RPJosh
/
authelia
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[FEATURE] Docker simplification and configuration generation (#1113) 

* [FEATURE] Docker simplification and configuration generation
The Authelia binary now will attempt to generate configuration based on the latest template assuming that the config location specified on startup does not exist. If a file based backend is selected and the backend cannot be found similarly it will generate a `user_database.yml` based a template.

This will allow more seamless bootstrapping of an environment no matter the deployment method.

We have also squashed the Docker volume requirement down to just `/config` thus removing the requirement for `/var/lib/authelia` this is primarily in attempts to simplify the Docker deployment.

Users with the old volume mappings have two options:
1. Change their mappings to conform to `/config`
2. Change the container entrypoint from `authelia --config /config/configuration.yml` to their old mapping

* Adjust paths relative to `/etc/authelia` and simplify to single volume for compose
* Add generation for file backend based user database
* Refactor Docker volumes and paths to /config
* Refactor Docker WORKDIR to /app
* Fix integration tests
* Update BREAKING.md for v4.20.0
* Run go mod tidy
* Fix log_file_path in miscellaneous.md docs
* Generate config and userdb with 0600 permissions
* Fix log_file_path in config.template.yml
pull/1117/head^2
Amir Zarrinkafsh 2020-06-17 16:25:35 +10:00 committed by GitHub
parent 53ea5a067a
commit ff7f9a50ab
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
70 changed files with 380 additions and 284 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.buildkite/hooks/pre-artifact
View File

@ -14,7 +14,7 @@ if [[ $BUILDKITE_LABEL =~ ":docker: Build Image" ]]; then
# Save binary for buildkite and github artifacts # Save binary for buildkite and github artifacts
if [[ "${ARCH}" != "coverage" ]]; then if [[ "${ARCH}" != "coverage" ]]; then
docker create --name authelia-binary ${DOCKER_IMAGE}:latest docker create --name authelia-binary ${DOCKER_IMAGE}:latest
docker cp authelia-binary:/usr/app/authelia ./authelia-"${OS}"-"${ARCH}" docker cp authelia-binary:/app/authelia ./authelia-"${OS}"-"${ARCH}"
docker rm -f authelia-binary docker rm -f authelia-binary
tar -czf authelia-"${OS}"-"${ARCH}".tar.gz authelia-"${OS}"-"${ARCH}" authelia.service config.template.yml tar -czf authelia-"${OS}"-"${ARCH}".tar.gz authelia-"${OS}"-"${ARCH}" authelia.service config.template.yml
sha256sum authelia-"${OS}"-"${ARCH}".tar.gz > authelia-"${OS}"-"${ARCH}".tar.gz.sha256 sha256sum authelia-"${OS}"-"${ARCH}".tar.gz > authelia-"${OS}"-"${ARCH}".tar.gz.sha256

14
BREAKING.md
View File

@ -6,6 +6,20 @@ recommended not to use the 'latest' Docker image tag blindly but pick a version
and read this documentation before upgrading. This is where you will get information about and read this documentation before upgrading. This is where you will get information about
breaking changes and about what you should do to overcome those changes. breaking changes and about what you should do to overcome those changes.
## Breaking in v4.20.0
* Authelia's Docker volumes have been refactored. All data should reside within a single volume of `/config`.
All examples have been updated to reflect this change. The entrypoint for the container changed from
`authelia --config /etc/authelia/configuration.yml` to `authelia --config /config/configuration.yml`.
Users migrating to v4.20.0 have two options:
1. Change your container mappings to point to `/config` also change any associated paths in your `configuration.yml` to
represent the new `/config` mappings.
2. Change your container entry point back to `authelia --config /etc/authelia/configuration.yml`
* **Docker Compose:** `command: authelia --config /etc/authelia/configuration.yml`
* **Docker Run:** `docker run -d -v /path/on/host:/etc/authelia authelia/authelia:latest authelia --config /etc/authelia/configuration.yml`
The team recommends option 1 to unify/simplify troubleshooting for support related issues.
## Breaking in v4.18.0 ## Breaking in v4.18.0
* Secrets stored directly in ENV are now removed from Authelia. They have been replaced with file * Secrets stored directly in ENV are now removed from Authelia. They have been replaced with file
secrets. If you still have not moved feel free to contact the team for assistance, otherwise the secrets. If you still have not moved feel free to contact the team for assistance, otherwise the

15
Dockerfile
View File

@ -22,7 +22,7 @@ RUN apk --no-cache add gcc musl-dev
WORKDIR /go/src/app WORKDIR /go/src/app
COPY go.mod go.sum ./ COPY go.mod go.sum config.template.yml ./
COPY --from=builder-frontend /node/src/app/build public_html COPY --from=builder-frontend /node/src/app/build public_html
RUN go mod download RUN go mod download
@ -32,7 +32,9 @@ COPY internal internal
# Prepare static files to be embedded in Go binary # Prepare static files to be embedded in Go binary
RUN go get -u aletheia.icu/broccoli && \ RUN go get -u aletheia.icu/broccoli && \
cd internal/server && \ cd internal/configuration && \
go generate . && \
cd ../server && \
go generate . go generate .
# Set the build version and time # Set the build version and time
@ -51,15 +53,14 @@ FROM alpine:3.12.0
RUN apk --no-cache add ca-certificates tzdata RUN apk --no-cache add ca-certificates tzdata
WORKDIR /usr/app WORKDIR /app
COPY --from=builder-backend /go/src/app/cmd/authelia/authelia ./ COPY --from=builder-backend /go/src/app/cmd/authelia/authelia ./
EXPOSE 9091 EXPOSE 9091
VOLUME /etc/authelia VOLUME /config
VOLUME /var/lib/authelia
ENV PATH="/usr/app:${PATH}" ENV PATH="/app:${PATH}"
CMD ["./authelia", "--config", "/etc/authelia/configuration.yml"] CMD ["authelia", "--config", "/config/configuration.yml"]

15
Dockerfile.arm32v7
View File

@ -25,7 +25,7 @@ RUN apk --no-cache add curl && \
WORKDIR /go/src/app WORKDIR /go/src/app
COPY go.mod go.sum ./ COPY go.mod go.sum config.template.yml ./
COPY --from=builder-frontend /node/src/app/build public_html COPY --from=builder-frontend /node/src/app/build public_html
RUN go mod download RUN go mod download
@ -35,7 +35,9 @@ COPY internal internal
# Prepare static files to be embedded in Go binary # Prepare static files to be embedded in Go binary
RUN go get -u aletheia.icu/broccoli && \ RUN go get -u aletheia.icu/broccoli && \
cd internal/server && \ cd internal/configuration && \
go generate . && \
cd ../server && \
go generate . go generate .
# Set the build version and time # Set the build version and time
@ -57,15 +59,14 @@ COPY ./qemu-arm-static /usr/bin/qemu-arm-static
RUN apk --no-cache add ca-certificates tzdata && \ RUN apk --no-cache add ca-certificates tzdata && \
rm /usr/bin/qemu-arm-static rm /usr/bin/qemu-arm-static
WORKDIR /usr/app WORKDIR /app
COPY --from=builder-backend /go/src/app/cmd/authelia/authelia ./ COPY --from=builder-backend /go/src/app/cmd/authelia/authelia ./
EXPOSE 9091 EXPOSE 9091
VOLUME /etc/authelia VOLUME /config
VOLUME /var/lib/authelia
ENV PATH="/usr/app:${PATH}" ENV PATH="/app:${PATH}"
CMD ["./authelia", "--config", "/etc/authelia/configuration.yml"] CMD ["authelia", "--config", "/config/configuration.yml"]

15
Dockerfile.arm64v8
View File

@ -25,7 +25,7 @@ RUN apk --no-cache add curl && \
WORKDIR /go/src/app WORKDIR /go/src/app
COPY go.mod go.sum ./ COPY go.mod go.sum config.template.yml ./
COPY --from=builder-frontend /node/src/app/build public_html COPY --from=builder-frontend /node/src/app/build public_html
RUN go mod download RUN go mod download
@ -35,7 +35,9 @@ COPY internal internal
# Prepare static files to be embedded in Go binary # Prepare static files to be embedded in Go binary
RUN go get -u aletheia.icu/broccoli && \ RUN go get -u aletheia.icu/broccoli && \
cd internal/server && \ cd internal/configuration && \
go generate . && \
cd ../server && \
go generate . go generate .
# Set the build version and time # Set the build version and time
@ -57,15 +59,14 @@ COPY ./qemu-aarch64-static /usr/bin/qemu-aarch64-static
RUN apk --no-cache add ca-certificates tzdata && \ RUN apk --no-cache add ca-certificates tzdata && \
rm /usr/bin/qemu-aarch64-static rm /usr/bin/qemu-aarch64-static
WORKDIR /usr/app WORKDIR /app
COPY --from=builder-backend /go/src/app/cmd/authelia/authelia ./ COPY --from=builder-backend /go/src/app/cmd/authelia/authelia ./
EXPOSE 9091 EXPOSE 9091
VOLUME /etc/authelia VOLUME /config
VOLUME /var/lib/authelia
ENV PATH="/usr/app:${PATH}" ENV PATH="/app:${PATH}"
CMD ["./authelia", "--config", "/etc/authelia/configuration.yml"] CMD ["authelia", "--config", "/config/configuration.yml"]

15
Dockerfile.coverage
View File

@ -22,7 +22,7 @@ RUN apk --no-cache add gcc musl-dev
WORKDIR /go/src/app WORKDIR /go/src/app
COPY go.mod go.sum ./ COPY go.mod go.sum config.template.yml ./
COPY --from=builder-frontend /node/src/app/build public_html COPY --from=builder-frontend /node/src/app/build public_html
RUN go mod download RUN go mod download
@ -32,7 +32,9 @@ COPY internal internal
# Prepare static files to be embedded in Go binary # Prepare static files to be embedded in Go binary
RUN go get -u aletheia.icu/broccoli && \ RUN go get -u aletheia.icu/broccoli && \
cd internal/server && \ cd internal/configuration && \
go generate . && \
cd ../server && \
go generate . go generate .
# Set the build version and time # Set the build version and time
@ -51,15 +53,14 @@ FROM alpine:3.12.0
RUN apk --no-cache add ca-certificates tzdata RUN apk --no-cache add ca-certificates tzdata
WORKDIR /usr/app WORKDIR /app
COPY --from=builder-backend /go/src/app/cmd/authelia/authelia ./ COPY --from=builder-backend /go/src/app/cmd/authelia/authelia ./
EXPOSE 9091 EXPOSE 9091
VOLUME /etc/authelia VOLUME /config
VOLUME /var/lib/authelia
ENV PATH="/usr/app:${PATH}" ENV PATH="/app:${PATH}"
CMD ["./authelia", "-test.coverprofile=/app/coverage.txt", "COVERAGE", "--config", "/etc/authelia/configuration.yml"] CMD ["authelia", "-test.coverprofile=/authelia/coverage.txt", "COVERAGE", "--config", "/config/configuration.yml"]

9
cmd/authelia-scripts/cmd_build.go
View File

@ -56,6 +56,15 @@ func generateEmbeddedAssets() {
panic(err) panic(err)
} }
cmd = utils.CommandWithStdout("go", "generate", ".")
cmd.Dir = "internal/configuration"
err = cmd.Run()
if err != nil {
panic(err)
}
cmd = utils.CommandWithStdout("go", "generate", ".") cmd = utils.CommandWithStdout("go", "generate", ".")
cmd.Dir = "internal/server" cmd.Dir = "internal/server"

4
compose/lite/configuration.yml → compose/lite/authelia/configuration.yml
View File

@ -19,7 +19,7 @@ totp:
authentication_backend: authentication_backend:
file: file:
path: /etc/authelia/users_database.yml path: /config/users_database.yml
access_control: access_control:
default_policy: deny default_policy: deny
@ -53,7 +53,7 @@ regulation:
storage: storage:
local: local:
path: /var/lib/authelia/db.sqlite3 path: /config/db.sqlite3
notifier: notifier:
smtp: smtp:

0
compose/lite/users_database.yml → compose/lite/authelia/users_database.yml
View File

4
compose/lite/docker-compose.yml
View File

@ -9,9 +9,7 @@ services:
image: authelia/authelia image: authelia/authelia
container_name: authelia container_name: authelia
volumes: volumes:
- ./authelia:/var/lib/authelia - ./authelia:/config
- ./configuration.yml:/etc/authelia/configuration.yml:ro
- ./users_database.yml:/etc/authelia/users_database.yml
networks: networks:
- net - net
labels: labels:

45
compose/local/configuration.yml
View File

@ -1,45 +0,0 @@
###############################################################
# Authelia configuration #
###############################################################
host: 0.0.0.0
port: 9091
log_level: debug
jwt_secret: a_very_important_secret
default_redirection_url: https://public.example.com
totp:
issuer: authelia.com
authentication_backend:
file:
path: /etc/authelia/users_database.yml
access_control:
default_policy: deny
rules:
- domain: public.example.com
policy: bypass
- domain: traefik.example.com
policy: one_factor
- domain: secure.example.com
policy: two_factor
session:
name: authelia_session
secret: unsecure_session_secret
expiration: 3600 # 1 hour
inactivity: 300 # 5 minutes
domain: example.com # Should match whatever your root protected domain is
regulation:
max_retries: 3
find_time: 120
ban_time: 300
storage:
local:
path: /var/lib/authelia/db.sqlite3
notifier:
filesystem:
filename: /var/lib/authelia/notification.txt

4
compose/local/docker-compose.yml
View File

@ -9,9 +9,7 @@ services:
image: authelia/authelia image: authelia/authelia
container_name: authelia container_name: authelia
volumes: volumes:
- ./authelia:/var/lib/authelia - ./authelia:/config
- ./configuration.yml:/etc/authelia/configuration.yml:ro
- ./users_database.yml:/etc/authelia/users_database.yml
networks: networks:
- net - net
labels: labels:

14
compose/local/users_database.yml
View File

@ -1,14 +0,0 @@
###############################################################
# Users Database #
###############################################################
# This file can be used if you do not have an LDAP set up.
# List of users
users:
<USERNAME>:
password: "<PASSWORD>"
email: <USERNAME>@example.com
groups:
- admins
- dev

12
config.template.yml
View File

@ -5,8 +5,8 @@
# The host and port to listen on # The host and port to listen on
host: 0.0.0.0 host: 0.0.0.0
port: 9091 port: 9091
# tls_key: /var/lib/authelia/ssl/key.pem # tls_key: /config/ssl/key.pem
# tls_cert: /var/lib/authelia/ssl/cert.pem # tls_cert: /config/ssl/cert.pem
# Configuration options specific to the internal http server # Configuration options specific to the internal http server
server: server:
@ -22,7 +22,7 @@ server:
# Level of verbosity for logs: info, debug, trace # Level of verbosity for logs: info, debug, trace
log_level: debug log_level: debug
## File path where the logs will be written. If not set logs are written to stdout. ## File path where the logs will be written. If not set logs are written to stdout.
# log_file_path: /var/log/authelia # log_file_path: /config/authelia.log
# The secret used to generate JWT tokens when validating user identity by # The secret used to generate JWT tokens when validating user identity by
# email confirmation. # email confirmation.
@ -169,7 +169,7 @@ authentication_backend:
# https://docs.authelia.com/configuration/authentication/file.html#password-hash-algorithm-tuning # https://docs.authelia.com/configuration/authentication/file.html#password-hash-algorithm-tuning
# #
## file: ## file:
## path: ./users_database.yml ## path: /config/users_database.yml
## password: ## password:
## algorithm: argon2id ## algorithm: argon2id
## iterations: 1 ## iterations: 1
@ -345,7 +345,7 @@ regulation:
storage: storage:
# The directory where the DB files will be saved # The directory where the DB files will be saved
## local: ## local:
## path: /var/lib/authelia/db.sqlite3 ## path: /config/db.sqlite3
# Settings to connect to MySQL server # Settings to connect to MySQL server
mysql: mysql:
@ -377,7 +377,7 @@ notifier:
# For testing purpose, notifications can be sent in a file # For testing purpose, notifications can be sent in a file
## filesystem: ## filesystem:
## filename: /tmp/authelia/notification.txt ## filename: /config/notification.txt
# Use a SMTP server for sending notifications. Authelia uses PLAIN or LOGIN method to authenticate. # Use a SMTP server for sending notifications. Authelia uses PLAIN or LOGIN method to authenticate.
# [Security] By default Authelia will: # [Security] By default Authelia will:

2
docs/configuration/authentication/file.md
View File

@ -33,7 +33,7 @@ authentication_backend:
# https://docs.authelia.com/configuration/authentication/file.html#password-hash-algorithm-tuning # https://docs.authelia.com/configuration/authentication/file.html#password-hash-algorithm-tuning
file: file:
path: /var/lib/authelia/users.yml path: /config/users.yml
password: password:
algorithm: argon2id algorithm: argon2id
iterations: 1 iterations: 1

6
docs/configuration/miscellaneous.md
View File

@ -28,8 +28,8 @@ Authelia can use TLS. Provide the certificate and the key with the
following configuration options: following configuration options:
```yaml ```yaml
tls_key: /var/lib/authelia/ssl/key.pem tls_key: /config/ssl/key.pem
tls_cert: /var/lib/authelia/ssl/cert.pem tls_cert: /config/ssl/cert.pem
``` ```
## Log ## Log
@ -55,7 +55,7 @@ Logs can be stored in a file when file path is provided. Otherwise logs
are written to standard output. are written to standard output.
```yaml ```yaml
log_file_path: /var/log/authelia.log log_file_path: /config/authelia.log
``` ```

2
docs/configuration/notifier/filesystem.md
View File

@ -23,5 +23,5 @@ notifier:
# For testing purpose, notifications can be sent in a file. # For testing purpose, notifications can be sent in a file.
filesystem: filesystem:
filename: /tmp/authelia/notification.txt filename: /config/notification.txt
``` ```

2
docs/configuration/notifier/smtp.md
View File

@ -23,7 +23,7 @@ notifier:
# For testing purpose, notifications can be sent in a file. # For testing purpose, notifications can be sent in a file.
## filesystem: ## filesystem:
## filename: /tmp/authelia/notification.txt ## filename: /config/notification.txt
# Use a SMTP server for sending notifications. Authelia uses PLAIN or LOGIN method to authenticate. # Use a SMTP server for sending notifications. Authelia uses PLAIN or LOGIN method to authenticate.
# [Security] By default Authelia will: # [Security] By default Authelia will:

39
docs/configuration/secrets.md
View File

@ -107,8 +107,7 @@ services:
- smtp - smtp
- ldap - ldap
volumes: volumes:
- /path/to/authelia:/var/lib/authelia - /path/to/authelia:/config
- /path/to/authelia/configuration.yml:/etc/authelia/configuration.yml:ro
networks: networks:
- net - net
expose: expose:
@ -129,7 +128,7 @@ services:
This example assumes secrets are stored in `/path/to/authelia/secrets/{secretname}` This example assumes secrets are stored in `/path/to/authelia/secrets/{secretname}`
on the host and are exposed with bind mounted secret files in a `docker-compose.yml` file on the host and are exposed with bind mounted secret files in a `docker-compose.yml` file
at `/etc/authelia/secrets/`: at `/config/secrets/`:
```yaml ```yaml
version: '3.8' version: '3.8'
@ -143,22 +142,20 @@ services:
image: authelia/authelia image: authelia/authelia
container_name: authelia container_name: authelia
volumes: volumes:
- /path/to/authelia:/var/lib/authelia - /path/to/authelia:/config
- /path/to/authelia/configuration.yml:/etc/authelia/configuration.yml:ro
- /path/to/authelia/secrets:/etc/authelia/secrets
networks: networks:
- net - net
expose: expose:
- 9091 - 9091
restart: unless-stopped restart: unless-stopped
environment: environment:
- AUTHELIA_JWT_SECRET_FILE=/etc/authelia/secrets/jwt - AUTHELIA_JWT_SECRET_FILE=/config/secrets/jwt
- AUTHELIA_DUO_API_SECRET_KEY_FILE=/etc/authelia/secrets/duo - AUTHELIA_DUO_API_SECRET_KEY_FILE=/config/secrets/duo
- AUTHELIA_SESSION_SECRET_FILE=/etc/authelia/secrets/session - AUTHELIA_SESSION_SECRET_FILE=/config/secrets/session
- AUTHELIA_SESSION_REDIS_PASSWORD_FILE=/etc/authelia/secrets/redis - AUTHELIA_SESSION_REDIS_PASSWORD_FILE=/config/secrets/redis
- AUTHELIA_STORAGE_MYSQL_PASSWORD_FILE=/etc/authelia/secrets/mysql - AUTHELIA_STORAGE_MYSQL_PASSWORD_FILE=/config/secrets/mysql
- AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE=/etc/authelia/secrets/smtp - AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE=/config/secrets/smtp
- AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD_FILE=/etc/authelia/secrets/ldap - AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD_FILE=/config/secrets/ldap
- TZ=Australia/Melbourne - TZ=Australia/Melbourne
``` ```
@ -233,17 +230,17 @@ spec:
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
env: env:
- name: AUTHELIA_JWT_SECRET_FILE - name: AUTHELIA_JWT_SECRET_FILE
value: /usr/app/secrets/jwt value: /app/secrets/jwt
- name: AUTHELIA_DUO_API_SECRET_KEY_FILE - name: AUTHELIA_DUO_API_SECRET_KEY_FILE
value: /usr/app/secrets/duo value: /app/secrets/duo
- name: AUTHELIA_SESSION_SECRET_FILE - name: AUTHELIA_SESSION_SECRET_FILE
value: /usr/app/secrets/session value: /app/secrets/session
- name: AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD_FILE - name: AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD_FILE
value: /usr/app/secrets/ldap_password value: /app/secrets/ldap_password
- name: AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE - name: AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE
value: /usr/app/secrets/smtp_password value: /app/secrets/smtp_password
- name: AUTHELIA_STORAGE_POSTGRES_PASSWORD_FILE - name: AUTHELIA_STORAGE_POSTGRES_PASSWORD_FILE
value: /usr/app/secrets/sql_password value: /app/secrets/sql_password
ports: ports:
- name: http - name: http
containerPort: 80 containerPort: 80
@ -272,9 +269,9 @@ spec:
periodSeconds: 5 periodSeconds: 5
failureThreshold: 5 failureThreshold: 5
volumeMounts: volumeMounts:
- mountPath: /etc/authelia - mountPath: /config
name: config-volume name: config-volume
- mountPath: /usr/app/secrets - mountPath: /app/secrets
name: secrets name: secrets
readOnly: true readOnly: true
- mountPath: /etc/localtime - mountPath: /etc/localtime

2
docs/configuration/storage/sqlite.md
View File

@ -19,5 +19,5 @@ Just give the path to the sqlite database. It will be created if the file does n
```yaml ```yaml
storage: storage:
local: local:
path: /var/lib/authelia/db.sqlite3 path: /config/db.sqlite3
``` ```

2
docs/deployment/deployment-ha.md
View File

@ -44,7 +44,7 @@ pay attention to the permissions of the configuration file. See
### Deploy With Docker ### Deploy With Docker
$ docker run -v /path/to/your/configuration.yml:/etc/authelia/configuration.yml -e TZ=Europe/Paris authelia/authelia $ docker run -v /path/to/your/configuration.yml:/config/configuration.yml -e TZ=Europe/Paris authelia/authelia
## FAQ ## FAQ

3
docs/deployment/supported-proxies/traefik1.x.md
View File

@ -63,8 +63,7 @@ services:
image: authelia/authelia image: authelia/authelia
container_name: authelia container_name: authelia
volumes: volumes:
- /path/to/authelia:/var/lib/authelia - /path/to/authelia:/config
- /path/to/authelia/config.yml:/etc/authelia/configuration.yml:ro
networks: networks:
- net - net
labels: labels:

3
docs/deployment/supported-proxies/traefik2.x.md
View File

@ -66,8 +66,7 @@ services:
image: authelia/authelia image: authelia/authelia
container_name: authelia container_name: authelia
volumes: volumes:
- /path/to/authelia:/var/lib/authelia - /path/to/authelia:/config
- /path/to/authelia/config.yml:/etc/authelia/configuration.yml:ro
networks: networks:
- net - net
labels: labels:

29
go.sum
View File

@ -25,6 +25,7 @@ github.com/DataDog/sketches-go v0.0.0-20190923095040-43f19ad77ff7 h1:qELHH0AWCvf
github.com/DataDog/sketches-go v0.0.0-20190923095040-43f19ad77ff7/go.mod h1:Q5DbzQ+3AkgGwymQO7aZFNP7ns2lZKGtvRBzRXfdi60= github.com/DataDog/sketches-go v0.0.0-20190923095040-43f19ad77ff7/go.mod h1:Q5DbzQ+3AkgGwymQO7aZFNP7ns2lZKGtvRBzRXfdi60=
github.com/Gurpartap/logrus-stack v0.0.0-20170710170904-89c00d8a28f4 h1:vdT7QwBhJJEVNFMBNhRSFDRCB6O16T28VhvqRgqFyn8= github.com/Gurpartap/logrus-stack v0.0.0-20170710170904-89c00d8a28f4 h1:vdT7QwBhJJEVNFMBNhRSFDRCB6O16T28VhvqRgqFyn8=
github.com/Gurpartap/logrus-stack v0.0.0-20170710170904-89c00d8a28f4/go.mod h1:SvXOG8ElV28oAiG9zv91SDe5+9PfIr7PPccpr8YyXNs= github.com/Gurpartap/logrus-stack v0.0.0-20170710170904-89c00d8a28f4/go.mod h1:SvXOG8ElV28oAiG9zv91SDe5+9PfIr7PPccpr8YyXNs=
github.com/OneOfOne/xxhash v1.2.2 h1:KMrpdQIwFcEqXDklaen+P1axHaj9BSKzvpUUfnHldSE=
github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
github.com/Workiva/go-datastructures v1.0.52 h1:PLSK6pwn8mYdaoaCZEMsXBpBotr4HHn9abU0yMQt0NI= github.com/Workiva/go-datastructures v1.0.52 h1:PLSK6pwn8mYdaoaCZEMsXBpBotr4HHn9abU0yMQt0NI=
github.com/Workiva/go-datastructures v1.0.52/go.mod h1:Z+F2Rca0qCsVYDS8z7bAGm8f3UkzuWYS/oBZz5a7VVA= github.com/Workiva/go-datastructures v1.0.52/go.mod h1:Z+F2Rca0qCsVYDS8z7bAGm8f3UkzuWYS/oBZz5a7VVA=
@ -54,6 +55,7 @@ github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc h1:biVzkmvwrH8
github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
github.com/bradfitz/gomemcache v0.0.0-20190913173617-a41fca850d0b/go.mod h1:H0wQNHz2YrLsuXOZozoeDmnHXkNCRmMW0gwFWDfEZDA= github.com/bradfitz/gomemcache v0.0.0-20190913173617-a41fca850d0b/go.mod h1:H0wQNHz2YrLsuXOZozoeDmnHXkNCRmMW0gwFWDfEZDA=
github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko=
github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
@ -72,6 +74,7 @@ github.com/deckarep/golang-set v1.7.1 h1:SCQV0S6gTtp6itiFrTqI+pfmJ4LN85S1YzhDf9r
github.com/deckarep/golang-set v1.7.1/go.mod h1:93vsz/8Wt4joVM7c2AVqh+YRMiUSc14yDtF28KmMOgQ= github.com/deckarep/golang-set v1.7.1/go.mod h1:93vsz/8Wt4joVM7c2AVqh+YRMiUSc14yDtF28KmMOgQ=
github.com/dgrijalva/jwt-go v3.2.0+incompatible h1:7qlOGliEKZXTDg6OTjfoBKDXWrumCAMpl/TFQ4/5kLM= github.com/dgrijalva/jwt-go v3.2.0+incompatible h1:7qlOGliEKZXTDg6OTjfoBKDXWrumCAMpl/TFQ4/5kLM=
github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
github.com/dgryski/go-rendezvous v0.0.0-20180401054734-3692eb46c031 h1:GqrUYGzmGuc00lpc+K0wwrqshfkKLwgYFJiCyOZFMVE=
github.com/dgryski/go-rendezvous v0.0.0-20180401054734-3692eb46c031/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc= github.com/dgryski/go-rendezvous v0.0.0-20180401054734-3692eb46c031/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc=
github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no= github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no=
github.com/duosecurity/duo_api_golang v0.0.0-20190308151101-6c680f768e74 h1:2MIhn2R6oXQbgW5yHfS+d6YqyMfXiu2L55rFZC4UD/M= github.com/duosecurity/duo_api_golang v0.0.0-20190308151101-6c680f768e74 h1:2MIhn2R6oXQbgW5yHfS+d6YqyMfXiu2L55rFZC4UD/M=
@ -82,36 +85,23 @@ github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1m
github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
github.com/facebookgo/stack v0.0.0-20160209184415-751773369052 h1:JWuenKqqX8nojtoVVWjGfOF9635RETekkoH6Cc9SX0A= github.com/facebookgo/stack v0.0.0-20160209184415-751773369052 h1:JWuenKqqX8nojtoVVWjGfOF9635RETekkoH6Cc9SX0A=
github.com/facebookgo/stack v0.0.0-20160209184415-751773369052/go.mod h1:UbMTZqLaRiH3MsBH8va0n7s1pQYcu3uTb8G4tygF4Zg= github.com/facebookgo/stack v0.0.0-20160209184415-751773369052/go.mod h1:UbMTZqLaRiH3MsBH8va0n7s1pQYcu3uTb8G4tygF4Zg=
github.com/fasthttp/router v1.1.6 h1:lBcXxp1ZNoNbSeh4+RvAaXKSEiHU6sGd+gEMpd5Xjog=
github.com/fasthttp/router v1.1.6/go.mod h1:E1mpv7mrQzAhiSQdqhRb+GBTC7MEV+bLFVmgzSA5oFM=
github.com/fasthttp/router v1.1.7 h1:1Wt3iK7yILMNUlgWg3kfqNW8cQhvMIgkqKUhh370wR4=
github.com/fasthttp/router v1.1.7/go.mod h1:GllqmaKtAsIvYwz5Nbu0qcbQQXBSVaeXw2KY3SmlbYM=
github.com/fasthttp/router v1.2.1 h1:8xVgc9j39HkI4KQcxcN3Kmo0K/1/GnGGbBeqjegtCJk=
github.com/fasthttp/router v1.2.1/go.mod h1:7KEYuV4ieG9kNJqqxnH0pwIdO69cJCVhVqZx3CpOURw=
github.com/fasthttp/router v1.2.2 h1:znEzZbSKjKDzXwUHiq/HQ17brnKx9ZF6ZphYKGrfkVk= github.com/fasthttp/router v1.2.2 h1:znEzZbSKjKDzXwUHiq/HQ17brnKx9ZF6ZphYKGrfkVk=
github.com/fasthttp/router v1.2.2/go.mod h1:7KEYuV4ieG9kNJqqxnH0pwIdO69cJCVhVqZx3CpOURw= github.com/fasthttp/router v1.2.2/go.mod h1:7KEYuV4ieG9kNJqqxnH0pwIdO69cJCVhVqZx3CpOURw=
github.com/fasthttp/session/v2 v2.1.0 h1:X84Wx3S5hO2AM5B030yhus6+J3ROWY/wA76rye3K00s=
github.com/fasthttp/session/v2 v2.1.0/go.mod h1:VEaGPgnkB9J+/fy0nKqSU6VGS7hjVy1H7/zI+LCOgbo=
github.com/fasthttp/session/v2 v2.1.1 h1:Cw+BZkfgfQ/IXYTYNtYXxj5Qg5WbArCrRQnfIok9OuM= github.com/fasthttp/session/v2 v2.1.1 h1:Cw+BZkfgfQ/IXYTYNtYXxj5Qg5WbArCrRQnfIok9OuM=
github.com/fasthttp/session/v2 v2.1.1/go.mod h1:JBwLzecuSht7fkNJXvB5mvRoi2BhSiTZZ1+vKoWyjAE= github.com/fasthttp/session/v2 v2.1.1/go.mod h1:JBwLzecuSht7fkNJXvB5mvRoi2BhSiTZZ1+vKoWyjAE=
github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
github.com/fsnotify/fsnotify v1.4.7 h1:IXs+QLmnXW2CcXuY+8Mzv/fWEsPGWxqefPtCP5CnV9I= github.com/fsnotify/fsnotify v1.4.7 h1:IXs+QLmnXW2CcXuY+8Mzv/fWEsPGWxqefPtCP5CnV9I=
github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
github.com/go-asn1-ber/asn1-ber v1.3.1 h1:gvPdv/Hr++TRFCl0UbPFHC54P9N9jgsRPnmnr419Uck=
github.com/go-asn1-ber/asn1-ber v1.3.1/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0=
github.com/go-asn1-ber/asn1-ber v1.5.0 h1:/S4hO/AO6tLMlPX0oftGSOcdGJJN/MuYzfgWRMn199E= github.com/go-asn1-ber/asn1-ber v1.5.0 h1:/S4hO/AO6tLMlPX0oftGSOcdGJJN/MuYzfgWRMn199E=
github.com/go-asn1-ber/asn1-ber v1.5.0/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0= github.com/go-asn1-ber/asn1-ber v1.5.0/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0=
github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
github.com/go-ldap/ldap/v3 v3.1.10 h1:7WsKqasmPThNvdl0Q5GPpbTDD/ZD98CfuawrMIuh7qQ=
github.com/go-ldap/ldap/v3 v3.1.10/go.mod h1:5Zun81jBTabRaI8lzN7E1JjyEl1g6zI6u9pd8luAK4Q=
github.com/go-ldap/ldap/v3 v3.1.11 h1:EojIR9zHvfQS8LEz+EjvnPSvsfPYS3UioBezeOOskIA= github.com/go-ldap/ldap/v3 v3.1.11 h1:EojIR9zHvfQS8LEz+EjvnPSvsfPYS3UioBezeOOskIA=
github.com/go-ldap/ldap/v3 v3.1.11/go.mod h1:dtLsnBXnSLIsMRbCBuRpHflCGaYzZ5jn+x1q7XqMTKU= github.com/go-ldap/ldap/v3 v3.1.11/go.mod h1:dtLsnBXnSLIsMRbCBuRpHflCGaYzZ5jn+x1q7XqMTKU=
github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
github.com/go-redis/redis/v8 v8.0.0-beta.2 h1:9S28J9QMBotgI3tGgXbX1Wk9i8QYC3Orw4bTLoPrQeI= github.com/go-redis/redis/v8 v8.0.0-beta.4 h1:oIZMgBk2CHvLd1/rfn8sybGNwzTTmKEvRoXGz6ZiWnI=
github.com/go-redis/redis/v8 v8.0.0-beta.2/go.mod h1:o1M7JtsgfDYyv3o+gBn/jJ1LkqpnCrmil7PSppZGBak=
github.com/go-redis/redis/v8 v8.0.0-beta.4/go.mod h1:NlNCdZHGMxsMUjOkA1Xab/1SsVzAwI7WPBXbh1O7vHM= github.com/go-redis/redis/v8 v8.0.0-beta.4/go.mod h1:NlNCdZHGMxsMUjOkA1Xab/1SsVzAwI7WPBXbh1O7vHM=
github.com/go-sql-driver/mysql v1.5.0 h1:ozyZYNQW3x3HtqT1jira07DN2PArx2v7/mN66gGcHOs= github.com/go-sql-driver/mysql v1.5.0 h1:ozyZYNQW3x3HtqT1jira07DN2PArx2v7/mN66gGcHOs=
github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
@ -226,8 +216,6 @@ github.com/kr/pty v1.1.1 h1:VkoXIwSboBpnk99O/KFauAEILuNHv5DVFKZMBN/gUgw=
github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE= github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
github.com/lib/pq v1.5.2 h1:yTSXVswvWUOQ3k1sd7vJfDrbSl8lKuscqFJRqjC0ifw=
github.com/lib/pq v1.5.2/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
github.com/lib/pq v1.6.0 h1:I5DPxhYJChW9KYc66se+oKFFQX6VuQrKiprsX6ivRZc= github.com/lib/pq v1.6.0 h1:I5DPxhYJChW9KYc66se+oKFFQX6VuQrKiprsX6ivRZc=
github.com/lib/pq v1.6.0/go.mod h1:4vXEAYvW1fRQ2/FhZ78H73A60MHw1geSm145z2mdY1g= github.com/lib/pq v1.6.0/go.mod h1:4vXEAYvW1fRQ2/FhZ78H73A60MHw1geSm145z2mdY1g=
github.com/lib/pq v1.7.0 h1:h93mCPfUSkaul3Ka/VG8uZdmW1uMHDGxzu0NWHuJmHY= github.com/lib/pq v1.7.0 h1:h93mCPfUSkaul3Ka/VG8uZdmW1uMHDGxzu0NWHuJmHY=
@ -304,12 +292,8 @@ github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6So
github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
github.com/savsgio/dictpool v0.0.0-20200414074025-215dfcb77c2c h1:EVgT3hCwdDn/HmAmzRLEAoK2qHhcO8AD22AvPAE1/mk=
github.com/savsgio/dictpool v0.0.0-20200414074025-215dfcb77c2c/go.mod h1:InhUgunRRHK3vhg8YZHIRnxyoQGvGxwOE1p55leevWU=
github.com/savsgio/dictpool v0.0.0-20200608150529-6a3c1a8f6ab2 h1:V+VG/pzeMdwBlS21mJmNkBnQQmZWyuBgYRoz0SVxaVk= github.com/savsgio/dictpool v0.0.0-20200608150529-6a3c1a8f6ab2 h1:V+VG/pzeMdwBlS21mJmNkBnQQmZWyuBgYRoz0SVxaVk=
github.com/savsgio/dictpool v0.0.0-20200608150529-6a3c1a8f6ab2/go.mod h1:LTEdLD+Y+KR4yx9eRMIgciXZo4Od0doGWP/hjgfOlE0= github.com/savsgio/dictpool v0.0.0-20200608150529-6a3c1a8f6ab2/go.mod h1:LTEdLD+Y+KR4yx9eRMIgciXZo4Od0doGWP/hjgfOlE0=
github.com/savsgio/gotils v0.0.0-20200413113635-8c468ce75cca h1:Qe7Mtuhjkk38HVpRtvWdziZJcwG3Qup1mfyvyOrcnyM=
github.com/savsgio/gotils v0.0.0-20200413113635-8c468ce75cca/go.mod h1:TWNAOTaVzGOXq8RbEvHnhzA/A2sLZzgn0m6URjnukY8=
github.com/savsgio/gotils v0.0.0-20200608150037-a5f6f5aef16c h1:2nF5+FZ4/qp7pZVL7fR6DEaSTzuDmNaFTyqp92/hwF8= github.com/savsgio/gotils v0.0.0-20200608150037-a5f6f5aef16c h1:2nF5+FZ4/qp7pZVL7fR6DEaSTzuDmNaFTyqp92/hwF8=
github.com/savsgio/gotils v0.0.0-20200608150037-a5f6f5aef16c/go.mod h1:TWNAOTaVzGOXq8RbEvHnhzA/A2sLZzgn0m6URjnukY8= github.com/savsgio/gotils v0.0.0-20200608150037-a5f6f5aef16c/go.mod h1:TWNAOTaVzGOXq8RbEvHnhzA/A2sLZzgn0m6URjnukY8=
github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc=
@ -324,6 +308,7 @@ github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1
github.com/smartystreets/goconvey v1.6.4 h1:fv0U8FUIMPNf1L9lnHLvLhgicrIVChEkdzIKYqbNC9s= github.com/smartystreets/goconvey v1.6.4 h1:fv0U8FUIMPNf1L9lnHLvLhgicrIVChEkdzIKYqbNC9s=
github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM= github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM=
github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72 h1:qLC7fQah7D6K1B0ujays3HV9gkFtllcxhzImRR7ArPQ=
github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
github.com/spf13/afero v1.1.2 h1:m8/z1t7/fwjysjQRYbP0RD+bUIF/8tJwPdEZsI83ACI= github.com/spf13/afero v1.1.2 h1:m8/z1t7/fwjysjQRYbP0RD+bUIF/8tJwPdEZsI83ACI=
github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ= github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ=
@ -345,8 +330,6 @@ github.com/stretchr/testify v1.2.0/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXf
github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
github.com/stretchr/testify v1.6.0 h1:jlIyCplCJFULU/01vCkhKuTyc3OorI3bJFuw6obfgho=
github.com/stretchr/testify v1.6.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd0= github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd0=
github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/subosito/gotenv v1.2.0 h1:Slr1R9HxAlEKefgq5jn9U+DnETlIUa6HfgEzj0g5d7s= github.com/subosito/gotenv v1.2.0 h1:Slr1R9HxAlEKefgq5jn9U+DnETlIUa6HfgEzj0g5d7s=
@ -361,8 +344,6 @@ github.com/tstranex/u2f v1.0.0/go.mod h1:eahSLaqAS0zsIEv80+vXT7WanXs7MQQDg3j3wGB
github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc= github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc=
github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw= github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw=
github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc= github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc=
github.com/valyala/fasthttp v1.13.1 h1:Z7kVhKP9NZz+tCSY7AVhCMPPAk7b+e5fq0l/BfdTlFc=
github.com/valyala/fasthttp v1.13.1/go.mod h1:ol1PCaL0dX20wC0htZ7sYCsvCYmrouYra0zHzaclZhE=
github.com/valyala/fasthttp v1.14.0 h1:67bfuW9azCMwW/Jlq/C+VeihNpAuJMWkYPBig1gdi3A= github.com/valyala/fasthttp v1.14.0 h1:67bfuW9azCMwW/Jlq/C+VeihNpAuJMWkYPBig1gdi3A=
github.com/valyala/fasthttp v1.14.0/go.mod h1:ol1PCaL0dX20wC0htZ7sYCsvCYmrouYra0zHzaclZhE= github.com/valyala/fasthttp v1.14.0/go.mod h1:ol1PCaL0dX20wC0htZ7sYCsvCYmrouYra0zHzaclZhE=
github.com/valyala/tcplisten v0.0.0-20161114210144-ceec8f93295a/go.mod h1:v3UYOV9WzVtRmSR+PDvWpU/qWl4Wa5LApYYX4ZtKbio= github.com/valyala/tcplisten v0.0.0-20161114210144-ceec8f93295a/go.mod h1:v3UYOV9WzVtRmSR+PDvWpU/qWl4Wa5LApYYX4ZtKbio=

5
internal/authentication/configuration.gen.go 100644
View File

@ -0,0 +1,5 @@
package authentication
import "aletheia.icu/broccoli/fs"
var cfg = fs.New(false, []byte("\x8b\xa1\x80\r\xff\x83\x02\x01\x02\xff\x84\x00\x01\xff\x82\x00\x00=\xff\x81\x03\x01\x02\xff\x82\x00\x01\x05\x01\x04Data\x01\n\x00\x01\x05Fpath\x01\f\x00\x01\x05Fname\x01\f\x00\x01\x05Fsize\x01\x04\x00\x01\x05Ftime\x01\x04\x00\x00\x00\xff\xf6\xff\x84\x00\x01\x01\xff\xaa\x1b\xe6\x00`\x1c\x87\xb1\xf3\xa4II\xda\xd3]\xbci`\x9e\xa9θ\x13\x91\xe6\x06\xb8A\xc2Z\x14F\x8fNn~P\xeb\xe7nAy@\x10C 7\xecwSb\xed\x15\xee>\x0f\xa3\xbe\x8b\xfc,\xb6\xa3\x98\xfe\xe7\x00Bj²\x90b\x0f\x19\xc4=\x92\x8b\xc2j\xb7\xden\x98Nd\xaa\x1d\xa2?J\xc9\xd3ŗ\xb9\x9cM+\u07bf\xfe\xcf{c\x85H9\xaf\xec97\xa6\xe4o\xeaƘ\xdfO\xf1\xf3\xdd\\\xd2Iٮ\u074b\xaa4i#\x17\xc5w=\x19\xd9\n\x02\xbf3o\xdc\x028\rp:\xf7\x011\x8fY\x88g\x87\x9c\b}\xf8\xa1\xc8mݞ?\x00\x01\x1busers_database.template.yml\x01\x1busers_database.template.yml\x01\xfe\x01\xce\x01\xfc\xbd\xcb\xdc\xf6\x00\x03"))

51
internal/authentication/file_user_provider.go
View File

@ -3,6 +3,7 @@ package authentication
import ( import (
"fmt" "fmt"
"io/ioutil" "io/ioutil"
"os"
"strings" "strings"
"sync" "sync"
@ -11,6 +12,7 @@ import (
"gopkg.in/yaml.v2" "gopkg.in/yaml.v2"
"github.com/authelia/authelia/internal/configuration/schema" "github.com/authelia/authelia/internal/configuration/schema"
"github.com/authelia/authelia/internal/logging"
"github.com/authelia/authelia/internal/utils" "github.com/authelia/authelia/internal/utils"
) )
@ -38,6 +40,15 @@ type DatabaseModel struct {
// NewFileUserProvider creates a new instance of FileUserProvider. // NewFileUserProvider creates a new instance of FileUserProvider.
func NewFileUserProvider(configuration *schema.FileAuthenticationBackendConfiguration) *FileUserProvider { func NewFileUserProvider(configuration *schema.FileAuthenticationBackendConfiguration) *FileUserProvider {
errs := checkDatabase(configuration.Path)
if errs != nil {
for _, err := range errs {
logging.Logger().Error(err)
}
os.Exit(1)
}
database, err := readDatabase(configuration.Path) database, err := readDatabase(configuration.Path)
if err != nil { if err != nil {
// Panic since the file does not exist when Authelia is starting. // Panic since the file does not exist when Authelia is starting.
@ -86,6 +97,46 @@ func checkPasswordHashes(database *DatabaseModel) error {
return nil return nil
} }
func checkDatabase(path string) []error {
_, err := os.Stat(path)
if err != nil {
errs := []error{
fmt.Errorf("Unable to find database file: %v", path),
fmt.Errorf("Generating database file: %v", path),
}
err := generateDatabaseFromTemplate(path)
if err != nil {
errs = append(errs, err)
} else {
errs = append(errs, fmt.Errorf("Generated database at: %v", path))
}
return errs
}
return nil
}
func generateDatabaseFromTemplate(path string) error {
f, err := cfg.Open("users_database.template.yml")
if err != nil {
return fmt.Errorf("Unable to open users_database.template.yml: %v", err)
}
b, err := ioutil.ReadAll(f)
if err != nil {
return fmt.Errorf("Unable to read users_database.template.yml: %v", err)
}
err = ioutil.WriteFile(path, b, 0600)
if err != nil {
return fmt.Errorf("Unable to generate %v: %v", path, err)
}
return nil
}
func readDatabase(path string) (*DatabaseModel, error) { func readDatabase(path string) (*DatabaseModel, error) {
content, err := ioutil.ReadFile(path) content, err := ioutil.ReadFile(path)
if err != nil { if err != nil {

37
internal/authentication/file_user_provider_test.go
View File

@ -7,7 +7,9 @@ import (
"strings" "strings"
"testing" "testing"
"aletheia.icu/broccoli/fs"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"github.com/authelia/authelia/internal/configuration/schema" "github.com/authelia/authelia/internal/configuration/schema"
) )
@ -32,6 +34,41 @@ func WithDatabase(content []byte, f func(path string)) {
} }
} }
func TestShouldErrorNoUserDBInEmbeddedFS(t *testing.T) {
oldCfg := cfg
cfg = fs.New(false, []byte("\x1b~\x00\x80\x8d\x94n\xc2|\x84J\xf7\xbfn\xfd\xf7w;.\x8d m\xb2&\xd1Z\xec\xb2\x05\xb9\xc00\x8a\xf7(\x80^78\t(\f\f\xc3p\xc2\xc1\x06[a\xa2\xb3\xa4P\xe5\xa14\xfb\x19\xb2cp\xf6\x90-Z\xb2\x11\xe0l\xa1\x80\\\x95Vh\t\xc5\x06\x16\xfa\x8c\xc0\"!\xa5\xcf\xf7$\x9a\xb2\a`\xc6\x18\xc8~\xce8\r\x16Z\x9d\xc3\xe3\xff\x00"))
errors := checkDatabase("./nonexistent.yml")
cfg = oldCfg
require.Len(t, errors, 3)
require.EqualError(t, errors[0], "Unable to find database file: ./nonexistent.yml")
require.EqualError(t, errors[1], "Generating database file: ./nonexistent.yml")
require.EqualError(t, errors[2], "Unable to open users_database.template.yml: file does not exist")
}
func TestShouldErrorPermissionsOnLocalFS(t *testing.T) {
_ = os.Mkdir("/tmp/noperms/", 0000)
errors := checkDatabase("/tmp/noperms/users_database.yml")
require.Len(t, errors, 3)
require.EqualError(t, errors[0], "Unable to find database file: /tmp/noperms/users_database.yml")
require.EqualError(t, errors[1], "Generating database file: /tmp/noperms/users_database.yml")
require.EqualError(t, errors[2], "Unable to generate /tmp/noperms/users_database.yml: open /tmp/noperms/users_database.yml: permission denied")
}
func TestShouldErrorAndGenerateUserDB(t *testing.T) {
errors := checkDatabase("./nonexistent.yml")
_ = os.Remove("./nonexistent.yml")
require.Len(t, errors, 3)
require.EqualError(t, errors[0], "Unable to find database file: ./nonexistent.yml")
require.EqualError(t, errors[1], "Generating database file: ./nonexistent.yml")
require.EqualError(t, errors[2], "Generated database at: ./nonexistent.yml")
}
func TestShouldCheckUserArgon2idPasswordIsCorrect(t *testing.T) { func TestShouldCheckUserArgon2idPasswordIsCorrect(t *testing.T) {
WithDatabase(UserDatabaseContent, func(path string) { WithDatabase(UserDatabaseContent, func(path string) {
config := DefaultFileAuthenticationBackendConfiguration config := DefaultFileAuthenticationBackendConfiguration

5
internal/configuration/configuration.gen.go 100644
View File

@ -0,0 +1,5 @@
package configuration
import "aletheia.icu/broccoli/fs"
var cfg = fs.New(false, []byte("\x1b~\x00\x80\x8d\x94n\xc2|\x84J\xf7\xbfn\xfd\xf7w;.\x8d m\xb2&\xd1Z\xec\xb2\x05\xb9\xc00\x8a\xf7(\x80^78\t(\f\f\xc3p\xc2\xc1\x06[a\xa2\xb3\xa4P\xe5\xa14\xfb\x19\xb2cp\xf6\x90-Z\xb2\x11\xe0l\xa1\x80\\\x95Vh\t\xc5\x06\x16\xfa\x8c\xc0\"!\xa5\xcf\xf7$\x9a\xb2\a`\xc6\x18\xc8~\xce8\r\x16Z\x9d\xc3\xe3\xff\x00"))

34
internal/configuration/reader.go
View File

@ -15,6 +15,7 @@ import (
) )
// Read a YAML configuration and create a Configuration object out of it. // Read a YAML configuration and create a Configuration object out of it.
//go:generate broccoli -src ../../config.template.yml -var=cfg -o configuration
func Read(configPath string) (*schema.Configuration, []error) { func Read(configPath string) (*schema.Configuration, []error) {
if configPath == "" { if configPath == "" {
return nil, []error{errors.New("No config file path provided")} return nil, []error{errors.New("No config file path provided")}
@ -22,7 +23,19 @@ func Read(configPath string) (*schema.Configuration, []error) {
_, err := os.Stat(configPath) _, err := os.Stat(configPath)
if err != nil { if err != nil {
return nil, []error{fmt.Errorf("Unable to find config file: %v", configPath)} errs := []error{
fmt.Errorf("Unable to find config file: %v", configPath),
fmt.Errorf("Generating config file: %v", configPath),
}
err = generateConfigFromTemplate(configPath)
if err != nil {
errs = append(errs, err)
} else {
errs = append(errs, fmt.Errorf("Generated configuration at: %v", configPath))
}
return nil, errs
} }
file, err := ioutil.ReadFile(configPath) file, err := ioutil.ReadFile(configPath)
@ -67,3 +80,22 @@ func Read(configPath string) (*schema.Configuration, []error) {
return &configuration, nil return &configuration, nil
} }
func generateConfigFromTemplate(configPath string) error {
f, err := cfg.Open("config.template.yml")
if err != nil {
return fmt.Errorf("Unable to open config.template.yml: %v", err)
}
b, err := ioutil.ReadAll(f)
if err != nil {
return fmt.Errorf("Unable to read config.template.yml: %v", err)
}
err = ioutil.WriteFile(configPath, b, 0600)
if err != nil {
return fmt.Errorf("Unable to generate %v: %v", configPath, err)
}
return nil
}

32
internal/configuration/reader_test.go
View File

@ -7,6 +7,7 @@ import (
"sort" "sort"
"testing" "testing"
"aletheia.icu/broccoli/fs"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require" "github.com/stretchr/testify/require"
@ -65,12 +66,39 @@ func TestShouldErrorNoConfigPath(t *testing.T) {
require.EqualError(t, errors[0], "No config file path provided") require.EqualError(t, errors[0], "No config file path provided")
} }
func TestShouldErrorNoConfigFile(t *testing.T) { func TestShouldErrorNoConfigFileInEmbeddedFS(t *testing.T) {
oldCfg := cfg
cfg = fs.New(false, []byte("\x1b~\x00\x80\x8d\x94n\xc2|\x84J\xf7\xbfn\xfd\xf7w;.\x8d m\xb2&\xd1Z\xec\xb2\x05\xb9\xc00\x8a\xf7(\x80^78\t(\f\f\xc3p\xc2\xc1\x06[a\xa2\xb3\xa4P\xe5\xa14\xfb\x19\xb2cp\xf6\x90-Z\xb2\x11\xe0l\xa1\x80\\\x95Vh\t\xc5\x06\x16\xfa\x8c\xc0\"!\xa5\xcf\xf7$\x9a\xb2\a`\xc6\x18\xc8~\xce8\r\x16Z\x9d\xc3\xe3\xff\x00"))
_, errors := Read("./nonexistent.yml") _, errors := Read("./nonexistent.yml")
cfg = oldCfg
require.Len(t, errors, 1) require.Len(t, errors, 3)
require.EqualError(t, errors[0], "Unable to find config file: ./nonexistent.yml") require.EqualError(t, errors[0], "Unable to find config file: ./nonexistent.yml")
require.EqualError(t, errors[1], "Generating config file: ./nonexistent.yml")
require.EqualError(t, errors[2], "Unable to open config.template.yml: file does not exist")
}
func TestShouldErrorPermissionsOnLocalFS(t *testing.T) {
_ = os.Mkdir("/tmp/noperms/", 0000)
_, errors := Read("/tmp/noperms/configuration.yml")
require.Len(t, errors, 3)
require.EqualError(t, errors[0], "Unable to find config file: /tmp/noperms/configuration.yml")
require.EqualError(t, errors[1], "Generating config file: /tmp/noperms/configuration.yml")
require.EqualError(t, errors[2], "Unable to generate /tmp/noperms/configuration.yml: open /tmp/noperms/configuration.yml: permission denied")
}
func TestShouldErrorAndGenerateConfigFile(t *testing.T) {
_, errors := Read("./nonexistent.yml")
_ = os.Remove("./nonexistent.yml")
require.Len(t, errors, 3)
require.EqualError(t, errors[0], "Unable to find config file: ./nonexistent.yml")
require.EqualError(t, errors[1], "Generating config file: ./nonexistent.yml")
require.EqualError(t, errors[2], "Generated configuration at: ./nonexistent.yml")
} }
func TestShouldErrorPermissionsConfigFile(t *testing.T) { func TestShouldErrorPermissionsConfigFile(t *testing.T) {

2
internal/configuration/test_resources/config_bad_keys.yml
View File

@ -4,7 +4,7 @@
host: 127.0.0.1 host: 127.0.0.1
port: 9091 port: 9091
loggy_file: /etc/authelia/svc.log loggy_file: /config/svc.log
logs_level: debug logs_level: debug
default_redirection_url: https://home.example.com:8080/ default_redirection_url: https://home.example.com:8080/

2
internal/configuration/test_resources/config_bad_quoting.yml
View File

@ -13,7 +13,7 @@ totp:
authentication_backend: authentication_backend:
file: file:
path: /etc/authelia/users_database.yml path: /config/users_database.yml
access_control: access_control:
default_policy: deny default_policy: deny

8
internal/suites/BypassAll/configuration.yml
View File

@ -3,8 +3,8 @@
############################################################### ###############################################################
port: 9091 port: 9091
tls_cert: /var/lib/authelia/ssl/cert.pem tls_cert: /config/ssl/cert.pem
tls_key: /var/lib/authelia/ssl/key.pem tls_key: /config/ssl/key.pem
log_level: debug log_level: debug
@ -12,7 +12,7 @@ jwt_secret: unsecure_secret
authentication_backend: authentication_backend:
file: file:
path: /var/lib/authelia/users.yml path: /config/users.yml
session: session:
secret: unsecure_session_secret secret: unsecure_session_secret
@ -23,7 +23,7 @@ session:
storage: storage:
local: local:
path: /var/lib/authelia/db.sqlite path: /config/db.sqlite
# The Duo Push Notification API configuration # The Duo Push Notification API configuration
duo_api: duo_api:

6
internal/suites/BypassAll/docker-compose.yml
View File

@ -2,6 +2,6 @@ version: '3'
services: services:
authelia-backend: authelia-backend:
volumes: volumes:
- './BypassAll/configuration.yml:/etc/authelia/configuration.yml:ro' - './BypassAll/configuration.yml:/config/configuration.yml:ro'
- './BypassAll/users.yml:/var/lib/authelia/users.yml' - './BypassAll/users.yml:/config/users.yml'
- './common/ssl:/var/lib/authelia/ssl:ro' - './common/ssl:/config/ssl:ro'

8
internal/suites/Docker/configuration.yml
View File

@ -3,8 +3,8 @@
############################################################### ###############################################################
port: 9091 port: 9091
tls_cert: /var/lib/authelia/ssl/cert.pem tls_cert: /config/ssl/cert.pem
tls_key: /var/lib/authelia/ssl/key.pem tls_key: /config/ssl/key.pem
log_level: debug log_level: debug
@ -14,7 +14,7 @@ jwt_secret: very_important_secret
authentication_backend: authentication_backend:
file: file:
path: /var/lib/authelia/users.yml path: /config/users.yml
session: session:
secret: unsecure_session_secret secret: unsecure_session_secret
@ -25,7 +25,7 @@ session:
storage: storage:
local: local:
path: /var/lib/authelia/db.sqlite3 path: /config/db.sqlite3
totp: totp:
issuer: example.com issuer: example.com

6
internal/suites/Docker/docker-compose.yml
View File

@ -2,6 +2,6 @@ version: '3'
services: services:
authelia-backend: authelia-backend:
volumes: volumes:
- './Docker/configuration.yml:/etc/authelia/configuration.yml:ro' - './Docker/configuration.yml:/config/configuration.yml:ro'
- './Docker/users.yml:/var/lib/authelia/users.yml' - './Docker/users.yml:/config/users.yml'
- './common/ssl:/var/lib/authelia/ssl:ro' - './common/ssl:/config/ssl:ro'

8
internal/suites/DuoPush/configuration.yml
View File

@ -3,8 +3,8 @@
############################################################### ###############################################################
port: 9091 port: 9091
tls_cert: /var/lib/authelia/ssl/cert.pem tls_cert: /config/ssl/cert.pem
tls_key: /var/lib/authelia/ssl/key.pem tls_key: /config/ssl/key.pem
log_level: trace log_level: trace
@ -14,7 +14,7 @@ jwt_secret: very_important_secret
authentication_backend: authentication_backend:
file: file:
path: /var/lib/authelia/users.yml path: /config/users.yml
session: session:
secret: unsecure_session_secret secret: unsecure_session_secret
@ -26,7 +26,7 @@ session:
# Configuration of the storage backend used to store data and secrets. i.e. totp data # Configuration of the storage backend used to store data and secrets. i.e. totp data
storage: storage:
local: local:
path: /var/lib/authelia/db.sqlite path: /config/db.sqlite
# TOTP Issuer Name # TOTP Issuer Name
# #

6
internal/suites/DuoPush/docker-compose.yml
View File

@ -2,6 +2,6 @@ version: '3'
services: services:
authelia-backend: authelia-backend:
volumes: volumes:
- './DuoPush/configuration.yml:/etc/authelia/configuration.yml:ro' - './DuoPush/configuration.yml:/config/configuration.yml:ro'
- './DuoPush/users.yml:/var/lib/authelia/users.yml' - './DuoPush/users.yml:/config/users.yml'
- './common/ssl:/var/lib/authelia/ssl:ro' - './common/ssl:/config/ssl:ro'

8
internal/suites/HAProxy/configuration.yml
View File

@ -3,8 +3,8 @@
############################################################### ###############################################################
port: 9091 port: 9091
tls_cert: /var/lib/authelia/ssl/cert.pem tls_cert: /config/ssl/cert.pem
tls_key: /var/lib/authelia/ssl/key.pem tls_key: /config/ssl/key.pem
log_level: debug log_level: debug
@ -12,7 +12,7 @@ jwt_secret: unsecure_secret
authentication_backend: authentication_backend:
file: file:
path: /var/lib/authelia/users.yml path: /config/users.yml
session: session:
secret: unsecure_session_secret secret: unsecure_session_secret
@ -23,7 +23,7 @@ session:
storage: storage:
local: local:
path: /var/lib/authelia/db.sqlite path: /config/db.sqlite
access_control: access_control:
default_policy: bypass default_policy: bypass

6
internal/suites/HAProxy/docker-compose.yml
View File

@ -2,6 +2,6 @@ version: '3'
services: services:
authelia-backend: authelia-backend:
volumes: volumes:
- './HAProxy/configuration.yml:/etc/authelia/configuration.yml:ro' - './HAProxy/configuration.yml:/config/configuration.yml:ro'
- './HAProxy/users.yml:/var/lib/authelia/users.yml' - './HAProxy/users.yml:/config/users.yml'
- './common/ssl:/var/lib/authelia/ssl:ro' - './common/ssl:/config/ssl:ro'

4
internal/suites/HighAvailability/configuration.yml
View File

@ -3,8 +3,8 @@
############################################################### ###############################################################
port: 9091 port: 9091
tls_cert: /var/lib/authelia/ssl/cert.pem tls_cert: /config/ssl/cert.pem
tls_key: /var/lib/authelia/ssl/key.pem tls_key: /config/ssl/key.pem
log_level: debug log_level: debug

4
internal/suites/HighAvailability/docker-compose.yml
View File

@ -2,5 +2,5 @@ version: '3'
services: services:
authelia-backend: authelia-backend:
volumes: volumes:
- './HighAvailability/configuration.yml:/etc/authelia/configuration.yml:ro' - './HighAvailability/configuration.yml:/config/configuration.yml:ro'
- './common/ssl:/var/lib/authelia/ssl:ro' - './common/ssl:/config/ssl:ro'

6
internal/suites/LDAP/configuration.yml
View File

@ -3,8 +3,8 @@
############################################################### ###############################################################
port: 9091 port: 9091
tls_cert: /var/lib/authelia/ssl/cert.pem tls_cert: /config/ssl/cert.pem
tls_key: /var/lib/authelia/ssl/key.pem tls_key: /config/ssl/key.pem
log_level: debug log_level: debug
@ -36,7 +36,7 @@ session:
storage: storage:
local: local:
path: /var/lib/authelia/db.sqlite3 path: /config/db.sqlite3
totp: totp:
issuer: example.com issuer: example.com

4
internal/suites/LDAP/docker-compose.yml
View File

@ -2,5 +2,5 @@ version: '3'
services: services:
authelia-backend: authelia-backend:
volumes: volumes:
- './LDAP/configuration.yml:/etc/authelia/configuration.yml:ro' - './LDAP/configuration.yml:/config/configuration.yml:ro'
- './common/ssl:/var/lib/authelia/ssl:ro' - './common/ssl:/config/ssl:ro'

6
internal/suites/Mariadb/configuration.yml
View File

@ -3,8 +3,8 @@
############################################################### ###############################################################
port: 9091 port: 9091
tls_cert: /var/lib/authelia/ssl/cert.pem tls_cert: /config/ssl/cert.pem
tls_key: /var/lib/authelia/ssl/key.pem tls_key: /config/ssl/key.pem
log_level: debug log_level: debug
@ -14,7 +14,7 @@ jwt_secret: very_important_secret
authentication_backend: authentication_backend:
file: file:
path: /var/lib/authelia/users.yml path: /config/users.yml
session: session:
secret: unsecure_session_secret secret: unsecure_session_secret

6
internal/suites/Mariadb/docker-compose.yml
View File

@ -2,6 +2,6 @@ version: '3'
services: services:
authelia-backend: authelia-backend:
volumes: volumes:
- './Mariadb/configuration.yml:/etc/authelia/configuration.yml:ro' - './Mariadb/configuration.yml:/config/configuration.yml:ro'
- './Mariadb/users.yml:/var/lib/authelia/users.yml' - './Mariadb/users.yml:/config/users.yml'
- './common/ssl:/var/lib/authelia/ssl:ro' - './common/ssl:/config/ssl:ro'

6
internal/suites/MySQL/configuration.yml
View File

@ -3,8 +3,8 @@
############################################################### ###############################################################
port: 9091 port: 9091
tls_cert: /var/lib/authelia/ssl/cert.pem tls_cert: /config/ssl/cert.pem
tls_key: /var/lib/authelia/ssl/key.pem tls_key: /config/ssl/key.pem
log_level: debug log_level: debug
@ -14,7 +14,7 @@ jwt_secret: very_important_secret
authentication_backend: authentication_backend:
file: file:
path: /var/lib/authelia/users.yml path: /config/users.yml
session: session:
secret: unsecure_session_secret secret: unsecure_session_secret

6
internal/suites/MySQL/docker-compose.yml
View File

@ -2,6 +2,6 @@ version: '3'
services: services:
authelia-backend: authelia-backend:
volumes: volumes:
- './MySQL/configuration.yml:/etc/authelia/configuration.yml:ro' - './MySQL/configuration.yml:/config/configuration.yml:ro'
- './MySQL/users.yml:/var/lib/authelia/users.yml' - './MySQL/users.yml:/config/users.yml'
- './common/ssl:/var/lib/authelia/ssl:ro' - './common/ssl:/config/ssl:ro'

8
internal/suites/NetworkACL/configuration.yml
View File

@ -3,8 +3,8 @@
############################################################### ###############################################################
port: 9091 port: 9091
tls_cert: /var/lib/authelia/ssl/cert.pem tls_cert: /config/ssl/cert.pem
tls_key: /var/lib/authelia/ssl/key.pem tls_key: /config/ssl/key.pem
log_level: debug log_level: debug
@ -12,7 +12,7 @@ jwt_secret: unsecure_password
authentication_backend: authentication_backend:
file: file:
path: /var/lib/authelia/users.yml path: /config/users.yml
session: session:
secret: unsecure_session_secret secret: unsecure_session_secret
@ -24,7 +24,7 @@ session:
# Configuration of the storage backend used to store data and secrets. i.e. totp data # Configuration of the storage backend used to store data and secrets. i.e. totp data
storage: storage:
local: local:
path: /var/lib/authelia/db.sqlite path: /config/db.sqlite
# Access Control # Access Control
# #

6
internal/suites/NetworkACL/docker-compose.yml
View File

@ -2,6 +2,6 @@ version: '3'
services: services:
authelia-backend: authelia-backend:
volumes: volumes:
- './NetworkACL/configuration.yml:/etc/authelia/configuration.yml:ro' - './NetworkACL/configuration.yml:/config/configuration.yml:ro'
- './NetworkACL/users.yml:/var/lib/authelia/users.yml' - './NetworkACL/users.yml:/config/users.yml'
- './common/ssl:/var/lib/authelia/ssl:ro' - './common/ssl:/config/ssl:ro'

8
internal/suites/OneFactorOnly/configuration.yml
View File

@ -3,8 +3,8 @@
############################################################### ###############################################################
port: 9091 port: 9091
tls_cert: /var/lib/authelia/ssl/cert.pem tls_cert: /config/ssl/cert.pem
tls_key: /var/lib/authelia/ssl/key.pem tls_key: /config/ssl/key.pem
log_level: debug log_level: debug
@ -14,7 +14,7 @@ jwt_secret: unsecure_secret
authentication_backend: authentication_backend:
file: file:
path: /var/lib/authelia/users.yml path: /config/users.yml
session: session:
secret: unsecure_session_secret secret: unsecure_session_secret
@ -25,7 +25,7 @@ session:
storage: storage:
local: local:
path: /var/lib/authelia/db.sqlite path: /config/db.sqlite
access_control: access_control:
default_policy: deny default_policy: deny

6
internal/suites/OneFactorOnly/docker-compose.yml
View File

@ -2,6 +2,6 @@ version: '3'
services: services:
authelia-backend: authelia-backend:
volumes: volumes:
- './OneFactorOnly/configuration.yml:/etc/authelia/configuration.yml:ro' - './OneFactorOnly/configuration.yml:/config/configuration.yml:ro'
- './OneFactorOnly/users.yml:/var/lib/authelia/users.yml' - './OneFactorOnly/users.yml:/config/users.yml'
- './common/ssl:/var/lib/authelia/ssl:ro' - './common/ssl:/config/ssl:ro'

8
internal/suites/PathPrefix/configuration.yml
View File

@ -3,8 +3,8 @@
############################################################### ###############################################################
port: 9091 port: 9091
tls_cert: /var/lib/authelia/ssl/cert.pem tls_cert: /config/ssl/cert.pem
tls_key: /var/lib/authelia/ssl/key.pem tls_key: /config/ssl/key.pem
server: server:
path: auth path: auth
@ -15,7 +15,7 @@ jwt_secret: unsecure_secret
authentication_backend: authentication_backend:
file: file:
path: /var/lib/authelia/users.yml path: /config/users.yml
session: session:
secret: unsecure_session_secret secret: unsecure_session_secret
@ -26,7 +26,7 @@ session:
storage: storage:
local: local:
path: /var/lib/authelia/db.sqlite path: /config/db.sqlite
access_control: access_control:
default_policy: bypass default_policy: bypass

6
internal/suites/PathPrefix/docker-compose.yml
View File

@ -2,6 +2,6 @@ version: '3'
services: services:
authelia-backend: authelia-backend:
volumes: volumes:
- './PathPrefix/configuration.yml:/etc/authelia/configuration.yml:ro' - './PathPrefix/configuration.yml:/config/configuration.yml:ro'
- './PathPrefix/users.yml:/var/lib/authelia/users.yml' - './PathPrefix/users.yml:/config/users.yml'
- './common/ssl:/var/lib/authelia/ssl:ro' - './common/ssl:/config/ssl:ro'

6
internal/suites/Postgres/configuration.yml
View File

@ -3,8 +3,8 @@
############################################################### ###############################################################
port: 9091 port: 9091
tls_cert: /var/lib/authelia/ssl/cert.pem tls_cert: /config/ssl/cert.pem
tls_key: /var/lib/authelia/ssl/key.pem tls_key: /config/ssl/key.pem
log_level: debug log_level: debug
@ -14,7 +14,7 @@ jwt_secret: very_important_secret
authentication_backend: authentication_backend:
file: file:
path: /var/lib/authelia/users.yml path: /config/users.yml
session: session:
secret: unsecure_session_secret secret: unsecure_session_secret

6
internal/suites/Postgres/docker-compose.yml
View File

@ -2,6 +2,6 @@ version: '3'
services: services:
authelia-backend: authelia-backend:
volumes: volumes:
- './Postgres/configuration.yml:/etc/authelia/configuration.yml:ro' - './Postgres/configuration.yml:/config/configuration.yml:ro'
- './Postgres/users.yml:/var/lib/authelia/users.yml' - './Postgres/users.yml:/config/users.yml'
- './common/ssl:/var/lib/authelia/ssl:ro' - './common/ssl:/config/ssl:ro'

8
internal/suites/ShortTimeouts/configuration.yml
View File

@ -3,8 +3,8 @@
############################################################### ###############################################################
port: 9091 port: 9091
tls_cert: /var/lib/authelia/ssl/cert.pem tls_cert: /config/ssl/cert.pem
tls_key: /var/lib/authelia/ssl/key.pem tls_key: /config/ssl/key.pem
log_level: debug log_level: debug
@ -14,7 +14,7 @@ default_redirection_url: https://home.example.com:8080/
authentication_backend: authentication_backend:
file: file:
path: /var/lib/authelia/users.yml path: /config/users.yml
session: session:
secret: unsecure_session_secret secret: unsecure_session_secret
@ -25,7 +25,7 @@ session:
storage: storage:
local: local:
path: /var/lib/authelia/db.sqlite path: /config/db.sqlite
totp: totp:
issuer: example.com issuer: example.com

6
internal/suites/ShortTimeouts/docker-compose.yml
View File

@ -2,6 +2,6 @@ version: '3'
services: services:
authelia-backend: authelia-backend:
volumes: volumes:
- './ShortTimeouts/configuration.yml:/etc/authelia/configuration.yml:ro' - './ShortTimeouts/configuration.yml:/config/configuration.yml:ro'
- './ShortTimeouts/users.yml:/var/lib/authelia/users.yml' - './ShortTimeouts/users.yml:/config/users.yml'
- './common/ssl:/var/lib/authelia/ssl:ro' - './common/ssl:/config/ssl:ro'

6
internal/suites/Standalone/configuration.yml
View File

@ -3,14 +3,14 @@
############################################################### ###############################################################
port: 9091 port: 9091
tls_cert: /var/lib/authelia/ssl/cert.pem tls_cert: /config/ssl/cert.pem
tls_key: /var/lib/authelia/ssl/key.pem tls_key: /config/ssl/key.pem
log_level: debug log_level: debug
authentication_backend: authentication_backend:
file: file:
path: /var/lib/authelia/users.yml path: /config/users.yml
session: session:
domain: example.com domain: example.com

6
internal/suites/Standalone/docker-compose.yml
View File

@ -5,8 +5,8 @@ services:
- AUTHELIA_JWT_SECRET_FILE=/tmp/authelia/StandaloneSuite/jwt - AUTHELIA_JWT_SECRET_FILE=/tmp/authelia/StandaloneSuite/jwt
- AUTHELIA_SESSION_SECRET_FILE=/tmp/authelia/StandaloneSuite/session - AUTHELIA_SESSION_SECRET_FILE=/tmp/authelia/StandaloneSuite/session
volumes: volumes:
- './Standalone/configuration.yml:/etc/authelia/configuration.yml:ro' - './Standalone/configuration.yml:/config/configuration.yml:ro'
- './Standalone/users.yml:/var/lib/authelia/users.yml' - './Standalone/users.yml:/config/users.yml'
- './common/ssl:/var/lib/authelia/ssl:ro' - './common/ssl:/config/ssl:ro'
- '/tmp:/tmp' - '/tmp:/tmp'
user: ${USER_ID}:${GROUP_ID} user: ${USER_ID}:${GROUP_ID}

8
internal/suites/Traefik/configuration.yml
View File

@ -3,8 +3,8 @@
############################################################### ###############################################################
port: 9091 port: 9091
tls_cert: /var/lib/authelia/ssl/cert.pem tls_cert: /config/ssl/cert.pem
tls_key: /var/lib/authelia/ssl/key.pem tls_key: /config/ssl/key.pem
log_level: debug log_level: debug
@ -12,7 +12,7 @@ jwt_secret: unsecure_secret
authentication_backend: authentication_backend:
file: file:
path: /var/lib/authelia/users.yml path: /config/users.yml
session: session:
secret: unsecure_session_secret secret: unsecure_session_secret
@ -23,7 +23,7 @@ session:
storage: storage:
local: local:
path: /var/lib/authelia/db.sqlite path: /config/db.sqlite
access_control: access_control:
default_policy: bypass default_policy: bypass

6
internal/suites/Traefik/docker-compose.yml
View File

@ -2,6 +2,6 @@ version: '3'
services: services:
authelia-backend: authelia-backend:
volumes: volumes:
- './Traefik/configuration.yml:/etc/authelia/configuration.yml:ro' - './Traefik/configuration.yml:/config/configuration.yml:ro'
- './Traefik/users.yml:/var/lib/authelia/users.yml' - './Traefik/users.yml:/config/users.yml'
- './common/ssl:/var/lib/authelia/ssl:ro' - './common/ssl:/config/ssl:ro'

8
internal/suites/Traefik2/configuration.yml
View File

@ -3,8 +3,8 @@
############################################################### ###############################################################
port: 9091 port: 9091
tls_cert: /var/lib/authelia/ssl/cert.pem tls_cert: /config/ssl/cert.pem
tls_key: /var/lib/authelia/ssl/key.pem tls_key: /config/ssl/key.pem
log_level: debug log_level: debug
@ -12,7 +12,7 @@ jwt_secret: unsecure_secret
authentication_backend: authentication_backend:
file: file:
path: /var/lib/authelia/users.yml path: /config/users.yml
session: session:
secret: unsecure_session_secret secret: unsecure_session_secret
@ -23,7 +23,7 @@ session:
storage: storage:
local: local:
path: /var/lib/authelia/db.sqlite path: /config/db.sqlite
access_control: access_control:
default_policy: bypass default_policy: bypass

6
internal/suites/Traefik2/docker-compose.yml
View File

@ -2,6 +2,6 @@ version: '3'
services: services:
authelia-backend: authelia-backend:
volumes: volumes:
- './Traefik2/configuration.yml:/etc/authelia/configuration.yml:ro' - './Traefik2/configuration.yml:/config/configuration.yml:ro'
- './Traefik2/users.yml:/var/lib/authelia/users.yml' - './Traefik2/users.yml:/config/users.yml'
- './common/ssl:/var/lib/authelia/ssl:ro' - './common/ssl:/config/ssl:ro'

6
internal/suites/example/compose/authelia/Dockerfile.backend
View File

@ -8,12 +8,10 @@ RUN addgroup --gid ${GROUP_ID} dev && \
adduser --uid ${USER_ID} -G dev -D dev && \ adduser --uid ${USER_ID} -G dev -D dev && \
apk --no-cache add gcc musl-dev git apk --no-cache add gcc musl-dev git
RUN mkdir -p /etc/authelia && chown dev:dev /etc/authelia RUN mkdir -p /config && chown dev:dev /config
RUN mkdir -p /var/lib/authelia && chown dev:dev /var/lib/authelia
USER dev USER dev
VOLUME /etc/authelia VOLUME /config
VOLUME /var/lib/authelia
EXPOSE 9091 EXPOSE 9091

2
internal/suites/example/compose/authelia/docker-compose.backend.dist.yml
View File

@ -12,7 +12,7 @@ services:
- 'traefik.http.routers.authelia_backend.tls=true' - 'traefik.http.routers.authelia_backend.tls=true'
- 'traefik.http.services.authelia_backend.loadbalancer.server.scheme=https' - 'traefik.http.services.authelia_backend.loadbalancer.server.scheme=https'
volumes: volumes:
- '../..:/app' - '../..:/authelia'
environment: environment:
- ENVIRONMENT=dev - ENVIRONMENT=dev
restart: always restart: always

2
internal/suites/example/compose/authelia/resources/run-backend-dev.sh
View File

@ -4,6 +4,6 @@ set -e
while true; while true;
do do
dlv --listen 0.0.0.0:2345 --headless=true --continue --accept-multiclient debug cmd/authelia/*.go -- --config /etc/authelia/configuration.yml dlv --listen 0.0.0.0:2345 --headless=true --continue --accept-multiclient debug cmd/authelia/*.go -- --config /config/configuration.yml
sleep 10 sleep 10
done done

4
internal/suites/example/kube/authelia/configs/configuration.yml
View File

@ -3,8 +3,8 @@
############################################################### ###############################################################
port: 443 port: 443
tls_cert: /var/lib/authelia/ssl/cert.pem tls_cert: /config/ssl/cert.pem
tls_key: /var/lib/authelia/ssl/key.pem tls_key: /config/ssl/key.pem
log_level: debug log_level: debug

14
internal/suites/example/kube/authelia/deployment.yml
View File

@ -23,23 +23,23 @@ spec:
- containerPort: 443 - containerPort: 443
volumeMounts: volumeMounts:
- name: config-volume - name: config-volume
mountPath: /etc/authelia mountPath: /config
- name: ssl-volume - name: ssl-volume
mountPath: /var/lib/authelia/ssl mountPath: /config/ssl
- name: secrets - name: secrets
mountPath: /usr/app/secrets mountPath: /app/secrets
readOnly: true readOnly: true
env: env:
# We set secrets directly here for ease of deployment but all secrets # We set secrets directly here for ease of deployment but all secrets
# should be stored in the Kube Vault in production. # should be stored in the Kube Vault in production.
- name: AUTHELIA_JWT_SECRET_FILE - name: AUTHELIA_JWT_SECRET_FILE
value: /usr/app/secrets/jwt_secret value: /app/secrets/jwt_secret
- name: AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD_FILE - name: AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD_FILE
value: /usr/app/secrets/ldap_password value: /app/secrets/ldap_password
- name: AUTHELIA_SESSION_SECRET_FILE - name: AUTHELIA_SESSION_SECRET_FILE
value: /usr/app/secrets/session value: /app/secrets/session
- name: AUTHELIA_STORAGE_MYSQL_PASSWORD_FILE - name: AUTHELIA_STORAGE_MYSQL_PASSWORD_FILE
value: /usr/app/secrets/sql_password value: /app/secrets/sql_password
volumes: volumes:
- name: config-volume - name: config-volume
configMap: configMap:

4
internal/suites/example/swarm/docker-compose.yml
View File

@ -5,7 +5,7 @@ services:
# Used for Docker configs # Used for Docker configs
configs: configs:
- source: authelia - source: authelia
target: /etc/authelia/configuration.yml target: /config/configuration.yml
uid: '0' uid: '0'
gid: '0' gid: '0'
mode: 0444 mode: 0444
@ -14,7 +14,7 @@ services:
# Where the authelia volume is to be mounted. To only use a single volume, the minimal config needs to be changed to read the users_database.yml also from this subdirectory. # Where the authelia volume is to be mounted. To only use a single volume, the minimal config needs to be changed to read the users_database.yml also from this subdirectory.
# Otherwise a second volume will need to be configured here to mount the users_database.yml. # Otherwise a second volume will need to be configured here to mount the users_database.yml.
volumes: volumes:
- authelia:/etc/authelia/storage - authelia:/config/storage
networks: networks:
- overlay - overlay
deploy: deploy: