[FEATURE] Docker simplification and configuration generation (#1113)
* [FEATURE] Docker simplification and configuration generation The Authelia binary now will attempt to generate configuration based on the latest template assuming that the config location specified on startup does not exist. If a file based backend is selected and the backend cannot be found similarly it will generate a `user_database.yml` based a template. This will allow more seamless bootstrapping of an environment no matter the deployment method. We have also squashed the Docker volume requirement down to just `/config` thus removing the requirement for `/var/lib/authelia` this is primarily in attempts to simplify the Docker deployment. Users with the old volume mappings have two options: 1. Change their mappings to conform to `/config` 2. Change the container entrypoint from `authelia --config /config/configuration.yml` to their old mapping * Adjust paths relative to `/etc/authelia` and simplify to single volume for compose * Add generation for file backend based user database * Refactor Docker volumes and paths to /config * Refactor Docker WORKDIR to /app * Fix integration tests * Update BREAKING.md for v4.20.0 * Run go mod tidy * Fix log_file_path in miscellaneous.md docs * Generate config and userdb with 0600 permissions * Fix log_file_path in config.template.ymlpull/1117/head^2
parent
53ea5a067a
commit
ff7f9a50ab
|
@ -14,7 +14,7 @@ if [[ $BUILDKITE_LABEL =~ ":docker: Build Image" ]]; then
|
|||
# Save binary for buildkite and github artifacts
|
||||
if [[ "${ARCH}" != "coverage" ]]; then
|
||||
docker create --name authelia-binary ${DOCKER_IMAGE}:latest
|
||||
docker cp authelia-binary:/usr/app/authelia ./authelia-"${OS}"-"${ARCH}"
|
||||
docker cp authelia-binary:/app/authelia ./authelia-"${OS}"-"${ARCH}"
|
||||
docker rm -f authelia-binary
|
||||
tar -czf authelia-"${OS}"-"${ARCH}".tar.gz authelia-"${OS}"-"${ARCH}" authelia.service config.template.yml
|
||||
sha256sum authelia-"${OS}"-"${ARCH}".tar.gz > authelia-"${OS}"-"${ARCH}".tar.gz.sha256
|
||||
|
|
14
BREAKING.md
14
BREAKING.md
|
@ -6,6 +6,20 @@ recommended not to use the 'latest' Docker image tag blindly but pick a version
|
|||
and read this documentation before upgrading. This is where you will get information about
|
||||
breaking changes and about what you should do to overcome those changes.
|
||||
|
||||
## Breaking in v4.20.0
|
||||
* Authelia's Docker volumes have been refactored. All data should reside within a single volume of `/config`.
|
||||
All examples have been updated to reflect this change. The entrypoint for the container changed from
|
||||
`authelia --config /etc/authelia/configuration.yml` to `authelia --config /config/configuration.yml`.
|
||||
|
||||
Users migrating to v4.20.0 have two options:
|
||||
1. Change your container mappings to point to `/config` also change any associated paths in your `configuration.yml` to
|
||||
represent the new `/config` mappings.
|
||||
2. Change your container entry point back to `authelia --config /etc/authelia/configuration.yml`
|
||||
* **Docker Compose:** `command: authelia --config /etc/authelia/configuration.yml`
|
||||
* **Docker Run:** `docker run -d -v /path/on/host:/etc/authelia authelia/authelia:latest authelia --config /etc/authelia/configuration.yml`
|
||||
|
||||
The team recommends option 1 to unify/simplify troubleshooting for support related issues.
|
||||
|
||||
## Breaking in v4.18.0
|
||||
* Secrets stored directly in ENV are now removed from Authelia. They have been replaced with file
|
||||
secrets. If you still have not moved feel free to contact the team for assistance, otherwise the
|
||||
|
|
15
Dockerfile
15
Dockerfile
|
@ -22,7 +22,7 @@ RUN apk --no-cache add gcc musl-dev
|
|||
|
||||
WORKDIR /go/src/app
|
||||
|
||||
COPY go.mod go.sum ./
|
||||
COPY go.mod go.sum config.template.yml ./
|
||||
COPY --from=builder-frontend /node/src/app/build public_html
|
||||
|
||||
RUN go mod download
|
||||
|
@ -32,7 +32,9 @@ COPY internal internal
|
|||
|
||||
# Prepare static files to be embedded in Go binary
|
||||
RUN go get -u aletheia.icu/broccoli && \
|
||||
cd internal/server && \
|
||||
cd internal/configuration && \
|
||||
go generate . && \
|
||||
cd ../server && \
|
||||
go generate .
|
||||
|
||||
# Set the build version and time
|
||||
|
@ -51,15 +53,14 @@ FROM alpine:3.12.0
|
|||
|
||||
RUN apk --no-cache add ca-certificates tzdata
|
||||
|
||||
WORKDIR /usr/app
|
||||
WORKDIR /app
|
||||
|
||||
COPY --from=builder-backend /go/src/app/cmd/authelia/authelia ./
|
||||
|
||||
EXPOSE 9091
|
||||
|
||||
VOLUME /etc/authelia
|
||||
VOLUME /var/lib/authelia
|
||||
VOLUME /config
|
||||
|
||||
ENV PATH="/usr/app:${PATH}"
|
||||
ENV PATH="/app:${PATH}"
|
||||
|
||||
CMD ["./authelia", "--config", "/etc/authelia/configuration.yml"]
|
||||
CMD ["authelia", "--config", "/config/configuration.yml"]
|
||||
|
|
|
@ -25,7 +25,7 @@ RUN apk --no-cache add curl && \
|
|||
|
||||
WORKDIR /go/src/app
|
||||
|
||||
COPY go.mod go.sum ./
|
||||
COPY go.mod go.sum config.template.yml ./
|
||||
COPY --from=builder-frontend /node/src/app/build public_html
|
||||
|
||||
RUN go mod download
|
||||
|
@ -35,7 +35,9 @@ COPY internal internal
|
|||
|
||||
# Prepare static files to be embedded in Go binary
|
||||
RUN go get -u aletheia.icu/broccoli && \
|
||||
cd internal/server && \
|
||||
cd internal/configuration && \
|
||||
go generate . && \
|
||||
cd ../server && \
|
||||
go generate .
|
||||
|
||||
# Set the build version and time
|
||||
|
@ -57,15 +59,14 @@ COPY ./qemu-arm-static /usr/bin/qemu-arm-static
|
|||
RUN apk --no-cache add ca-certificates tzdata && \
|
||||
rm /usr/bin/qemu-arm-static
|
||||
|
||||
WORKDIR /usr/app
|
||||
WORKDIR /app
|
||||
|
||||
COPY --from=builder-backend /go/src/app/cmd/authelia/authelia ./
|
||||
|
||||
EXPOSE 9091
|
||||
|
||||
VOLUME /etc/authelia
|
||||
VOLUME /var/lib/authelia
|
||||
VOLUME /config
|
||||
|
||||
ENV PATH="/usr/app:${PATH}"
|
||||
ENV PATH="/app:${PATH}"
|
||||
|
||||
CMD ["./authelia", "--config", "/etc/authelia/configuration.yml"]
|
||||
CMD ["authelia", "--config", "/config/configuration.yml"]
|
||||
|
|
|
@ -25,7 +25,7 @@ RUN apk --no-cache add curl && \
|
|||
|
||||
WORKDIR /go/src/app
|
||||
|
||||
COPY go.mod go.sum ./
|
||||
COPY go.mod go.sum config.template.yml ./
|
||||
COPY --from=builder-frontend /node/src/app/build public_html
|
||||
|
||||
RUN go mod download
|
||||
|
@ -35,7 +35,9 @@ COPY internal internal
|
|||
|
||||
# Prepare static files to be embedded in Go binary
|
||||
RUN go get -u aletheia.icu/broccoli && \
|
||||
cd internal/server && \
|
||||
cd internal/configuration && \
|
||||
go generate . && \
|
||||
cd ../server && \
|
||||
go generate .
|
||||
|
||||
# Set the build version and time
|
||||
|
@ -57,15 +59,14 @@ COPY ./qemu-aarch64-static /usr/bin/qemu-aarch64-static
|
|||
RUN apk --no-cache add ca-certificates tzdata && \
|
||||
rm /usr/bin/qemu-aarch64-static
|
||||
|
||||
WORKDIR /usr/app
|
||||
WORKDIR /app
|
||||
|
||||
COPY --from=builder-backend /go/src/app/cmd/authelia/authelia ./
|
||||
|
||||
EXPOSE 9091
|
||||
|
||||
VOLUME /etc/authelia
|
||||
VOLUME /var/lib/authelia
|
||||
VOLUME /config
|
||||
|
||||
ENV PATH="/usr/app:${PATH}"
|
||||
ENV PATH="/app:${PATH}"
|
||||
|
||||
CMD ["./authelia", "--config", "/etc/authelia/configuration.yml"]
|
||||
CMD ["authelia", "--config", "/config/configuration.yml"]
|
||||
|
|
|
@ -22,7 +22,7 @@ RUN apk --no-cache add gcc musl-dev
|
|||
|
||||
WORKDIR /go/src/app
|
||||
|
||||
COPY go.mod go.sum ./
|
||||
COPY go.mod go.sum config.template.yml ./
|
||||
COPY --from=builder-frontend /node/src/app/build public_html
|
||||
|
||||
RUN go mod download
|
||||
|
@ -32,7 +32,9 @@ COPY internal internal
|
|||
|
||||
# Prepare static files to be embedded in Go binary
|
||||
RUN go get -u aletheia.icu/broccoli && \
|
||||
cd internal/server && \
|
||||
cd internal/configuration && \
|
||||
go generate . && \
|
||||
cd ../server && \
|
||||
go generate .
|
||||
|
||||
# Set the build version and time
|
||||
|
@ -51,15 +53,14 @@ FROM alpine:3.12.0
|
|||
|
||||
RUN apk --no-cache add ca-certificates tzdata
|
||||
|
||||
WORKDIR /usr/app
|
||||
WORKDIR /app
|
||||
|
||||
COPY --from=builder-backend /go/src/app/cmd/authelia/authelia ./
|
||||
|
||||
EXPOSE 9091
|
||||
|
||||
VOLUME /etc/authelia
|
||||
VOLUME /var/lib/authelia
|
||||
VOLUME /config
|
||||
|
||||
ENV PATH="/usr/app:${PATH}"
|
||||
ENV PATH="/app:${PATH}"
|
||||
|
||||
CMD ["./authelia", "-test.coverprofile=/app/coverage.txt", "COVERAGE", "--config", "/etc/authelia/configuration.yml"]
|
||||
CMD ["authelia", "-test.coverprofile=/authelia/coverage.txt", "COVERAGE", "--config", "/config/configuration.yml"]
|
||||
|
|
|
@ -56,6 +56,15 @@ func generateEmbeddedAssets() {
|
|||
panic(err)
|
||||
}
|
||||
|
||||
cmd = utils.CommandWithStdout("go", "generate", ".")
|
||||
cmd.Dir = "internal/configuration"
|
||||
|
||||
err = cmd.Run()
|
||||
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
|
||||
cmd = utils.CommandWithStdout("go", "generate", ".")
|
||||
cmd.Dir = "internal/server"
|
||||
|
||||
|
|
|
@ -19,7 +19,7 @@ totp:
|
|||
|
||||
authentication_backend:
|
||||
file:
|
||||
path: /etc/authelia/users_database.yml
|
||||
path: /config/users_database.yml
|
||||
|
||||
access_control:
|
||||
default_policy: deny
|
||||
|
@ -53,7 +53,7 @@ regulation:
|
|||
|
||||
storage:
|
||||
local:
|
||||
path: /var/lib/authelia/db.sqlite3
|
||||
path: /config/db.sqlite3
|
||||
|
||||
notifier:
|
||||
smtp:
|
|
@ -9,9 +9,7 @@ services:
|
|||
image: authelia/authelia
|
||||
container_name: authelia
|
||||
volumes:
|
||||
- ./authelia:/var/lib/authelia
|
||||
- ./configuration.yml:/etc/authelia/configuration.yml:ro
|
||||
- ./users_database.yml:/etc/authelia/users_database.yml
|
||||
- ./authelia:/config
|
||||
networks:
|
||||
- net
|
||||
labels:
|
||||
|
|
|
@ -1,45 +0,0 @@
|
|||
###############################################################
|
||||
# Authelia configuration #
|
||||
###############################################################
|
||||
|
||||
host: 0.0.0.0
|
||||
port: 9091
|
||||
log_level: debug
|
||||
jwt_secret: a_very_important_secret
|
||||
default_redirection_url: https://public.example.com
|
||||
totp:
|
||||
issuer: authelia.com
|
||||
|
||||
authentication_backend:
|
||||
file:
|
||||
path: /etc/authelia/users_database.yml
|
||||
|
||||
access_control:
|
||||
default_policy: deny
|
||||
rules:
|
||||
- domain: public.example.com
|
||||
policy: bypass
|
||||
- domain: traefik.example.com
|
||||
policy: one_factor
|
||||
- domain: secure.example.com
|
||||
policy: two_factor
|
||||
|
||||
session:
|
||||
name: authelia_session
|
||||
secret: unsecure_session_secret
|
||||
expiration: 3600 # 1 hour
|
||||
inactivity: 300 # 5 minutes
|
||||
domain: example.com # Should match whatever your root protected domain is
|
||||
|
||||
regulation:
|
||||
max_retries: 3
|
||||
find_time: 120
|
||||
ban_time: 300
|
||||
|
||||
storage:
|
||||
local:
|
||||
path: /var/lib/authelia/db.sqlite3
|
||||
|
||||
notifier:
|
||||
filesystem:
|
||||
filename: /var/lib/authelia/notification.txt
|
|
@ -9,9 +9,7 @@ services:
|
|||
image: authelia/authelia
|
||||
container_name: authelia
|
||||
volumes:
|
||||
- ./authelia:/var/lib/authelia
|
||||
- ./configuration.yml:/etc/authelia/configuration.yml:ro
|
||||
- ./users_database.yml:/etc/authelia/users_database.yml
|
||||
- ./authelia:/config
|
||||
networks:
|
||||
- net
|
||||
labels:
|
||||
|
|
|
@ -1,14 +0,0 @@
|
|||
###############################################################
|
||||
# Users Database #
|
||||
###############################################################
|
||||
|
||||
# This file can be used if you do not have an LDAP set up.
|
||||
|
||||
# List of users
|
||||
users:
|
||||
<USERNAME>:
|
||||
password: "<PASSWORD>"
|
||||
email: <USERNAME>@example.com
|
||||
groups:
|
||||
- admins
|
||||
- dev
|
|
@ -5,8 +5,8 @@
|
|||
# The host and port to listen on
|
||||
host: 0.0.0.0
|
||||
port: 9091
|
||||
# tls_key: /var/lib/authelia/ssl/key.pem
|
||||
# tls_cert: /var/lib/authelia/ssl/cert.pem
|
||||
# tls_key: /config/ssl/key.pem
|
||||
# tls_cert: /config/ssl/cert.pem
|
||||
|
||||
# Configuration options specific to the internal http server
|
||||
server:
|
||||
|
@ -22,7 +22,7 @@ server:
|
|||
# Level of verbosity for logs: info, debug, trace
|
||||
log_level: debug
|
||||
## File path where the logs will be written. If not set logs are written to stdout.
|
||||
# log_file_path: /var/log/authelia
|
||||
# log_file_path: /config/authelia.log
|
||||
|
||||
# The secret used to generate JWT tokens when validating user identity by
|
||||
# email confirmation.
|
||||
|
@ -169,7 +169,7 @@ authentication_backend:
|
|||
# https://docs.authelia.com/configuration/authentication/file.html#password-hash-algorithm-tuning
|
||||
#
|
||||
## file:
|
||||
## path: ./users_database.yml
|
||||
## path: /config/users_database.yml
|
||||
## password:
|
||||
## algorithm: argon2id
|
||||
## iterations: 1
|
||||
|
@ -345,7 +345,7 @@ regulation:
|
|||
storage:
|
||||
# The directory where the DB files will be saved
|
||||
## local:
|
||||
## path: /var/lib/authelia/db.sqlite3
|
||||
## path: /config/db.sqlite3
|
||||
|
||||
# Settings to connect to MySQL server
|
||||
mysql:
|
||||
|
@ -377,7 +377,7 @@ notifier:
|
|||
|
||||
# For testing purpose, notifications can be sent in a file
|
||||
## filesystem:
|
||||
## filename: /tmp/authelia/notification.txt
|
||||
## filename: /config/notification.txt
|
||||
|
||||
# Use a SMTP server for sending notifications. Authelia uses PLAIN or LOGIN method to authenticate.
|
||||
# [Security] By default Authelia will:
|
||||
|
|
|
@ -33,7 +33,7 @@ authentication_backend:
|
|||
# https://docs.authelia.com/configuration/authentication/file.html#password-hash-algorithm-tuning
|
||||
|
||||
file:
|
||||
path: /var/lib/authelia/users.yml
|
||||
path: /config/users.yml
|
||||
password:
|
||||
algorithm: argon2id
|
||||
iterations: 1
|
||||
|
|
|
@ -28,8 +28,8 @@ Authelia can use TLS. Provide the certificate and the key with the
|
|||
following configuration options:
|
||||
|
||||
```yaml
|
||||
tls_key: /var/lib/authelia/ssl/key.pem
|
||||
tls_cert: /var/lib/authelia/ssl/cert.pem
|
||||
tls_key: /config/ssl/key.pem
|
||||
tls_cert: /config/ssl/cert.pem
|
||||
```
|
||||
|
||||
## Log
|
||||
|
@ -55,7 +55,7 @@ Logs can be stored in a file when file path is provided. Otherwise logs
|
|||
are written to standard output.
|
||||
|
||||
```yaml
|
||||
log_file_path: /var/log/authelia.log
|
||||
log_file_path: /config/authelia.log
|
||||
```
|
||||
|
||||
|
||||
|
|
|
@ -23,5 +23,5 @@ notifier:
|
|||
|
||||
# For testing purpose, notifications can be sent in a file.
|
||||
filesystem:
|
||||
filename: /tmp/authelia/notification.txt
|
||||
filename: /config/notification.txt
|
||||
```
|
||||
|
|
|
@ -23,7 +23,7 @@ notifier:
|
|||
|
||||
# For testing purpose, notifications can be sent in a file.
|
||||
## filesystem:
|
||||
## filename: /tmp/authelia/notification.txt
|
||||
## filename: /config/notification.txt
|
||||
|
||||
# Use a SMTP server for sending notifications. Authelia uses PLAIN or LOGIN method to authenticate.
|
||||
# [Security] By default Authelia will:
|
||||
|
|
|
@ -107,8 +107,7 @@ services:
|
|||
- smtp
|
||||
- ldap
|
||||
volumes:
|
||||
- /path/to/authelia:/var/lib/authelia
|
||||
- /path/to/authelia/configuration.yml:/etc/authelia/configuration.yml:ro
|
||||
- /path/to/authelia:/config
|
||||
networks:
|
||||
- net
|
||||
expose:
|
||||
|
@ -129,7 +128,7 @@ services:
|
|||
|
||||
This example assumes secrets are stored in `/path/to/authelia/secrets/{secretname}`
|
||||
on the host and are exposed with bind mounted secret files in a `docker-compose.yml` file
|
||||
at `/etc/authelia/secrets/`:
|
||||
at `/config/secrets/`:
|
||||
|
||||
```yaml
|
||||
version: '3.8'
|
||||
|
@ -143,22 +142,20 @@ services:
|
|||
image: authelia/authelia
|
||||
container_name: authelia
|
||||
volumes:
|
||||
- /path/to/authelia:/var/lib/authelia
|
||||
- /path/to/authelia/configuration.yml:/etc/authelia/configuration.yml:ro
|
||||
- /path/to/authelia/secrets:/etc/authelia/secrets
|
||||
- /path/to/authelia:/config
|
||||
networks:
|
||||
- net
|
||||
expose:
|
||||
- 9091
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
- AUTHELIA_JWT_SECRET_FILE=/etc/authelia/secrets/jwt
|
||||
- AUTHELIA_DUO_API_SECRET_KEY_FILE=/etc/authelia/secrets/duo
|
||||
- AUTHELIA_SESSION_SECRET_FILE=/etc/authelia/secrets/session
|
||||
- AUTHELIA_SESSION_REDIS_PASSWORD_FILE=/etc/authelia/secrets/redis
|
||||
- AUTHELIA_STORAGE_MYSQL_PASSWORD_FILE=/etc/authelia/secrets/mysql
|
||||
- AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE=/etc/authelia/secrets/smtp
|
||||
- AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD_FILE=/etc/authelia/secrets/ldap
|
||||
- AUTHELIA_JWT_SECRET_FILE=/config/secrets/jwt
|
||||
- AUTHELIA_DUO_API_SECRET_KEY_FILE=/config/secrets/duo
|
||||
- AUTHELIA_SESSION_SECRET_FILE=/config/secrets/session
|
||||
- AUTHELIA_SESSION_REDIS_PASSWORD_FILE=/config/secrets/redis
|
||||
- AUTHELIA_STORAGE_MYSQL_PASSWORD_FILE=/config/secrets/mysql
|
||||
- AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE=/config/secrets/smtp
|
||||
- AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD_FILE=/config/secrets/ldap
|
||||
- TZ=Australia/Melbourne
|
||||
```
|
||||
|
||||
|
@ -233,17 +230,17 @@ spec:
|
|||
imagePullPolicy: IfNotPresent
|
||||
env:
|
||||
- name: AUTHELIA_JWT_SECRET_FILE
|
||||
value: /usr/app/secrets/jwt
|
||||
value: /app/secrets/jwt
|
||||
- name: AUTHELIA_DUO_API_SECRET_KEY_FILE
|
||||
value: /usr/app/secrets/duo
|
||||
value: /app/secrets/duo
|
||||
- name: AUTHELIA_SESSION_SECRET_FILE
|
||||
value: /usr/app/secrets/session
|
||||
value: /app/secrets/session
|
||||
- name: AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD_FILE
|
||||
value: /usr/app/secrets/ldap_password
|
||||
value: /app/secrets/ldap_password
|
||||
- name: AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE
|
||||
value: /usr/app/secrets/smtp_password
|
||||
value: /app/secrets/smtp_password
|
||||
- name: AUTHELIA_STORAGE_POSTGRES_PASSWORD_FILE
|
||||
value: /usr/app/secrets/sql_password
|
||||
value: /app/secrets/sql_password
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: 80
|
||||
|
@ -272,9 +269,9 @@ spec:
|
|||
periodSeconds: 5
|
||||
failureThreshold: 5
|
||||
volumeMounts:
|
||||
- mountPath: /etc/authelia
|
||||
- mountPath: /config
|
||||
name: config-volume
|
||||
- mountPath: /usr/app/secrets
|
||||
- mountPath: /app/secrets
|
||||
name: secrets
|
||||
readOnly: true
|
||||
- mountPath: /etc/localtime
|
||||
|
|
|
@ -19,5 +19,5 @@ Just give the path to the sqlite database. It will be created if the file does n
|
|||
```yaml
|
||||
storage:
|
||||
local:
|
||||
path: /var/lib/authelia/db.sqlite3
|
||||
path: /config/db.sqlite3
|
||||
```
|
||||
|
|
|
@ -44,7 +44,7 @@ pay attention to the permissions of the configuration file. See
|
|||
|
||||
### Deploy With Docker
|
||||
|
||||
$ docker run -v /path/to/your/configuration.yml:/etc/authelia/configuration.yml -e TZ=Europe/Paris authelia/authelia
|
||||
$ docker run -v /path/to/your/configuration.yml:/config/configuration.yml -e TZ=Europe/Paris authelia/authelia
|
||||
|
||||
## FAQ
|
||||
|
||||
|
|
|
@ -63,8 +63,7 @@ services:
|
|||
image: authelia/authelia
|
||||
container_name: authelia
|
||||
volumes:
|
||||
- /path/to/authelia:/var/lib/authelia
|
||||
- /path/to/authelia/config.yml:/etc/authelia/configuration.yml:ro
|
||||
- /path/to/authelia:/config
|
||||
networks:
|
||||
- net
|
||||
labels:
|
||||
|
|
|
@ -66,8 +66,7 @@ services:
|
|||
image: authelia/authelia
|
||||
container_name: authelia
|
||||
volumes:
|
||||
- /path/to/authelia:/var/lib/authelia
|
||||
- /path/to/authelia/config.yml:/etc/authelia/configuration.yml:ro
|
||||
- /path/to/authelia:/config
|
||||
networks:
|
||||
- net
|
||||
labels:
|
||||
|
|
29
go.sum
29
go.sum
|
@ -25,6 +25,7 @@ github.com/DataDog/sketches-go v0.0.0-20190923095040-43f19ad77ff7 h1:qELHH0AWCvf
|
|||
github.com/DataDog/sketches-go v0.0.0-20190923095040-43f19ad77ff7/go.mod h1:Q5DbzQ+3AkgGwymQO7aZFNP7ns2lZKGtvRBzRXfdi60=
|
||||
github.com/Gurpartap/logrus-stack v0.0.0-20170710170904-89c00d8a28f4 h1:vdT7QwBhJJEVNFMBNhRSFDRCB6O16T28VhvqRgqFyn8=
|
||||
github.com/Gurpartap/logrus-stack v0.0.0-20170710170904-89c00d8a28f4/go.mod h1:SvXOG8ElV28oAiG9zv91SDe5+9PfIr7PPccpr8YyXNs=
|
||||
github.com/OneOfOne/xxhash v1.2.2 h1:KMrpdQIwFcEqXDklaen+P1axHaj9BSKzvpUUfnHldSE=
|
||||
github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
|
||||
github.com/Workiva/go-datastructures v1.0.52 h1:PLSK6pwn8mYdaoaCZEMsXBpBotr4HHn9abU0yMQt0NI=
|
||||
github.com/Workiva/go-datastructures v1.0.52/go.mod h1:Z+F2Rca0qCsVYDS8z7bAGm8f3UkzuWYS/oBZz5a7VVA=
|
||||
|
@ -54,6 +55,7 @@ github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc h1:biVzkmvwrH8
|
|||
github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
|
||||
github.com/bradfitz/gomemcache v0.0.0-20190913173617-a41fca850d0b/go.mod h1:H0wQNHz2YrLsuXOZozoeDmnHXkNCRmMW0gwFWDfEZDA=
|
||||
github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
|
||||
github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko=
|
||||
github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
|
||||
github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
|
||||
github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
|
||||
|
@ -72,6 +74,7 @@ github.com/deckarep/golang-set v1.7.1 h1:SCQV0S6gTtp6itiFrTqI+pfmJ4LN85S1YzhDf9r
|
|||
github.com/deckarep/golang-set v1.7.1/go.mod h1:93vsz/8Wt4joVM7c2AVqh+YRMiUSc14yDtF28KmMOgQ=
|
||||
github.com/dgrijalva/jwt-go v3.2.0+incompatible h1:7qlOGliEKZXTDg6OTjfoBKDXWrumCAMpl/TFQ4/5kLM=
|
||||
github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
|
||||
github.com/dgryski/go-rendezvous v0.0.0-20180401054734-3692eb46c031 h1:GqrUYGzmGuc00lpc+K0wwrqshfkKLwgYFJiCyOZFMVE=
|
||||
github.com/dgryski/go-rendezvous v0.0.0-20180401054734-3692eb46c031/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc=
|
||||
github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no=
|
||||
github.com/duosecurity/duo_api_golang v0.0.0-20190308151101-6c680f768e74 h1:2MIhn2R6oXQbgW5yHfS+d6YqyMfXiu2L55rFZC4UD/M=
|
||||
|
@ -82,36 +85,23 @@ github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1m
|
|||
github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
|
||||
github.com/facebookgo/stack v0.0.0-20160209184415-751773369052 h1:JWuenKqqX8nojtoVVWjGfOF9635RETekkoH6Cc9SX0A=
|
||||
github.com/facebookgo/stack v0.0.0-20160209184415-751773369052/go.mod h1:UbMTZqLaRiH3MsBH8va0n7s1pQYcu3uTb8G4tygF4Zg=
|
||||
github.com/fasthttp/router v1.1.6 h1:lBcXxp1ZNoNbSeh4+RvAaXKSEiHU6sGd+gEMpd5Xjog=
|
||||
github.com/fasthttp/router v1.1.6/go.mod h1:E1mpv7mrQzAhiSQdqhRb+GBTC7MEV+bLFVmgzSA5oFM=
|
||||
github.com/fasthttp/router v1.1.7 h1:1Wt3iK7yILMNUlgWg3kfqNW8cQhvMIgkqKUhh370wR4=
|
||||
github.com/fasthttp/router v1.1.7/go.mod h1:GllqmaKtAsIvYwz5Nbu0qcbQQXBSVaeXw2KY3SmlbYM=
|
||||
github.com/fasthttp/router v1.2.1 h1:8xVgc9j39HkI4KQcxcN3Kmo0K/1/GnGGbBeqjegtCJk=
|
||||
github.com/fasthttp/router v1.2.1/go.mod h1:7KEYuV4ieG9kNJqqxnH0pwIdO69cJCVhVqZx3CpOURw=
|
||||
github.com/fasthttp/router v1.2.2 h1:znEzZbSKjKDzXwUHiq/HQ17brnKx9ZF6ZphYKGrfkVk=
|
||||
github.com/fasthttp/router v1.2.2/go.mod h1:7KEYuV4ieG9kNJqqxnH0pwIdO69cJCVhVqZx3CpOURw=
|
||||
github.com/fasthttp/session/v2 v2.1.0 h1:X84Wx3S5hO2AM5B030yhus6+J3ROWY/wA76rye3K00s=
|
||||
github.com/fasthttp/session/v2 v2.1.0/go.mod h1:VEaGPgnkB9J+/fy0nKqSU6VGS7hjVy1H7/zI+LCOgbo=
|
||||
github.com/fasthttp/session/v2 v2.1.1 h1:Cw+BZkfgfQ/IXYTYNtYXxj5Qg5WbArCrRQnfIok9OuM=
|
||||
github.com/fasthttp/session/v2 v2.1.1/go.mod h1:JBwLzecuSht7fkNJXvB5mvRoi2BhSiTZZ1+vKoWyjAE=
|
||||
github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
|
||||
github.com/fsnotify/fsnotify v1.4.7 h1:IXs+QLmnXW2CcXuY+8Mzv/fWEsPGWxqefPtCP5CnV9I=
|
||||
github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
|
||||
github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
|
||||
github.com/go-asn1-ber/asn1-ber v1.3.1 h1:gvPdv/Hr++TRFCl0UbPFHC54P9N9jgsRPnmnr419Uck=
|
||||
github.com/go-asn1-ber/asn1-ber v1.3.1/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0=
|
||||
github.com/go-asn1-ber/asn1-ber v1.5.0 h1:/S4hO/AO6tLMlPX0oftGSOcdGJJN/MuYzfgWRMn199E=
|
||||
github.com/go-asn1-ber/asn1-ber v1.5.0/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0=
|
||||
github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
|
||||
github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
|
||||
github.com/go-ldap/ldap/v3 v3.1.10 h1:7WsKqasmPThNvdl0Q5GPpbTDD/ZD98CfuawrMIuh7qQ=
|
||||
github.com/go-ldap/ldap/v3 v3.1.10/go.mod h1:5Zun81jBTabRaI8lzN7E1JjyEl1g6zI6u9pd8luAK4Q=
|
||||
github.com/go-ldap/ldap/v3 v3.1.11 h1:EojIR9zHvfQS8LEz+EjvnPSvsfPYS3UioBezeOOskIA=
|
||||
github.com/go-ldap/ldap/v3 v3.1.11/go.mod h1:dtLsnBXnSLIsMRbCBuRpHflCGaYzZ5jn+x1q7XqMTKU=
|
||||
github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
|
||||
github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
|
||||
github.com/go-redis/redis/v8 v8.0.0-beta.2 h1:9S28J9QMBotgI3tGgXbX1Wk9i8QYC3Orw4bTLoPrQeI=
|
||||
github.com/go-redis/redis/v8 v8.0.0-beta.2/go.mod h1:o1M7JtsgfDYyv3o+gBn/jJ1LkqpnCrmil7PSppZGBak=
|
||||
github.com/go-redis/redis/v8 v8.0.0-beta.4 h1:oIZMgBk2CHvLd1/rfn8sybGNwzTTmKEvRoXGz6ZiWnI=
|
||||
github.com/go-redis/redis/v8 v8.0.0-beta.4/go.mod h1:NlNCdZHGMxsMUjOkA1Xab/1SsVzAwI7WPBXbh1O7vHM=
|
||||
github.com/go-sql-driver/mysql v1.5.0 h1:ozyZYNQW3x3HtqT1jira07DN2PArx2v7/mN66gGcHOs=
|
||||
github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
|
||||
|
@ -226,8 +216,6 @@ github.com/kr/pty v1.1.1 h1:VkoXIwSboBpnk99O/KFauAEILuNHv5DVFKZMBN/gUgw=
|
|||
github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
|
||||
github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
|
||||
github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
|
||||
github.com/lib/pq v1.5.2 h1:yTSXVswvWUOQ3k1sd7vJfDrbSl8lKuscqFJRqjC0ifw=
|
||||
github.com/lib/pq v1.5.2/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
|
||||
github.com/lib/pq v1.6.0 h1:I5DPxhYJChW9KYc66se+oKFFQX6VuQrKiprsX6ivRZc=
|
||||
github.com/lib/pq v1.6.0/go.mod h1:4vXEAYvW1fRQ2/FhZ78H73A60MHw1geSm145z2mdY1g=
|
||||
github.com/lib/pq v1.7.0 h1:h93mCPfUSkaul3Ka/VG8uZdmW1uMHDGxzu0NWHuJmHY=
|
||||
|
@ -304,12 +292,8 @@ github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6So
|
|||
github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
|
||||
github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
|
||||
github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
|
||||
github.com/savsgio/dictpool v0.0.0-20200414074025-215dfcb77c2c h1:EVgT3hCwdDn/HmAmzRLEAoK2qHhcO8AD22AvPAE1/mk=
|
||||
github.com/savsgio/dictpool v0.0.0-20200414074025-215dfcb77c2c/go.mod h1:InhUgunRRHK3vhg8YZHIRnxyoQGvGxwOE1p55leevWU=
|
||||
github.com/savsgio/dictpool v0.0.0-20200608150529-6a3c1a8f6ab2 h1:V+VG/pzeMdwBlS21mJmNkBnQQmZWyuBgYRoz0SVxaVk=
|
||||
github.com/savsgio/dictpool v0.0.0-20200608150529-6a3c1a8f6ab2/go.mod h1:LTEdLD+Y+KR4yx9eRMIgciXZo4Od0doGWP/hjgfOlE0=
|
||||
github.com/savsgio/gotils v0.0.0-20200413113635-8c468ce75cca h1:Qe7Mtuhjkk38HVpRtvWdziZJcwG3Qup1mfyvyOrcnyM=
|
||||
github.com/savsgio/gotils v0.0.0-20200413113635-8c468ce75cca/go.mod h1:TWNAOTaVzGOXq8RbEvHnhzA/A2sLZzgn0m6URjnukY8=
|
||||
github.com/savsgio/gotils v0.0.0-20200608150037-a5f6f5aef16c h1:2nF5+FZ4/qp7pZVL7fR6DEaSTzuDmNaFTyqp92/hwF8=
|
||||
github.com/savsgio/gotils v0.0.0-20200608150037-a5f6f5aef16c/go.mod h1:TWNAOTaVzGOXq8RbEvHnhzA/A2sLZzgn0m6URjnukY8=
|
||||
github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc=
|
||||
|
@ -324,6 +308,7 @@ github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1
|
|||
github.com/smartystreets/goconvey v1.6.4 h1:fv0U8FUIMPNf1L9lnHLvLhgicrIVChEkdzIKYqbNC9s=
|
||||
github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
|
||||
github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM=
|
||||
github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72 h1:qLC7fQah7D6K1B0ujays3HV9gkFtllcxhzImRR7ArPQ=
|
||||
github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
|
||||
github.com/spf13/afero v1.1.2 h1:m8/z1t7/fwjysjQRYbP0RD+bUIF/8tJwPdEZsI83ACI=
|
||||
github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ=
|
||||
|
@ -345,8 +330,6 @@ github.com/stretchr/testify v1.2.0/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXf
|
|||
github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
|
||||
github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
|
||||
github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
|
||||
github.com/stretchr/testify v1.6.0 h1:jlIyCplCJFULU/01vCkhKuTyc3OorI3bJFuw6obfgho=
|
||||
github.com/stretchr/testify v1.6.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
|
||||
github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd0=
|
||||
github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
|
||||
github.com/subosito/gotenv v1.2.0 h1:Slr1R9HxAlEKefgq5jn9U+DnETlIUa6HfgEzj0g5d7s=
|
||||
|
@ -361,8 +344,6 @@ github.com/tstranex/u2f v1.0.0/go.mod h1:eahSLaqAS0zsIEv80+vXT7WanXs7MQQDg3j3wGB
|
|||
github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc=
|
||||
github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw=
|
||||
github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc=
|
||||
github.com/valyala/fasthttp v1.13.1 h1:Z7kVhKP9NZz+tCSY7AVhCMPPAk7b+e5fq0l/BfdTlFc=
|
||||
github.com/valyala/fasthttp v1.13.1/go.mod h1:ol1PCaL0dX20wC0htZ7sYCsvCYmrouYra0zHzaclZhE=
|
||||
github.com/valyala/fasthttp v1.14.0 h1:67bfuW9azCMwW/Jlq/C+VeihNpAuJMWkYPBig1gdi3A=
|
||||
github.com/valyala/fasthttp v1.14.0/go.mod h1:ol1PCaL0dX20wC0htZ7sYCsvCYmrouYra0zHzaclZhE=
|
||||
github.com/valyala/tcplisten v0.0.0-20161114210144-ceec8f93295a/go.mod h1:v3UYOV9WzVtRmSR+PDvWpU/qWl4Wa5LApYYX4ZtKbio=
|
||||
|
|
|
@ -0,0 +1,5 @@
|
|||
package authentication
|
||||
|
||||
import "aletheia.icu/broccoli/fs"
|
||||
|
||||
var cfg = fs.New(false, []byte("\x8b\xa1\x80\r\xff\x83\x02\x01\x02\xff\x84\x00\x01\xff\x82\x00\x00=\xff\x81\x03\x01\x02\xff\x82\x00\x01\x05\x01\x04Data\x01\n\x00\x01\x05Fpath\x01\f\x00\x01\x05Fname\x01\f\x00\x01\x05Fsize\x01\x04\x00\x01\x05Ftime\x01\x04\x00\x00\x00\xff\xf6\xff\x84\x00\x01\x01\xff\xaa\x1b\xe6\x00`\x1c\x87\xb1\xf3\xa4II\xda\xd3]\xbci`\x9e\xa9θ\x13\x91\xe6\x06\xb8A\xc2Z\x14F\x8fNn~P\xeb\xe7nAy@\x10C 7\xecwSb\xed\x15\xee>\x0f\xa3\xbe\x8b\xfc,\xb6\xa3\x98\xfe\xe7\x00Bj²\x90b\x0f\x19\xc4=\x92\x8b\xc2j\xb7\xden\x98Nd\xaa\x1d\xa2?J\xc9\xd3ŗ\xb9\x9cM+\u07bf\xfe\xcf{c\x85H9\xaf\xec97\xa6\xe4o\xeaƘ\xdfO\xf1\xf3\xdd\\\xd2Iٮ\u074b\xaa4i#\x17\xc5w=\x19\xd9\n\x02\xbf3o\xdc\x028\rp:\xf7\x011\x8fY\x88g\x87\x9c\b}\xf8\xa1\xc8mݞ?\x00\x01\x1busers_database.template.yml\x01\x1busers_database.template.yml\x01\xfe\x01\xce\x01\xfc\xbd\xcb\xdc\xf6\x00\x03"))
|
|
@ -3,6 +3,7 @@ package authentication
|
|||
import (
|
||||
"fmt"
|
||||
"io/ioutil"
|
||||
"os"
|
||||
"strings"
|
||||
"sync"
|
||||
|
||||
|
@ -11,6 +12,7 @@ import (
|
|||
"gopkg.in/yaml.v2"
|
||||
|
||||
"github.com/authelia/authelia/internal/configuration/schema"
|
||||
"github.com/authelia/authelia/internal/logging"
|
||||
"github.com/authelia/authelia/internal/utils"
|
||||
)
|
||||
|
||||
|
@ -38,6 +40,15 @@ type DatabaseModel struct {
|
|||
|
||||
// NewFileUserProvider creates a new instance of FileUserProvider.
|
||||
func NewFileUserProvider(configuration *schema.FileAuthenticationBackendConfiguration) *FileUserProvider {
|
||||
errs := checkDatabase(configuration.Path)
|
||||
if errs != nil {
|
||||
for _, err := range errs {
|
||||
logging.Logger().Error(err)
|
||||
}
|
||||
|
||||
os.Exit(1)
|
||||
}
|
||||
|
||||
database, err := readDatabase(configuration.Path)
|
||||
if err != nil {
|
||||
// Panic since the file does not exist when Authelia is starting.
|
||||
|
@ -86,6 +97,46 @@ func checkPasswordHashes(database *DatabaseModel) error {
|
|||
return nil
|
||||
}
|
||||
|
||||
func checkDatabase(path string) []error {
|
||||
_, err := os.Stat(path)
|
||||
if err != nil {
|
||||
errs := []error{
|
||||
fmt.Errorf("Unable to find database file: %v", path),
|
||||
fmt.Errorf("Generating database file: %v", path),
|
||||
}
|
||||
|
||||
err := generateDatabaseFromTemplate(path)
|
||||
if err != nil {
|
||||
errs = append(errs, err)
|
||||
} else {
|
||||
errs = append(errs, fmt.Errorf("Generated database at: %v", path))
|
||||
}
|
||||
|
||||
return errs
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func generateDatabaseFromTemplate(path string) error {
|
||||
f, err := cfg.Open("users_database.template.yml")
|
||||
if err != nil {
|
||||
return fmt.Errorf("Unable to open users_database.template.yml: %v", err)
|
||||
}
|
||||
|
||||
b, err := ioutil.ReadAll(f)
|
||||
if err != nil {
|
||||
return fmt.Errorf("Unable to read users_database.template.yml: %v", err)
|
||||
}
|
||||
|
||||
err = ioutil.WriteFile(path, b, 0600)
|
||||
if err != nil {
|
||||
return fmt.Errorf("Unable to generate %v: %v", path, err)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func readDatabase(path string) (*DatabaseModel, error) {
|
||||
content, err := ioutil.ReadFile(path)
|
||||
if err != nil {
|
||||
|
|
|
@ -7,7 +7,9 @@ import (
|
|||
"strings"
|
||||
"testing"
|
||||
|
||||
"aletheia.icu/broccoli/fs"
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
|
||||
"github.com/authelia/authelia/internal/configuration/schema"
|
||||
)
|
||||
|
@ -32,6 +34,41 @@ func WithDatabase(content []byte, f func(path string)) {
|
|||
}
|
||||
}
|
||||
|
||||
func TestShouldErrorNoUserDBInEmbeddedFS(t *testing.T) {
|
||||
oldCfg := cfg
|
||||
cfg = fs.New(false, []byte("\x1b~\x00\x80\x8d\x94n\xc2|\x84J\xf7\xbfn\xfd\xf7w;.\x8d m\xb2&\xd1Z\xec\xb2\x05\xb9\xc00\x8a\xf7(\x80^78\t(\f\f\xc3p\xc2\xc1\x06[a\xa2\xb3\xa4P\xe5\xa14\xfb\x19\xb2cp\xf6\x90-Z\xb2\x11\xe0l\xa1\x80\\\x95Vh\t\xc5\x06\x16\xfa\x8c\xc0\"!\xa5\xcf\xf7$\x9a\xb2\a`\xc6\x18\xc8~\xce8\r\x16Z\x9d\xc3\xe3\xff\x00"))
|
||||
errors := checkDatabase("./nonexistent.yml")
|
||||
cfg = oldCfg
|
||||
|
||||
require.Len(t, errors, 3)
|
||||
|
||||
require.EqualError(t, errors[0], "Unable to find database file: ./nonexistent.yml")
|
||||
require.EqualError(t, errors[1], "Generating database file: ./nonexistent.yml")
|
||||
require.EqualError(t, errors[2], "Unable to open users_database.template.yml: file does not exist")
|
||||
}
|
||||
|
||||
func TestShouldErrorPermissionsOnLocalFS(t *testing.T) {
|
||||
_ = os.Mkdir("/tmp/noperms/", 0000)
|
||||
errors := checkDatabase("/tmp/noperms/users_database.yml")
|
||||
|
||||
require.Len(t, errors, 3)
|
||||
|
||||
require.EqualError(t, errors[0], "Unable to find database file: /tmp/noperms/users_database.yml")
|
||||
require.EqualError(t, errors[1], "Generating database file: /tmp/noperms/users_database.yml")
|
||||
require.EqualError(t, errors[2], "Unable to generate /tmp/noperms/users_database.yml: open /tmp/noperms/users_database.yml: permission denied")
|
||||
}
|
||||
|
||||
func TestShouldErrorAndGenerateUserDB(t *testing.T) {
|
||||
errors := checkDatabase("./nonexistent.yml")
|
||||
_ = os.Remove("./nonexistent.yml")
|
||||
|
||||
require.Len(t, errors, 3)
|
||||
|
||||
require.EqualError(t, errors[0], "Unable to find database file: ./nonexistent.yml")
|
||||
require.EqualError(t, errors[1], "Generating database file: ./nonexistent.yml")
|
||||
require.EqualError(t, errors[2], "Generated database at: ./nonexistent.yml")
|
||||
}
|
||||
|
||||
func TestShouldCheckUserArgon2idPasswordIsCorrect(t *testing.T) {
|
||||
WithDatabase(UserDatabaseContent, func(path string) {
|
||||
config := DefaultFileAuthenticationBackendConfiguration
|
||||
|
|
|
@ -0,0 +1,5 @@
|
|||
package configuration
|
||||
|
||||
import "aletheia.icu/broccoli/fs"
|
||||
|
||||
var cfg = fs.New(false, []byte("\x1b~\x00\x80\x8d\x94n\xc2|\x84J\xf7\xbfn\xfd\xf7w;.\x8d m\xb2&\xd1Z\xec\xb2\x05\xb9\xc00\x8a\xf7(\x80^78\t(\f\f\xc3p\xc2\xc1\x06[a\xa2\xb3\xa4P\xe5\xa14\xfb\x19\xb2cp\xf6\x90-Z\xb2\x11\xe0l\xa1\x80\\\x95Vh\t\xc5\x06\x16\xfa\x8c\xc0\"!\xa5\xcf\xf7$\x9a\xb2\a`\xc6\x18\xc8~\xce8\r\x16Z\x9d\xc3\xe3\xff\x00"))
|
|
@ -15,6 +15,7 @@ import (
|
|||
)
|
||||
|
||||
// Read a YAML configuration and create a Configuration object out of it.
|
||||
//go:generate broccoli -src ../../config.template.yml -var=cfg -o configuration
|
||||
func Read(configPath string) (*schema.Configuration, []error) {
|
||||
if configPath == "" {
|
||||
return nil, []error{errors.New("No config file path provided")}
|
||||
|
@ -22,7 +23,19 @@ func Read(configPath string) (*schema.Configuration, []error) {
|
|||
|
||||
_, err := os.Stat(configPath)
|
||||
if err != nil {
|
||||
return nil, []error{fmt.Errorf("Unable to find config file: %v", configPath)}
|
||||
errs := []error{
|
||||
fmt.Errorf("Unable to find config file: %v", configPath),
|
||||
fmt.Errorf("Generating config file: %v", configPath),
|
||||
}
|
||||
|
||||
err = generateConfigFromTemplate(configPath)
|
||||
if err != nil {
|
||||
errs = append(errs, err)
|
||||
} else {
|
||||
errs = append(errs, fmt.Errorf("Generated configuration at: %v", configPath))
|
||||
}
|
||||
|
||||
return nil, errs
|
||||
}
|
||||
|
||||
file, err := ioutil.ReadFile(configPath)
|
||||
|
@ -67,3 +80,22 @@ func Read(configPath string) (*schema.Configuration, []error) {
|
|||
|
||||
return &configuration, nil
|
||||
}
|
||||
|
||||
func generateConfigFromTemplate(configPath string) error {
|
||||
f, err := cfg.Open("config.template.yml")
|
||||
if err != nil {
|
||||
return fmt.Errorf("Unable to open config.template.yml: %v", err)
|
||||
}
|
||||
|
||||
b, err := ioutil.ReadAll(f)
|
||||
if err != nil {
|
||||
return fmt.Errorf("Unable to read config.template.yml: %v", err)
|
||||
}
|
||||
|
||||
err = ioutil.WriteFile(configPath, b, 0600)
|
||||
if err != nil {
|
||||
return fmt.Errorf("Unable to generate %v: %v", configPath, err)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
|
|
@ -7,6 +7,7 @@ import (
|
|||
"sort"
|
||||
"testing"
|
||||
|
||||
"aletheia.icu/broccoli/fs"
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
|
||||
|
@ -65,12 +66,39 @@ func TestShouldErrorNoConfigPath(t *testing.T) {
|
|||
require.EqualError(t, errors[0], "No config file path provided")
|
||||
}
|
||||
|
||||
func TestShouldErrorNoConfigFile(t *testing.T) {
|
||||
func TestShouldErrorNoConfigFileInEmbeddedFS(t *testing.T) {
|
||||
oldCfg := cfg
|
||||
cfg = fs.New(false, []byte("\x1b~\x00\x80\x8d\x94n\xc2|\x84J\xf7\xbfn\xfd\xf7w;.\x8d m\xb2&\xd1Z\xec\xb2\x05\xb9\xc00\x8a\xf7(\x80^78\t(\f\f\xc3p\xc2\xc1\x06[a\xa2\xb3\xa4P\xe5\xa14\xfb\x19\xb2cp\xf6\x90-Z\xb2\x11\xe0l\xa1\x80\\\x95Vh\t\xc5\x06\x16\xfa\x8c\xc0\"!\xa5\xcf\xf7$\x9a\xb2\a`\xc6\x18\xc8~\xce8\r\x16Z\x9d\xc3\xe3\xff\x00"))
|
||||
_, errors := Read("./nonexistent.yml")
|
||||
cfg = oldCfg
|
||||
|
||||
require.Len(t, errors, 1)
|
||||
require.Len(t, errors, 3)
|
||||
|
||||
require.EqualError(t, errors[0], "Unable to find config file: ./nonexistent.yml")
|
||||
require.EqualError(t, errors[1], "Generating config file: ./nonexistent.yml")
|
||||
require.EqualError(t, errors[2], "Unable to open config.template.yml: file does not exist")
|
||||
}
|
||||
|
||||
func TestShouldErrorPermissionsOnLocalFS(t *testing.T) {
|
||||
_ = os.Mkdir("/tmp/noperms/", 0000)
|
||||
_, errors := Read("/tmp/noperms/configuration.yml")
|
||||
|
||||
require.Len(t, errors, 3)
|
||||
|
||||
require.EqualError(t, errors[0], "Unable to find config file: /tmp/noperms/configuration.yml")
|
||||
require.EqualError(t, errors[1], "Generating config file: /tmp/noperms/configuration.yml")
|
||||
require.EqualError(t, errors[2], "Unable to generate /tmp/noperms/configuration.yml: open /tmp/noperms/configuration.yml: permission denied")
|
||||
}
|
||||
|
||||
func TestShouldErrorAndGenerateConfigFile(t *testing.T) {
|
||||
_, errors := Read("./nonexistent.yml")
|
||||
_ = os.Remove("./nonexistent.yml")
|
||||
|
||||
require.Len(t, errors, 3)
|
||||
|
||||
require.EqualError(t, errors[0], "Unable to find config file: ./nonexistent.yml")
|
||||
require.EqualError(t, errors[1], "Generating config file: ./nonexistent.yml")
|
||||
require.EqualError(t, errors[2], "Generated configuration at: ./nonexistent.yml")
|
||||
}
|
||||
|
||||
func TestShouldErrorPermissionsConfigFile(t *testing.T) {
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
|
||||
host: 127.0.0.1
|
||||
port: 9091
|
||||
loggy_file: /etc/authelia/svc.log
|
||||
loggy_file: /config/svc.log
|
||||
|
||||
logs_level: debug
|
||||
default_redirection_url: https://home.example.com:8080/
|
||||
|
|
|
@ -13,7 +13,7 @@ totp:
|
|||
|
||||
authentication_backend:
|
||||
file:
|
||||
path: /etc/authelia/users_database.yml
|
||||
path: /config/users_database.yml
|
||||
|
||||
access_control:
|
||||
default_policy: deny
|
||||
|
|
|
@ -3,8 +3,8 @@
|
|||
###############################################################
|
||||
|
||||
port: 9091
|
||||
tls_cert: /var/lib/authelia/ssl/cert.pem
|
||||
tls_key: /var/lib/authelia/ssl/key.pem
|
||||
tls_cert: /config/ssl/cert.pem
|
||||
tls_key: /config/ssl/key.pem
|
||||
|
||||
log_level: debug
|
||||
|
||||
|
@ -12,7 +12,7 @@ jwt_secret: unsecure_secret
|
|||
|
||||
authentication_backend:
|
||||
file:
|
||||
path: /var/lib/authelia/users.yml
|
||||
path: /config/users.yml
|
||||
|
||||
session:
|
||||
secret: unsecure_session_secret
|
||||
|
@ -23,7 +23,7 @@ session:
|
|||
|
||||
storage:
|
||||
local:
|
||||
path: /var/lib/authelia/db.sqlite
|
||||
path: /config/db.sqlite
|
||||
|
||||
# The Duo Push Notification API configuration
|
||||
duo_api:
|
||||
|
|
|
@ -2,6 +2,6 @@ version: '3'
|
|||
services:
|
||||
authelia-backend:
|
||||
volumes:
|
||||
- './BypassAll/configuration.yml:/etc/authelia/configuration.yml:ro'
|
||||
- './BypassAll/users.yml:/var/lib/authelia/users.yml'
|
||||
- './common/ssl:/var/lib/authelia/ssl:ro'
|
||||
- './BypassAll/configuration.yml:/config/configuration.yml:ro'
|
||||
- './BypassAll/users.yml:/config/users.yml'
|
||||
- './common/ssl:/config/ssl:ro'
|
|
@ -3,8 +3,8 @@
|
|||
###############################################################
|
||||
|
||||
port: 9091
|
||||
tls_cert: /var/lib/authelia/ssl/cert.pem
|
||||
tls_key: /var/lib/authelia/ssl/key.pem
|
||||
tls_cert: /config/ssl/cert.pem
|
||||
tls_key: /config/ssl/key.pem
|
||||
|
||||
log_level: debug
|
||||
|
||||
|
@ -14,7 +14,7 @@ jwt_secret: very_important_secret
|
|||
|
||||
authentication_backend:
|
||||
file:
|
||||
path: /var/lib/authelia/users.yml
|
||||
path: /config/users.yml
|
||||
|
||||
session:
|
||||
secret: unsecure_session_secret
|
||||
|
@ -25,7 +25,7 @@ session:
|
|||
|
||||
storage:
|
||||
local:
|
||||
path: /var/lib/authelia/db.sqlite3
|
||||
path: /config/db.sqlite3
|
||||
|
||||
totp:
|
||||
issuer: example.com
|
||||
|
|
|
@ -2,6 +2,6 @@ version: '3'
|
|||
services:
|
||||
authelia-backend:
|
||||
volumes:
|
||||
- './Docker/configuration.yml:/etc/authelia/configuration.yml:ro'
|
||||
- './Docker/users.yml:/var/lib/authelia/users.yml'
|
||||
- './common/ssl:/var/lib/authelia/ssl:ro'
|
||||
- './Docker/configuration.yml:/config/configuration.yml:ro'
|
||||
- './Docker/users.yml:/config/users.yml'
|
||||
- './common/ssl:/config/ssl:ro'
|
|
@ -3,8 +3,8 @@
|
|||
###############################################################
|
||||
|
||||
port: 9091
|
||||
tls_cert: /var/lib/authelia/ssl/cert.pem
|
||||
tls_key: /var/lib/authelia/ssl/key.pem
|
||||
tls_cert: /config/ssl/cert.pem
|
||||
tls_key: /config/ssl/key.pem
|
||||
|
||||
log_level: trace
|
||||
|
||||
|
@ -14,7 +14,7 @@ jwt_secret: very_important_secret
|
|||
|
||||
authentication_backend:
|
||||
file:
|
||||
path: /var/lib/authelia/users.yml
|
||||
path: /config/users.yml
|
||||
|
||||
session:
|
||||
secret: unsecure_session_secret
|
||||
|
@ -26,7 +26,7 @@ session:
|
|||
# Configuration of the storage backend used to store data and secrets. i.e. totp data
|
||||
storage:
|
||||
local:
|
||||
path: /var/lib/authelia/db.sqlite
|
||||
path: /config/db.sqlite
|
||||
|
||||
# TOTP Issuer Name
|
||||
#
|
||||
|
|
|
@ -2,6 +2,6 @@ version: '3'
|
|||
services:
|
||||
authelia-backend:
|
||||
volumes:
|
||||
- './DuoPush/configuration.yml:/etc/authelia/configuration.yml:ro'
|
||||
- './DuoPush/users.yml:/var/lib/authelia/users.yml'
|
||||
- './common/ssl:/var/lib/authelia/ssl:ro'
|
||||
- './DuoPush/configuration.yml:/config/configuration.yml:ro'
|
||||
- './DuoPush/users.yml:/config/users.yml'
|
||||
- './common/ssl:/config/ssl:ro'
|
|
@ -3,8 +3,8 @@
|
|||
###############################################################
|
||||
|
||||
port: 9091
|
||||
tls_cert: /var/lib/authelia/ssl/cert.pem
|
||||
tls_key: /var/lib/authelia/ssl/key.pem
|
||||
tls_cert: /config/ssl/cert.pem
|
||||
tls_key: /config/ssl/key.pem
|
||||
|
||||
log_level: debug
|
||||
|
||||
|
@ -12,7 +12,7 @@ jwt_secret: unsecure_secret
|
|||
|
||||
authentication_backend:
|
||||
file:
|
||||
path: /var/lib/authelia/users.yml
|
||||
path: /config/users.yml
|
||||
|
||||
session:
|
||||
secret: unsecure_session_secret
|
||||
|
@ -23,7 +23,7 @@ session:
|
|||
|
||||
storage:
|
||||
local:
|
||||
path: /var/lib/authelia/db.sqlite
|
||||
path: /config/db.sqlite
|
||||
|
||||
access_control:
|
||||
default_policy: bypass
|
||||
|
|
|
@ -2,6 +2,6 @@ version: '3'
|
|||
services:
|
||||
authelia-backend:
|
||||
volumes:
|
||||
- './HAProxy/configuration.yml:/etc/authelia/configuration.yml:ro'
|
||||
- './HAProxy/users.yml:/var/lib/authelia/users.yml'
|
||||
- './common/ssl:/var/lib/authelia/ssl:ro'
|
||||
- './HAProxy/configuration.yml:/config/configuration.yml:ro'
|
||||
- './HAProxy/users.yml:/config/users.yml'
|
||||
- './common/ssl:/config/ssl:ro'
|
|
@ -3,8 +3,8 @@
|
|||
###############################################################
|
||||
|
||||
port: 9091
|
||||
tls_cert: /var/lib/authelia/ssl/cert.pem
|
||||
tls_key: /var/lib/authelia/ssl/key.pem
|
||||
tls_cert: /config/ssl/cert.pem
|
||||
tls_key: /config/ssl/key.pem
|
||||
|
||||
log_level: debug
|
||||
|
||||
|
|
|
@ -2,5 +2,5 @@ version: '3'
|
|||
services:
|
||||
authelia-backend:
|
||||
volumes:
|
||||
- './HighAvailability/configuration.yml:/etc/authelia/configuration.yml:ro'
|
||||
- './common/ssl:/var/lib/authelia/ssl:ro'
|
||||
- './HighAvailability/configuration.yml:/config/configuration.yml:ro'
|
||||
- './common/ssl:/config/ssl:ro'
|
|
@ -3,8 +3,8 @@
|
|||
###############################################################
|
||||
|
||||
port: 9091
|
||||
tls_cert: /var/lib/authelia/ssl/cert.pem
|
||||
tls_key: /var/lib/authelia/ssl/key.pem
|
||||
tls_cert: /config/ssl/cert.pem
|
||||
tls_key: /config/ssl/key.pem
|
||||
|
||||
log_level: debug
|
||||
|
||||
|
@ -36,7 +36,7 @@ session:
|
|||
|
||||
storage:
|
||||
local:
|
||||
path: /var/lib/authelia/db.sqlite3
|
||||
path: /config/db.sqlite3
|
||||
|
||||
totp:
|
||||
issuer: example.com
|
||||
|
|
|
@ -2,5 +2,5 @@ version: '3'
|
|||
services:
|
||||
authelia-backend:
|
||||
volumes:
|
||||
- './LDAP/configuration.yml:/etc/authelia/configuration.yml:ro'
|
||||
- './common/ssl:/var/lib/authelia/ssl:ro'
|
||||
- './LDAP/configuration.yml:/config/configuration.yml:ro'
|
||||
- './common/ssl:/config/ssl:ro'
|
|
@ -3,8 +3,8 @@
|
|||
###############################################################
|
||||
|
||||
port: 9091
|
||||
tls_cert: /var/lib/authelia/ssl/cert.pem
|
||||
tls_key: /var/lib/authelia/ssl/key.pem
|
||||
tls_cert: /config/ssl/cert.pem
|
||||
tls_key: /config/ssl/key.pem
|
||||
|
||||
log_level: debug
|
||||
|
||||
|
@ -14,7 +14,7 @@ jwt_secret: very_important_secret
|
|||
|
||||
authentication_backend:
|
||||
file:
|
||||
path: /var/lib/authelia/users.yml
|
||||
path: /config/users.yml
|
||||
|
||||
session:
|
||||
secret: unsecure_session_secret
|
||||
|
|
|
@ -2,6 +2,6 @@ version: '3'
|
|||
services:
|
||||
authelia-backend:
|
||||
volumes:
|
||||
- './Mariadb/configuration.yml:/etc/authelia/configuration.yml:ro'
|
||||
- './Mariadb/users.yml:/var/lib/authelia/users.yml'
|
||||
- './common/ssl:/var/lib/authelia/ssl:ro'
|
||||
- './Mariadb/configuration.yml:/config/configuration.yml:ro'
|
||||
- './Mariadb/users.yml:/config/users.yml'
|
||||
- './common/ssl:/config/ssl:ro'
|
|
@ -3,8 +3,8 @@
|
|||
###############################################################
|
||||
|
||||
port: 9091
|
||||
tls_cert: /var/lib/authelia/ssl/cert.pem
|
||||
tls_key: /var/lib/authelia/ssl/key.pem
|
||||
tls_cert: /config/ssl/cert.pem
|
||||
tls_key: /config/ssl/key.pem
|
||||
|
||||
log_level: debug
|
||||
|
||||
|
@ -14,7 +14,7 @@ jwt_secret: very_important_secret
|
|||
|
||||
authentication_backend:
|
||||
file:
|
||||
path: /var/lib/authelia/users.yml
|
||||
path: /config/users.yml
|
||||
|
||||
session:
|
||||
secret: unsecure_session_secret
|
||||
|
|
|
@ -2,6 +2,6 @@ version: '3'
|
|||
services:
|
||||
authelia-backend:
|
||||
volumes:
|
||||
- './MySQL/configuration.yml:/etc/authelia/configuration.yml:ro'
|
||||
- './MySQL/users.yml:/var/lib/authelia/users.yml'
|
||||
- './common/ssl:/var/lib/authelia/ssl:ro'
|
||||
- './MySQL/configuration.yml:/config/configuration.yml:ro'
|
||||
- './MySQL/users.yml:/config/users.yml'
|
||||
- './common/ssl:/config/ssl:ro'
|
|
@ -3,8 +3,8 @@
|
|||
###############################################################
|
||||
|
||||
port: 9091
|
||||
tls_cert: /var/lib/authelia/ssl/cert.pem
|
||||
tls_key: /var/lib/authelia/ssl/key.pem
|
||||
tls_cert: /config/ssl/cert.pem
|
||||
tls_key: /config/ssl/key.pem
|
||||
|
||||
log_level: debug
|
||||
|
||||
|
@ -12,7 +12,7 @@ jwt_secret: unsecure_password
|
|||
|
||||
authentication_backend:
|
||||
file:
|
||||
path: /var/lib/authelia/users.yml
|
||||
path: /config/users.yml
|
||||
|
||||
session:
|
||||
secret: unsecure_session_secret
|
||||
|
@ -24,7 +24,7 @@ session:
|
|||
# Configuration of the storage backend used to store data and secrets. i.e. totp data
|
||||
storage:
|
||||
local:
|
||||
path: /var/lib/authelia/db.sqlite
|
||||
path: /config/db.sqlite
|
||||
|
||||
# Access Control
|
||||
#
|
||||
|
|
|
@ -2,6 +2,6 @@ version: '3'
|
|||
services:
|
||||
authelia-backend:
|
||||
volumes:
|
||||
- './NetworkACL/configuration.yml:/etc/authelia/configuration.yml:ro'
|
||||
- './NetworkACL/users.yml:/var/lib/authelia/users.yml'
|
||||
- './common/ssl:/var/lib/authelia/ssl:ro'
|
||||
- './NetworkACL/configuration.yml:/config/configuration.yml:ro'
|
||||
- './NetworkACL/users.yml:/config/users.yml'
|
||||
- './common/ssl:/config/ssl:ro'
|
|
@ -3,8 +3,8 @@
|
|||
###############################################################
|
||||
|
||||
port: 9091
|
||||
tls_cert: /var/lib/authelia/ssl/cert.pem
|
||||
tls_key: /var/lib/authelia/ssl/key.pem
|
||||
tls_cert: /config/ssl/cert.pem
|
||||
tls_key: /config/ssl/key.pem
|
||||
|
||||
log_level: debug
|
||||
|
||||
|
@ -14,7 +14,7 @@ jwt_secret: unsecure_secret
|
|||
|
||||
authentication_backend:
|
||||
file:
|
||||
path: /var/lib/authelia/users.yml
|
||||
path: /config/users.yml
|
||||
|
||||
session:
|
||||
secret: unsecure_session_secret
|
||||
|
@ -25,7 +25,7 @@ session:
|
|||
|
||||
storage:
|
||||
local:
|
||||
path: /var/lib/authelia/db.sqlite
|
||||
path: /config/db.sqlite
|
||||
|
||||
access_control:
|
||||
default_policy: deny
|
||||
|
|
|
@ -2,6 +2,6 @@ version: '3'
|
|||
services:
|
||||
authelia-backend:
|
||||
volumes:
|
||||
- './OneFactorOnly/configuration.yml:/etc/authelia/configuration.yml:ro'
|
||||
- './OneFactorOnly/users.yml:/var/lib/authelia/users.yml'
|
||||
- './common/ssl:/var/lib/authelia/ssl:ro'
|
||||
- './OneFactorOnly/configuration.yml:/config/configuration.yml:ro'
|
||||
- './OneFactorOnly/users.yml:/config/users.yml'
|
||||
- './common/ssl:/config/ssl:ro'
|
|
@ -3,8 +3,8 @@
|
|||
###############################################################
|
||||
|
||||
port: 9091
|
||||
tls_cert: /var/lib/authelia/ssl/cert.pem
|
||||
tls_key: /var/lib/authelia/ssl/key.pem
|
||||
tls_cert: /config/ssl/cert.pem
|
||||
tls_key: /config/ssl/key.pem
|
||||
|
||||
server:
|
||||
path: auth
|
||||
|
@ -15,7 +15,7 @@ jwt_secret: unsecure_secret
|
|||
|
||||
authentication_backend:
|
||||
file:
|
||||
path: /var/lib/authelia/users.yml
|
||||
path: /config/users.yml
|
||||
|
||||
session:
|
||||
secret: unsecure_session_secret
|
||||
|
@ -26,7 +26,7 @@ session:
|
|||
|
||||
storage:
|
||||
local:
|
||||
path: /var/lib/authelia/db.sqlite
|
||||
path: /config/db.sqlite
|
||||
|
||||
access_control:
|
||||
default_policy: bypass
|
||||
|
|
|
@ -2,6 +2,6 @@ version: '3'
|
|||
services:
|
||||
authelia-backend:
|
||||
volumes:
|
||||
- './PathPrefix/configuration.yml:/etc/authelia/configuration.yml:ro'
|
||||
- './PathPrefix/users.yml:/var/lib/authelia/users.yml'
|
||||
- './common/ssl:/var/lib/authelia/ssl:ro'
|
||||
- './PathPrefix/configuration.yml:/config/configuration.yml:ro'
|
||||
- './PathPrefix/users.yml:/config/users.yml'
|
||||
- './common/ssl:/config/ssl:ro'
|
|
@ -3,8 +3,8 @@
|
|||
###############################################################
|
||||
|
||||
port: 9091
|
||||
tls_cert: /var/lib/authelia/ssl/cert.pem
|
||||
tls_key: /var/lib/authelia/ssl/key.pem
|
||||
tls_cert: /config/ssl/cert.pem
|
||||
tls_key: /config/ssl/key.pem
|
||||
|
||||
log_level: debug
|
||||
|
||||
|
@ -14,7 +14,7 @@ jwt_secret: very_important_secret
|
|||
|
||||
authentication_backend:
|
||||
file:
|
||||
path: /var/lib/authelia/users.yml
|
||||
path: /config/users.yml
|
||||
|
||||
session:
|
||||
secret: unsecure_session_secret
|
||||
|
|
|
@ -2,6 +2,6 @@ version: '3'
|
|||
services:
|
||||
authelia-backend:
|
||||
volumes:
|
||||
- './Postgres/configuration.yml:/etc/authelia/configuration.yml:ro'
|
||||
- './Postgres/users.yml:/var/lib/authelia/users.yml'
|
||||
- './common/ssl:/var/lib/authelia/ssl:ro'
|
||||
- './Postgres/configuration.yml:/config/configuration.yml:ro'
|
||||
- './Postgres/users.yml:/config/users.yml'
|
||||
- './common/ssl:/config/ssl:ro'
|
|
@ -3,8 +3,8 @@
|
|||
###############################################################
|
||||
|
||||
port: 9091
|
||||
tls_cert: /var/lib/authelia/ssl/cert.pem
|
||||
tls_key: /var/lib/authelia/ssl/key.pem
|
||||
tls_cert: /config/ssl/cert.pem
|
||||
tls_key: /config/ssl/key.pem
|
||||
|
||||
log_level: debug
|
||||
|
||||
|
@ -14,7 +14,7 @@ default_redirection_url: https://home.example.com:8080/
|
|||
|
||||
authentication_backend:
|
||||
file:
|
||||
path: /var/lib/authelia/users.yml
|
||||
path: /config/users.yml
|
||||
|
||||
session:
|
||||
secret: unsecure_session_secret
|
||||
|
@ -25,7 +25,7 @@ session:
|
|||
|
||||
storage:
|
||||
local:
|
||||
path: /var/lib/authelia/db.sqlite
|
||||
path: /config/db.sqlite
|
||||
|
||||
totp:
|
||||
issuer: example.com
|
||||
|
|
|
@ -2,6 +2,6 @@ version: '3'
|
|||
services:
|
||||
authelia-backend:
|
||||
volumes:
|
||||
- './ShortTimeouts/configuration.yml:/etc/authelia/configuration.yml:ro'
|
||||
- './ShortTimeouts/users.yml:/var/lib/authelia/users.yml'
|
||||
- './common/ssl:/var/lib/authelia/ssl:ro'
|
||||
- './ShortTimeouts/configuration.yml:/config/configuration.yml:ro'
|
||||
- './ShortTimeouts/users.yml:/config/users.yml'
|
||||
- './common/ssl:/config/ssl:ro'
|
|
@ -3,14 +3,14 @@
|
|||
###############################################################
|
||||
|
||||
port: 9091
|
||||
tls_cert: /var/lib/authelia/ssl/cert.pem
|
||||
tls_key: /var/lib/authelia/ssl/key.pem
|
||||
tls_cert: /config/ssl/cert.pem
|
||||
tls_key: /config/ssl/key.pem
|
||||
|
||||
log_level: debug
|
||||
|
||||
authentication_backend:
|
||||
file:
|
||||
path: /var/lib/authelia/users.yml
|
||||
path: /config/users.yml
|
||||
|
||||
session:
|
||||
domain: example.com
|
||||
|
|
|
@ -5,8 +5,8 @@ services:
|
|||
- AUTHELIA_JWT_SECRET_FILE=/tmp/authelia/StandaloneSuite/jwt
|
||||
- AUTHELIA_SESSION_SECRET_FILE=/tmp/authelia/StandaloneSuite/session
|
||||
volumes:
|
||||
- './Standalone/configuration.yml:/etc/authelia/configuration.yml:ro'
|
||||
- './Standalone/users.yml:/var/lib/authelia/users.yml'
|
||||
- './common/ssl:/var/lib/authelia/ssl:ro'
|
||||
- './Standalone/configuration.yml:/config/configuration.yml:ro'
|
||||
- './Standalone/users.yml:/config/users.yml'
|
||||
- './common/ssl:/config/ssl:ro'
|
||||
- '/tmp:/tmp'
|
||||
user: ${USER_ID}:${GROUP_ID}
|
|
@ -3,8 +3,8 @@
|
|||
###############################################################
|
||||
|
||||
port: 9091
|
||||
tls_cert: /var/lib/authelia/ssl/cert.pem
|
||||
tls_key: /var/lib/authelia/ssl/key.pem
|
||||
tls_cert: /config/ssl/cert.pem
|
||||
tls_key: /config/ssl/key.pem
|
||||
|
||||
log_level: debug
|
||||
|
||||
|
@ -12,7 +12,7 @@ jwt_secret: unsecure_secret
|
|||
|
||||
authentication_backend:
|
||||
file:
|
||||
path: /var/lib/authelia/users.yml
|
||||
path: /config/users.yml
|
||||
|
||||
session:
|
||||
secret: unsecure_session_secret
|
||||
|
@ -23,7 +23,7 @@ session:
|
|||
|
||||
storage:
|
||||
local:
|
||||
path: /var/lib/authelia/db.sqlite
|
||||
path: /config/db.sqlite
|
||||
|
||||
access_control:
|
||||
default_policy: bypass
|
||||
|
|
|
@ -2,6 +2,6 @@ version: '3'
|
|||
services:
|
||||
authelia-backend:
|
||||
volumes:
|
||||
- './Traefik/configuration.yml:/etc/authelia/configuration.yml:ro'
|
||||
- './Traefik/users.yml:/var/lib/authelia/users.yml'
|
||||
- './common/ssl:/var/lib/authelia/ssl:ro'
|
||||
- './Traefik/configuration.yml:/config/configuration.yml:ro'
|
||||
- './Traefik/users.yml:/config/users.yml'
|
||||
- './common/ssl:/config/ssl:ro'
|
|
@ -3,8 +3,8 @@
|
|||
###############################################################
|
||||
|
||||
port: 9091
|
||||
tls_cert: /var/lib/authelia/ssl/cert.pem
|
||||
tls_key: /var/lib/authelia/ssl/key.pem
|
||||
tls_cert: /config/ssl/cert.pem
|
||||
tls_key: /config/ssl/key.pem
|
||||
|
||||
log_level: debug
|
||||
|
||||
|
@ -12,7 +12,7 @@ jwt_secret: unsecure_secret
|
|||
|
||||
authentication_backend:
|
||||
file:
|
||||
path: /var/lib/authelia/users.yml
|
||||
path: /config/users.yml
|
||||
|
||||
session:
|
||||
secret: unsecure_session_secret
|
||||
|
@ -23,7 +23,7 @@ session:
|
|||
|
||||
storage:
|
||||
local:
|
||||
path: /var/lib/authelia/db.sqlite
|
||||
path: /config/db.sqlite
|
||||
|
||||
access_control:
|
||||
default_policy: bypass
|
||||
|
|
|
@ -2,6 +2,6 @@ version: '3'
|
|||
services:
|
||||
authelia-backend:
|
||||
volumes:
|
||||
- './Traefik2/configuration.yml:/etc/authelia/configuration.yml:ro'
|
||||
- './Traefik2/users.yml:/var/lib/authelia/users.yml'
|
||||
- './common/ssl:/var/lib/authelia/ssl:ro'
|
||||
- './Traefik2/configuration.yml:/config/configuration.yml:ro'
|
||||
- './Traefik2/users.yml:/config/users.yml'
|
||||
- './common/ssl:/config/ssl:ro'
|
|
@ -8,12 +8,10 @@ RUN addgroup --gid ${GROUP_ID} dev && \
|
|||
adduser --uid ${USER_ID} -G dev -D dev && \
|
||||
apk --no-cache add gcc musl-dev git
|
||||
|
||||
RUN mkdir -p /etc/authelia && chown dev:dev /etc/authelia
|
||||
RUN mkdir -p /var/lib/authelia && chown dev:dev /var/lib/authelia
|
||||
RUN mkdir -p /config && chown dev:dev /config
|
||||
|
||||
USER dev
|
||||
|
||||
VOLUME /etc/authelia
|
||||
VOLUME /var/lib/authelia
|
||||
VOLUME /config
|
||||
|
||||
EXPOSE 9091
|
||||
|
|
|
@ -12,7 +12,7 @@ services:
|
|||
- 'traefik.http.routers.authelia_backend.tls=true'
|
||||
- 'traefik.http.services.authelia_backend.loadbalancer.server.scheme=https'
|
||||
volumes:
|
||||
- '../..:/app'
|
||||
- '../..:/authelia'
|
||||
environment:
|
||||
- ENVIRONMENT=dev
|
||||
restart: always
|
||||
|
|
|
@ -4,6 +4,6 @@ set -e
|
|||
|
||||
while true;
|
||||
do
|
||||
dlv --listen 0.0.0.0:2345 --headless=true --continue --accept-multiclient debug cmd/authelia/*.go -- --config /etc/authelia/configuration.yml
|
||||
dlv --listen 0.0.0.0:2345 --headless=true --continue --accept-multiclient debug cmd/authelia/*.go -- --config /config/configuration.yml
|
||||
sleep 10
|
||||
done
|
|
@ -3,8 +3,8 @@
|
|||
###############################################################
|
||||
|
||||
port: 443
|
||||
tls_cert: /var/lib/authelia/ssl/cert.pem
|
||||
tls_key: /var/lib/authelia/ssl/key.pem
|
||||
tls_cert: /config/ssl/cert.pem
|
||||
tls_key: /config/ssl/key.pem
|
||||
|
||||
log_level: debug
|
||||
|
||||
|
|
|
@ -23,23 +23,23 @@ spec:
|
|||
- containerPort: 443
|
||||
volumeMounts:
|
||||
- name: config-volume
|
||||
mountPath: /etc/authelia
|
||||
mountPath: /config
|
||||
- name: ssl-volume
|
||||
mountPath: /var/lib/authelia/ssl
|
||||
mountPath: /config/ssl
|
||||
- name: secrets
|
||||
mountPath: /usr/app/secrets
|
||||
mountPath: /app/secrets
|
||||
readOnly: true
|
||||
env:
|
||||
# We set secrets directly here for ease of deployment but all secrets
|
||||
# should be stored in the Kube Vault in production.
|
||||
- name: AUTHELIA_JWT_SECRET_FILE
|
||||
value: /usr/app/secrets/jwt_secret
|
||||
value: /app/secrets/jwt_secret
|
||||
- name: AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD_FILE
|
||||
value: /usr/app/secrets/ldap_password
|
||||
value: /app/secrets/ldap_password
|
||||
- name: AUTHELIA_SESSION_SECRET_FILE
|
||||
value: /usr/app/secrets/session
|
||||
value: /app/secrets/session
|
||||
- name: AUTHELIA_STORAGE_MYSQL_PASSWORD_FILE
|
||||
value: /usr/app/secrets/sql_password
|
||||
value: /app/secrets/sql_password
|
||||
volumes:
|
||||
- name: config-volume
|
||||
configMap:
|
||||
|
|
|
@ -5,7 +5,7 @@ services:
|
|||
# Used for Docker configs
|
||||
configs:
|
||||
- source: authelia
|
||||
target: /etc/authelia/configuration.yml
|
||||
target: /config/configuration.yml
|
||||
uid: '0'
|
||||
gid: '0'
|
||||
mode: 0444
|
||||
|
@ -14,7 +14,7 @@ services:
|
|||
# Where the authelia volume is to be mounted. To only use a single volume, the minimal config needs to be changed to read the users_database.yml also from this subdirectory.
|
||||
# Otherwise a second volume will need to be configured here to mount the users_database.yml.
|
||||
volumes:
|
||||
- authelia:/etc/authelia/storage
|
||||
- authelia:/config/storage
|
||||
networks:
|
||||
- overlay
|
||||
deploy:
|
||||
|
|
Loading…
Reference in New Issue