||
port: 9091
|
||||
tls:
|
||||
certificate: /config/ssl/public.backend.crt
|
||||
key: /config/ssl/private.backend.pem
|
||||
certificate: /pki/public.backend.crt
|
||||
key: /pki/private.backend.pem
|
||||
|
||||
log:
|
||||
level: debug
|
||||
|
|
|
@ -4,5 +4,5 @@ services:
|
|||
authelia-backend:
|
||||
volumes:
|
||||
- './ActiveDirectory/configuration.yml:/config/configuration.yml:ro'
|
||||
- './common/pki:/config/ssl:ro'
|
||||
- './common/pki:/pki:ro'
|
||||
...
|
||||
|
|
|
@ -6,8 +6,8 @@
|
|||
server:
|
||||
port: 9091
|
||||
tls:
|
||||
certificate: /config/ssl/public.backend.crt
|
||||
key: /config/ssl/private.backend.pem
|
||||
certificate: /pki/public.backend.crt
|
||||
key: /pki/private.backend.pem
|
||||
|
||||
log:
|
||||
level: debug
|
||||
|
|
|
@ -5,5 +5,5 @@ services:
|
|||
volumes:
|
||||
- './BypassAll/configuration.yml:/config/configuration.yml:ro'
|
||||
- './BypassAll/users.yml:/config/users.yml'
|
||||
- './common/pki:/config/ssl:ro'
|
||||
- './common/pki:/pki:ro'
|
||||
...
|
||||
|
|
|
@ -6,8 +6,8 @@
|
|||
server:
|
||||
port: 9091
|
||||
tls:
|
||||
certificate: /config/ssl/public.backend.crt
|
||||
key: /config/ssl/private.backend.pem
|
||||
certificate: /pki/public.backend.crt
|
||||
key: /pki/private.backend.pem
|
||||
|
||||
log:
|
||||
level: debug
|
||||
|
|
|
@ -6,7 +6,7 @@ services:
|
|||
- './CLI/configuration.yml:/config/configuration.yml:ro'
|
||||
- './CLI/storage.yml:/config/configuration.storage.yml:ro'
|
||||
- './CLI/users.yml:/config/users.yml'
|
||||
- './common/pki:/config/ssl:ro'
|
||||
- './common/pki:/pki:ro'
|
||||
- '/tmp:/tmp'
|
||||
user: ${USER_ID}:${GROUP_ID}
|
||||
...
|
||||
|
|
|
@ -9,8 +9,8 @@ server:
|
|||
port: 9091
|
||||
asset_path: /config/assets/
|
||||
tls:
|
||||
certificate: /config/ssl/public.backend.crt
|
||||
key: /config/ssl/private.backend.pem
|
||||
certificate: /pki/public.backend.crt
|
||||
key: /pki/private.backend.pem
|
||||
endpoints:
|
||||
authz:
|
||||
caddy:
|
||||
|
|
|
@ -5,5 +5,5 @@ services:
|
|||
volumes:
|
||||
- './Caddy/configuration.yml:/config/configuration.yml:ro'
|
||||
- './Caddy/users.yml:/config/users.yml'
|
||||
- './common/pki:/config/ssl:ro'
|
||||
- './common/pki:/pki:ro'
|
||||
...
|
||||
|
|
|
@ -9,8 +9,8 @@ default_redirection_url: https://home.example.com:8080/
|
|||
server:
|
||||
port: 9091
|
||||
tls:
|
||||
certificate: /config/ssl/public.backend.crt
|
||||
key: /config/ssl/private.backend.pem
|
||||
certificate: /pki/public.backend.crt
|
||||
key: /pki/private.backend.pem
|
||||
|
||||
log:
|
||||
level: debug
|
||||
|
|
|
@ -5,5 +5,5 @@ services:
|
|||
volumes:
|
||||
- './Docker/configuration.yml:/config/configuration.yml:ro'
|
||||
- './Docker/users.yml:/config/users.yml'
|
||||
- './common/pki:/config/ssl:ro'
|
||||
- './common/pki:/pki:ro'
|
||||
...
|
||||
|
|
|
@ -9,8 +9,8 @@ default_redirection_url: https://home.example.com:8080/
|
|||
server:
|
||||
port: 9091
|
||||
tls:
|
||||
certificate: /config/ssl/public.backend.crt
|
||||
key: /config/ssl/private.backend.pem
|
||||
certificate: /pki/public.backend.crt
|
||||
key: /pki/private.backend.pem
|
||||
|
||||
log:
|
||||
level: trace
|
||||
|
|
|
@ -5,7 +5,7 @@ services:
|
|||
volumes:
|
||||
- './DuoPush/configuration.yml:/config/configuration.yml:ro'
|
||||
- './DuoPush/users.yml:/config/users.yml'
|
||||
- './common/pki:/config/ssl:ro'
|
||||
- './common/pki:/pki:ro'
|
||||
- '/tmp:/tmp'
|
||||
user: ${USER_ID}:${GROUP_ID}
|
||||
...
|
||||
|
|
|
@ -9,8 +9,8 @@ server:
|
|||
port: 9091
|
||||
asset_path: /config/assets/
|
||||
tls:
|
||||
certificate: /config/ssl/public.backend.crt
|
||||
key: /config/ssl/private.backend.pem
|
||||
certificate: /pki/public.backend.crt
|
||||
key: /pki/private.backend.pem
|
||||
endpoints:
|
||||
authz:
|
||||
ext-authz:
|
||||
|
|
|
@ -5,5 +5,5 @@ services:
|
|||
volumes:
|
||||
- './Envoy/configuration.yml:/config/configuration.yml:ro'
|
||||
- './Envoy/users.yml:/config/users.yml'
|
||||
- './common/pki:/config/ssl:ro'
|
||||
- './common/pki:/pki:ro'
|
||||
...
|
||||
|
|
|
@ -8,8 +8,8 @@ jwt_secret: unsecure_secret
|
|||
server:
|
||||
port: 9091
|
||||
tls:
|
||||
certificate: /config/ssl/public.backend.crt
|
||||
key: /config/ssl/private.backend.pem
|
||||
certificate: /pki/public.backend.crt
|
||||
key: /pki/private.backend.pem
|
||||
|
||||
log:
|
||||
level: debug
|
||||
|
|
|
@ -5,5 +5,5 @@ services:
|
|||
volumes:
|
||||
- './HAProxy/configuration.yml:/config/configuration.yml:ro'
|
||||
- './HAProxy/users.yml:/config/users.yml'
|
||||
- './common/pki:/config/ssl:ro'
|
||||
- './common/pki:/pki:ro'
|
||||
...
|
||||
|
|
|
@ -8,8 +8,8 @@ jwt_secret: unsecure_secret
|
|||
server:
|
||||
port: 9091
|
||||
tls:
|
||||
certificate: /config/ssl/public.backend.crt
|
||||
key: /config/ssl/private.backend.pem
|
||||
certificate: /pki/public.backend.crt
|
||||
key: /pki/private.backend.pem
|
||||
|
||||
log:
|
||||
level: debug
|
||||
|
|
|
@ -4,5 +4,5 @@ services:
|
|||
authelia-backend:
|
||||
volumes:
|
||||
- './HighAvailability/configuration.yml:/config/configuration.yml:ro'
|
||||
- './common/pki:/config/ssl:ro'
|
||||
- './common/pki:/pki:ro'
|
||||
...
|
||||
|
|
|
@ -10,8 +10,8 @@ default_redirection_url: https://home.example.com:8080/
|
|||
server:
|
||||
port: 9091
|
||||
tls:
|
||||
certificate: /config/ssl/public.backend.crt
|
||||
key: /config/ssl/private.backend.pem
|
||||
certificate: /pki/public.backend.crt
|
||||
key: /pki/private.backend.pem
|
||||
|
||||
log:
|
||||
level: debug
|
||||
|
|
|
@ -4,5 +4,5 @@ services:
|
|||
authelia-backend:
|
||||
volumes:
|
||||
- './LDAP/configuration.yml:/config/configuration.yml:ro'
|
||||
- './common/pki:/config/ssl:ro'
|
||||
- './common/pki:/pki:ro'
|
||||
...
|
||||
|
|
|
@ -9,8 +9,8 @@ default_redirection_url: https://home.example.com:8080/
|
|||
server:
|
||||
port: 9091
|
||||
tls:
|
||||
certificate: /config/ssl/public.backend.crt
|
||||
key: /config/ssl/private.backend.pem
|
||||
certificate: /pki/public.backend.crt
|
||||
key: /pki/private.backend.pem
|
||||
|
||||
log:
|
||||
level: debug
|
||||
|
|
|
@ -5,5 +5,5 @@ services:
|
|||
volumes:
|
||||
- './MariaDB/configuration.yml:/config/configuration.yml:ro'
|
||||
- './MariaDB/users.yml:/config/users.yml'
|
||||
- './common/pki:/config/ssl:ro'
|
||||
- './common/pki:/pki:ro'
|
||||
...
|
||||
|
|
|
@ -9,8 +9,8 @@ theme: auto
|
|||
server:
|
||||
port: 9091
|
||||
tls:
|
||||
certificate: /config/ssl/public.backend.crt
|
||||
key: /config/ssl/private.backend.pem
|
||||
certificate: /pki/public.backend.crt
|
||||
key: /pki/private.backend.pem
|
||||
|
||||
telemetry:
|
||||
metrics:
|
||||
|
|
|
@ -5,5 +5,5 @@ services:
|
|||
volumes:
|
||||
- './MultiCookieDomain/configuration.yml:/config/configuration.yml:ro'
|
||||
- './MultiCookieDomain/users.yml:/config/users.yml'
|
||||
- './common/pki:/config/ssl:ro'
|
||||
- './common/pki:/pki:ro'
|
||||
...
|
||||
|
|
|
@ -6,8 +6,8 @@
|
|||
server:
|
||||
port: 9091
|
||||
tls:
|
||||
certificate: /config/ssl/public.backend.crt
|
||||
key: /config/ssl/private.backend.pem
|
||||
certificate: /pki/public.backend.crt
|
||||
key: /pki/private.backend.pem
|
||||
|
||||
log:
|
||||
level: debug
|
||||
|
|
|
@ -5,5 +5,5 @@ services:
|
|||
volumes:
|
||||
- './MySQL/configuration.yml:/config/configuration.yml:ro'
|
||||
- './MySQL/users.yml:/config/users.yml'
|
||||
- './common/pki:/config/ssl:ro'
|
||||
- './common/pki:/pki:ro'
|
||||
...
|
||||
|
|
|
@ -6,8 +6,8 @@
|
|||
server:
|
||||
port: 9091
|
||||
tls:
|
||||
certificate: /config/ssl/public.backend.crt
|
||||
key: /config/ssl/private.backend.pem
|
||||
certificate: /pki/public.backend.crt
|
||||
key: /pki/private.backend.pem
|
||||
|
||||
log:
|
||||
level: debug
|
||||
|
|
|
@ -5,5 +5,5 @@ services:
|
|||
volumes:
|
||||
- './NetworkACL/configuration.yml:/config/configuration.yml:ro'
|
||||
- './NetworkACL/users.yml:/config/users.yml'
|
||||
- './common/pki:/config/ssl:ro'
|
||||
- './common/pki:/pki:ro'
|
||||
...
|
||||
|
|
|
@ -2,8 +2,8 @@
|
|||
server:
|
||||
port: 9091
|
||||
tls:
|
||||
certificate: /config/ssl/public.backend.crt
|
||||
key: /config/ssl/private.backend.pem
|
||||
certificate: /pki/public.backend.crt
|
||||
key: /pki/private.backend.pem
|
||||
|
||||
log:
|
||||
level: debug
|
||||
|
@ -64,72 +64,6 @@ identity_providers:
|
|||
oidc:
|
||||
enable_client_debug_messages: true
|
||||
hmac_secret: IVPWBkAdJHje3uz7LtFTDU2pFUfh39Xm
|
||||
issuer_certificate_chain: |
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIC6DCCAdCgAwIBAgIRAIxvm0gFgsbh3D22rSZLuFQwDQYJKoZIhvcNAQELBQAw
|
||||
EzERMA8GA1UEChMIQXV0aGVsaWEwIBcNMjIxMDAyMDAzMDQyWhgPMjEyMjA5MDgw
|
||||
MDMwNDJaMBMxETAPBgNVBAoTCEF1dGhlbGlhMIIBIjANBgkqhkiG9w0BAQEFAAOC
|
||||
AQ8AMIIBCgKCAQEAy71EOkV3jOpVQtVTH5HYcI4PryUCiAEyxAIuO+66gaAa4aCd
|
||||
UCRr8iO/pt5nOwPxjPo+hMHhkcKpX7evj+wgYXAccpIQFSCYWTJkaXFL0jL7yFuE
|
||||
5xpjgRM/x6FfK0IbN5WmVWO9EjesbyMCyDoYpjwzIrxnB70F9Y0nrXst1SnW/Sy0
|
||||
01BQZNzD1tky1KDvEkw7L5mMPZFZMr5wV+ELvbo1LLvvrGYhhzbXWk7pPbxT0gAa
|
||||
7yVvQbDKuCDqssAUyQa2JdlDaQocpldtK6l+dc3IsSWKd2UMouta75ngr9E1igy3
|
||||
t7owMRqH8NjwKHt6KQeDVSdBnWNjG572vaRimQIDAQABozUwMzAOBgNVHQ8BAf8E
|
||||
BAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADANBgkqhkiG
|
||||
9w0BAQsFAAOCAQEAaZJ09yGa+DGr/iTqshGdPKNCtcf/CXCkL52xiI7DzLxDt30P
|
||||
8vCuXXrrTGBY7eWYupcNy/MyqaUrz1ED+map3nQzZQBJ9vWIfr01B9phkg/WSaNJ
|
||||
1DlYtbPYzr86BlGP1V5d3Wv6JqF3tkWHI0kI38CT68fWdDKrfa5j3JdZGIVJW+51
|
||||
U0IE3Nqhfc76YzwQ3sNX5FT2Fr55RowH+l5OBPk0Bcztq58XmyPR/bvPfDASt8iS
|
||||
DBT+0iiDiwk6LvOkasL8p7nuh5Grc9LMEYXY/QMUbkIWhIVRFlqyJA9s8vGHx1D4
|
||||
96iYKudj+yvO17Szzr/NNmcwETbCs4j6P6QeiA==
|
||||
-----END CERTIFICATE-----
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDBTCCAe2gAwIBAgIQAK/NIAl3Bdg4Xk0y/ZGL7jANBgkqhkiG9w0BAQsFADAT
|
||||
MREwDwYDVQQKEwhBdXRoZWxpYTAgFw0yMjEwMDIwMDMwMjFaGA8yMTIyMDkwODAw
|
||||
MzAyMVowEzERMA8GA1UEChMIQXV0aGVsaWEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
|
||||
DwAwggEKAoIBAQCg7jdO1HmydfkPzTtz57pvAS3YOdBT0hlNjJ4N2lrKhNnixrzK
|
||||
+4R1dWQDP2SHbZQ0TskF8eQ8HhTr7AsApotTthJFkUgV2g+bv7wVroz0Hok5xtd4
|
||||
bnpOvG3YUCP13Nk3ZVxdQXqR3/G3MrbyiXVPcgU+0giJ8EBykbtMu8L79/1iyk+m
|
||||
w4fZfzTOeorRgspO3z3+pTAib2MCTA7bby1dX9qI/ysFPLdbJYfNQDxij8SzNLyJ
|
||||
EkQ4kh3jKXf1VcZjbQTtYTZ3JJDqM08OxGMKuXUxPHd72Xlb+Fzql8LjYdEy/YKA
|
||||
3r8FMf14lzcjvxtLnFXh//hiXh4+xgXMkrLZAgMBAAGjUzBRMA4GA1UdDwEB/wQE
|
||||
AwICpDAPBgNVHSUECDAGBgRVHSUAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE
|
||||
FGKpXiZA+8VQyMBqTTep+dVTthSbMA0GCSqGSIb3DQEBCwUAA4IBAQAE4DJg+Rb4
|
||||
iiocvxxQ85lhh94ql++E8MKuzIdN7ORs+ybUnsDD1WFDebubroTQuTSBkFrNuGNJ
|
||||
8B7NZsHiWWLvNsrnxxeC5CicqfhSDti0rKWsbGyeoq7Kqok5E4pwOzeRsxL2e/Hm
|
||||
G6LsUQuQMUG2vxKNynqmJS4VpgSVkiGhUfURFuRRDuRpVQ/XTl7jDIGf/ls7TAZq
|
||||
1AnmnSi4Cqy4hrTnwYUYkFCcH69onUKAoaVNl1eAH7ogxakz32WyWObY98NBrjzA
|
||||
I6VQlaQNSHtdFqDpu7NWJZZZSgN4BknbMYQEPNYCm701cPB4ahJbpg5C3pVPFSql
|
||||
Bc9iI6nN3PCr
|
||||
-----END CERTIFICATE-----
|
||||
issuer_private_key: |
|
||||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEowIBAAKCAQEAy71EOkV3jOpVQtVTH5HYcI4PryUCiAEyxAIuO+66gaAa4aCd
|
||||
UCRr8iO/pt5nOwPxjPo+hMHhkcKpX7evj+wgYXAccpIQFSCYWTJkaXFL0jL7yFuE
|
||||
5xpjgRM/x6FfK0IbN5WmVWO9EjesbyMCyDoYpjwzIrxnB70F9Y0nrXst1SnW/Sy0
|
||||
01BQZNzD1tky1KDvEkw7L5mMPZFZMr5wV+ELvbo1LLvvrGYhhzbXWk7pPbxT0gAa
|
||||
7yVvQbDKuCDqssAUyQa2JdlDaQocpldtK6l+dc3IsSWKd2UMouta75ngr9E1igy3
|
||||
t7owMRqH8NjwKHt6KQeDVSdBnWNjG572vaRimQIDAQABAoIBAA/EhhM8bRQqzo5t
|
||||
lBFNaELNu8kCRD/iV9tzj8BzqVt+2JW9qG8bYn9K5Po1HCglFfyjIVOE7cAqIJGX
|
||||
1a59x8PCuXDkfPolm6TLkZnXeta5u2K2MoLwN+M1aio5AvSGGTUkD8tr/KX8SQwQ
|
||||
2ZZFaML0xcBadF7U8jEey4NRlSp5/voiIAB+FrJHepZBz2XJYCX5s2vYLPMn+51R
|
||||
1HyO0n2aQ9H1Na8aBjTfAp9GDKJWBV3bSM7cVaLGlMFj/HNXUNVnSsVsJj0tdWKz
|
||||
K6r9zPskLnS+eNjCgqrOtZSqJ7M3PL0/PoTFPrr1Fevr+soKWCaPF94Ib94O9SEq
|
||||
scvP3kECgYEA0HBdGab0HjcZgFtsIaMm+eBcDhUmUrvMPUw6FmspKnc8wplscONW
|
||||
wrDGhR0dpT8+aAMD5jFC2pvyHjI5AWkW+53LB15j6SVzUlUMfS3VTwE2prLtDHDs
|
||||
nCDW2+fXY2kjv45efZGpMGbLJVePx2RCPzUlAlc14lzxnHgpo7eho1cCgYEA+jpi
|
||||
Eo/Jqa5CNd4hrXqFxZTFtU2Mn38ZKI3QK/l47/347yHLebjsYIIwJRoHenxWxNlz
|
||||
Y+BZ38vkP+f9BGAVGiRcyMmIJU0X305wKwl26Y2Q/tEm2OpwmDboD2pL9byi9vfY
|
||||
bz7pQGK/l9j86KofRwVJJRLsofPI1SsjnC8c448CgYAkpg0IjJ1RjriSJADwLSKW
|
||||
PseQxlE1rMVtZbC07mSPjeWGBbnWY3KGytQs5YCn5GXRne4alEC/9Tlt68CwKc0b
|
||||
spPXGNaSUL5lFIUcoWlm+bylNMKPNG+1x+RfR/VMCll5vcuJYooP85L2Xt3t3gfz
|
||||
2yFFtxXHVjY5H7uaiJgIAwKBgQDvkGXEj5TqtsL8/6YOiHb6Kuz+Hzi6mtxjTyI2
|
||||
d6mpWuWxTBGaf8kOvJWLb9gpFFGeNPGcdXaWJIZqCJjcT4Dkflu2f/uwepaYXGhX
|
||||
S8Bk6fwfee5PTmRt1mNmHsaKhgcfmznDh9+YnPIBVuULe5RmUlEtBWk3xEZKj/qP
|
||||
1Ss7UQKBgAwZQz+h5Z/XOJH3Qs5nJBKAZUiYkj3ux7G6tjx0cz7XcUYd/6enBpkY
|
||||
JeqVHB6G+bMRLwb+Hc5Vgpbd5GdaUWo8udaghHgSGPUVcn0lK38XhYek6ACGz7Lo
|
||||
xEfgtKoBlUq+uPb8H05HY0t9KybA3LA5wkRYYnJ17/nkZtrrJAmX
|
||||
-----END RSA PRIVATE KEY-----
|
||||
clients:
|
||||
- id: oidc-tester-app
|
||||
secret: foobar
|
||||
|
|
|
@ -2,9 +2,11 @@
|
|||
version: '3'
|
||||
services:
|
||||
authelia-backend:
|
||||
environment:
|
||||
AUTHELIA_IDENTITY_PROVIDERS_OIDC_ISSUER_CERTIFICATE_CHAIN_FILE: /pki/public.oidc.bundle.crt
|
||||
AUTHELIA_IDENTITY_PROVIDERS_OIDC_ISSUER_PRIVATE_KEY_FILE: /pki/private.oidc.pem
|
||||
volumes:
|
||||
- './OIDC/configuration.yml:/config/configuration.yml:ro'
|
||||
- './OIDC/users.yml:/config/users.yml'
|
||||
- './OIDC/keypair/key.pem:/config/issuer.pem:ro'
|
||||
- './common/pki:/config/ssl:ro'
|
||||
- './common/pki:/pki:ro'
|
||||
...
|
||||
|
|
|
@ -1,27 +0,0 @@
|
|||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEogIBAAKCAQEAvOFmoEJFt1JkfdlwM3vJFg5rrY9d6LyyqezjZkBZDQ4qdEEU
|
||||
dCrbW8ISFTtg9sfbrS3qingUzVP9VOfYPMC3r0ugjJXjhvJdBSaoLlzL3saeyrXk
|
||||
frOOvkcWKzeOynqUNPhKy9dchmuLALFfd/Jy7Wzq0y7XxGeNidEmFjMAf9dwf6/+
|
||||
PjQjbG7zBFu/XSajITPHlDXPVDd0j2qw2wu5Z9iqn4LRXnAFnC438hZZKZU/+JxU
|
||||
2ezr6Sefiy8XTC2kDiq3cgLeEjSywlJOs+4TLjVS/3h75sh2Wk0xVaSwjPEjCOgm
|
||||
a+2E3GJrGdQBiAjMSu101VBVwHUHaLDCn1T4NwIDAQABAoIBADWkupXnXI99Ogc4
|
||||
GxK0JF88Rz6qyhwQg5mZKthejCwWCt6roRiBF33O933KOHa+OljMAqHDCv1pzjgw
|
||||
BIz0mvaRPw7OfylTajHNUdShDFHADVc7I6MMcgz+eYBarhY5jCAjKHMOPjv7DSZs
|
||||
OdYCKLvfxC2oTyV714n9uZhyccDcvQpkgZuBDL0oxPom1GOI8TGhPjxvFOovEHWA
|
||||
Q8q9XY4cUVNDikZmvpgeUkJHWYHYb+11vKeSupnYD03yJ3sDy+F6+m+3/XmzFbXb
|
||||
1p43ermHQsMfDlxPyulUUI0viSo2UhlMC/moAb9FusOv+dTl2lt0gGqzDJ9gg1z1
|
||||
XpHRnwkCgYEA5x48dyxd4lydtVYef9sBmbLJEYozsYyOwLcnrLSNaZxeCza1exyR
|
||||
QIRogswoLDacxrYvO8FY6LtAEMkisv732M29zthBPm5wyoSZiM1X2YfQXKsmyh2h
|
||||
x1/yCWv/BQjj68A8IAxToaXxSG4WAr/X00RGUkXgkgw122FxcmGuFyUCgYEA0TcR
|
||||
dnt/oRMK4aCZHcBgTknzDfxKlJh4S0C9WjxKgr8IlW4LTeVSBuuqOObOQYImEhtw
|
||||
TRTKZIViL0roDF79cioQSp1Tk5h6uy8wr6VyhWRnWfTz2/azoTHnmQ780rtAuEI/
|
||||
NvE6FiqwikJLjma1YJoRfr/bfmgMdxcYbJI1MSsCgYAEZ5Yda1IKu1siFpcUNrdM
|
||||
F5UvaWPc0WHzGEqARxye06UTL6K7yuqVwTBAteVaGlxYiSZTTDcGkHMDHuIzaRqO
|
||||
HjWs2IA90VsC8Q4ABnHTKnx1F6nwlin8I774IP/GN8ooNwyuS63YWdJEYBy5RrC1
|
||||
TQrODJjgD62DFdNUq7nmpQKBgFMJEzI+Q+KPJ0NztTG8t7x61y/W0Vb2yM+9Syn0
|
||||
QfJwlZyRR4VMHelHQZFB8dzIJgoLv9+n/8gztEtm5IB8dwUHst2aYaBz5UpDqYQd
|
||||
Gz3cIrTuZpcH7DVvFCeIbknJLh+zk1lgFpjTqqvFMi27kANeQtFWnmwmKcRec0As
|
||||
K1ZvAoGAV/3YB44/zIoB590+yhpx2HTmDPVHH+J+5O71Pi1D9W13ClBFLrE69wo+
|
||||
IQLIstBI5tGOGeuQNjXhDKJ1U30xppZXcnebrkA+oOo+6dy20zghFR2maAGXfWFU
|
||||
pM4GsSnSTm0bXPebVouQFqhj7LqcQQzCqRDThmw/Lp1tJUmu40g=
|
||||
-----END RSA PRIVATE KEY-----
|
|
@ -1,9 +0,0 @@
|
|||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvOFmoEJFt1JkfdlwM3vJ
|
||||
Fg5rrY9d6LyyqezjZkBZDQ4qdEEUdCrbW8ISFTtg9sfbrS3qingUzVP9VOfYPMC3
|
||||
r0ugjJXjhvJdBSaoLlzL3saeyrXkfrOOvkcWKzeOynqUNPhKy9dchmuLALFfd/Jy
|
||||
7Wzq0y7XxGeNidEmFjMAf9dwf6/+PjQjbG7zBFu/XSajITPHlDXPVDd0j2qw2wu5
|
||||
Z9iqn4LRXnAFnC438hZZKZU/+JxU2ezr6Sefiy8XTC2kDiq3cgLeEjSywlJOs+4T
|
||||
LjVS/3h75sh2Wk0xVaSwjPEjCOgma+2E3GJrGdQBiAjMSu101VBVwHUHaLDCn1T4
|
||||
NwIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
|
@ -2,8 +2,8 @@
|
|||
server:
|
||||
port: 9091
|
||||
tls:
|
||||
certificate: /config/ssl/public.backend.crt
|
||||
key: /config/ssl/private.backend.pem
|
||||
certificate: /pki/public.backend.crt
|
||||
key: /pki/private.backend.pem
|
||||
|
||||
log:
|
||||
level: debug
|
||||
|
@ -65,72 +65,6 @@ identity_providers:
|
|||
oidc:
|
||||
enable_client_debug_messages: true
|
||||
hmac_secret: IVPWBkAdJHje3uz7LtFTDU2pFUfh39Xm
|
||||
issuer_certificate_chain: |
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIC6DCCAdCgAwIBAgIRAIxvm0gFgsbh3D22rSZLuFQwDQYJKoZIhvcNAQELBQAw
|
||||
EzERMA8GA1UEChMIQXV0aGVsaWEwIBcNMjIxMDAyMDAzMDQyWhgPMjEyMjA5MDgw
|
||||
MDMwNDJaMBMxETAPBgNVBAoTCEF1dGhlbGlhMIIBIjANBgkqhkiG9w0BAQEFAAOC
|
||||
AQ8AMIIBCgKCAQEAy71EOkV3jOpVQtVTH5HYcI4PryUCiAEyxAIuO+66gaAa4aCd
|
||||
UCRr8iO/pt5nOwPxjPo+hMHhkcKpX7evj+wgYXAccpIQFSCYWTJkaXFL0jL7yFuE
|
||||
5xpjgRM/x6FfK0IbN5WmVWO9EjesbyMCyDoYpjwzIrxnB70F9Y0nrXst1SnW/Sy0
|
||||
01BQZNzD1tky1KDvEkw7L5mMPZFZMr5wV+ELvbo1LLvvrGYhhzbXWk7pPbxT0gAa
|
||||
7yVvQbDKuCDqssAUyQa2JdlDaQocpldtK6l+dc3IsSWKd2UMouta75ngr9E1igy3
|
||||
t7owMRqH8NjwKHt6KQeDVSdBnWNjG572vaRimQIDAQABozUwMzAOBgNVHQ8BAf8E
|
||||
BAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADANBgkqhkiG
|
||||
9w0BAQsFAAOCAQEAaZJ09yGa+DGr/iTqshGdPKNCtcf/CXCkL52xiI7DzLxDt30P
|
||||
8vCuXXrrTGBY7eWYupcNy/MyqaUrz1ED+map3nQzZQBJ9vWIfr01B9phkg/WSaNJ
|
||||
1DlYtbPYzr86BlGP1V5d3Wv6JqF3tkWHI0kI38CT68fWdDKrfa5j3JdZGIVJW+51
|
||||
U0IE3Nqhfc76YzwQ3sNX5FT2Fr55RowH+l5OBPk0Bcztq58XmyPR/bvPfDASt8iS
|
||||
DBT+0iiDiwk6LvOkasL8p7nuh5Grc9LMEYXY/QMUbkIWhIVRFlqyJA9s8vGHx1D4
|
||||
96iYKudj+yvO17Szzr/NNmcwETbCs4j6P6QeiA==
|
||||
-----END CERTIFICATE-----
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDBTCCAe2gAwIBAgIQAK/NIAl3Bdg4Xk0y/ZGL7jANBgkqhkiG9w0BAQsFADAT
|
||||
MREwDwYDVQQKEwhBdXRoZWxpYTAgFw0yMjEwMDIwMDMwMjFaGA8yMTIyMDkwODAw
|
||||
MzAyMVowEzERMA8GA1UEChMIQXV0aGVsaWEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
|
||||
DwAwggEKAoIBAQCg7jdO1HmydfkPzTtz57pvAS3YOdBT0hlNjJ4N2lrKhNnixrzK
|
||||
+4R1dWQDP2SHbZQ0TskF8eQ8HhTr7AsApotTthJFkUgV2g+bv7wVroz0Hok5xtd4
|
||||
bnpOvG3YUCP13Nk3ZVxdQXqR3/G3MrbyiXVPcgU+0giJ8EBykbtMu8L79/1iyk+m
|
||||
w4fZfzTOeorRgspO3z3+pTAib2MCTA7bby1dX9qI/ysFPLdbJYfNQDxij8SzNLyJ
|
||||
EkQ4kh3jKXf1VcZjbQTtYTZ3JJDqM08OxGMKuXUxPHd72Xlb+Fzql8LjYdEy/YKA
|
||||
3r8FMf14lzcjvxtLnFXh//hiXh4+xgXMkrLZAgMBAAGjUzBRMA4GA1UdDwEB/wQE
|
||||
AwICpDAPBgNVHSUECDAGBgRVHSUAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE
|
||||
FGKpXiZA+8VQyMBqTTep+dVTthSbMA0GCSqGSIb3DQEBCwUAA4IBAQAE4DJg+Rb4
|
||||
iiocvxxQ85lhh94ql++E8MKuzIdN7ORs+ybUnsDD1WFDebubroTQuTSBkFrNuGNJ
|
||||
8B7NZsHiWWLvNsrnxxeC5CicqfhSDti0rKWsbGyeoq7Kqok5E4pwOzeRsxL2e/Hm
|
||||
G6LsUQuQMUG2vxKNynqmJS4VpgSVkiGhUfURFuRRDuRpVQ/XTl7jDIGf/ls7TAZq
|
||||
1AnmnSi4Cqy4hrTnwYUYkFCcH69onUKAoaVNl1eAH7ogxakz32WyWObY98NBrjzA
|
||||
I6VQlaQNSHtdFqDpu7NWJZZZSgN4BknbMYQEPNYCm701cPB4ahJbpg5C3pVPFSql
|
||||
Bc9iI6nN3PCr
|
||||
-----END CERTIFICATE-----
|
||||
issuer_private_key: |
|
||||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEowIBAAKCAQEAy71EOkV3jOpVQtVTH5HYcI4PryUCiAEyxAIuO+66gaAa4aCd
|
||||
UCRr8iO/pt5nOwPxjPo+hMHhkcKpX7evj+wgYXAccpIQFSCYWTJkaXFL0jL7yFuE
|
||||
5xpjgRM/x6FfK0IbN5WmVWO9EjesbyMCyDoYpjwzIrxnB70F9Y0nrXst1SnW/Sy0
|
||||
01BQZNzD1tky1KDvEkw7L5mMPZFZMr5wV+ELvbo1LLvvrGYhhzbXWk7pPbxT0gAa
|
||||
7yVvQbDKuCDqssAUyQa2JdlDaQocpldtK6l+dc3IsSWKd2UMouta75ngr9E1igy3
|
||||
t7owMRqH8NjwKHt6KQeDVSdBnWNjG572vaRimQIDAQABAoIBAA/EhhM8bRQqzo5t
|
||||
lBFNaELNu8kCRD/iV9tzj8BzqVt+2JW9qG8bYn9K5Po1HCglFfyjIVOE7cAqIJGX
|
||||
1a59x8PCuXDkfPolm6TLkZnXeta5u2K2MoLwN+M1aio5AvSGGTUkD8tr/KX8SQwQ
|
||||
2ZZFaML0xcBadF7U8jEey4NRlSp5/voiIAB+FrJHepZBz2XJYCX5s2vYLPMn+51R
|
||||
1HyO0n2aQ9H1Na8aBjTfAp9GDKJWBV3bSM7cVaLGlMFj/HNXUNVnSsVsJj0tdWKz
|
||||
K6r9zPskLnS+eNjCgqrOtZSqJ7M3PL0/PoTFPrr1Fevr+soKWCaPF94Ib94O9SEq
|
||||
scvP3kECgYEA0HBdGab0HjcZgFtsIaMm+eBcDhUmUrvMPUw6FmspKnc8wplscONW
|
||||
wrDGhR0dpT8+aAMD5jFC2pvyHjI5AWkW+53LB15j6SVzUlUMfS3VTwE2prLtDHDs
|
||||
nCDW2+fXY2kjv45efZGpMGbLJVePx2RCPzUlAlc14lzxnHgpo7eho1cCgYEA+jpi
|
||||
Eo/Jqa5CNd4hrXqFxZTFtU2Mn38ZKI3QK/l47/347yHLebjsYIIwJRoHenxWxNlz
|
||||
Y+BZ38vkP+f9BGAVGiRcyMmIJU0X305wKwl26Y2Q/tEm2OpwmDboD2pL9byi9vfY
|
||||
bz7pQGK/l9j86KofRwVJJRLsofPI1SsjnC8c448CgYAkpg0IjJ1RjriSJADwLSKW
|
||||
PseQxlE1rMVtZbC07mSPjeWGBbnWY3KGytQs5YCn5GXRne4alEC/9Tlt68CwKc0b
|
||||
spPXGNaSUL5lFIUcoWlm+bylNMKPNG+1x+RfR/VMCll5vcuJYooP85L2Xt3t3gfz
|
||||
2yFFtxXHVjY5H7uaiJgIAwKBgQDvkGXEj5TqtsL8/6YOiHb6Kuz+Hzi6mtxjTyI2
|
||||
d6mpWuWxTBGaf8kOvJWLb9gpFFGeNPGcdXaWJIZqCJjcT4Dkflu2f/uwepaYXGhX
|
||||
S8Bk6fwfee5PTmRt1mNmHsaKhgcfmznDh9+YnPIBVuULe5RmUlEtBWk3xEZKj/qP
|
||||
1Ss7UQKBgAwZQz+h5Z/XOJH3Qs5nJBKAZUiYkj3ux7G6tjx0cz7XcUYd/6enBpkY
|
||||
JeqVHB6G+bMRLwb+Hc5Vgpbd5GdaUWo8udaghHgSGPUVcn0lK38XhYek6ACGz7Lo
|
||||
xEfgtKoBlUq+uPb8H05HY0t9KybA3LA5wkRYYnJ17/nkZtrrJAmX
|
||||
-----END RSA PRIVATE KEY-----
|
||||
clients:
|
||||
- id: oidc-tester-app
|
||||
secret: foobar
|
||||
|
|
|
@ -2,9 +2,11 @@
|
|||
version: '3'
|
||||
services:
|
||||
authelia-backend:
|
||||
environment:
|
||||
AUTHELIA_IDENTITY_PROVIDERS_OIDC_ISSUER_CERTIFICATE_CHAIN_FILE: /pki/public.oidc.bundle.crt
|
||||
AUTHELIA_IDENTITY_PROVIDERS_OIDC_ISSUER_PRIVATE_KEY_FILE: /pki/private.oidc.pem
|
||||
volumes:
|
||||
- './OIDCTraefik/configuration.yml:/config/configuration.yml:ro'
|
||||
- './OIDCTraefik/users.yml:/config/users.yml'
|
||||
- './OIDCTraefik/keypair/key.pem:/config/issuer.pem:ro'
|
||||
- './common/pki:/config/ssl:ro'
|
||||
- './common/pki:/pki:ro'
|
||||
...
|
||||
|
|
|
@ -1,27 +0,0 @@
|
|||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEogIBAAKCAQEAvOFmoEJFt1JkfdlwM3vJFg5rrY9d6LyyqezjZkBZDQ4qdEEU
|
||||
dCrbW8ISFTtg9sfbrS3qingUzVP9VOfYPMC3r0ugjJXjhvJdBSaoLlzL3saeyrXk
|
||||
frOOvkcWKzeOynqUNPhKy9dchmuLALFfd/Jy7Wzq0y7XxGeNidEmFjMAf9dwf6/+
|
||||
PjQjbG7zBFu/XSajITPHlDXPVDd0j2qw2wu5Z9iqn4LRXnAFnC438hZZKZU/+JxU
|
||||
2ezr6Sefiy8XTC2kDiq3cgLeEjSywlJOs+4TLjVS/3h75sh2Wk0xVaSwjPEjCOgm
|
||||
a+2E3GJrGdQBiAjMSu101VBVwHUHaLDCn1T4NwIDAQABAoIBADWkupXnXI99Ogc4
|
||||
GxK0JF88Rz6qyhwQg5mZKthejCwWCt6roRiBF33O933KOHa+OljMAqHDCv1pzjgw
|
||||
BIz0mvaRPw7OfylTajHNUdShDFHADVc7I6MMcgz+eYBarhY5jCAjKHMOPjv7DSZs
|
||||
OdYCKLvfxC2oTyV714n9uZhyccDcvQpkgZuBDL0oxPom1GOI8TGhPjxvFOovEHWA
|
||||
Q8q9XY4cUVNDikZmvpgeUkJHWYHYb+11vKeSupnYD03yJ3sDy+F6+m+3/XmzFbXb
|
||||
1p43ermHQsMfDlxPyulUUI0viSo2UhlMC/moAb9FusOv+dTl2lt0gGqzDJ9gg1z1
|
||||
XpHRnwkCgYEA5x48dyxd4lydtVYef9sBmbLJEYozsYyOwLcnrLSNaZxeCza1exyR
|
||||
QIRogswoLDacxrYvO8FY6LtAEMkisv732M29zthBPm5wyoSZiM1X2YfQXKsmyh2h
|
||||
x1/yCWv/BQjj68A8IAxToaXxSG4WAr/X00RGUkXgkgw122FxcmGuFyUCgYEA0TcR
|
||||
dnt/oRMK4aCZHcBgTknzDfxKlJh4S0C9WjxKgr8IlW4LTeVSBuuqOObOQYImEhtw
|
||||
TRTKZIViL0roDF79cioQSp1Tk5h6uy8wr6VyhWRnWfTz2/azoTHnmQ780rtAuEI/
|
||||
NvE6FiqwikJLjma1YJoRfr/bfmgMdxcYbJI1MSsCgYAEZ5Yda1IKu1siFpcUNrdM
|
||||
F5UvaWPc0WHzGEqARxye06UTL6K7yuqVwTBAteVaGlxYiSZTTDcGkHMDHuIzaRqO
|
||||
HjWs2IA90VsC8Q4ABnHTKnx1F6nwlin8I774IP/GN8ooNwyuS63YWdJEYBy5RrC1
|
||||
TQrODJjgD62DFdNUq7nmpQKBgFMJEzI+Q+KPJ0NztTG8t7x61y/W0Vb2yM+9Syn0
|
||||
QfJwlZyRR4VMHelHQZFB8dzIJgoLv9+n/8gztEtm5IB8dwUHst2aYaBz5UpDqYQd
|
||||
Gz3cIrTuZpcH7DVvFCeIbknJLh+zk1lgFpjTqqvFMi27kANeQtFWnmwmKcRec0As
|
||||
K1ZvAoGAV/3YB44/zIoB590+yhpx2HTmDPVHH+J+5O71Pi1D9W13ClBFLrE69wo+
|
||||
IQLIstBI5tGOGeuQNjXhDKJ1U30xppZXcnebrkA+oOo+6dy20zghFR2maAGXfWFU
|
||||
pM4GsSnSTm0bXPebVouQFqhj7LqcQQzCqRDThmw/Lp1tJUmu40g=
|
||||
-----END RSA PRIVATE KEY-----
|
|
@ -1,9 +0,0 @@
|
|||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvOFmoEJFt1JkfdlwM3vJ
|
||||
Fg5rrY9d6LyyqezjZkBZDQ4qdEEUdCrbW8ISFTtg9sfbrS3qingUzVP9VOfYPMC3
|
||||
r0ugjJXjhvJdBSaoLlzL3saeyrXkfrOOvkcWKzeOynqUNPhKy9dchmuLALFfd/Jy
|
||||
7Wzq0y7XxGeNidEmFjMAf9dwf6/+PjQjbG7zBFu/XSajITPHlDXPVDd0j2qw2wu5
|
||||
Z9iqn4LRXnAFnC438hZZKZU/+JxU2ezr6Sefiy8XTC2kDiq3cgLeEjSywlJOs+4T
|
||||
LjVS/3h75sh2Wk0xVaSwjPEjCOgma+2E3GJrGdQBiAjMSu101VBVwHUHaLDCn1T4
|
||||
NwIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
|
@ -9,8 +9,8 @@ default_redirection_url: https://home.example.com:8080/
|
|||
server:
|
||||
port: 9091
|
||||
tls:
|
||||
certificate: /config/ssl/public.backend.crt
|
||||
key: /config/ssl/private.backend.pem
|
||||
certificate: /pki/public.backend.crt
|
||||
key: /pki/private.backend.pem
|
||||
|
||||
log:
|
||||
level: debug
|
||||
|
|
|
@ -5,5 +5,5 @@ services:
|
|||
volumes:
|
||||
- './OneFactorOnly/configuration.yml:/config/configuration.yml:ro'
|
||||
- './OneFactorOnly/users.yml:/config/users.yml'
|
||||
- './common/pki:/config/ssl:ro'
|
||||
- './common/pki:/pki:ro'
|
||||
...
|
||||
|
|
|
@ -9,8 +9,8 @@ server:
|
|||
port: 9091
|
||||
path: auth
|
||||
tls:
|
||||
certificate: /config/ssl/public.backend.crt
|
||||
key: /config/ssl/private.backend.pem
|
||||
certificate: /pki/public.backend.crt
|
||||
key: /pki/private.backend.pem
|
||||
|
||||
log:
|
||||
level: debug
|
||||
|
|
|
@ -5,5 +5,5 @@ services:
|
|||
volumes:
|
||||
- './PathPrefix/configuration.yml:/config/configuration.yml:ro'
|
||||
- './PathPrefix/users.yml:/config/users.yml'
|
||||
- './common/pki:/config/ssl:ro'
|
||||
- './common/pki:/pki:ro'
|
||||
...
|
||||
|
|
|
@ -9,8 +9,8 @@ default_redirection_url: https://home.example.com:8080/
|
|||
server:
|
||||
port: 9091
|
||||
tls:
|
||||
certificate: /config/ssl/public.backend.crt
|
||||
key: /config/ssl/private.backend.pem
|
||||
certificate: /pki/public.backend.crt
|
||||
key: /pki/private.backend.pem
|
||||
|
||||
log:
|
||||
level: debug
|
||||
|
|
|
@ -5,5 +5,5 @@ services:
|
|||
volumes:
|
||||
- './Postgres/configuration.yml:/config/configuration.yml:ro'
|
||||
- './Postgres/users.yml:/config/users.yml'
|
||||
- './common/pki:/config/ssl:ro'
|
||||
- './common/pki:/pki:ro'
|
||||
...
|
||||
|
|
|
@ -9,8 +9,8 @@ default_redirection_url: https://home.example.com:8080/
|
|||
server:
|
||||
port: 9091
|
||||
tls:
|
||||
certificate: /config/ssl/public.backend.crt
|
||||
key: /config/ssl/private.backend.pem
|
||||
certificate: /pki/public.backend.crt
|
||||
key: /pki/private.backend.pem
|
||||
|
||||
log:
|
||||
level: debug
|
||||
|
|
|
@ -5,5 +5,5 @@ services:
|
|||
volumes:
|
||||
- './ShortTimeouts/configuration.yml:/config/configuration.yml:ro'
|
||||
- './ShortTimeouts/users.yml:/config/users.yml'
|
||||
- './common/pki:/config/ssl:ro'
|
||||
- './common/pki:/pki:ro'
|
||||
...
|
||||
|
|
|
@ -8,8 +8,8 @@ theme: auto
|
|||
server:
|
||||
port: 9091
|
||||
tls:
|
||||
certificate: /config/ssl/public.backend.crt
|
||||
key: /config/ssl/private.backend.pem
|
||||
certificate: /pki/public.backend.crt
|
||||
key: /pki/private.backend.pem
|
||||
|
||||
telemetry:
|
||||
metrics:
|
||||
|
|
|
@ -8,7 +8,7 @@ services:
|
|||
volumes:
|
||||
- './Standalone/configuration.yml:/config/configuration.yml:ro'
|
||||
- './Standalone/users.yml:/config/users.yml'
|
||||
- './common/pki:/config/ssl:ro'
|
||||
- './common/pki:/pki:ro'
|
||||
- '/tmp:/tmp'
|
||||
user: ${USER_ID}:${GROUP_ID}
|
||||
...
|
||||
|
|
|
@ -9,8 +9,8 @@ server:
|
|||
port: 9091
|
||||
asset_path: /config/assets/
|
||||
tls:
|
||||
certificate: /config/ssl/public.backend.crt
|
||||
key: /config/ssl/private.backend.pem
|
||||
certificate: /pki/public.backend.crt
|
||||
key: /pki/private.backend.pem
|
||||
|
||||
log:
|
||||
level: debug
|
||||
|
|
|
@ -5,5 +5,5 @@ services:
|
|||
volumes:
|
||||
- './Traefik/configuration.yml:/config/configuration.yml:ro'
|
||||
- './Traefik/users.yml:/config/users.yml'
|
||||
- './common/pki:/config/ssl:ro'
|
||||
- './common/pki:/pki:ro'
|
||||
...
|
||||
|
|
|
@ -9,8 +9,8 @@ server:
|
|||
port: 9091
|
||||
asset_path: /config/assets/
|
||||
tls:
|
||||
certificate: /config/ssl/public.backend.crt
|
||||
key: /config/ssl/private.backend.pem
|
||||
certificate: /pki/public.backend.crt
|
||||
key: /pki/private.backend.pem
|
||||
endpoints:
|
||||
authz:
|
||||
forward-auth:
|
||||
|
|
|
@ -7,5 +7,5 @@ services:
|
|||
- './Traefik2/users.yml:/config/users.yml'
|
||||
- './Traefik2/favicon.ico:/config/assets/favicon.ico'
|
||||
- './Traefik2/logo.png:/config/assets/logo.png'
|
||||
- './common/pki:/config/ssl:ro'
|
||||
- './common/pki:/pki:ro'
|
||||
...
|
||||
|
|
|
@ -0,0 +1,21 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIDhTCCAm2gAwIBAgIRAPl83YWFsuwIwxBRmdJyLLQwDQYJKoZIhvcNAQELBQAw
|
||||
WzERMA8GA1UEChMIQXV0aGVsaWExFDASBgNVBAsTC0RldmVsb3BtZW50MTAwLgYD
|
||||
VQQDEydBdXRoZWxpYSBEZXZlbG9wbWVudCBTdGFuZGFsb25lIFJvb3QgQ0EwIBcN
|
||||
MDAwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMFsxETAPBgNVBAoTCEF1dGhl
|
||||
bGlhMRQwEgYDVQQLEwtEZXZlbG9wbWVudDEwMC4GA1UEAxMnQXV0aGVsaWEgRGV2
|
||||
ZWxvcG1lbnQgU3RhbmRhbG9uZSBSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOC
|
||||
AQ8AMIIBCgKCAQEA2RtD74ISXHruAIIkIRTLGf5VK0b7iN5+CPW8qWjg74PCnid1
|
||||
3DOqVCZ3HSXMP0iaH5rd+WAYojQo5Z1uZ75tXgzYjt6tyXG5H1nN1fkmjkHyNORP
|
||||
abOZtngVaixvlT/hsONXszFdqogXhhI4DtEo0lvxJcnOHER4QVylM4YgDMF85jXi
|
||||
VD893Y6Luik9B6FXLVK9iAJ5MfvD/r8kEPLsDTl2u/Ye0q4igVDJq9tOtb2enhlz
|
||||
HtipYhzzNwEzQwy3tjzP9xpQG6XE6/JW20gQaBvoRBN64DMgRlh1/8ZVyYE8v/B1
|
||||
vRVpSgmyCdDJeaRYZ6J+hO3LXBXU20CVZsM5VQIDAQABo0IwQDAOBgNVHQ8BAf8E
|
||||
BAMCAqQwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUlrBVtyTWJQWRimLeZXr2
|
||||
mrOzy2gwDQYJKoZIhvcNAQELBQADggEBAKXjAw5v8VTM6EDiUvR8XdiikYkycAG/
|
||||
hcEt+QLkkBb72+tUNYbr57YJeJuqQcaPTBUQrIXsID8JV5dQJFfyIG2s3G0iuN70
|
||||
W4fSRPqsSBIcyOK+2APLjkYV8qwLdh03Lyll4SZo7PCK8ItemsIK1NWhd74N49fm
|
||||
+a8eyY5bgfA0FMkjY/ts4gAnYExGRoLOQRu/CgOvBlj2KQUrSNptze1rNlP32b63
|
||||
eUv1wf/ajK2TxI1pQgkeu2lM3Tyu7q7J4UVn0UY0wtZvHtw2+UBGKZB3ok6ejBy2
|
||||
HMjgLGuayGjhyUN8zRkuSvBynuI2wGhIlHklEbaQW5oFKbniXRqdzc4=
|
||||
-----END CERTIFICATE-----
|
|
@ -1,5 +1,7 @@
|
|||
#!/bin/bash
|
||||
|
||||
go run ./cmd/authelia crypto certificate rsa generate --directory ./internal/suites/common/pki -n 'Authelia Development Standalone Root CA' --not-before 'Jan 1 00:00:00 2000' --not-after 'Jan 1 00:00:00 2100' -o 'Authelia' --organizational-unit 'Development' --ca
|
||||
go run ./cmd/authelia crypto certificate rsa generate --directory ./internal/suites/common/pki --path.ca ./internal/suites/common/pki/ -n '*.example.com' --sans '*.example.com,example.com' --not-before 'Jan 1 00:00:00 2000' --not-after 'Jan 1 00:00:00 2100' -o 'Authelia' --organizational-unit 'Development' --bundle
|
||||
go run ./cmd/authelia crypto certificate rsa generate --directory ./internal/suites/common/pki --path.ca ./internal/suites/common/pki/ --file.certificate public.backend.crt --file.certificate-bundle public.backend.bundle.crt --file.private-key private.backend.pem -n 'login.example.com' --sans 'login.example.com,authelia' --not-before 'Jan 1 00:00:00 2000' --not-after 'Jan 1 00:00:00 2100' -o 'Authelia' --organizational-unit 'Development' --bundle
|
||||
# go run ./cmd/authelia crypto certificate rsa generate --directory ./internal/suites/common/pki/ca -n 'Authelia Development Standalone Root CA' --not-before 'Jan 1 00:00:00 2000' --not-after 'Jan 1 00:00:00 2100' -o 'Authelia' --organizational-unit 'Development' --ca
|
||||
# cp ./internal/suites/common/pki/ca/ca.public.crt ./internal/suites/common/pki/ca.public.crt
|
||||
go run ./cmd/authelia crypto certificate rsa generate --directory ./internal/suites/common/pki --path.ca ./internal/suites/common/pki/ca -n '*.example.com' --sans '*.example.com,example.com' --not-before 'Jan 1 00:00:00 2000' --not-after 'Jan 1 00:00:00 2100' -o 'Authelia' --organizational-unit 'Development' --bundle
|
||||
go run ./cmd/authelia crypto certificate rsa generate --directory ./internal/suites/common/pki --path.ca ./internal/suites/common/pki/ca --file.certificate public.backend.crt --file.certificate-bundle public.backend.bundle.crt --file.private-key private.backend.pem -n 'login.example.com' --sans 'login.example.com,authelia' --not-before 'Jan 1 00:00:00 2000' --not-after 'Jan 1 00:00:00 2100' -o 'Authelia' --organizational-unit 'Development' --bundle
|
||||
go run ./cmd/authelia crypto certificate rsa generate --directory ./internal/suites/common/pki --path.ca ./internal/suites/common/pki/ca --file.certificate public.oidc.crt --file.certificate-bundle public.oidc.bundle.crt --file.private-key private.oidc.pem -n 'login.example.com' --sans 'login.example.com,login.example1.com,login.example2.com,login.example3,com' --not-before 'Jan 1 00:00:00 2000' --not-after 'Jan 1 00:00:00 2100' -o 'Authelia' --organizational-unit 'Development' --bundle
|
||||
|
|
|
@ -0,0 +1,27 @@
|
|||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEowIBAAKCAQEA0x+u2Kkd1VZGkj7FDwgoXQp0fx1mx5VXd2VEJN9yYTXzlNRZ
|
||||
Taw8WrOcud7hsBPw3DkhbCjEzvw0Ee+DjwtSCotKbtsBwjyLCegjluPHKUvsVNYZ
|
||||
m19TxYY2erx7gohdEcmCGnpWSPRUAKBasIfpM0q6LXG70o8vTuKS82Ub++Sgl1Pa
|
||||
kRL/e/KBUYFZksGEMK1oiPiOtRoJF+vUhRf46ZBg3aZ/HLNvcT5TAMgRRws+K3ek
|
||||
C5+h5oXFexUosj2DCxcjTbsL7C5nqfR3jwmjrBaGN8KnloEDvC84+OsN/nE2PLa5
|
||||
c1kTlRCvKd0gmRuucOKsJ6zvYf/hAqp/WCj1MQIDAQABAoIBAAOHCP3XvYbd/Sne
|
||||
YJ6CrWH4lb+19wyooyB8kanoDdov85TuA1v3375IN/snDTBK9QBI+BT9jWRD9H7E
|
||||
OLeAIevJLgIyKJJdPpl4xndz8NTwzs8QELd23Uh0mJ5uXcXtj1iHvGPC3YQ0iN7F
|
||||
zx4Z9zyDKB8wQkofWFQCFyB39QK9ZGDW4ZstVb57fS62SuqFPW/rO2qSpsuUUwgy
|
||||
Z2P2NqoqtqLIyw3qbsJCArzGoHuMCtjKDYenf8wJxORAsAGAREj71w2bQ20cMMIA
|
||||
w30jgoXtEC9zS2BOb3mUBHiDOKnn4vwlNd7wiLPdZIGP75G4EkI4AHLhJQ1a5YuF
|
||||
8E6V9AECgYEA1LSQVdWggvHTQnj5PHr5k7+YkL/MeIvOkLW5s0r7Lt3x45bAFaQh
|
||||
XVZIXrynv62IZmTzCPwOwrXGJJieT0Ctom0XHgtp8nu7Okxk4AISRfjy7J03EXsJ
|
||||
cS508IJ1B3HZepGvVwp+geJ0r9JmQ19JqZsJ7VENYoPKtYRZ9aV7CUECgYEA/hi1
|
||||
Yw2FcSBk/kXVlcWvKtohY6NISgI5U1Kp7T16ZH3anpew6WwQ3GfueVet714BdwaZ
|
||||
knqiiMvaTAOG66KYHCzRBSeXOozT/0N9AfKqS1y7xW+mR2nUrAiWCL95uZpB9SxE
|
||||
3gylWULV4/+wlF006tEcJ5qiXymAAYv+wEg+f/ECgYBu2XLm6J/v3esFF1p8RHJQ
|
||||
p2bw+KOspt+N1sbiQ09IC26F9wg/vvuMUu0AQj0BzYPqKO3nXsSqgGS0qbzG/KQA
|
||||
o+2KQNSEBCt8pFdlzm6LfMPMv9n1CDPRgi57MOGgcZqvH8FLETMAqW26O2ID9mLD
|
||||
OwMfZEAfeSNpGYJwXD8UgQKBgQC+0k1+Csx47YwKzOUeqivncZL7occLFWp5oa3N
|
||||
ZYsB5uYEjgSk96wd6ctUwzzzc1SET6eLMp/XPcg9p7RuR1gWaK28QkQ3C0W2ALfj
|
||||
e5raJ9U366YjIV4+p+AMx8chVLBN8CXz3+lZBHFe3Ul90hWIduu+7kkcUC06fCkf
|
||||
u+F78QKBgFajhBPESe344ixG/fASpsVe2Yg14SgYCeWkinOe856zABY8dkfWWBIq
|
||||
KX2eq1WJXErHWDuuNPP3Jol1CouqqHseqYQ+SaOhlHdoGws70bsIvBHrtj7NiEQZ
|
||||
HFLhEk+OnnG+wJ1jQ5cseA4kbTuPjEL0NNVk7OSndiuxnnDbe91R
|
||||
-----END RSA PRIVATE KEY-----
|
|
@ -0,0 +1,44 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIID3zCCAsegAwIBAgIQZjmlbZI+QaeqQpApxA2eDjANBgkqhkiG9w0BAQsFADBb
|
||||
MREwDwYDVQQKEwhBdXRoZWxpYTEUMBIGA1UECxMLRGV2ZWxvcG1lbnQxMDAuBgNV
|
||||
BAMTJ0F1dGhlbGlhIERldmVsb3BtZW50IFN0YW5kYWxvbmUgUm9vdCBDQTAgFw0w
|
||||
MDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowRTERMA8GA1UEChMIQXV0aGVs
|
||||
aWExFDASBgNVBAsTC0RldmVsb3BtZW50MRowGAYDVQQDExFsb2dpbi5leGFtcGxl
|
||||
LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANMfrtipHdVWRpI+
|
||||
xQ8IKF0KdH8dZseVV3dlRCTfcmE185TUWU2sPFqznLne4bAT8Nw5IWwoxM78NBHv
|
||||
g48LUgqLSm7bAcI8iwnoI5bjxylL7FTWGZtfU8WGNnq8e4KIXRHJghp6Vkj0VACg
|
||||
WrCH6TNKui1xu9KPL07ikvNlG/vkoJdT2pES/3vygVGBWZLBhDCtaIj4jrUaCRfr
|
||||
1IUX+OmQYN2mfxyzb3E+UwDIEUcLPit3pAufoeaFxXsVKLI9gwsXI027C+wuZ6n0
|
||||
d48Jo6wWhjfCp5aBA7wvOPjrDf5xNjy2uXNZE5UQryndIJkbrnDirCes72H/4QKq
|
||||
f1go9TECAwEAAaOBsjCBrzAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYB
|
||||
BQUHAwEwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBSWsFW3JNYlBZGKYt5levaa
|
||||
s7PLaDBZBgNVHREEUjBQghFsb2dpbi5leGFtcGxlLmNvbYISbG9naW4uZXhhbXBs
|
||||
ZTEuY29tghJsb2dpbi5leGFtcGxlMi5jb22CDmxvZ2luLmV4YW1wbGUzggNjb20w
|
||||
DQYJKoZIhvcNAQELBQADggEBAH46LB6fFF+5dbFhEa8rsDX17oZPVsIMHi+vhmMh
|
||||
aS5IACOpmc3q/yyhZelNwB/MRzlPziQwpqwr9B5SQ9UOBvZDuv9ESXYHlVHSIGo9
|
||||
+3Ax9fvxLVpF3E62whr+d8YHjXE85UgUKaDAWYCAVB7fkY7WfyS3t8IxgJVa+oMZ
|
||||
sLeI4YmheKdgRZsE+83VcNUVuGhsh3R5NKFo46tonpbdx13Eg2k3IInKAkZmTA5D
|
||||
YoPfPTDbd1BOC+h2C0s+guUyoG1Fi5DzS/x8xNoRcZ7/fkdcboAXa8dlVZeqGRky
|
||||
ddYggjZYnqGaD9qKFAox4EqkCYB1XwNeUPUapdvGICC7UGc=
|
||||
-----END CERTIFICATE-----
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDhTCCAm2gAwIBAgIRAPl83YWFsuwIwxBRmdJyLLQwDQYJKoZIhvcNAQELBQAw
|
||||
WzERMA8GA1UEChMIQXV0aGVsaWExFDASBgNVBAsTC0RldmVsb3BtZW50MTAwLgYD
|
||||
VQQDEydBdXRoZWxpYSBEZXZlbG9wbWVudCBTdGFuZGFsb25lIFJvb3QgQ0EwIBcN
|
||||
MDAwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMFsxETAPBgNVBAoTCEF1dGhl
|
||||
bGlhMRQwEgYDVQQLEwtEZXZlbG9wbWVudDEwMC4GA1UEAxMnQXV0aGVsaWEgRGV2
|
||||
ZWxvcG1lbnQgU3RhbmRhbG9uZSBSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOC
|
||||
AQ8AMIIBCgKCAQEA2RtD74ISXHruAIIkIRTLGf5VK0b7iN5+CPW8qWjg74PCnid1
|
||||
3DOqVCZ3HSXMP0iaH5rd+WAYojQo5Z1uZ75tXgzYjt6tyXG5H1nN1fkmjkHyNORP
|
||||
abOZtngVaixvlT/hsONXszFdqogXhhI4DtEo0lvxJcnOHER4QVylM4YgDMF85jXi
|
||||
VD893Y6Luik9B6FXLVK9iAJ5MfvD/r8kEPLsDTl2u/Ye0q4igVDJq9tOtb2enhlz
|
||||
HtipYhzzNwEzQwy3tjzP9xpQG6XE6/JW20gQaBvoRBN64DMgRlh1/8ZVyYE8v/B1
|
||||
vRVpSgmyCdDJeaRYZ6J+hO3LXBXU20CVZsM5VQIDAQABo0IwQDAOBgNVHQ8BAf8E
|
||||
BAMCAqQwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUlrBVtyTWJQWRimLeZXr2
|
||||
mrOzy2gwDQYJKoZIhvcNAQELBQADggEBAKXjAw5v8VTM6EDiUvR8XdiikYkycAG/
|
||||
hcEt+QLkkBb72+tUNYbr57YJeJuqQcaPTBUQrIXsID8JV5dQJFfyIG2s3G0iuN70
|
||||
W4fSRPqsSBIcyOK+2APLjkYV8qwLdh03Lyll4SZo7PCK8ItemsIK1NWhd74N49fm
|
||||
+a8eyY5bgfA0FMkjY/ts4gAnYExGRoLOQRu/CgOvBlj2KQUrSNptze1rNlP32b63
|
||||
eUv1wf/ajK2TxI1pQgkeu2lM3Tyu7q7J4UVn0UY0wtZvHtw2+UBGKZB3ok6ejBy2
|
||||
HMjgLGuayGjhyUN8zRkuSvBynuI2wGhIlHklEbaQW5oFKbniXRqdzc4=
|
||||
-----END CERTIFICATE-----
|
|
@ -0,0 +1,23 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIID3zCCAsegAwIBAgIQZjmlbZI+QaeqQpApxA2eDjANBgkqhkiG9w0BAQsFADBb
|
||||
MREwDwYDVQQKEwhBdXRoZWxpYTEUMBIGA1UECxMLRGV2ZWxvcG1lbnQxMDAuBgNV
|
||||
BAMTJ0F1dGhlbGlhIERldmVsb3BtZW50IFN0YW5kYWxvbmUgUm9vdCBDQTAgFw0w
|
||||
MDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowRTERMA8GA1UEChMIQXV0aGVs
|
||||
aWExFDASBgNVBAsTC0RldmVsb3BtZW50MRowGAYDVQQDExFsb2dpbi5leGFtcGxl
|
||||
LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANMfrtipHdVWRpI+
|
||||
xQ8IKF0KdH8dZseVV3dlRCTfcmE185TUWU2sPFqznLne4bAT8Nw5IWwoxM78NBHv
|
||||
g48LUgqLSm7bAcI8iwnoI5bjxylL7FTWGZtfU8WGNnq8e4KIXRHJghp6Vkj0VACg
|
||||
WrCH6TNKui1xu9KPL07ikvNlG/vkoJdT2pES/3vygVGBWZLBhDCtaIj4jrUaCRfr
|
||||
1IUX+OmQYN2mfxyzb3E+UwDIEUcLPit3pAufoeaFxXsVKLI9gwsXI027C+wuZ6n0
|
||||
d48Jo6wWhjfCp5aBA7wvOPjrDf5xNjy2uXNZE5UQryndIJkbrnDirCes72H/4QKq
|
||||
f1go9TECAwEAAaOBsjCBrzAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYB
|
||||
BQUHAwEwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBSWsFW3JNYlBZGKYt5levaa
|
||||
s7PLaDBZBgNVHREEUjBQghFsb2dpbi5leGFtcGxlLmNvbYISbG9naW4uZXhhbXBs
|
||||
ZTEuY29tghJsb2dpbi5leGFtcGxlMi5jb22CDmxvZ2luLmV4YW1wbGUzggNjb20w
|
||||
DQYJKoZIhvcNAQELBQADggEBAH46LB6fFF+5dbFhEa8rsDX17oZPVsIMHi+vhmMh
|
||||
aS5IACOpmc3q/yyhZelNwB/MRzlPziQwpqwr9B5SQ9UOBvZDuv9ESXYHlVHSIGo9
|
||||
+3Ax9fvxLVpF3E62whr+d8YHjXE85UgUKaDAWYCAVB7fkY7WfyS3t8IxgJVa+oMZ
|
||||
sLeI4YmheKdgRZsE+83VcNUVuGhsh3R5NKFo46tonpbdx13Eg2k3IInKAkZmTA5D
|
||||
YoPfPTDbd1BOC+h2C0s+guUyoG1Fi5DzS/x8xNoRcZ7/fkdcboAXa8dlVZeqGRky
|
||||
ddYggjZYnqGaD9qKFAox4EqkCYB1XwNeUPUapdvGICC7UGc=
|
||||
-----END CERTIFICATE-----
|
|
@ -42,7 +42,7 @@ func waitUntilAutheliaBackendIsReady(dockerEnvironment *DockerEnvironment) error
|
|||
90*time.Second,
|
||||
dockerEnvironment,
|
||||
"authelia-backend",
|
||||
[]string{"Initializing server for"})
|
||||
[]string{"Startup Complete"})
|
||||
}
|
||||
|
||||
func waitUntilAutheliaFrontendIsReady(dockerEnvironment *DockerEnvironment) error {
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
FROM alpine:3.17.1
|
||||
FROM alpine:3.17.2
|
||||
|
||||
RUN \
|
||||
apk add --no-cache \
|
||||
|
|
|
@ -33,7 +33,7 @@ spec:
|
|||
mountPath: /config/configuration.yml
|
||||
readOnly: true
|
||||
- name: authelia-ssl
|
||||
mountPath: /config/ssl
|
||||
mountPath: /pki
|
||||
readOnly: true
|
||||
- name: secrets
|
||||
mountPath: /config/secrets
|
||||
|
|
|
@ -8,8 +8,8 @@ default_redirection_url: https://home.example.com:8080
|
|||
server:
|
||||
port: 443
|
||||
tls:
|
||||
certificate: /config/ssl/public.backend.crt
|
||||
key: /config/ssl/private.backend.pem
|
||||
certificate: /pki/public.backend.crt
|
||||
key: /pki/private.backend.pem
|
||||
|
||||
log:
|
||||
level: debug
|
||||
|
|
|
@ -54,7 +54,7 @@ func TestShouldNotReturnErrWhenX509DirectoryExist(t *testing.T) {
|
|||
func TestShouldReadCertsFromDirectoryButNotKeys(t *testing.T) {
|
||||
pool, warnings, errors := NewX509CertPool("../suites/common/pki/")
|
||||
assert.NotNil(t, pool)
|
||||
require.Len(t, errors, 2)
|
||||
require.Len(t, errors, 3)
|
||||
|
||||
if runtime.GOOS == "windows" {
|
||||
require.Len(t, warnings, 1)
|
||||
|
@ -64,7 +64,8 @@ func TestShouldReadCertsFromDirectoryButNotKeys(t *testing.T) {
|
|||
}
|
||||
|
||||
assert.EqualError(t, errors[0], "could not import certificate private.backend.pem")
|
||||
assert.EqualError(t, errors[1], "could not import certificate private.pem")
|
||||
assert.EqualError(t, errors[1], "could not import certificate private.oidc.pem")
|
||||
assert.EqualError(t, errors[2], "could not import certificate private.pem")
|
||||
}
|
||||
|
||||
func TestShouldGenerateCertificateAndPersistIt(t *testing.T) {
|
||||
|
|
Loading…
Reference in New Issue