refactor(suites): use pki for oidc (#4913)
James Elliott
GitHub
parent
8e4b660f15
commit
a0758bb4ba
|
|
@ -25,3 +25,5 @@ authelia-image-dev.tar
|
|||
|
||||
/authelia
|
||||
__debug_bin
|
||||
|
||||
internal/suites/common/pki/ca/ca.private.pem
|
||||
|
|
|
|||
|
|
@ -10,8 +10,8 @@ default_redirection_url: https://home.example.com:8080/
|
|||
server:
|
||||
port: 9091
|
||||
tls:
|
||||
certificate: /config/ssl/public.backend.crt
|
||||
key: /config/ssl/private.backend.pem
|
||||
certificate: /pki/public.backend.crt
|
||||
key: /pki/private.backend.pem
|
||||
|
||||
log:
|
||||
level: debug
|
||||
|
|
|
|||
|
|
@ -4,5 +4,5 @@ services:
|
|||
authelia-backend:
|
||||
volumes:
|
||||
- './ActiveDirectory/configuration.yml:/config/configuration.yml:ro'
|
||||
- './common/pki:/config/ssl:ro'
|
||||
- './common/pki:/pki:ro'
|
||||
...
|
||||
|
|
|
|||
|
|
@ -6,8 +6,8 @@
|
|||
server:
|
||||
port: 9091
|
||||
tls:
|
||||
certificate: /config/ssl/public.backend.crt
|
||||
key: /config/ssl/private.backend.pem
|
||||
certificate: /pki/public.backend.crt
|
||||
key: /pki/private.backend.pem
|
||||
|
||||
log:
|
||||
level: debug
|
||||
|
|
|
|||
|
|
@ -5,5 +5,5 @@ services:
|
|||
volumes:
|
||||
- './BypassAll/configuration.yml:/config/configuration.yml:ro'
|
||||
- './BypassAll/users.yml:/config/users.yml'
|
||||
- './common/pki:/config/ssl:ro'
|
||||
- './common/pki:/pki:ro'
|
||||
...
|
||||
|
|
|
|||
|
|
@ -6,8 +6,8 @@
|
|||
server:
|
||||
port: 9091
|
||||
tls:
|
||||
certificate: /config/ssl/public.backend.crt
|
||||
key: /config/ssl/private.backend.pem
|
||||
certificate: /pki/public.backend.crt
|
||||
key: /pki/private.backend.pem
|
||||
|
||||
log:
|
||||
level: debug
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@ services:
|
|||
- './CLI/configuration.yml:/config/configuration.yml:ro'
|
||||
- './CLI/storage.yml:/config/configuration.storage.yml:ro'
|
||||
- './CLI/users.yml:/config/users.yml'
|
||||
- './common/pki:/config/ssl:ro'
|
||||
- './common/pki:/pki:ro'
|
||||
- '/tmp:/tmp'
|
||||
user: ${USER_ID}:${GROUP_ID}
|
||||
...
|
||||
|
|
|
|||
|
|
@ -9,8 +9,8 @@ server:
|
|||
port: 9091
|
||||
asset_path: /config/assets/
|
||||
tls:
|
||||
certificate: /config/ssl/public.backend.crt
|
||||
key: /config/ssl/private.backend.pem
|
||||
certificate: /pki/public.backend.crt
|
||||
key: /pki/private.backend.pem
|
||||
endpoints:
|
||||
authz:
|
||||
caddy:
|
||||
|
|
|
|||
|
|
@ -5,5 +5,5 @@ services:
|
|||
volumes:
|
||||
- './Caddy/configuration.yml:/config/configuration.yml:ro'
|
||||
- './Caddy/users.yml:/config/users.yml'
|
||||
- './common/pki:/config/ssl:ro'
|
||||
- './common/pki:/pki:ro'
|
||||
...
|
||||
|
|
|
|||
|
|
@ -9,8 +9,8 @@ default_redirection_url: https://home.example.com:8080/
|
|||
server:
|
||||
port: 9091
|
||||
tls:
|
||||
certificate: /config/ssl/public.backend.crt
|
||||
key: /config/ssl/private.backend.pem
|
||||
certificate: /pki/public.backend.crt
|
||||
key: /pki/private.backend.pem
|
||||
|
||||
log:
|
||||
level: debug
|
||||
|
|
|
|||
|
|
@ -5,5 +5,5 @@ services:
|
|||
volumes:
|
||||
- './Docker/configuration.yml:/config/configuration.yml:ro'
|
||||
- './Docker/users.yml:/config/users.yml'
|
||||
- './common/pki:/config/ssl:ro'
|
||||
- './common/pki:/pki:ro'
|
||||
...
|
||||
|
|
|
|||
|
|
@ -9,8 +9,8 @@ default_redirection_url: https://home.example.com:8080/
|
|||
server:
|
||||
port: 9091
|
||||
tls:
|
||||
certificate: /config/ssl/public.backend.crt
|
||||
key: /config/ssl/private.backend.pem
|
||||
certificate: /pki/public.backend.crt
|
||||
key: /pki/private.backend.pem
|
||||
|
||||
log:
|
||||
level: trace
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@ services:
|
|||
volumes:
|
||||
- './DuoPush/configuration.yml:/config/configuration.yml:ro'
|
||||
- './DuoPush/users.yml:/config/users.yml'
|
||||
- './common/pki:/config/ssl:ro'
|
||||
- './common/pki:/pki:ro'
|
||||
- '/tmp:/tmp'
|
||||
user: ${USER_ID}:${GROUP_ID}
|
||||
...
|
||||
|
|
|
|||
|
|
@ -9,8 +9,8 @@ server:
|
|||
port: 9091
|
||||
asset_path: /config/assets/
|
||||
tls:
|
||||
certificate: /config/ssl/public.backend.crt
|
||||
key: /config/ssl/private.backend.pem
|
||||
certificate: /pki/public.backend.crt
|
||||
key: /pki/private.backend.pem
|
||||
endpoints:
|
||||
authz:
|
||||
ext-authz:
|
||||
|
|
|
|||
|
|
@ -5,5 +5,5 @@ services:
|
|||
volumes:
|
||||
- './Envoy/configuration.yml:/config/configuration.yml:ro'
|
||||
- './Envoy/users.yml:/config/users.yml'
|
||||
- './common/pki:/config/ssl:ro'
|
||||
- './common/pki:/pki:ro'
|
||||
...
|
||||
|
|
|
|||
|
|
@ -8,8 +8,8 @@ jwt_secret: unsecure_secret
|
|||
server:
|
||||
port: 9091
|
||||
tls:
|
||||
certificate: /config/ssl/public.backend.crt
|
||||
key: /config/ssl/private.backend.pem
|
||||
certificate: /pki/public.backend.crt
|
||||
key: /pki/private.backend.pem
|
||||
|
||||
log:
|
||||
level: debug
|
||||
|
|
|
|||
|
|
@ -5,5 +5,5 @@ services:
|
|||
volumes:
|
||||
- './HAProxy/configuration.yml:/config/configuration.yml:ro'
|
||||
- './HAProxy/users.yml:/config/users.yml'
|
||||
- './common/pki:/config/ssl:ro'
|
||||
- './common/pki:/pki:ro'
|
||||
...
|
||||
|
|
|
|||
|
|
@ -8,8 +8,8 @@ jwt_secret: unsecure_secret
|
|||
server:
|
||||
port: 9091
|
||||
tls:
|
||||
certificate: /config/ssl/public.backend.crt
|
||||
key: /config/ssl/private.backend.pem
|
||||
certificate: /pki/public.backend.crt
|
||||
key: /pki/private.backend.pem
|
||||
|
||||
log:
|
||||
level: debug
|
||||
|
|
|
|||
|
|
@ -4,5 +4,5 @@ services:
|
|||
authelia-backend:
|
||||
volumes:
|
||||
- './HighAvailability/configuration.yml:/config/configuration.yml:ro'
|
||||
- './common/pki:/config/ssl:ro'
|
||||
- './common/pki:/pki:ro'
|
||||
...
|
||||
|
|
|
|||
|
|
@ -10,8 +10,8 @@ default_redirection_url: https://home.example.com:8080/
|
|||
server:
|
||||
port: 9091
|
||||
tls:
|
||||
certificate: /config/ssl/public.backend.crt
|
||||
key: /config/ssl/private.backend.pem
|
||||
certificate: /pki/public.backend.crt
|
||||
key: /pki/private.backend.pem
|
||||
|
||||
log:
|
||||
level: debug
|
||||
|
|
|
|||
|
|
@ -4,5 +4,5 @@ services:
|
|||
authelia-backend:
|
||||
volumes:
|
||||
- './LDAP/configuration.yml:/config/configuration.yml:ro'
|
||||
- './common/pki:/config/ssl:ro'
|
||||
- './common/pki:/pki:ro'
|
||||
...
|
||||
|
|
|
|||
|
|
@ -9,8 +9,8 @@ default_redirection_url: https://home.example.com:8080/
|
|||
server:
|
||||
port: 9091
|
||||
tls:
|
||||
certificate: /config/ssl/public.backend.crt
|
||||
key: /config/ssl/private.backend.pem
|
||||
certificate: /pki/public.backend.crt
|
||||
key: /pki/private.backend.pem
|
||||
|
||||
log:
|
||||
level: debug
|
||||
|
|
|
|||
|
|
@ -5,5 +5,5 @@ services:
|
|||
volumes:
|
||||
- './MariaDB/configuration.yml:/config/configuration.yml:ro'
|
||||
- './MariaDB/users.yml:/config/users.yml'
|
||||
- './common/pki:/config/ssl:ro'
|
||||
- './common/pki:/pki:ro'
|
||||
...
|
||||
|
|
|
|||
|
|
@ -9,8 +9,8 @@ theme: auto
|
|||
server:
|
||||
port: 9091
|
||||
tls:
|
||||
certificate: /config/ssl/public.backend.crt
|
||||
key: /config/ssl/private.backend.pem
|
||||
certificate: /pki/public.backend.crt
|
||||
key: /pki/private.backend.pem
|
||||
|
||||
telemetry:
|
||||
metrics:
|
||||
|
|
|
|||
|
|
@ -5,5 +5,5 @@ services:
|
|||
volumes:
|
||||
- './MultiCookieDomain/configuration.yml:/config/configuration.yml:ro'
|
||||
- './MultiCookieDomain/users.yml:/config/users.yml'
|
||||
- './common/pki:/config/ssl:ro'
|
||||
- './common/pki:/pki:ro'
|
||||
...
|
||||
|
|
|
|||
|
|
@ -6,8 +6,8 @@
|
|||
server:
|
||||
port: 9091
|
||||
tls:
|
||||
certificate: /config/ssl/public.backend.crt
|
||||
key: /config/ssl/private.backend.pem
|
||||
certificate: /pki/public.backend.crt
|
||||
key: /pki/private.backend.pem
|
||||
|
||||
log:
|
||||
level: debug
|
||||
|
|
|
|||
|
|
@ -5,5 +5,5 @@ services:
|
|||
volumes:
|
||||
- './MySQL/configuration.yml:/config/configuration.yml:ro'
|
||||
- './MySQL/users.yml:/config/users.yml'
|
||||
- './common/pki:/config/ssl:ro'
|
||||
- './common/pki:/pki:ro'
|
||||
...
|
||||
|
|
|
|||
|
|
@ -6,8 +6,8 @@
|
|||
server:
|
||||
port: 9091
|
||||
tls:
|
||||
certificate: /config/ssl/public.backend.crt
|
||||
key: /config/ssl/private.backend.pem
|
||||
certificate: /pki/public.backend.crt
|
||||
key: /pki/private.backend.pem
|
||||
|
||||
log:
|
||||
level: debug
|
||||
|
|
|
|||
|
|
@ -5,5 +5,5 @@ services:
|
|||
volumes:
|
||||
- './NetworkACL/configuration.yml:/config/configuration.yml:ro'
|
||||
- './NetworkACL/users.yml:/config/users.yml'
|
||||
- './common/pki:/config/ssl:ro'
|
||||
- './common/pki:/pki:ro'
|
||||
...
|
||||
|
|
|
|||
|
|
@ -2,8 +2,8 @@
|
|||
server:
|
||||
port: 9091
|
||||
tls:
|
||||
certificate: /config/ssl/public.backend.crt
|
||||
key: /config/ssl/private.backend.pem
|
||||
certificate: /pki/public.backend.crt
|
||||
key: /pki/private.backend.pem
|
||||
|
||||
log:
|
||||
level: debug
|
||||
|
|
@ -64,72 +64,6 @@ identity_providers:
|
|||
oidc:
|
||||
enable_client_debug_messages: true
|
||||
hmac_secret: IVPWBkAdJHje3uz7LtFTDU2pFUfh39Xm
|
||||
issuer_certificate_chain: |
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIC6DCCAdCgAwIBAgIRAIxvm0gFgsbh3D22rSZLuFQwDQYJKoZIhvcNAQELBQAw
|
||||
EzERMA8GA1UEChMIQXV0aGVsaWEwIBcNMjIxMDAyMDAzMDQyWhgPMjEyMjA5MDgw
|
||||
MDMwNDJaMBMxETAPBgNVBAoTCEF1dGhlbGlhMIIBIjANBgkqhkiG9w0BAQEFAAOC
|
||||
AQ8AMIIBCgKCAQEAy71EOkV3jOpVQtVTH5HYcI4PryUCiAEyxAIuO+66gaAa4aCd
|
||||
UCRr8iO/pt5nOwPxjPo+hMHhkcKpX7evj+wgYXAccpIQFSCYWTJkaXFL0jL7yFuE
|
||||
5xpjgRM/x6FfK0IbN5WmVWO9EjesbyMCyDoYpjwzIrxnB70F9Y0nrXst1SnW/Sy0
|
||||
01BQZNzD1tky1KDvEkw7L5mMPZFZMr5wV+ELvbo1LLvvrGYhhzbXWk7pPbxT0gAa
|
||||
7yVvQbDKuCDqssAUyQa2JdlDaQocpldtK6l+dc3IsSWKd2UMouta75ngr9E1igy3
|
||||
t7owMRqH8NjwKHt6KQeDVSdBnWNjG572vaRimQIDAQABozUwMzAOBgNVHQ8BAf8E
|
||||
BAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADANBgkqhkiG
|
||||
9w0BAQsFAAOCAQEAaZJ09yGa+DGr/iTqshGdPKNCtcf/CXCkL52xiI7DzLxDt30P
|
||||
8vCuXXrrTGBY7eWYupcNy/MyqaUrz1ED+map3nQzZQBJ9vWIfr01B9phkg/WSaNJ
|
||||
1DlYtbPYzr86BlGP1V5d3Wv6JqF3tkWHI0kI38CT68fWdDKrfa5j3JdZGIVJW+51
|
||||
U0IE3Nqhfc76YzwQ3sNX5FT2Fr55RowH+l5OBPk0Bcztq58XmyPR/bvPfDASt8iS
|
||||
DBT+0iiDiwk6LvOkasL8p7nuh5Grc9LMEYXY/QMUbkIWhIVRFlqyJA9s8vGHx1D4
|
||||
96iYKudj+yvO17Szzr/NNmcwETbCs4j6P6QeiA==
|
||||
-----END CERTIFICATE-----
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDBTCCAe2gAwIBAgIQAK/NIAl3Bdg4Xk0y/ZGL7jANBgkqhkiG9w0BAQsFADAT
|
||||
MREwDwYDVQQKEwhBdXRoZWxpYTAgFw0yMjEwMDIwMDMwMjFaGA8yMTIyMDkwODAw
|
||||
MzAyMVowEzERMA8GA1UEChMIQXV0aGVsaWEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
|
||||
DwAwggEKAoIBAQCg7jdO1HmydfkPzTtz57pvAS3YOdBT0hlNjJ4N2lrKhNnixrzK
|
||||
+4R1dWQDP2SHbZQ0TskF8eQ8HhTr7AsApotTthJFkUgV2g+bv7wVroz0Hok5xtd4
|
||||
bnpOvG3YUCP13Nk3ZVxdQXqR3/G3MrbyiXVPcgU+0giJ8EBykbtMu8L79/1iyk+m
|
||||
w4fZfzTOeorRgspO3z3+pTAib2MCTA7bby1dX9qI/ysFPLdbJYfNQDxij8SzNLyJ
|
||||
EkQ4kh3jKXf1VcZjbQTtYTZ3JJDqM08OxGMKuXUxPHd72Xlb+Fzql8LjYdEy/YKA
|
||||
3r8FMf14lzcjvxtLnFXh//hiXh4+xgXMkrLZAgMBAAGjUzBRMA4GA1UdDwEB/wQE
|
||||
AwICpDAPBgNVHSUECDAGBgRVHSUAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE
|
||||
FGKpXiZA+8VQyMBqTTep+dVTthSbMA0GCSqGSIb3DQEBCwUAA4IBAQAE4DJg+Rb4
|
||||
iiocvxxQ85lhh94ql++E8MKuzIdN7ORs+ybUnsDD1WFDebubroTQuTSBkFrNuGNJ
|
||||
8B7NZsHiWWLvNsrnxxeC5CicqfhSDti0rKWsbGyeoq7Kqok5E4pwOzeRsxL2e/Hm
|
||||
G6LsUQuQMUG2vxKNynqmJS4VpgSVkiGhUfURFuRRDuRpVQ/XTl7jDIGf/ls7TAZq
|
||||
1AnmnSi4Cqy4hrTnwYUYkFCcH69onUKAoaVNl1eAH7ogxakz32WyWObY98NBrjzA
|
||||
I6VQlaQNSHtdFqDpu7NWJZZZSgN4BknbMYQEPNYCm701cPB4ahJbpg5C3pVPFSql
|
||||
Bc9iI6nN3PCr
|
||||
-----END CERTIFICATE-----
|
||||
issuer_private_key: |
|
||||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEowIBAAKCAQEAy71EOkV3jOpVQtVTH5HYcI4PryUCiAEyxAIuO+66gaAa4aCd
|
||||
UCRr8iO/pt5nOwPxjPo+hMHhkcKpX7evj+wgYXAccpIQFSCYWTJkaXFL0jL7yFuE
|
||||
5xpjgRM/x6FfK0IbN5WmVWO9EjesbyMCyDoYpjwzIrxnB70F9Y0nrXst1SnW/Sy0
|
||||
01BQZNzD1tky1KDvEkw7L5mMPZFZMr5wV+ELvbo1LLvvrGYhhzbXWk7pPbxT0gAa
|
||||
7yVvQbDKuCDqssAUyQa2JdlDaQocpldtK6l+dc3IsSWKd2UMouta75ngr9E1igy3
|
||||
t7owMRqH8NjwKHt6KQeDVSdBnWNjG572vaRimQIDAQABAoIBAA/EhhM8bRQqzo5t
|
||||
lBFNaELNu8kCRD/iV9tzj8BzqVt+2JW9qG8bYn9K5Po1HCglFfyjIVOE7cAqIJGX
|
||||
1a59x8PCuXDkfPolm6TLkZnXeta5u2K2MoLwN+M1aio5AvSGGTUkD8tr/KX8SQwQ
|
||||
2ZZFaML0xcBadF7U8jEey4NRlSp5/voiIAB+FrJHepZBz2XJYCX5s2vYLPMn+51R
|
||||
1HyO0n2aQ9H1Na8aBjTfAp9GDKJWBV3bSM7cVaLGlMFj/HNXUNVnSsVsJj0tdWKz
|
||||
K6r9zPskLnS+eNjCgqrOtZSqJ7M3PL0/PoTFPrr1Fevr+soKWCaPF94Ib94O9SEq
|
||||
scvP3kECgYEA0HBdGab0HjcZgFtsIaMm+eBcDhUmUrvMPUw6FmspKnc8wplscONW
|
||||
wrDGhR0dpT8+aAMD5jFC2pvyHjI5AWkW+53LB15j6SVzUlUMfS3VTwE2prLtDHDs
|
||||
nCDW2+fXY2kjv45efZGpMGbLJVePx2RCPzUlAlc14lzxnHgpo7eho1cCgYEA+jpi
|
||||
Eo/Jqa5CNd4hrXqFxZTFtU2Mn38ZKI3QK/l47/347yHLebjsYIIwJRoHenxWxNlz
|
||||
Y+BZ38vkP+f9BGAVGiRcyMmIJU0X305wKwl26Y2Q/tEm2OpwmDboD2pL9byi9vfY
|
||||
bz7pQGK/l9j86KofRwVJJRLsofPI1SsjnC8c448CgYAkpg0IjJ1RjriSJADwLSKW
|
||||
PseQxlE1rMVtZbC07mSPjeWGBbnWY3KGytQs5YCn5GXRne4alEC/9Tlt68CwKc0b
|
||||
spPXGNaSUL5lFIUcoWlm+bylNMKPNG+1x+RfR/VMCll5vcuJYooP85L2Xt3t3gfz
|
||||
2yFFtxXHVjY5H7uaiJgIAwKBgQDvkGXEj5TqtsL8/6YOiHb6Kuz+Hzi6mtxjTyI2
|
||||
d6mpWuWxTBGaf8kOvJWLb9gpFFGeNPGcdXaWJIZqCJjcT4Dkflu2f/uwepaYXGhX
|
||||
S8Bk6fwfee5PTmRt1mNmHsaKhgcfmznDh9+YnPIBVuULe5RmUlEtBWk3xEZKj/qP
|
||||
1Ss7UQKBgAwZQz+h5Z/XOJH3Qs5nJBKAZUiYkj3ux7G6tjx0cz7XcUYd/6enBpkY
|
||||
JeqVHB6G+bMRLwb+Hc5Vgpbd5GdaUWo8udaghHgSGPUVcn0lK38XhYek6ACGz7Lo
|
||||
xEfgtKoBlUq+uPb8H05HY0t9KybA3LA5wkRYYnJ17/nkZtrrJAmX
|
||||
-----END RSA PRIVATE KEY-----
|
||||
clients:
|
||||
- id: oidc-tester-app
|
||||
secret: foobar
|
||||
|
|
|
|||
|
|
@ -2,9 +2,11 @@
|
|||
version: '3'
|
||||
services:
|
||||
authelia-backend:
|
||||
environment:
|
||||
AUTHELIA_IDENTITY_PROVIDERS_OIDC_ISSUER_CERTIFICATE_CHAIN_FILE: /pki/public.oidc.bundle.crt
|
||||
AUTHELIA_IDENTITY_PROVIDERS_OIDC_ISSUER_PRIVATE_KEY_FILE: /pki/private.oidc.pem
|
||||
volumes:
|
||||
- './OIDC/configuration.yml:/config/configuration.yml:ro'
|
||||
- './OIDC/users.yml:/config/users.yml'
|
||||
- './OIDC/keypair/key.pem:/config/issuer.pem:ro'
|
||||
- './common/pki:/config/ssl:ro'
|
||||
- './common/pki:/pki:ro'
|
||||
...
|
||||
|
|
|
|||
|
|
@ -1,27 +0,0 @@
|
|||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEogIBAAKCAQEAvOFmoEJFt1JkfdlwM3vJFg5rrY9d6LyyqezjZkBZDQ4qdEEU
|
||||
dCrbW8ISFTtg9sfbrS3qingUzVP9VOfYPMC3r0ugjJXjhvJdBSaoLlzL3saeyrXk
|
||||
frOOvkcWKzeOynqUNPhKy9dchmuLALFfd/Jy7Wzq0y7XxGeNidEmFjMAf9dwf6/+
|
||||
PjQjbG7zBFu/XSajITPHlDXPVDd0j2qw2wu5Z9iqn4LRXnAFnC438hZZKZU/+JxU
|
||||
2ezr6Sefiy8XTC2kDiq3cgLeEjSywlJOs+4TLjVS/3h75sh2Wk0xVaSwjPEjCOgm
|
||||
a+2E3GJrGdQBiAjMSu101VBVwHUHaLDCn1T4NwIDAQABAoIBADWkupXnXI99Ogc4
|
||||
GxK0JF88Rz6qyhwQg5mZKthejCwWCt6roRiBF33O933KOHa+OljMAqHDCv1pzjgw
|
||||
BIz0mvaRPw7OfylTajHNUdShDFHADVc7I6MMcgz+eYBarhY5jCAjKHMOPjv7DSZs
|
||||
OdYCKLvfxC2oTyV714n9uZhyccDcvQpkgZuBDL0oxPom1GOI8TGhPjxvFOovEHWA
|
||||
Q8q9XY4cUVNDikZmvpgeUkJHWYHYb+11vKeSupnYD03yJ3sDy+F6+m+3/XmzFbXb
|
||||
1p43ermHQsMfDlxPyulUUI0viSo2UhlMC/moAb9FusOv+dTl2lt0gGqzDJ9gg1z1
|
||||
XpHRnwkCgYEA5x48dyxd4lydtVYef9sBmbLJEYozsYyOwLcnrLSNaZxeCza1exyR
|
||||
QIRogswoLDacxrYvO8FY6LtAEMkisv732M29zthBPm5wyoSZiM1X2YfQXKsmyh2h
|
||||
x1/yCWv/BQjj68A8IAxToaXxSG4WAr/X00RGUkXgkgw122FxcmGuFyUCgYEA0TcR
|
||||
dnt/oRMK4aCZHcBgTknzDfxKlJh4S0C9WjxKgr8IlW4LTeVSBuuqOObOQYImEhtw
|
||||
TRTKZIViL0roDF79cioQSp1Tk5h6uy8wr6VyhWRnWfTz2/azoTHnmQ780rtAuEI/
|
||||
NvE6FiqwikJLjma1YJoRfr/bfmgMdxcYbJI1MSsCgYAEZ5Yda1IKu1siFpcUNrdM
|
||||
F5UvaWPc0WHzGEqARxye06UTL6K7yuqVwTBAteVaGlxYiSZTTDcGkHMDHuIzaRqO
|
||||
HjWs2IA90VsC8Q4ABnHTKnx1F6nwlin8I774IP/GN8ooNwyuS63YWdJEYBy5RrC1
|
||||
TQrODJjgD62DFdNUq7nmpQKBgFMJEzI+Q+KPJ0NztTG8t7x61y/W0Vb2yM+9Syn0
|
||||
QfJwlZyRR4VMHelHQZFB8dzIJgoLv9+n/8gztEtm5IB8dwUHst2aYaBz5UpDqYQd
|
||||
Gz3cIrTuZpcH7DVvFCeIbknJLh+zk1lgFpjTqqvFMi27kANeQtFWnmwmKcRec0As
|
||||
K1ZvAoGAV/3YB44/zIoB590+yhpx2HTmDPVHH+J+5O71Pi1D9W13ClBFLrE69wo+
|
||||
IQLIstBI5tGOGeuQNjXhDKJ1U30xppZXcnebrkA+oOo+6dy20zghFR2maAGXfWFU
|
||||
pM4GsSnSTm0bXPebVouQFqhj7LqcQQzCqRDThmw/Lp1tJUmu40g=
|
||||
-----END RSA PRIVATE KEY-----
|
||||
|
|
@ -1,9 +0,0 @@
|
|||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvOFmoEJFt1JkfdlwM3vJ
|
||||
Fg5rrY9d6LyyqezjZkBZDQ4qdEEUdCrbW8ISFTtg9sfbrS3qingUzVP9VOfYPMC3
|
||||
r0ugjJXjhvJdBSaoLlzL3saeyrXkfrOOvkcWKzeOynqUNPhKy9dchmuLALFfd/Jy
|
||||
7Wzq0y7XxGeNidEmFjMAf9dwf6/+PjQjbG7zBFu/XSajITPHlDXPVDd0j2qw2wu5
|
||||
Z9iqn4LRXnAFnC438hZZKZU/+JxU2ezr6Sefiy8XTC2kDiq3cgLeEjSywlJOs+4T
|
||||
LjVS/3h75sh2Wk0xVaSwjPEjCOgma+2E3GJrGdQBiAjMSu101VBVwHUHaLDCn1T4
|
||||
NwIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
|
|
@ -2,8 +2,8 @@
|
|||
server:
|
||||
port: 9091
|
||||
tls:
|
||||
certificate: /config/ssl/public.backend.crt
|
||||
key: /config/ssl/private.backend.pem
|
||||
certificate: /pki/public.backend.crt
|
||||
key: /pki/private.backend.pem
|
||||
|
||||
log:
|
||||
level: debug
|
||||
|
|
@ -65,72 +65,6 @@ identity_providers:
|
|||
oidc:
|
||||
enable_client_debug_messages: true
|
||||
hmac_secret: IVPWBkAdJHje3uz7LtFTDU2pFUfh39Xm
|
||||
issuer_certificate_chain: |
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIC6DCCAdCgAwIBAgIRAIxvm0gFgsbh3D22rSZLuFQwDQYJKoZIhvcNAQELBQAw
|
||||
EzERMA8GA1UEChMIQXV0aGVsaWEwIBcNMjIxMDAyMDAzMDQyWhgPMjEyMjA5MDgw
|
||||
MDMwNDJaMBMxETAPBgNVBAoTCEF1dGhlbGlhMIIBIjANBgkqhkiG9w0BAQEFAAOC
|
||||
AQ8AMIIBCgKCAQEAy71EOkV3jOpVQtVTH5HYcI4PryUCiAEyxAIuO+66gaAa4aCd
|
||||
UCRr8iO/pt5nOwPxjPo+hMHhkcKpX7evj+wgYXAccpIQFSCYWTJkaXFL0jL7yFuE
|
||||
5xpjgRM/x6FfK0IbN5WmVWO9EjesbyMCyDoYpjwzIrxnB70F9Y0nrXst1SnW/Sy0
|
||||
01BQZNzD1tky1KDvEkw7L5mMPZFZMr5wV+ELvbo1LLvvrGYhhzbXWk7pPbxT0gAa
|
||||
7yVvQbDKuCDqssAUyQa2JdlDaQocpldtK6l+dc3IsSWKd2UMouta75ngr9E1igy3
|
||||
t7owMRqH8NjwKHt6KQeDVSdBnWNjG572vaRimQIDAQABozUwMzAOBgNVHQ8BAf8E
|
||||
BAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADANBgkqhkiG
|
||||
9w0BAQsFAAOCAQEAaZJ09yGa+DGr/iTqshGdPKNCtcf/CXCkL52xiI7DzLxDt30P
|
||||
8vCuXXrrTGBY7eWYupcNy/MyqaUrz1ED+map3nQzZQBJ9vWIfr01B9phkg/WSaNJ
|
||||
1DlYtbPYzr86BlGP1V5d3Wv6JqF3tkWHI0kI38CT68fWdDKrfa5j3JdZGIVJW+51
|
||||
U0IE3Nqhfc76YzwQ3sNX5FT2Fr55RowH+l5OBPk0Bcztq58XmyPR/bvPfDASt8iS
|
||||
DBT+0iiDiwk6LvOkasL8p7nuh5Grc9LMEYXY/QMUbkIWhIVRFlqyJA9s8vGHx1D4
|
||||
96iYKudj+yvO17Szzr/NNmcwETbCs4j6P6QeiA==
|
||||
-----END CERTIFICATE-----
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDBTCCAe2gAwIBAgIQAK/NIAl3Bdg4Xk0y/ZGL7jANBgkqhkiG9w0BAQsFADAT
|
||||
MREwDwYDVQQKEwhBdXRoZWxpYTAgFw0yMjEwMDIwMDMwMjFaGA8yMTIyMDkwODAw
|
||||
MzAyMVowEzERMA8GA1UEChMIQXV0aGVsaWEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
|
||||
DwAwggEKAoIBAQCg7jdO1HmydfkPzTtz57pvAS3YOdBT0hlNjJ4N2lrKhNnixrzK
|
||||
+4R1dWQDP2SHbZQ0TskF8eQ8HhTr7AsApotTthJFkUgV2g+bv7wVroz0Hok5xtd4
|
||||
bnpOvG3YUCP13Nk3ZVxdQXqR3/G3MrbyiXVPcgU+0giJ8EBykbtMu8L79/1iyk+m
|
||||
w4fZfzTOeorRgspO3z3+pTAib2MCTA7bby1dX9qI/ysFPLdbJYfNQDxij8SzNLyJ
|
||||
EkQ4kh3jKXf1VcZjbQTtYTZ3JJDqM08OxGMKuXUxPHd72Xlb+Fzql8LjYdEy/YKA
|
||||
3r8FMf14lzcjvxtLnFXh//hiXh4+xgXMkrLZAgMBAAGjUzBRMA4GA1UdDwEB/wQE
|
||||
AwICpDAPBgNVHSUECDAGBgRVHSUAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE
|
||||
FGKpXiZA+8VQyMBqTTep+dVTthSbMA0GCSqGSIb3DQEBCwUAA4IBAQAE4DJg+Rb4
|
||||
iiocvxxQ85lhh94ql++E8MKuzIdN7ORs+ybUnsDD1WFDebubroTQuTSBkFrNuGNJ
|
||||
8B7NZsHiWWLvNsrnxxeC5CicqfhSDti0rKWsbGyeoq7Kqok5E4pwOzeRsxL2e/Hm
|
||||
G6LsUQuQMUG2vxKNynqmJS4VpgSVkiGhUfURFuRRDuRpVQ/XTl7jDIGf/ls7TAZq
|
||||
1AnmnSi4Cqy4hrTnwYUYkFCcH69onUKAoaVNl1eAH7ogxakz32WyWObY98NBrjzA
|
||||
I6VQlaQNSHtdFqDpu7NWJZZZSgN4BknbMYQEPNYCm701cPB4ahJbpg5C3pVPFSql
|
||||
Bc9iI6nN3PCr
|
||||
-----END CERTIFICATE-----
|
||||
issuer_private_key: |
|
||||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEowIBAAKCAQEAy71EOkV3jOpVQtVTH5HYcI4PryUCiAEyxAIuO+66gaAa4aCd
|
||||
UCRr8iO/pt5nOwPxjPo+hMHhkcKpX7evj+wgYXAccpIQFSCYWTJkaXFL0jL7yFuE
|
||||
5xpjgRM/x6FfK0IbN5WmVWO9EjesbyMCyDoYpjwzIrxnB70F9Y0nrXst1SnW/Sy0
|
||||
01BQZNzD1tky1KDvEkw7L5mMPZFZMr5wV+ELvbo1LLvvrGYhhzbXWk7pPbxT0gAa
|
||||
7yVvQbDKuCDqssAUyQa2JdlDaQocpldtK6l+dc3IsSWKd2UMouta75ngr9E1igy3
|
||||
t7owMRqH8NjwKHt6KQeDVSdBnWNjG572vaRimQIDAQABAoIBAA/EhhM8bRQqzo5t
|
||||
lBFNaELNu8kCRD/iV9tzj8BzqVt+2JW9qG8bYn9K5Po1HCglFfyjIVOE7cAqIJGX
|
||||
1a59x8PCuXDkfPolm6TLkZnXeta5u2K2MoLwN+M1aio5AvSGGTUkD8tr/KX8SQwQ
|
||||
2ZZFaML0xcBadF7U8jEey4NRlSp5/voiIAB+FrJHepZBz2XJYCX5s2vYLPMn+51R
|
||||
1HyO0n2aQ9H1Na8aBjTfAp9GDKJWBV3bSM7cVaLGlMFj/HNXUNVnSsVsJj0tdWKz
|
||||
K6r9zPskLnS+eNjCgqrOtZSqJ7M3PL0/PoTFPrr1Fevr+soKWCaPF94Ib94O9SEq
|
||||
scvP3kECgYEA0HBdGab0HjcZgFtsIaMm+eBcDhUmUrvMPUw6FmspKnc8wplscONW
|
||||
wrDGhR0dpT8+aAMD5jFC2pvyHjI5AWkW+53LB15j6SVzUlUMfS3VTwE2prLtDHDs
|
||||
nCDW2+fXY2kjv45efZGpMGbLJVePx2RCPzUlAlc14lzxnHgpo7eho1cCgYEA+jpi
|
||||
Eo/Jqa5CNd4hrXqFxZTFtU2Mn38ZKI3QK/l47/347yHLebjsYIIwJRoHenxWxNlz
|
||||
Y+BZ38vkP+f9BGAVGiRcyMmIJU0X305wKwl26Y2Q/tEm2OpwmDboD2pL9byi9vfY
|
||||
bz7pQGK/l9j86KofRwVJJRLsofPI1SsjnC8c448CgYAkpg0IjJ1RjriSJADwLSKW
|
||||
PseQxlE1rMVtZbC07mSPjeWGBbnWY3KGytQs5YCn5GXRne4alEC/9Tlt68CwKc0b
|
||||
spPXGNaSUL5lFIUcoWlm+bylNMKPNG+1x+RfR/VMCll5vcuJYooP85L2Xt3t3gfz
|
||||
2yFFtxXHVjY5H7uaiJgIAwKBgQDvkGXEj5TqtsL8/6YOiHb6Kuz+Hzi6mtxjTyI2
|
||||
d6mpWuWxTBGaf8kOvJWLb9gpFFGeNPGcdXaWJIZqCJjcT4Dkflu2f/uwepaYXGhX
|
||||
S8Bk6fwfee5PTmRt1mNmHsaKhgcfmznDh9+YnPIBVuULe5RmUlEtBWk3xEZKj/qP
|
||||
1Ss7UQKBgAwZQz+h5Z/XOJH3Qs5nJBKAZUiYkj3ux7G6tjx0cz7XcUYd/6enBpkY
|
||||
JeqVHB6G+bMRLwb+Hc5Vgpbd5GdaUWo8udaghHgSGPUVcn0lK38XhYek6ACGz7Lo
|
||||
xEfgtKoBlUq+uPb8H05HY0t9KybA3LA5wkRYYnJ17/nkZtrrJAmX
|
||||
-----END RSA PRIVATE KEY-----
|
||||
clients:
|
||||
- id: oidc-tester-app
|
||||
secret: foobar
|
||||
|
|
|
|||
|
|
@ -2,9 +2,11 @@
|
|||
version: '3'
|
||||
services:
|
||||
authelia-backend:
|
||||
environment:
|
||||
AUTHELIA_IDENTITY_PROVIDERS_OIDC_ISSUER_CERTIFICATE_CHAIN_FILE: /pki/public.oidc.bundle.crt
|
||||
AUTHELIA_IDENTITY_PROVIDERS_OIDC_ISSUER_PRIVATE_KEY_FILE: /pki/private.oidc.pem
|
||||
volumes:
|
||||
- './OIDCTraefik/configuration.yml:/config/configuration.yml:ro'
|
||||
- './OIDCTraefik/users.yml:/config/users.yml'
|
||||
- './OIDCTraefik/keypair/key.pem:/config/issuer.pem:ro'
|
||||
- './common/pki:/config/ssl:ro'
|
||||
- './common/pki:/pki:ro'
|
||||
...
|
||||
|
|
|
|||
|
|
@ -1,27 +0,0 @@
|
|||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEogIBAAKCAQEAvOFmoEJFt1JkfdlwM3vJFg5rrY9d6LyyqezjZkBZDQ4qdEEU
|
||||
dCrbW8ISFTtg9sfbrS3qingUzVP9VOfYPMC3r0ugjJXjhvJdBSaoLlzL3saeyrXk
|
||||
frOOvkcWKzeOynqUNPhKy9dchmuLALFfd/Jy7Wzq0y7XxGeNidEmFjMAf9dwf6/+
|
||||
PjQjbG7zBFu/XSajITPHlDXPVDd0j2qw2wu5Z9iqn4LRXnAFnC438hZZKZU/+JxU
|
||||
2ezr6Sefiy8XTC2kDiq3cgLeEjSywlJOs+4TLjVS/3h75sh2Wk0xVaSwjPEjCOgm
|
||||
a+2E3GJrGdQBiAjMSu101VBVwHUHaLDCn1T4NwIDAQABAoIBADWkupXnXI99Ogc4
|
||||
GxK0JF88Rz6qyhwQg5mZKthejCwWCt6roRiBF33O933KOHa+OljMAqHDCv1pzjgw
|
||||
BIz0mvaRPw7OfylTajHNUdShDFHADVc7I6MMcgz+eYBarhY5jCAjKHMOPjv7DSZs
|
||||
OdYCKLvfxC2oTyV714n9uZhyccDcvQpkgZuBDL0oxPom1GOI8TGhPjxvFOovEHWA
|
||||
Q8q9XY4cUVNDikZmvpgeUkJHWYHYb+11vKeSupnYD03yJ3sDy+F6+m+3/XmzFbXb
|
||||
1p43ermHQsMfDlxPyulUUI0viSo2UhlMC/moAb9FusOv+dTl2lt0gGqzDJ9gg1z1
|
||||
XpHRnwkCgYEA5x48dyxd4lydtVYef9sBmbLJEYozsYyOwLcnrLSNaZxeCza1exyR
|
||||
QIRogswoLDacxrYvO8FY6LtAEMkisv732M29zthBPm5wyoSZiM1X2YfQXKsmyh2h
|
||||
x1/yCWv/BQjj68A8IAxToaXxSG4WAr/X00RGUkXgkgw122FxcmGuFyUCgYEA0TcR
|
||||
dnt/oRMK4aCZHcBgTknzDfxKlJh4S0C9WjxKgr8IlW4LTeVSBuuqOObOQYImEhtw
|
||||
TRTKZIViL0roDF79cioQSp1Tk5h6uy8wr6VyhWRnWfTz2/azoTHnmQ780rtAuEI/
|
||||
NvE6FiqwikJLjma1YJoRfr/bfmgMdxcYbJI1MSsCgYAEZ5Yda1IKu1siFpcUNrdM
|
||||
F5UvaWPc0WHzGEqARxye06UTL6K7yuqVwTBAteVaGlxYiSZTTDcGkHMDHuIzaRqO
|
||||
HjWs2IA90VsC8Q4ABnHTKnx1F6nwlin8I774IP/GN8ooNwyuS63YWdJEYBy5RrC1
|
||||
TQrODJjgD62DFdNUq7nmpQKBgFMJEzI+Q+KPJ0NztTG8t7x61y/W0Vb2yM+9Syn0
|
||||
QfJwlZyRR4VMHelHQZFB8dzIJgoLv9+n/8gztEtm5IB8dwUHst2aYaBz5UpDqYQd
|
||||
Gz3cIrTuZpcH7DVvFCeIbknJLh+zk1lgFpjTqqvFMi27kANeQtFWnmwmKcRec0As
|
||||
K1ZvAoGAV/3YB44/zIoB590+yhpx2HTmDPVHH+J+5O71Pi1D9W13ClBFLrE69wo+
|
||||
IQLIstBI5tGOGeuQNjXhDKJ1U30xppZXcnebrkA+oOo+6dy20zghFR2maAGXfWFU
|
||||
pM4GsSnSTm0bXPebVouQFqhj7LqcQQzCqRDThmw/Lp1tJUmu40g=
|
||||
-----END RSA PRIVATE KEY-----
|
||||
|
|
@ -1,9 +0,0 @@
|
|||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvOFmoEJFt1JkfdlwM3vJ
|
||||
Fg5rrY9d6LyyqezjZkBZDQ4qdEEUdCrbW8ISFTtg9sfbrS3qingUzVP9VOfYPMC3
|
||||
r0ugjJXjhvJdBSaoLlzL3saeyrXkfrOOvkcWKzeOynqUNPhKy9dchmuLALFfd/Jy
|
||||
7Wzq0y7XxGeNidEmFjMAf9dwf6/+PjQjbG7zBFu/XSajITPHlDXPVDd0j2qw2wu5
|
||||
Z9iqn4LRXnAFnC438hZZKZU/+JxU2ezr6Sefiy8XTC2kDiq3cgLeEjSywlJOs+4T
|
||||
LjVS/3h75sh2Wk0xVaSwjPEjCOgma+2E3GJrGdQBiAjMSu101VBVwHUHaLDCn1T4
|
||||
NwIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
|
|
@ -9,8 +9,8 @@ default_redirection_url: https://home.example.com:8080/
|
|||
server:
|
||||
port: 9091
|
||||
tls:
|
||||
certificate: /config/ssl/public.backend.crt
|
||||
key: /config/ssl/private.backend.pem
|
||||
certificate: /pki/public.backend.crt
|
||||
key: /pki/private.backend.pem
|
||||
|
||||
log:
|
||||
level: debug
|
||||
|
|
|
|||
|
|
@ -5,5 +5,5 @@ services:
|
|||
volumes:
|
||||
- './OneFactorOnly/configuration.yml:/config/configuration.yml:ro'
|
||||
- './OneFactorOnly/users.yml:/config/users.yml'
|
||||
- './common/pki:/config/ssl:ro'
|
||||
- './common/pki:/pki:ro'
|
||||
...
|
||||
|
|
|
|||
|
|
@ -9,8 +9,8 @@ server:
|
|||
port: 9091
|
||||
path: auth
|
||||
tls:
|
||||
certificate: /config/ssl/public.backend.crt
|
||||
key: /config/ssl/private.backend.pem
|
||||
certificate: /pki/public.backend.crt
|
||||
key: /pki/private.backend.pem
|
||||
|
||||
log:
|
||||
level: debug
|
||||
|
|
|
|||
|
|
@ -5,5 +5,5 @@ services:
|
|||
volumes:
|
||||
- './PathPrefix/configuration.yml:/config/configuration.yml:ro'
|
||||
- './PathPrefix/users.yml:/config/users.yml'
|
||||
- './common/pki:/config/ssl:ro'
|
||||
- './common/pki:/pki:ro'
|
||||
...
|
||||
|
|
|
|||
|
|
@ -9,8 +9,8 @@ default_redirection_url: https://home.example.com:8080/
|
|||
server:
|
||||
port: 9091
|
||||
tls:
|
||||
certificate: /config/ssl/public.backend.crt
|
||||
key: /config/ssl/private.backend.pem
|
||||
certificate: /pki/public.backend.crt
|
||||
key: /pki/private.backend.pem
|
||||
|
||||
log:
|
||||
level: debug
|
||||
|
|
|
|||
|
|
@ -5,5 +5,5 @@ services:
|
|||
volumes:
|
||||
- './Postgres/configuration.yml:/config/configuration.yml:ro'
|
||||
- './Postgres/users.yml:/config/users.yml'
|
||||
- './common/pki:/config/ssl:ro'
|
||||
- './common/pki:/pki:ro'
|
||||
...
|
||||
|
|
|
|||
|
|
@ -9,8 +9,8 @@ default_redirection_url: https://home.example.com:8080/
|
|||
server:
|
||||
port: 9091
|
||||
tls:
|
||||
certificate: /config/ssl/public.backend.crt
|
||||
key: /config/ssl/private.backend.pem
|
||||
certificate: /pki/public.backend.crt
|
||||
key: /pki/private.backend.pem
|
||||
|
||||
log:
|
||||
level: debug
|
||||
|
|
|
|||
|
|
@ -5,5 +5,5 @@ services:
|
|||
volumes:
|
||||
- './ShortTimeouts/configuration.yml:/config/configuration.yml:ro'
|
||||
- './ShortTimeouts/users.yml:/config/users.yml'
|
||||
- './common/pki:/config/ssl:ro'
|
||||
- './common/pki:/pki:ro'
|
||||
...
|
||||
|
|
|
|||
|
|
@ -8,8 +8,8 @@ theme: auto
|
|||
server:
|
||||
port: 9091
|
||||
tls:
|
||||
certificate: /config/ssl/public.backend.crt
|
||||
key: /config/ssl/private.backend.pem
|
||||
certificate: /pki/public.backend.crt
|
||||
key: /pki/private.backend.pem
|
||||
|
||||
telemetry:
|
||||
metrics:
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@ services:
|
|||
volumes:
|
||||
- './Standalone/configuration.yml:/config/configuration.yml:ro'
|
||||
- './Standalone/users.yml:/config/users.yml'
|
||||
- './common/pki:/config/ssl:ro'
|
||||
- './common/pki:/pki:ro'
|
||||
- '/tmp:/tmp'
|
||||
user: ${USER_ID}:${GROUP_ID}
|
||||
...
|
||||
|
|
|
|||
|
|
@ -9,8 +9,8 @@ server:
|
|||
port: 9091
|
||||
asset_path: /config/assets/
|
||||
tls:
|
||||
certificate: /config/ssl/public.backend.crt
|
||||
key: /config/ssl/private.backend.pem
|
||||
certificate: /pki/public.backend.crt
|
||||
key: /pki/private.backend.pem
|
||||
|
||||
log:
|
||||
level: debug
|
||||
|
|
|
|||
|
|
@ -5,5 +5,5 @@ services:
|
|||
volumes:
|
||||
- './Traefik/configuration.yml:/config/configuration.yml:ro'
|
||||
- './Traefik/users.yml:/config/users.yml'
|
||||
- './common/pki:/config/ssl:ro'
|
||||
- './common/pki:/pki:ro'
|
||||
...
|
||||
|
|
|
|||
|
|
@ -9,8 +9,8 @@ server:
|
|||
port: 9091
|
||||
asset_path: /config/assets/
|
||||
tls:
|
||||
certificate: /config/ssl/public.backend.crt
|
||||
key: /config/ssl/private.backend.pem
|
||||
certificate: /pki/public.backend.crt
|
||||
key: /pki/private.backend.pem
|
||||
endpoints:
|
||||
authz:
|
||||
forward-auth:
|
||||
|
|
|
|||
|
|
@ -7,5 +7,5 @@ services:
|
|||
- './Traefik2/users.yml:/config/users.yml'
|
||||
- './Traefik2/favicon.ico:/config/assets/favicon.ico'
|
||||
- './Traefik2/logo.png:/config/assets/logo.png'
|
||||
- './common/pki:/config/ssl:ro'
|
||||
- './common/pki:/pki:ro'
|
||||
...
|
||||
|
|
|
|||
|
|
@ -0,0 +1,21 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIDhTCCAm2gAwIBAgIRAPl83YWFsuwIwxBRmdJyLLQwDQYJKoZIhvcNAQELBQAw
|
||||
WzERMA8GA1UEChMIQXV0aGVsaWExFDASBgNVBAsTC0RldmVsb3BtZW50MTAwLgYD
|
||||
VQQDEydBdXRoZWxpYSBEZXZlbG9wbWVudCBTdGFuZGFsb25lIFJvb3QgQ0EwIBcN
|
||||
MDAwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMFsxETAPBgNVBAoTCEF1dGhl
|
||||
bGlhMRQwEgYDVQQLEwtEZXZlbG9wbWVudDEwMC4GA1UEAxMnQXV0aGVsaWEgRGV2
|
||||
ZWxvcG1lbnQgU3RhbmRhbG9uZSBSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOC
|
||||
AQ8AMIIBCgKCAQEA2RtD74ISXHruAIIkIRTLGf5VK0b7iN5+CPW8qWjg74PCnid1
|
||||
3DOqVCZ3HSXMP0iaH5rd+WAYojQo5Z1uZ75tXgzYjt6tyXG5H1nN1fkmjkHyNORP
|
||||
abOZtngVaixvlT/hsONXszFdqogXhhI4DtEo0lvxJcnOHER4QVylM4YgDMF85jXi
|
||||
VD893Y6Luik9B6FXLVK9iAJ5MfvD/r8kEPLsDTl2u/Ye0q4igVDJq9tOtb2enhlz
|
||||
HtipYhzzNwEzQwy3tjzP9xpQG6XE6/JW20gQaBvoRBN64DMgRlh1/8ZVyYE8v/B1
|
||||
vRVpSgmyCdDJeaRYZ6J+hO3LXBXU20CVZsM5VQIDAQABo0IwQDAOBgNVHQ8BAf8E
|
||||
BAMCAqQwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUlrBVtyTWJQWRimLeZXr2
|
||||
mrOzy2gwDQYJKoZIhvcNAQELBQADggEBAKXjAw5v8VTM6EDiUvR8XdiikYkycAG/
|
||||
hcEt+QLkkBb72+tUNYbr57YJeJuqQcaPTBUQrIXsID8JV5dQJFfyIG2s3G0iuN70
|
||||
W4fSRPqsSBIcyOK+2APLjkYV8qwLdh03Lyll4SZo7PCK8ItemsIK1NWhd74N49fm
|
||||
+a8eyY5bgfA0FMkjY/ts4gAnYExGRoLOQRu/CgOvBlj2KQUrSNptze1rNlP32b63
|
||||
eUv1wf/ajK2TxI1pQgkeu2lM3Tyu7q7J4UVn0UY0wtZvHtw2+UBGKZB3ok6ejBy2
|
||||
HMjgLGuayGjhyUN8zRkuSvBynuI2wGhIlHklEbaQW5oFKbniXRqdzc4=
|
||||
-----END CERTIFICATE-----
|
||||
|
|
@ -1,5 +1,7 @@
|
|||
#!/bin/bash
|
||||
|
||||
go run ./cmd/authelia crypto certificate rsa generate --directory ./internal/suites/common/pki -n 'Authelia Development Standalone Root CA' --not-before 'Jan 1 00:00:00 2000' --not-after 'Jan 1 00:00:00 2100' -o 'Authelia' --organizational-unit 'Development' --ca
|
||||
go run ./cmd/authelia crypto certificate rsa generate --directory ./internal/suites/common/pki --path.ca ./internal/suites/common/pki/ -n '*.example.com' --sans '*.example.com,example.com' --not-before 'Jan 1 00:00:00 2000' --not-after 'Jan 1 00:00:00 2100' -o 'Authelia' --organizational-unit 'Development' --bundle
|
||||
go run ./cmd/authelia crypto certificate rsa generate --directory ./internal/suites/common/pki --path.ca ./internal/suites/common/pki/ --file.certificate public.backend.crt --file.certificate-bundle public.backend.bundle.crt --file.private-key private.backend.pem -n 'login.example.com' --sans 'login.example.com,authelia' --not-before 'Jan 1 00:00:00 2000' --not-after 'Jan 1 00:00:00 2100' -o 'Authelia' --organizational-unit 'Development' --bundle
|
||||
# go run ./cmd/authelia crypto certificate rsa generate --directory ./internal/suites/common/pki/ca -n 'Authelia Development Standalone Root CA' --not-before 'Jan 1 00:00:00 2000' --not-after 'Jan 1 00:00:00 2100' -o 'Authelia' --organizational-unit 'Development' --ca
|
||||
# cp ./internal/suites/common/pki/ca/ca.public.crt ./internal/suites/common/pki/ca.public.crt
|
||||
go run ./cmd/authelia crypto certificate rsa generate --directory ./internal/suites/common/pki --path.ca ./internal/suites/common/pki/ca -n '*.example.com' --sans '*.example.com,example.com' --not-before 'Jan 1 00:00:00 2000' --not-after 'Jan 1 00:00:00 2100' -o 'Authelia' --organizational-unit 'Development' --bundle
|
||||
go run ./cmd/authelia crypto certificate rsa generate --directory ./internal/suites/common/pki --path.ca ./internal/suites/common/pki/ca --file.certificate public.backend.crt --file.certificate-bundle public.backend.bundle.crt --file.private-key private.backend.pem -n 'login.example.com' --sans 'login.example.com,authelia' --not-before 'Jan 1 00:00:00 2000' --not-after 'Jan 1 00:00:00 2100' -o 'Authelia' --organizational-unit 'Development' --bundle
|
||||
go run ./cmd/authelia crypto certificate rsa generate --directory ./internal/suites/common/pki --path.ca ./internal/suites/common/pki/ca --file.certificate public.oidc.crt --file.certificate-bundle public.oidc.bundle.crt --file.private-key private.oidc.pem -n 'login.example.com' --sans 'login.example.com,login.example1.com,login.example2.com,login.example3,com' --not-before 'Jan 1 00:00:00 2000' --not-after 'Jan 1 00:00:00 2100' -o 'Authelia' --organizational-unit 'Development' --bundle
|
||||
|
|
|
|||
|
|
@ -0,0 +1,27 @@
|
|||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEowIBAAKCAQEA0x+u2Kkd1VZGkj7FDwgoXQp0fx1mx5VXd2VEJN9yYTXzlNRZ
|
||||
Taw8WrOcud7hsBPw3DkhbCjEzvw0Ee+DjwtSCotKbtsBwjyLCegjluPHKUvsVNYZ
|
||||
m19TxYY2erx7gohdEcmCGnpWSPRUAKBasIfpM0q6LXG70o8vTuKS82Ub++Sgl1Pa
|
||||
kRL/e/KBUYFZksGEMK1oiPiOtRoJF+vUhRf46ZBg3aZ/HLNvcT5TAMgRRws+K3ek
|
||||
C5+h5oXFexUosj2DCxcjTbsL7C5nqfR3jwmjrBaGN8KnloEDvC84+OsN/nE2PLa5
|
||||
c1kTlRCvKd0gmRuucOKsJ6zvYf/hAqp/WCj1MQIDAQABAoIBAAOHCP3XvYbd/Sne
|
||||
YJ6CrWH4lb+19wyooyB8kanoDdov85TuA1v3375IN/snDTBK9QBI+BT9jWRD9H7E
|
||||
OLeAIevJLgIyKJJdPpl4xndz8NTwzs8QELd23Uh0mJ5uXcXtj1iHvGPC3YQ0iN7F
|
||||
zx4Z9zyDKB8wQkofWFQCFyB39QK9ZGDW4ZstVb57fS62SuqFPW/rO2qSpsuUUwgy
|
||||
Z2P2NqoqtqLIyw3qbsJCArzGoHuMCtjKDYenf8wJxORAsAGAREj71w2bQ20cMMIA
|
||||
w30jgoXtEC9zS2BOb3mUBHiDOKnn4vwlNd7wiLPdZIGP75G4EkI4AHLhJQ1a5YuF
|
||||
8E6V9AECgYEA1LSQVdWggvHTQnj5PHr5k7+YkL/MeIvOkLW5s0r7Lt3x45bAFaQh
|
||||
XVZIXrynv62IZmTzCPwOwrXGJJieT0Ctom0XHgtp8nu7Okxk4AISRfjy7J03EXsJ
|
||||
cS508IJ1B3HZepGvVwp+geJ0r9JmQ19JqZsJ7VENYoPKtYRZ9aV7CUECgYEA/hi1
|
||||
Yw2FcSBk/kXVlcWvKtohY6NISgI5U1Kp7T16ZH3anpew6WwQ3GfueVet714BdwaZ
|
||||
knqiiMvaTAOG66KYHCzRBSeXOozT/0N9AfKqS1y7xW+mR2nUrAiWCL95uZpB9SxE
|
||||
3gylWULV4/+wlF006tEcJ5qiXymAAYv+wEg+f/ECgYBu2XLm6J/v3esFF1p8RHJQ
|
||||
p2bw+KOspt+N1sbiQ09IC26F9wg/vvuMUu0AQj0BzYPqKO3nXsSqgGS0qbzG/KQA
|
||||
o+2KQNSEBCt8pFdlzm6LfMPMv9n1CDPRgi57MOGgcZqvH8FLETMAqW26O2ID9mLD
|
||||
OwMfZEAfeSNpGYJwXD8UgQKBgQC+0k1+Csx47YwKzOUeqivncZL7occLFWp5oa3N
|
||||
ZYsB5uYEjgSk96wd6ctUwzzzc1SET6eLMp/XPcg9p7RuR1gWaK28QkQ3C0W2ALfj
|
||||
e5raJ9U366YjIV4+p+AMx8chVLBN8CXz3+lZBHFe3Ul90hWIduu+7kkcUC06fCkf
|
||||
u+F78QKBgFajhBPESe344ixG/fASpsVe2Yg14SgYCeWkinOe856zABY8dkfWWBIq
|
||||
KX2eq1WJXErHWDuuNPP3Jol1CouqqHseqYQ+SaOhlHdoGws70bsIvBHrtj7NiEQZ
|
||||
HFLhEk+OnnG+wJ1jQ5cseA4kbTuPjEL0NNVk7OSndiuxnnDbe91R
|
||||
-----END RSA PRIVATE KEY-----
|
||||
|
|
@ -0,0 +1,44 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIID3zCCAsegAwIBAgIQZjmlbZI+QaeqQpApxA2eDjANBgkqhkiG9w0BAQsFADBb
|
||||
MREwDwYDVQQKEwhBdXRoZWxpYTEUMBIGA1UECxMLRGV2ZWxvcG1lbnQxMDAuBgNV
|
||||
BAMTJ0F1dGhlbGlhIERldmVsb3BtZW50IFN0YW5kYWxvbmUgUm9vdCBDQTAgFw0w
|
||||
MDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowRTERMA8GA1UEChMIQXV0aGVs
|
||||
aWExFDASBgNVBAsTC0RldmVsb3BtZW50MRowGAYDVQQDExFsb2dpbi5leGFtcGxl
|
||||
LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANMfrtipHdVWRpI+
|
||||
xQ8IKF0KdH8dZseVV3dlRCTfcmE185TUWU2sPFqznLne4bAT8Nw5IWwoxM78NBHv
|
||||
g48LUgqLSm7bAcI8iwnoI5bjxylL7FTWGZtfU8WGNnq8e4KIXRHJghp6Vkj0VACg
|
||||
WrCH6TNKui1xu9KPL07ikvNlG/vkoJdT2pES/3vygVGBWZLBhDCtaIj4jrUaCRfr
|
||||
1IUX+OmQYN2mfxyzb3E+UwDIEUcLPit3pAufoeaFxXsVKLI9gwsXI027C+wuZ6n0
|
||||
d48Jo6wWhjfCp5aBA7wvOPjrDf5xNjy2uXNZE5UQryndIJkbrnDirCes72H/4QKq
|
||||
f1go9TECAwEAAaOBsjCBrzAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYB
|
||||
BQUHAwEwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBSWsFW3JNYlBZGKYt5levaa
|
||||
s7PLaDBZBgNVHREEUjBQghFsb2dpbi5leGFtcGxlLmNvbYISbG9naW4uZXhhbXBs
|
||||
ZTEuY29tghJsb2dpbi5leGFtcGxlMi5jb22CDmxvZ2luLmV4YW1wbGUzggNjb20w
|
||||
DQYJKoZIhvcNAQELBQADggEBAH46LB6fFF+5dbFhEa8rsDX17oZPVsIMHi+vhmMh
|
||||
aS5IACOpmc3q/yyhZelNwB/MRzlPziQwpqwr9B5SQ9UOBvZDuv9ESXYHlVHSIGo9
|
||||
+3Ax9fvxLVpF3E62whr+d8YHjXE85UgUKaDAWYCAVB7fkY7WfyS3t8IxgJVa+oMZ
|
||||
sLeI4YmheKdgRZsE+83VcNUVuGhsh3R5NKFo46tonpbdx13Eg2k3IInKAkZmTA5D
|
||||
YoPfPTDbd1BOC+h2C0s+guUyoG1Fi5DzS/x8xNoRcZ7/fkdcboAXa8dlVZeqGRky
|
||||
ddYggjZYnqGaD9qKFAox4EqkCYB1XwNeUPUapdvGICC7UGc=
|
||||
-----END CERTIFICATE-----
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDhTCCAm2gAwIBAgIRAPl83YWFsuwIwxBRmdJyLLQwDQYJKoZIhvcNAQELBQAw
|
||||
WzERMA8GA1UEChMIQXV0aGVsaWExFDASBgNVBAsTC0RldmVsb3BtZW50MTAwLgYD
|
||||
VQQDEydBdXRoZWxpYSBEZXZlbG9wbWVudCBTdGFuZGFsb25lIFJvb3QgQ0EwIBcN
|
||||
MDAwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMFsxETAPBgNVBAoTCEF1dGhl
|
||||
bGlhMRQwEgYDVQQLEwtEZXZlbG9wbWVudDEwMC4GA1UEAxMnQXV0aGVsaWEgRGV2
|
||||
ZWxvcG1lbnQgU3RhbmRhbG9uZSBSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOC
|
||||
AQ8AMIIBCgKCAQEA2RtD74ISXHruAIIkIRTLGf5VK0b7iN5+CPW8qWjg74PCnid1
|
||||
3DOqVCZ3HSXMP0iaH5rd+WAYojQo5Z1uZ75tXgzYjt6tyXG5H1nN1fkmjkHyNORP
|
||||
abOZtngVaixvlT/hsONXszFdqogXhhI4DtEo0lvxJcnOHER4QVylM4YgDMF85jXi
|
||||
VD893Y6Luik9B6FXLVK9iAJ5MfvD/r8kEPLsDTl2u/Ye0q4igVDJq9tOtb2enhlz
|
||||
HtipYhzzNwEzQwy3tjzP9xpQG6XE6/JW20gQaBvoRBN64DMgRlh1/8ZVyYE8v/B1
|
||||
vRVpSgmyCdDJeaRYZ6J+hO3LXBXU20CVZsM5VQIDAQABo0IwQDAOBgNVHQ8BAf8E
|
||||
BAMCAqQwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUlrBVtyTWJQWRimLeZXr2
|
||||
mrOzy2gwDQYJKoZIhvcNAQELBQADggEBAKXjAw5v8VTM6EDiUvR8XdiikYkycAG/
|
||||
hcEt+QLkkBb72+tUNYbr57YJeJuqQcaPTBUQrIXsID8JV5dQJFfyIG2s3G0iuN70
|
||||
W4fSRPqsSBIcyOK+2APLjkYV8qwLdh03Lyll4SZo7PCK8ItemsIK1NWhd74N49fm
|
||||
+a8eyY5bgfA0FMkjY/ts4gAnYExGRoLOQRu/CgOvBlj2KQUrSNptze1rNlP32b63
|
||||
eUv1wf/ajK2TxI1pQgkeu2lM3Tyu7q7J4UVn0UY0wtZvHtw2+UBGKZB3ok6ejBy2
|
||||
HMjgLGuayGjhyUN8zRkuSvBynuI2wGhIlHklEbaQW5oFKbniXRqdzc4=
|
||||
-----END CERTIFICATE-----
|
||||
|
|
@ -0,0 +1,23 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIID3zCCAsegAwIBAgIQZjmlbZI+QaeqQpApxA2eDjANBgkqhkiG9w0BAQsFADBb
|
||||
MREwDwYDVQQKEwhBdXRoZWxpYTEUMBIGA1UECxMLRGV2ZWxvcG1lbnQxMDAuBgNV
|
||||
BAMTJ0F1dGhlbGlhIERldmVsb3BtZW50IFN0YW5kYWxvbmUgUm9vdCBDQTAgFw0w
|
||||
MDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowRTERMA8GA1UEChMIQXV0aGVs
|
||||
aWExFDASBgNVBAsTC0RldmVsb3BtZW50MRowGAYDVQQDExFsb2dpbi5leGFtcGxl
|
||||
LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANMfrtipHdVWRpI+
|
||||
xQ8IKF0KdH8dZseVV3dlRCTfcmE185TUWU2sPFqznLne4bAT8Nw5IWwoxM78NBHv
|
||||
g48LUgqLSm7bAcI8iwnoI5bjxylL7FTWGZtfU8WGNnq8e4KIXRHJghp6Vkj0VACg
|
||||
WrCH6TNKui1xu9KPL07ikvNlG/vkoJdT2pES/3vygVGBWZLBhDCtaIj4jrUaCRfr
|
||||
1IUX+OmQYN2mfxyzb3E+UwDIEUcLPit3pAufoeaFxXsVKLI9gwsXI027C+wuZ6n0
|
||||
d48Jo6wWhjfCp5aBA7wvOPjrDf5xNjy2uXNZE5UQryndIJkbrnDirCes72H/4QKq
|
||||
f1go9TECAwEAAaOBsjCBrzAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYB
|
||||
BQUHAwEwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBSWsFW3JNYlBZGKYt5levaa
|
||||
s7PLaDBZBgNVHREEUjBQghFsb2dpbi5leGFtcGxlLmNvbYISbG9naW4uZXhhbXBs
|
||||
ZTEuY29tghJsb2dpbi5leGFtcGxlMi5jb22CDmxvZ2luLmV4YW1wbGUzggNjb20w
|
||||
DQYJKoZIhvcNAQELBQADggEBAH46LB6fFF+5dbFhEa8rsDX17oZPVsIMHi+vhmMh
|
||||
aS5IACOpmc3q/yyhZelNwB/MRzlPziQwpqwr9B5SQ9UOBvZDuv9ESXYHlVHSIGo9
|
||||
+3Ax9fvxLVpF3E62whr+d8YHjXE85UgUKaDAWYCAVB7fkY7WfyS3t8IxgJVa+oMZ
|
||||
sLeI4YmheKdgRZsE+83VcNUVuGhsh3R5NKFo46tonpbdx13Eg2k3IInKAkZmTA5D
|
||||
YoPfPTDbd1BOC+h2C0s+guUyoG1Fi5DzS/x8xNoRcZ7/fkdcboAXa8dlVZeqGRky
|
||||
ddYggjZYnqGaD9qKFAox4EqkCYB1XwNeUPUapdvGICC7UGc=
|
||||
-----END CERTIFICATE-----
|
||||
|
|
@ -33,7 +33,7 @@ spec:
|
|||
mountPath: /config/configuration.yml
|
||||
readOnly: true
|
||||
- name: authelia-ssl
|
||||
mountPath: /config/ssl
|
||||
mountPath: /pki
|
||||
readOnly: true
|
||||
- name: secrets
|
||||
mountPath: /config/secrets
|
||||
|
|
|
|||
|
|
@ -8,8 +8,8 @@ default_redirection_url: https://home.example.com:8080
|
|||
server:
|
||||
port: 443
|
||||
tls:
|
||||
certificate: /config/ssl/public.backend.crt
|
||||
key: /config/ssl/private.backend.pem
|
||||
certificate: /pki/public.backend.crt
|
||||
key: /pki/private.backend.pem
|
||||
|
||||
log:
|
||||
level: debug
|
||||
|
|
|
|||
|
|
@ -54,7 +54,7 @@ func TestShouldNotReturnErrWhenX509DirectoryExist(t *testing.T) {
|
|||
func TestShouldReadCertsFromDirectoryButNotKeys(t *testing.T) {
|
||||
pool, warnings, errors := NewX509CertPool("../suites/common/pki/")
|
||||
assert.NotNil(t, pool)
|
||||
require.Len(t, errors, 2)
|
||||
require.Len(t, errors, 3)
|
||||
|
||||
if runtime.GOOS == "windows" {
|
||||
require.Len(t, warnings, 1)
|
||||
|
|
@ -64,7 +64,8 @@ func TestShouldReadCertsFromDirectoryButNotKeys(t *testing.T) {
|
|||
}
|
||||
|
||||
assert.EqualError(t, errors[0], "could not import certificate private.backend.pem")
|
||||
assert.EqualError(t, errors[1], "could not import certificate private.pem")
|
||||
assert.EqualError(t, errors[1], "could not import certificate private.oidc.pem")
|
||||
assert.EqualError(t, errors[2], "could not import certificate private.pem")
|
||||
}
|
||||
|
||||
func TestShouldGenerateCertificateAndPersistIt(t *testing.T) {
|
||||
|
|
|
|||
Loading…
Reference in New Issue