RPJosh
/
authelia
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[FEATURE] Docker simplification and configuration generation (#1113) 

* [FEATURE] Docker simplification and configuration generation
The Authelia binary now will attempt to generate configuration based on the latest template assuming that the config location specified on startup does not exist. If a file based backend is selected and the backend cannot be found similarly it will generate a `user_database.yml` based a template.

This will allow more seamless bootstrapping of an environment no matter the deployment method.

We have also squashed the Docker volume requirement down to just `/config` thus removing the requirement for `/var/lib/authelia` this is primarily in attempts to simplify the Docker deployment.

Users with the old volume mappings have two options:
1. Change their mappings to conform to `/config`
2. Change the container entrypoint from `authelia --config /config/configuration.yml` to their old mapping

* Adjust paths relative to `/etc/authelia` and simplify to single volume for compose
* Add generation for file backend based user database
* Refactor Docker volumes and paths to /config
* Refactor Docker WORKDIR to /app
* Fix integration tests
* Update BREAKING.md for v4.20.0
* Run go mod tidy
* Fix log_file_path in miscellaneous.md docs
* Generate config and userdb with 0600 permissions
* Fix log_file_path in config.template.yml
pull/1117/head^2
Amir Zarrinkafsh 2020-06-17 16:25:35 +10:00 committed by GitHub
parent 53ea5a067a
commit ff7f9a50ab
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
70 changed files with 380 additions and 284 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.buildkite/hooks/pre-artifact
View File

@ -14,7 +14,7 @@ if [[ $BUILDKITE_LABEL =~ ":docker: Build Image" ]]; then
# Save binary for buildkite and github artifacts
if [[ "${ARCH}" != "coverage" ]]; then
docker create --name authelia-binary ${DOCKER_IMAGE}:latest
docker cp authelia-binary:/usr/app/authelia ./authelia-"${OS}"-"${ARCH}"
docker cp authelia-binary:/app/authelia ./authelia-"${OS}"-"${ARCH}"
docker rm -f authelia-binary
tar -czf authelia-"${OS}"-"${ARCH}".tar.gz authelia-"${OS}"-"${ARCH}" authelia.service config.template.yml
sha256sum authelia-"${OS}"-"${ARCH}".tar.gz > authelia-"${OS}"-"${ARCH}".tar.gz.sha256

14
BREAKING.md
View File

@ -6,6 +6,20 @@ recommended not to use the 'latest' Docker image tag blindly but pick a version
and read this documentation before upgrading. This is where you will get information about
breaking changes and about what you should do to overcome those changes.
## Breaking in v4.20.0
* Authelia's Docker volumes have been refactored. All data should reside within a single volume of `/config`.
All examples have been updated to reflect this change. The entrypoint for the container changed from
`authelia --config /etc/authelia/configuration.yml` to `authelia --config /config/configuration.yml`.
Users migrating to v4.20.0 have two options:
1. Change your container mappings to point to `/config` also change any associated paths in your `configuration.yml` to
represent the new `/config` mappings.
2. Change your container entry point back to `authelia --config /etc/authelia/configuration.yml`
* **Docker Compose:** `command: authelia --config /etc/authelia/configuration.yml`
* **Docker Run:** `docker run -d -v /path/on/host:/etc/authelia authelia/authelia:latest authelia --config /etc/authelia/configuration.yml`
The team recommends option 1 to unify/simplify troubleshooting for support related issues.
## Breaking in v4.18.0
* Secrets stored directly in ENV are now removed from Authelia. They have been replaced with file
secrets. If you still have not moved feel free to contact the team for assistance, otherwise the

15
Dockerfile
View File

@ -22,7 +22,7 @@ RUN apk --no-cache add gcc musl-dev
WORKDIR /go/src/app
COPY go.mod go.sum ./
COPY go.mod go.sum config.template.yml ./
COPY --from=builder-frontend /node/src/app/build public_html
RUN go mod download
@ -32,7 +32,9 @@ COPY internal internal
# Prepare static files to be embedded in Go binary
RUN go get -u aletheia.icu/broccoli && \
cd internal/server && \
cd internal/configuration && \
go generate . && \
cd ../server && \
go generate .
# Set the build version and time
@ -51,15 +53,14 @@ FROM alpine:3.12.0
RUN apk --no-cache add ca-certificates tzdata
WORKDIR /usr/app
WORKDIR /app
COPY --from=builder-backend /go/src/app/cmd/authelia/authelia ./
EXPOSE 9091
VOLUME /etc/authelia
VOLUME /var/lib/authelia
VOLUME /config
ENV PATH="/usr/app:${PATH}"
ENV PATH="/app:${PATH}"
CMD ["./authelia", "--config", "/etc/authelia/configuration.yml"]
CMD ["authelia", "--config", "/config/configuration.yml"]

15
Dockerfile.arm32v7
View File

@ -25,7 +25,7 @@ RUN apk --no-cache add curl && \
WORKDIR /go/src/app
COPY go.mod go.sum ./
COPY go.mod go.sum config.template.yml ./
COPY --from=builder-frontend /node/src/app/build public_html
RUN go mod download
@ -35,7 +35,9 @@ COPY internal internal
# Prepare static files to be embedded in Go binary
RUN go get -u aletheia.icu/broccoli && \
cd internal/server && \
cd internal/configuration && \
go generate . && \
cd ../server && \
go generate .
# Set the build version and time
@ -57,15 +59,14 @@ COPY ./qemu-arm-static /usr/bin/qemu-arm-static
RUN apk --no-cache add ca-certificates tzdata && \
rm /usr/bin/qemu-arm-static
WORKDIR /usr/app
WORKDIR /app
COPY --from=builder-backend /go/src/app/cmd/authelia/authelia ./
EXPOSE 9091
VOLUME /etc/authelia
VOLUME /var/lib/authelia
VOLUME /config
ENV PATH="/usr/app:${PATH}"
ENV PATH="/app:${PATH}"
CMD ["./authelia", "--config", "/etc/authelia/configuration.yml"]
CMD ["authelia", "--config", "/config/configuration.yml"]

15
Dockerfile.arm64v8
View File

@ -25,7 +25,7 @@ RUN apk --no-cache add curl && \
WORKDIR /go/src/app
COPY go.mod go.sum ./
COPY go.mod go.sum config.template.yml ./
COPY --from=builder-frontend /node/src/app/build public_html
RUN go mod download
@ -35,7 +35,9 @@ COPY internal internal
# Prepare static files to be embedded in Go binary
RUN go get -u aletheia.icu/broccoli && \
cd internal/server && \
cd internal/configuration && \
go generate . && \
cd ../server && \
go generate .
# Set the build version and time
@ -57,15 +59,14 @@ COPY ./qemu-aarch64-static /usr/bin/qemu-aarch64-static
RUN apk --no-cache add ca-certificates tzdata && \
rm /usr/bin/qemu-aarch64-static
WORKDIR /usr/app
WORKDIR /app
COPY --from=builder-backend /go/src/app/cmd/authelia/authelia ./
EXPOSE 9091
VOLUME /etc/authelia
VOLUME /var/lib/authelia
VOLUME /config
ENV PATH="/usr/app:${PATH}"
ENV PATH="/app:${PATH}"
CMD ["./authelia", "--config", "/etc/authelia/configuration.yml"]
CMD ["authelia", "--config", "/config/configuration.yml"]

15
Dockerfile.coverage
View File

@ -22,7 +22,7 @@ RUN apk --no-cache add gcc musl-dev
WORKDIR /go/src/app
COPY go.mod go.sum ./
COPY go.mod go.sum config.template.yml ./
COPY --from=builder-frontend /node/src/app/build public_html
RUN go mod download
@ -32,7 +32,9 @@ COPY internal internal
# Prepare static files to be embedded in Go binary
RUN go get -u aletheia.icu/broccoli && \
cd internal/server && \
cd internal/configuration && \
go generate . && \
cd ../server && \
go generate .
# Set the build version and time
@ -51,15 +53,14 @@ FROM alpine:3.12.0
RUN apk --no-cache add ca-certificates tzdata
WORKDIR /usr/app
WORKDIR /app
COPY --from=builder-backend /go/src/app/cmd/authelia/authelia ./
EXPOSE 9091
VOLUME /etc/authelia
VOLUME /var/lib/authelia
VOLUME /config
ENV PATH="/usr/app:${PATH}"
ENV PATH="/app:${PATH}"
CMD ["./authelia", "-test.coverprofile=/app/coverage.txt", "COVERAGE", "--config", "/etc/authelia/configuration.yml"]
CMD ["authelia", "-test.coverprofile=/authelia/coverage.txt", "COVERAGE", "--config", "/config/configuration.yml"]

9
cmd/authelia-scripts/cmd_build.go
View File

@ -56,6 +56,15 @@ func generateEmbeddedAssets() {
panic(err)
}
cmd = utils.CommandWithStdout("go", "generate", ".")
cmd.Dir = "internal/configuration"
err = cmd.Run()
if err != nil {
panic(err)
}
cmd = utils.CommandWithStdout("go", "generate", ".")
cmd.Dir = "internal/server"

4
compose/lite/configuration.yml → compose/lite/authelia/configuration.yml
View File

@ -19,7 +19,7 @@ totp:
authentication_backend:
file:
path: /etc/authelia/users_database.yml
path: /config/users_database.yml
access_control:
default_policy: deny
@ -53,7 +53,7 @@ regulation:
storage:
local:
path: /var/lib/authelia/db.sqlite3
path: /config/db.sqlite3
notifier:
smtp:

0
compose/lite/users_database.yml → compose/lite/authelia/users_database.yml
View File

4
compose/lite/docker-compose.yml
View File

@ -9,9 +9,7 @@ services:
image: authelia/authelia
container_name: authelia
volumes:
- ./authelia:/var/lib/authelia
- ./configuration.yml:/etc/authelia/configuration.yml:ro
- ./users_database.yml:/etc/authelia/users_database.yml
- ./authelia:/config
networks:
- net
labels:

45
compose/local/configuration.yml
View File

@ -1,45 +0,0 @@
###############################################################
# Authelia configuration #
###############################################################
host: 0.0.0.0
port: 9091
log_level: debug
jwt_secret: a_very_important_secret
default_redirection_url: https://public.example.com
totp:
issuer: authelia.com
authentication_backend:
file:
path: /etc/authelia/users_database.yml
access_control:
default_policy: deny
rules:
- domain: public.example.com
policy: bypass
- domain: traefik.example.com
policy: one_factor
- domain: secure.example.com
policy: two_factor
session:
name: authelia_session
secret: unsecure_session_secret
expiration: 3600 # 1 hour
inactivity: 300 # 5 minutes
domain: example.com # Should match whatever your root protected domain is
regulation:
max_retries: 3
find_time: 120
ban_time: 300
storage:
local:
path: /var/lib/authelia/db.sqlite3
notifier:
filesystem:
filename: /var/lib/authelia/notification.txt

4
compose/local/docker-compose.yml
View File

@ -9,9 +9,7 @@ services:
image: authelia/authelia
container_name: authelia
volumes:
- ./authelia:/var/lib/authelia
- ./configuration.yml:/etc/authelia/configuration.yml:ro
- ./users_database.yml:/etc/authelia/users_database.yml
- ./authelia:/config
networks:
- net
labels:

14
compose/local/users_database.yml
View File

@ -1,14 +0,0 @@
###############################################################
# Users Database #
###############################################################
# This file can be used if you do not have an LDAP set up.
# List of users
users:
<USERNAME>:
password: "<PASSWORD>"
email: <USERNAME>@example.com
groups:
- admins
- dev

12
config.template.yml
View File

@ -5,8 +5,8 @@
# The host and port to listen on
host: 0.0.0.0
port: 9091
# tls_key: /var/lib/authelia/ssl/key.pem
# tls_cert: /var/lib/authelia/ssl/cert.pem
# tls_key: /config/ssl/key.pem
# tls_cert: /config/ssl/cert.pem
# Configuration options specific to the internal http server
server:
@ -22,7 +22,7 @@ server:
# Level of verbosity for logs: info, debug, trace
log_level: debug
## File path where the logs will be written. If not set logs are written to stdout.
# log_file_path: /var/log/authelia
# log_file_path: /config/authelia.log
# The secret used to generate JWT tokens when validating user identity by
# email confirmation.
@ -169,7 +169,7 @@ authentication_backend:
# https://docs.authelia.com/configuration/authentication/file.html#password-hash-algorithm-tuning
#
## file:
## path: ./users_database.yml
## path: /config/users_database.yml
## password:
## algorithm: argon2id
## iterations: 1
@ -345,7 +345,7 @@ regulation:
storage:
# The directory where the DB files will be saved
## local:
## path: /var/lib/authelia/db.sqlite3
## path: /config/db.sqlite3
# Settings to connect to MySQL server
mysql:
@ -377,7 +377,7 @@ notifier:
# For testing purpose, notifications can be sent in a file
## filesystem:
## filename: /tmp/authelia/notification.txt
## filename: /config/notification.txt
# Use a SMTP server for sending notifications. Authelia uses PLAIN or LOGIN method to authenticate.
# [Security] By default Authelia will:

2
docs/configuration/authentication/file.md
View File

@ -33,7 +33,7 @@ authentication_backend:
# https://docs.authelia.com/configuration/authentication/file.html#password-hash-algorithm-tuning
file:
path: /var/lib/authelia/users.yml
path: /config/users.yml
password:
algorithm: argon2id
iterations: 1

6
docs/configuration/miscellaneous.md
View File

@ -28,8 +28,8 @@ Authelia can use TLS. Provide the certificate and the key with the
following configuration options:
```yaml
tls_key: /var/lib/authelia/ssl/key.pem
tls_cert: /var/lib/authelia/ssl/cert.pem
tls_key: /config/ssl/key.pem
tls_cert: /config/ssl/cert.pem
```
## Log
@ -55,7 +55,7 @@ Logs can be stored in a file when file path is provided. Otherwise logs
are written to standard output.
```yaml
log_file_path: /var/log/authelia.log
log_file_path: /config/authelia.log
```

2
docs/configuration/notifier/filesystem.md
View File

@ -23,5 +23,5 @@ notifier:
# For testing purpose, notifications can be sent in a file.
filesystem:
filename: /tmp/authelia/notification.txt
filename: /config/notification.txt
```

2
docs/configuration/notifier/smtp.md
View File

@ -23,7 +23,7 @@ notifier:
# For testing purpose, notifications can be sent in a file.
## filesystem:
## filename: /tmp/authelia/notification.txt
## filename: /config/notification.txt
# Use a SMTP server for sending notifications. Authelia uses PLAIN or LOGIN method to authenticate.
# [Security] By default Authelia will:

39
docs/configuration/secrets.md
View File

@ -107,8 +107,7 @@ services:
- smtp
- ldap
volumes:
- /path/to/authelia:/var/lib/authelia
- /path/to/authelia/configuration.yml:/etc/authelia/configuration.yml:ro
- /path/to/authelia:/config
networks:
- net
expose:
@ -129,7 +128,7 @@ services:
This example assumes secrets are stored in `/path/to/authelia/secrets/{secretname}`
on the host and are exposed with bind mounted secret files in a `docker-compose.yml` file
at `/etc/authelia/secrets/`:
at `/config/secrets/`:
```yaml
version: '3.8'
@ -143,22 +142,20 @@ services:
image: authelia/authelia
container_name: authelia
volumes:
- /path/to/authelia:/var/lib/authelia
- /path/to/authelia/configuration.yml:/etc/authelia/configuration.yml:ro
- /path/to/authelia/secrets:/etc/authelia/secrets
- /path/to/authelia:/config
networks:
- net
expose:
- 9091
restart: unless-stopped
environment:
- AUTHELIA_JWT_SECRET_FILE=/etc/authelia/secrets/jwt
- AUTHELIA_DUO_API_SECRET_KEY_FILE=/etc/authelia/secrets/duo
- AUTHELIA_SESSION_SECRET_FILE=/etc/authelia/secrets/session
- AUTHELIA_SESSION_REDIS_PASSWORD_FILE=/etc/authelia/secrets/redis
- AUTHELIA_STORAGE_MYSQL_PASSWORD_FILE=/etc/authelia/secrets/mysql
- AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE=/etc/authelia/secrets/smtp
- AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD_FILE=/etc/authelia/secrets/ldap
- AUTHELIA_JWT_SECRET_FILE=/config/secrets/jwt
- AUTHELIA_DUO_API_SECRET_KEY_FILE=/config/secrets/duo
- AUTHELIA_SESSION_SECRET_FILE=/config/secrets/session
- AUTHELIA_SESSION_REDIS_PASSWORD_FILE=/config/secrets/redis
- AUTHELIA_STORAGE_MYSQL_PASSWORD_FILE=/config/secrets/mysql
- AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE=/config/secrets/smtp
- AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD_FILE=/config/secrets/ldap
- TZ=Australia/Melbourne
```
@ -233,17 +230,17 @@ spec:
imagePullPolicy: IfNotPresent
env:
- name: AUTHELIA_JWT_SECRET_FILE
value: /usr/app/secrets/jwt
value: /app/secrets/jwt
- name: AUTHELIA_DUO_API_SECRET_KEY_FILE
value: /usr/app/secrets/duo
value: /app/secrets/duo
- name: AUTHELIA_SESSION_SECRET_FILE
value: /usr/app/secrets/session
value: /app/secrets/session
- name: AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD_FILE
value: /usr/app/secrets/ldap_password
value: /app/secrets/ldap_password
- name: AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE
value: /usr/app/secrets/smtp_password
value: /app/secrets/smtp_password
- name: AUTHELIA_STORAGE_POSTGRES_PASSWORD_FILE
value: /usr/app/secrets/sql_password
value: /app/secrets/sql_password
ports:
- name: http
containerPort: 80
@ -272,9 +269,9 @@ spec:
periodSeconds: 5
failureThreshold: 5
volumeMounts:
- mountPath: /etc/authelia
- mountPath: /config
name: config-volume
- mountPath: /usr/app/secrets
- mountPath: /app/secrets
name: secrets
readOnly: true
- mountPath: /etc/localtime

2
docs/configuration/storage/sqlite.md
View File

@ -19,5 +19,5 @@ Just give the path to the sqlite database. It will be created if the file does n
```yaml
storage:
local:
path: /var/lib/authelia/db.sqlite3
path: /config/db.sqlite3
```

2
docs/deployment/deployment-ha.md
View File

@ -44,7 +44,7 @@ pay attention to the permissions of the configuration file. See
### Deploy With Docker
$ docker run -v /path/to/your/configuration.yml:/etc/authelia/configuration.yml -e TZ=Europe/Paris authelia/authelia
$ docker run -v /path/to/your/configuration.yml:/config/configuration.yml -e TZ=Europe/Paris authelia/authelia
## FAQ

3
docs/deployment/supported-proxies/traefik1.x.md
View File

@ -63,8 +63,7 @@ services:
image: authelia/authelia
container_name: authelia
volumes:
- /path/to/authelia:/var/lib/authelia
- /path/to/authelia/config.yml:/etc/authelia/configuration.yml:ro
- /path/to/authelia:/config
networks:
- net
labels:

3
docs/deployment/supported-proxies/traefik2.x.md
View File

@ -66,8 +66,7 @@ services:
image: authelia/authelia
container_name: authelia
volumes:
- /path/to/authelia:/var/lib/authelia
- /path/to/authelia/config.yml:/etc/authelia/configuration.yml:ro
- /path/to/authelia:/config
networks:
- net
labels:

29
go.sum
View File

@ -25,6 +25,7 @@ github.com/DataDog/sketches-go v0.0.0-20190923095040-43f19ad77ff7 h1:qELHH0AWCvf
github.com/DataDog/sketches-go v0.0.0-20190923095040-43f19ad77ff7/go.mod h1:Q5DbzQ+3AkgGwymQO7aZFNP7ns2lZKGtvRBzRXfdi60=
github.com/Gurpartap/logrus-stack v0.0.0-20170710170904-89c00d8a28f4 h1:vdT7QwBhJJEVNFMBNhRSFDRCB6O16T28VhvqRgqFyn8=
github.com/Gurpartap/logrus-stack v0.0.0-20170710170904-89c00d8a28f4/go.mod h1:SvXOG8ElV28oAiG9zv91SDe5+9PfIr7PPccpr8YyXNs=
github.com/OneOfOne/xxhash v1.2.2 h1:KMrpdQIwFcEqXDklaen+P1axHaj9BSKzvpUUfnHldSE=
github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
github.com/Workiva/go-datastructures v1.0.52 h1:PLSK6pwn8mYdaoaCZEMsXBpBotr4HHn9abU0yMQt0NI=
github.com/Workiva/go-datastructures v1.0.52/go.mod h1:Z+F2Rca0qCsVYDS8z7bAGm8f3UkzuWYS/oBZz5a7VVA=
@ -54,6 +55,7 @@ github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc h1:biVzkmvwrH8
github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
github.com/bradfitz/gomemcache v0.0.0-20190913173617-a41fca850d0b/go.mod h1:H0wQNHz2YrLsuXOZozoeDmnHXkNCRmMW0gwFWDfEZDA=
github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko=
github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
@ -72,6 +74,7 @@ github.com/deckarep/golang-set v1.7.1 h1:SCQV0S6gTtp6itiFrTqI+pfmJ4LN85S1YzhDf9r
github.com/deckarep/golang-set v1.7.1/go.mod h1:93vsz/8Wt4joVM7c2AVqh+YRMiUSc14yDtF28KmMOgQ=
github.com/dgrijalva/jwt-go v3.2.0+incompatible h1:7qlOGliEKZXTDg6OTjfoBKDXWrumCAMpl/TFQ4/5kLM=
github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
github.com/dgryski/go-rendezvous v0.0.0-20180401054734-3692eb46c031 h1:GqrUYGzmGuc00lpc+K0wwrqshfkKLwgYFJiCyOZFMVE=
github.com/dgryski/go-rendezvous v0.0.0-20180401054734-3692eb46c031/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc=
github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no=
github.com/duosecurity/duo_api_golang v0.0.0-20190308151101-6c680f768e74 h1:2MIhn2R6oXQbgW5yHfS+d6YqyMfXiu2L55rFZC4UD/M=
@ -82,36 +85,23 @@ github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1m
github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
github.com/facebookgo/stack v0.0.0-20160209184415-751773369052 h1:JWuenKqqX8nojtoVVWjGfOF9635RETekkoH6Cc9SX0A=
github.com/facebookgo/stack v0.0.0-20160209184415-751773369052/go.mod h1:UbMTZqLaRiH3MsBH8va0n7s1pQYcu3uTb8G4tygF4Zg=
github.com/fasthttp/router v1.1.6 h1:lBcXxp1ZNoNbSeh4+RvAaXKSEiHU6sGd+gEMpd5Xjog=
github.com/fasthttp/router v1.1.6/go.mod h1:E1mpv7mrQzAhiSQdqhRb+GBTC7MEV+bLFVmgzSA5oFM=
github.com/fasthttp/router v1.1.7 h1:1Wt3iK7yILMNUlgWg3kfqNW8cQhvMIgkqKUhh370wR4=
github.com/fasthttp/router v1.1.7/go.mod h1:GllqmaKtAsIvYwz5Nbu0qcbQQXBSVaeXw2KY3SmlbYM=
github.com/fasthttp/router v1.2.1 h1:8xVgc9j39HkI4KQcxcN3Kmo0K/1/GnGGbBeqjegtCJk=
github.com/fasthttp/router v1.2.1/go.mod h1:7KEYuV4ieG9kNJqqxnH0pwIdO69cJCVhVqZx3CpOURw=
github.com/fasthttp/router v1.2.2 h1:znEzZbSKjKDzXwUHiq/HQ17brnKx9ZF6ZphYKGrfkVk=
github.com/fasthttp/router v1.2.2/go.mod h1:7KEYuV4ieG9kNJqqxnH0pwIdO69cJCVhVqZx3CpOURw=
github.com/fasthttp/session/v2 v2.1.0 h1:X84Wx3S5hO2AM5B030yhus6+J3ROWY/wA76rye3K00s=
github.com/fasthttp/session/v2 v2.1.0/go.mod h1:VEaGPgnkB9J+/fy0nKqSU6VGS7hjVy1H7/zI+LCOgbo=
github.com/fasthttp/session/v2 v2.1.1 h1:Cw+BZkfgfQ/IXYTYNtYXxj5Qg5WbArCrRQnfIok9OuM=
github.com/fasthttp/session/v2 v2.1.1/go.mod h1:JBwLzecuSht7fkNJXvB5mvRoi2BhSiTZZ1+vKoWyjAE=
github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
github.com/fsnotify/fsnotify v1.4.7 h1:IXs+QLmnXW2CcXuY+8Mzv/fWEsPGWxqefPtCP5CnV9I=
github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
github.com/go-asn1-ber/asn1-ber v1.3.1 h1:gvPdv/Hr++TRFCl0UbPFHC54P9N9jgsRPnmnr419Uck=
github.com/go-asn1-ber/asn1-ber v1.3.1/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0=
github.com/go-asn1-ber/asn1-ber v1.5.0 h1:/S4hO/AO6tLMlPX0oftGSOcdGJJN/MuYzfgWRMn199E=
github.com/go-asn1-ber/asn1-ber v1.5.0/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0=
github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
github.com/go-ldap/ldap/v3 v3.1.10 h1:7WsKqasmPThNvdl0Q5GPpbTDD/ZD98CfuawrMIuh7qQ=
github.com/go-ldap/ldap/v3 v3.1.10/go.mod h1:5Zun81jBTabRaI8lzN7E1JjyEl1g6zI6u9pd8luAK4Q=
github.com/go-ldap/ldap/v3 v3.1.11 h1:EojIR9zHvfQS8LEz+EjvnPSvsfPYS3UioBezeOOskIA=
github.com/go-ldap/ldap/v3 v3.1.11/go.mod h1:dtLsnBXnSLIsMRbCBuRpHflCGaYzZ5jn+x1q7XqMTKU=
github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
github.com/go-redis/redis/v8 v8.0.0-beta.2 h1:9S28J9QMBotgI3tGgXbX1Wk9i8QYC3Orw4bTLoPrQeI=
github.com/go-redis/redis/v8 v8.0.0-beta.2/go.mod h1:o1M7JtsgfDYyv3o+gBn/jJ1LkqpnCrmil7PSppZGBak=
github.com/go-redis/redis/v8 v8.0.0-beta.4 h1:oIZMgBk2CHvLd1/rfn8sybGNwzTTmKEvRoXGz6ZiWnI=
github.com/go-redis/redis/v8 v8.0.0-beta.4/go.mod h1:NlNCdZHGMxsMUjOkA1Xab/1SsVzAwI7WPBXbh1O7vHM=
github.com/go-sql-driver/mysql v1.5.0 h1:ozyZYNQW3x3HtqT1jira07DN2PArx2v7/mN66gGcHOs=
github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
@ -226,8 +216,6 @@ github.com/kr/pty v1.1.1 h1:VkoXIwSboBpnk99O/KFauAEILuNHv5DVFKZMBN/gUgw=
github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
github.com/lib/pq v1.5.2 h1:yTSXVswvWUOQ3k1sd7vJfDrbSl8lKuscqFJRqjC0ifw=
github.com/lib/pq v1.5.2/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
github.com/lib/pq v1.6.0 h1:I5DPxhYJChW9KYc66se+oKFFQX6VuQrKiprsX6ivRZc=
github.com/lib/pq v1.6.0/go.mod h1:4vXEAYvW1fRQ2/FhZ78H73A60MHw1geSm145z2mdY1g=
github.com/lib/pq v1.7.0 h1:h93mCPfUSkaul3Ka/VG8uZdmW1uMHDGxzu0NWHuJmHY=
@ -304,12 +292,8 @@ github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6So
github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
github.com/savsgio/dictpool v0.0.0-20200414074025-215dfcb77c2c h1:EVgT3hCwdDn/HmAmzRLEAoK2qHhcO8AD22AvPAE1/mk=
github.com/savsgio/dictpool v0.0.0-20200414074025-215dfcb77c2c/go.mod h1:InhUgunRRHK3vhg8YZHIRnxyoQGvGxwOE1p55leevWU=
github.com/savsgio/dictpool v0.0.0-20200608150529-6a3c1a8f6ab2 h1:V+VG/pzeMdwBlS21mJmNkBnQQmZWyuBgYRoz0SVxaVk=
github.com/savsgio/dictpool v0.0.0-20200608150529-6a3c1a8f6ab2/go.mod h1:LTEdLD+Y+KR4yx9eRMIgciXZo4Od0doGWP/hjgfOlE0=
github.com/savsgio/gotils v0.0.0-20200413113635-8c468ce75cca h1:Qe7Mtuhjkk38HVpRtvWdziZJcwG3Qup1mfyvyOrcnyM=
github.com/savsgio/gotils v0.0.0-20200413113635-8c468ce75cca/go.mod h1:TWNAOTaVzGOXq8RbEvHnhzA/A2sLZzgn0m6URjnukY8=
github.com/savsgio/gotils v0.0.0-20200608150037-a5f6f5aef16c h1:2nF5+FZ4/qp7pZVL7fR6DEaSTzuDmNaFTyqp92/hwF8=
github.com/savsgio/gotils v0.0.0-20200608150037-a5f6f5aef16c/go.mod h1:TWNAOTaVzGOXq8RbEvHnhzA/A2sLZzgn0m6URjnukY8=
github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc=
@ -324,6 +308,7 @@ github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1
github.com/smartystreets/goconvey v1.6.4 h1:fv0U8FUIMPNf1L9lnHLvLhgicrIVChEkdzIKYqbNC9s=
github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM=
github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72 h1:qLC7fQah7D6K1B0ujays3HV9gkFtllcxhzImRR7ArPQ=
github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
github.com/spf13/afero v1.1.2 h1:m8/z1t7/fwjysjQRYbP0RD+bUIF/8tJwPdEZsI83ACI=
github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ=
@ -345,8 +330,6 @@ github.com/stretchr/testify v1.2.0/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXf
github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
github.com/stretchr/testify v1.6.0 h1:jlIyCplCJFULU/01vCkhKuTyc3OorI3bJFuw6obfgho=
github.com/stretchr/testify v1.6.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd0=
github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/subosito/gotenv v1.2.0 h1:Slr1R9HxAlEKefgq5jn9U+DnETlIUa6HfgEzj0g5d7s=
@ -361,8 +344,6 @@ github.com/tstranex/u2f v1.0.0/go.mod h1:eahSLaqAS0zsIEv80+vXT7WanXs7MQQDg3j3wGB
github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc=
github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw=
github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc=
github.com/valyala/fasthttp v1.13.1 h1:Z7kVhKP9NZz+tCSY7AVhCMPPAk7b+e5fq0l/BfdTlFc=
github.com/valyala/fasthttp v1.13.1/go.mod h1:ol1PCaL0dX20wC0htZ7sYCsvCYmrouYra0zHzaclZhE=
github.com/valyala/fasthttp v1.14.0 h1:67bfuW9azCMwW/Jlq/C+VeihNpAuJMWkYPBig1gdi3A=
github.com/valyala/fasthttp v1.14.0/go.mod h1:ol1PCaL0dX20wC0htZ7sYCsvCYmrouYra0zHzaclZhE=
github.com/valyala/tcplisten v0.0.0-20161114210144-ceec8f93295a/go.mod h1:v3UYOV9WzVtRmSR+PDvWpU/qWl4Wa5LApYYX4ZtKbio=

5
internal/authentication/configuration.gen.go 100644
View File

@ -0,0 +1,5 @@
package authentication
import "aletheia.icu/broccoli/fs"
var cfg = fs.New(false, []byte("\x8b\xa1\x80\r\xff\x83\x02\x01\x02\xff\x84\x00\x01\xff\x82\x00\x00=\xff\x81\x03\x01\x02\xff\x82\x00\x01\x05\x01\x04Data\x01\n\x00\x01\x05Fpath\x01\f\x00\x01\x05Fname\x01\f\x00\x01\x05Fsize\x01\x04\x00\x01\x05Ftime\x01\x04\x00\x00\x00\xff\xf6\xff\x84\x00\x01\x01\xff\xaa\x1b\xe6\x00`\x1c\x87\xb1\xf3\xa4II\xda\xd3]\xbci`\x9e\xa9θ\x13\x91\xe6\x06\xb8A\xc2Z\x14F\x8fNn~P\xeb\xe7nAy@\x10C 7\xecwSb\xed\x15\xee>\x0f\xa3\xbe\x8b\xfc,\xb6\xa3\x98\xfe\xe7\x00Bj²\x90b\x0f\x19\xc4=\x92\x8b\xc2j\xb7\xden\x98Nd\xaa\x1d\xa2?J\xc9\xd3ŗ\xb9\x9cM+\u07bf\xfe\xcf{c\x85H9\xaf\xec97\xa6\xe4o\xeaƘ\xdfO\xf1\xf3\xdd\\\xd2Iٮ\u074b\xaa4i#\x17\xc5w=\x19\xd9\n\x02\xbf3o\xdc\x028\rp:\xf7\x011\x8fY\x88g\x87\x9c\b}\xf8\xa1\xc8mݞ?\x00\x01\x1busers_database.template.yml\x01\x1busers_database.template.yml\x01\xfe\x01\xce\x01\xfc\xbd\xcb\xdc\xf6\x00\x03"))

51
internal/authentication/file_user_provider.go
View File

@ -3,6 +3,7 @@ package authentication
import (
"fmt"
"io/ioutil"
"os"
"strings"
"sync"
@ -11,6 +12,7 @@ import (
"gopkg.in/yaml.v2"
"github.com/authelia/authelia/internal/configuration/schema"
"github.com/authelia/authelia/internal/logging"
"github.com/authelia/authelia/internal/utils"
)
@ -38,6 +40,15 @@ type DatabaseModel struct {
// NewFileUserProvider creates a new instance of FileUserProvider.
func NewFileUserProvider(configuration *schema.FileAuthenticationBackendConfiguration) *FileUserProvider {
errs := checkDatabase(configuration.Path)
if errs != nil {
for _, err := range errs {
logging.Logger().Error(err)
}
os.Exit(1)
}
database, err := readDatabase(configuration.Path)
if err != nil {
// Panic since the file does not exist when Authelia is starting.
@ -86,6 +97,46 @@ func checkPasswordHashes(database *DatabaseModel) error {
return nil
}
func checkDatabase(path string) []error {
_, err := os.Stat(path)
if err != nil {
errs := []error{
fmt.Errorf("Unable to find database file: %v", path),
fmt.Errorf("Generating database file: %v", path),
}
err := generateDatabaseFromTemplate(path)
if err != nil {
errs = append(errs, err)
} else {
errs = append(errs, fmt.Errorf("Generated database at: %v", path))
}
return errs
}
return nil
}
func generateDatabaseFromTemplate(path string) error {
f, err := cfg.Open("users_database.template.yml")
if err != nil {
return fmt.Errorf("Unable to open users_database.template.yml: %v", err)
}
b, err := ioutil.ReadAll(f)
if err != nil {
return fmt.Errorf("Unable to read users_database.template.yml: %v", err)
}
err = ioutil.WriteFile(path, b, 0600)
if err != nil {
return fmt.Errorf("Unable to generate %v: %v", path, err)
}
return nil
}
func readDatabase(path string) (*DatabaseModel, error) {
content, err := ioutil.ReadFile(path)
if err != nil {

37
internal/authentication/file_user_provider_test.go
View File

@ -7,7 +7,9 @@ import (
"strings"
"testing"
"aletheia.icu/broccoli/fs"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"github.com/authelia/authelia/internal/configuration/schema"
)
@ -32,6 +34,41 @@ func WithDatabase(content []byte, f func(path string)) {
}
}
func TestShouldErrorNoUserDBInEmbeddedFS(t *testing.T) {
oldCfg := cfg
cfg = fs.New(false, []byte("\x1b~\x00\x80\x8d\x94n\xc2|\x84J\xf7\xbfn\xfd\xf7w;.\x8d m\xb2&\xd1Z\xec\xb2\x05\xb9\xc00\x8a\xf7(\x80^78\t(\f\f\xc3p\xc2\xc1\x06[a\xa2\xb3\xa4P\xe5\xa14\xfb\x19\xb2cp\xf6\x90-Z\xb2\x11\xe0l\xa1\x80\\\x95Vh\t\xc5\x06\x16\xfa\x8c\xc0\"!\xa5\xcf\xf7$\x9a\xb2\a`\xc6\x18\xc8~\xce8\r\x16Z\x9d\xc3\xe3\xff\x00"))
errors := checkDatabase("./nonexistent.yml")
cfg = oldCfg
require.Len(t, errors, 3)
require.EqualError(t, errors[0], "Unable to find database file: ./nonexistent.yml")
require.EqualError(t, errors[1], "Generating database file: ./nonexistent.yml")
require.EqualError(t, errors[2], "Unable to open users_database.template.yml: file does not exist")
}
func TestShouldErrorPermissionsOnLocalFS(t *testing.T) {
_ = os.Mkdir("/tmp/noperms/", 0000)
errors := checkDatabase("/tmp/noperms/users_database.yml")
require.Len(t, errors, 3)
require.EqualError(t, errors[0], "Unable to find database file: /tmp/noperms/users_database.yml")
require.EqualError(t, errors[1], "Generating database file: /tmp/noperms/users_database.yml")
require.EqualError(t, errors[2], "Unable to generate /tmp/noperms/users_database.yml: open /tmp/noperms/users_database.yml: permission denied")
}
func TestShouldErrorAndGenerateUserDB(t *testing.T) {
errors := checkDatabase("./nonexistent.yml")
_ = os.Remove("./nonexistent.yml")
require.Len(t, errors, 3)
require.EqualError(t, errors[0], "Unable to find database file: ./nonexistent.yml")
require.EqualError(t, errors[1], "Generating database file: ./nonexistent.yml")
require.EqualError(t, errors[2], "Generated database at: ./nonexistent.yml")
}
func TestShouldCheckUserArgon2idPasswordIsCorrect(t *testing.T) {
WithDatabase(UserDatabaseContent, func(path string) {
config := DefaultFileAuthenticationBackendConfiguration

5
internal/configuration/configuration.gen.go 100644
View File

@ -0,0 +1,5 @@
package configuration
import "aletheia.icu/broccoli/fs"
var cfg = fs.New(false, []byte("\x1b~\x00\x80\x8d\x94n\xc2|\x84J\xf7\xbfn\xfd\xf7w;.\x8d m\xb2&\xd1Z\xec\xb2\x05\xb9\xc00\x8a\xf7(\x80^78\t(\f\f\xc3p\xc2\xc1\x06[a\xa2\xb3\xa4P\xe5\xa14\xfb\x19\xb2cp\xf6\x90-Z\xb2\x11\xe0l\xa1\x80\\\x95Vh\t\xc5\x06\x16\xfa\x8c\xc0\"!\xa5\xcf\xf7$\x9a\xb2\a`\xc6\x18\xc8~\xce8\r\x16Z\x9d\xc3\xe3\xff\x00"))

34
internal/configuration/reader.go
View File

@ -15,6 +15,7 @@ import (
)
// Read a YAML configuration and create a Configuration object out of it.
//go:generate broccoli -src ../../config.template.yml -var=cfg -o configuration
func Read(configPath string) (*schema.Configuration, []error) {
if configPath == "" {
return nil, []error{errors.New("No config file path provided")}
@ -22,7 +23,19 @@ func Read(configPath string) (*schema.Configuration, []error) {
_, err := os.Stat(configPath)
if err != nil {
return nil, []error{fmt.Errorf("Unable to find config file: %v", configPath)}
errs := []error{
fmt.Errorf("Unable to find config file: %v", configPath),
fmt.Errorf("Generating config file: %v", configPath),
}
err = generateConfigFromTemplate(configPath)
if err != nil {
errs = append(errs, err)
} else {
errs = append(errs, fmt.Errorf("Generated configuration at: %v", configPath))
}
return nil, errs
}
file, err := ioutil.ReadFile(configPath)
@ -67,3 +80,22 @@ func Read(configPath string) (*schema.Configuration, []error) {
return &configuration, nil
}
func generateConfigFromTemplate(configPath string) error {
f, err := cfg.Open("config.template.yml")
if err != nil {
return fmt.Errorf("Unable to open config.template.yml: %v", err)
}
b, err := ioutil.ReadAll(f)
if err != nil {
return fmt.Errorf("Unable to read config.template.yml: %v", err)
}
err = ioutil.WriteFile(configPath, b, 0600)
if err != nil {
return fmt.Errorf("Unable to generate %v: %v", configPath, err)
}
return nil
}

32
internal/configuration/reader_test.go
View File

@ -7,6 +7,7 @@ import (
"sort"
"testing"
"aletheia.icu/broccoli/fs"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
@ -65,12 +66,39 @@ func TestShouldErrorNoConfigPath(t *testing.T) {
require.EqualError(t, errors[0], "No config file path provided")
}
func TestShouldErrorNoConfigFile(t *testing.T) {
func TestShouldErrorNoConfigFileInEmbeddedFS(t *testing.T) {
oldCfg := cfg
cfg = fs.New(false, []byte("\x1b~\x00\x80\x8d\x94n\xc2|\x84J\xf7\xbfn\xfd\xf7w;.\x8d m\xb2&\xd1Z\xec\xb2\x05\xb9\xc00\x8a\xf7(\x80^78\t(\f\f\xc3p\xc2\xc1\x06[a\xa2\xb3\xa4P\xe5\xa14\xfb\x19\xb2cp\xf6\x90-Z\xb2\x11\xe0l\xa1\x80\\\x95Vh\t\xc5\x06\x16\xfa\x8c\xc0\"!\xa5\xcf\xf7$\x9a\xb2\a`\xc6\x18\xc8~\xce8\r\x16Z\x9d\xc3\xe3\xff\x00"))
_, errors := Read("./nonexistent.yml")
cfg = oldCfg
require.Len(t, errors, 1)
require.Len(t, errors, 3)
require.EqualError(t, errors[0], "Unable to find config file: ./nonexistent.yml")
require.EqualError(t, errors[1], "Generating config file: ./nonexistent.yml")
require.EqualError(t, errors[2], "Unable to open config.template.yml: file does not exist")
}
func TestShouldErrorPermissionsOnLocalFS(t *testing.T) {
_ = os.Mkdir("/tmp/noperms/", 0000)
_, errors := Read("/tmp/noperms/configuration.yml")
require.Len(t, errors, 3)
require.EqualError(t, errors[0], "Unable to find config file: /tmp/noperms/configuration.yml")
require.EqualError(t, errors[1], "Generating config file: /tmp/noperms/configuration.yml")
require.EqualError(t, errors[2], "Unable to generate /tmp/noperms/configuration.yml: open /tmp/noperms/configuration.yml: permission denied")
}
func TestShouldErrorAndGenerateConfigFile(t *testing.T) {
_, errors := Read("./nonexistent.yml")
_ = os.Remove("./nonexistent.yml")
require.Len(t, errors, 3)
require.EqualError(t, errors[0], "Unable to find config file: ./nonexistent.yml")
require.EqualError(t, errors[1], "Generating config file: ./nonexistent.yml")
require.EqualError(t, errors[2], "Generated configuration at: ./nonexistent.yml")
}
func TestShouldErrorPermissionsConfigFile(t *testing.T) {

2
internal/configuration/test_resources/config_bad_keys.yml
View File

@ -4,7 +4,7 @@
host: 127.0.0.1
port: 9091
loggy_file: /etc/authelia/svc.log
loggy_file: /config/svc.log
logs_level: debug
default_redirection_url: https://home.example.com:8080/

2
internal/configuration/test_resources/config_bad_quoting.yml
View File

@ -13,7 +13,7 @@ totp:
authentication_backend:
file:
path: /etc/authelia/users_database.yml
path: /config/users_database.yml
access_control:
default_policy: deny

8
internal/suites/BypassAll/configuration.yml
View File

@ -3,8 +3,8 @@
###############################################################
port: 9091
tls_cert: /var/lib/authelia/ssl/cert.pem
tls_key: /var/lib/authelia/ssl/key.pem
tls_cert: /config/ssl/cert.pem
tls_key: /config/ssl/key.pem
log_level: debug
@ -12,7 +12,7 @@ jwt_secret: unsecure_secret
authentication_backend:
file:
path: /var/lib/authelia/users.yml
path: /config/users.yml
session:
secret: unsecure_session_secret
@ -23,7 +23,7 @@ session:
storage:
local:
path: /var/lib/authelia/db.sqlite
path: /config/db.sqlite
# The Duo Push Notification API configuration
duo_api:

6
internal/suites/BypassAll/docker-compose.yml
View File

@ -2,6 +2,6 @@ version: '3'
services:
authelia-backend:
volumes:
- './BypassAll/configuration.yml:/etc/authelia/configuration.yml:ro'
- './BypassAll/users.yml:/var/lib/authelia/users.yml'
- './common/ssl:/var/lib/authelia/ssl:ro'
- './BypassAll/configuration.yml:/config/configuration.yml:ro'
- './BypassAll/users.yml:/config/users.yml'
- './common/ssl:/config/ssl:ro'

8
internal/suites/Docker/configuration.yml
View File

@ -3,8 +3,8 @@
###############################################################
port: 9091
tls_cert: /var/lib/authelia/ssl/cert.pem
tls_key: /var/lib/authelia/ssl/key.pem
tls_cert: /config/ssl/cert.pem
tls_key: /config/ssl/key.pem
log_level: debug
@ -14,7 +14,7 @@ jwt_secret: very_important_secret
authentication_backend:
file:
path: /var/lib/authelia/users.yml
path: /config/users.yml
session:
secret: unsecure_session_secret
@ -25,7 +25,7 @@ session:
storage:
local:
path: /var/lib/authelia/db.sqlite3
path: /config/db.sqlite3
totp:
issuer: example.com

6
internal/suites/Docker/docker-compose.yml
View File

@ -2,6 +2,6 @@ version: '3'
services:
authelia-backend:
volumes:
- './Docker/configuration.yml:/etc/authelia/configuration.yml:ro'
- './Docker/users.yml:/var/lib/authelia/users.yml'
- './common/ssl:/var/lib/authelia/ssl:ro'
- './Docker/configuration.yml:/config/configuration.yml:ro'
- './Docker/users.yml:/config/users.yml'
- './common/ssl:/config/ssl:ro'

8
internal/suites/DuoPush/configuration.yml
View File

@ -3,8 +3,8 @@
###############################################################
port: 9091
tls_cert: /var/lib/authelia/ssl/cert.pem
tls_key: /var/lib/authelia/ssl/key.pem
tls_cert: /config/ssl/cert.pem
tls_key: /config/ssl/key.pem
log_level: trace
@ -14,7 +14,7 @@ jwt_secret: very_important_secret
authentication_backend:
file:
path: /var/lib/authelia/users.yml
path: /config/users.yml
session:
secret: unsecure_session_secret
@ -26,7 +26,7 @@ session:
# Configuration of the storage backend used to store data and secrets. i.e. totp data
storage:
local:
path: /var/lib/authelia/db.sqlite
path: /config/db.sqlite
# TOTP Issuer Name
#

6
internal/suites/DuoPush/docker-compose.yml
View File

@ -2,6 +2,6 @@ version: '3'
services:
authelia-backend:
volumes:
- './DuoPush/configuration.yml:/etc/authelia/configuration.yml:ro'
- './DuoPush/users.yml:/var/lib/authelia/users.yml'
- './common/ssl:/var/lib/authelia/ssl:ro'
- './DuoPush/configuration.yml:/config/configuration.yml:ro'
- './DuoPush/users.yml:/config/users.yml'
- './common/ssl:/config/ssl:ro'

8
internal/suites/HAProxy/configuration.yml
View File

@ -3,8 +3,8 @@
###############################################################
port: 9091
tls_cert: /var/lib/authelia/ssl/cert.pem
tls_key: /var/lib/authelia/ssl/key.pem
tls_cert: /config/ssl/cert.pem
tls_key: /config/ssl/key.pem
log_level: debug
@ -12,7 +12,7 @@ jwt_secret: unsecure_secret
authentication_backend:
file:
path: /var/lib/authelia/users.yml
path: /config/users.yml
session:
secret: unsecure_session_secret
@ -23,7 +23,7 @@ session:
storage:
local:
path: /var/lib/authelia/db.sqlite
path: /config/db.sqlite
access_control:
default_policy: bypass

6
internal/suites/HAProxy/docker-compose.yml
View File

@ -2,6 +2,6 @@ version: '3'
services:
authelia-backend:
volumes:
- './HAProxy/configuration.yml:/etc/authelia/configuration.yml:ro'
- './HAProxy/users.yml:/var/lib/authelia/users.yml'
- './common/ssl:/var/lib/authelia/ssl:ro'
- './HAProxy/configuration.yml:/config/configuration.yml:ro'
- './HAProxy/users.yml:/config/users.yml'
- './common/ssl:/config/ssl:ro'

4
internal/suites/HighAvailability/configuration.yml
View File

@ -3,8 +3,8 @@
###############################################################
port: 9091
tls_cert: /var/lib/authelia/ssl/cert.pem
tls_key: /var/lib/authelia/ssl/key.pem
tls_cert: /config/ssl/cert.pem
tls_key: /config/ssl/key.pem
log_level: debug

4
internal/suites/HighAvailability/docker-compose.yml
View File

@ -2,5 +2,5 @@ version: '3'
services:
authelia-backend:
volumes:
- './HighAvailability/configuration.yml:/etc/authelia/configuration.yml:ro'
- './common/ssl:/var/lib/authelia/ssl:ro'
- './HighAvailability/configuration.yml:/config/configuration.yml:ro'
- './common/ssl:/config/ssl:ro'

6
internal/suites/LDAP/configuration.yml
View File

@ -3,8 +3,8 @@
###############################################################
port: 9091
tls_cert: /var/lib/authelia/ssl/cert.pem
tls_key: /var/lib/authelia/ssl/key.pem
tls_cert: /config/ssl/cert.pem
tls_key: /config/ssl/key.pem
log_level: debug
@ -36,7 +36,7 @@ session:
storage:
local:
path: /var/lib/authelia/db.sqlite3
path: /config/db.sqlite3
totp:
issuer: example.com

4
internal/suites/LDAP/docker-compose.yml
View File

@ -2,5 +2,5 @@ version: '3'
services:
authelia-backend:
volumes:
- './LDAP/configuration.yml:/etc/authelia/configuration.yml:ro'
- './common/ssl:/var/lib/authelia/ssl:ro'
- './LDAP/configuration.yml:/config/configuration.yml:ro'
- './common/ssl:/config/ssl:ro'

6
internal/suites/Mariadb/configuration.yml
View File

@ -3,8 +3,8 @@
###############################################################
port: 9091
tls_cert: /var/lib/authelia/ssl/cert.pem
tls_key: /var/lib/authelia/ssl/key.pem
tls_cert: /config/ssl/cert.pem
tls_key: /config/ssl/key.pem
log_level: debug
@ -14,7 +14,7 @@ jwt_secret: very_important_secret
authentication_backend:
file:
path: /var/lib/authelia/users.yml
path: /config/users.yml
session:
secret: unsecure_session_secret

6
internal/suites/Mariadb/docker-compose.yml
View File

@ -2,6 +2,6 @@ version: '3'
services:
authelia-backend:
volumes:
- './Mariadb/configuration.yml:/etc/authelia/configuration.yml:ro'
- './Mariadb/users.yml:/var/lib/authelia/users.yml'
- './common/ssl:/var/lib/authelia/ssl:ro'
- './Mariadb/configuration.yml:/config/configuration.yml:ro'
- './Mariadb/users.yml:/config/users.yml'
- './common/ssl:/config/ssl:ro'

6
internal/suites/MySQL/configuration.yml
View File

@ -3,8 +3,8 @@
###############################################################
port: 9091
tls_cert: /var/lib/authelia/ssl/cert.pem
tls_key: /var/lib/authelia/ssl/key.pem
tls_cert: /config/ssl/cert.pem
tls_key: /config/ssl/key.pem
log_level: debug
@ -14,7 +14,7 @@ jwt_secret: very_important_secret
authentication_backend:
file:
path: /var/lib/authelia/users.yml
path: /config/users.yml
session:
secret: unsecure_session_secret

6
internal/suites/MySQL/docker-compose.yml
View File

@ -2,6 +2,6 @@ version: '3'
services:
authelia-backend:
volumes:
- './MySQL/configuration.yml:/etc/authelia/configuration.yml:ro'
- './MySQL/users.yml:/var/lib/authelia/users.yml'
- './common/ssl:/var/lib/authelia/ssl:ro'
- './MySQL/configuration.yml:/config/configuration.yml:ro'
- './MySQL/users.yml:/config/users.yml'
- './common/ssl:/config/ssl:ro'

8
internal/suites/NetworkACL/configuration.yml
View File

@ -3,8 +3,8 @@
###############################################################
port: 9091
tls_cert: /var/lib/authelia/ssl/cert.pem
tls_key: /var/lib/authelia/ssl/key.pem
tls_cert: /config/ssl/cert.pem
tls_key: /config/ssl/key.pem
log_level: debug
@ -12,7 +12,7 @@ jwt_secret: unsecure_password
authentication_backend:
file:
path: /var/lib/authelia/users.yml
path: /config/users.yml
session:
secret: unsecure_session_secret
@ -24,7 +24,7 @@ session:
# Configuration of the storage backend used to store data and secrets. i.e. totp data
storage:
local:
path: /var/lib/authelia/db.sqlite
path: /config/db.sqlite
# Access Control
#

6
internal/suites/NetworkACL/docker-compose.yml
View File

@ -2,6 +2,6 @@ version: '3'
services:
authelia-backend:
volumes:
- './NetworkACL/configuration.yml:/etc/authelia/configuration.yml:ro'
- './NetworkACL/users.yml:/var/lib/authelia/users.yml'
- './common/ssl:/var/lib/authelia/ssl:ro'
- './NetworkACL/configuration.yml:/config/configuration.yml:ro'
- './NetworkACL/users.yml:/config/users.yml'
- './common/ssl:/config/ssl:ro'

8
internal/suites/OneFactorOnly/configuration.yml
View File

@ -3,8 +3,8 @@
###############################################################
port: 9091
tls_cert: /var/lib/authelia/ssl/cert.pem
tls_key: /var/lib/authelia/ssl/key.pem
tls_cert: /config/ssl/cert.pem
tls_key: /config/ssl/key.pem
log_level: debug
@ -14,7 +14,7 @@ jwt_secret: unsecure_secret
authentication_backend:
file:
path: /var/lib/authelia/users.yml
path: /config/users.yml
session:
secret: unsecure_session_secret
@ -25,7 +25,7 @@ session:
storage:
local:
path: /var/lib/authelia/db.sqlite
path: /config/db.sqlite
access_control:
default_policy: deny

6
internal/suites/OneFactorOnly/docker-compose.yml
View File

@ -2,6 +2,6 @@ version: '3'
services:
authelia-backend:
volumes:
- './OneFactorOnly/configuration.yml:/etc/authelia/configuration.yml:ro'
- './OneFactorOnly/users.yml:/var/lib/authelia/users.yml'
- './common/ssl:/var/lib/authelia/ssl:ro'
- './OneFactorOnly/configuration.yml:/config/configuration.yml:ro'
- './OneFactorOnly/users.yml:/config/users.yml'
- './common/ssl:/config/ssl:ro'

8
internal/suites/PathPrefix/configuration.yml
View File

@ -3,8 +3,8 @@
###############################################################
port: 9091
tls_cert: /var/lib/authelia/ssl/cert.pem
tls_key: /var/lib/authelia/ssl/key.pem
tls_cert: /config/ssl/cert.pem
tls_key: /config/ssl/key.pem
server:
path: auth
@ -15,7 +15,7 @@ jwt_secret: unsecure_secret
authentication_backend:
file:
path: /var/lib/authelia/users.yml
path: /config/users.yml
session:
secret: unsecure_session_secret
@ -26,7 +26,7 @@ session:
storage:
local:
path: /var/lib/authelia/db.sqlite
path: /config/db.sqlite
access_control:
default_policy: bypass

6
internal/suites/PathPrefix/docker-compose.yml
View File

@ -2,6 +2,6 @@ version: '3'
services:
authelia-backend:
volumes:
- './PathPrefix/configuration.yml:/etc/authelia/configuration.yml:ro'
- './PathPrefix/users.yml:/var/lib/authelia/users.yml'
- './common/ssl:/var/lib/authelia/ssl:ro'
- './PathPrefix/configuration.yml:/config/configuration.yml:ro'
- './PathPrefix/users.yml:/config/users.yml'
- './common/ssl:/config/ssl:ro'

6
internal/suites/Postgres/configuration.yml
View File

@ -3,8 +3,8 @@
###############################################################
port: 9091
tls_cert: /var/lib/authelia/ssl/cert.pem
tls_key: /var/lib/authelia/ssl/key.pem
tls_cert: /config/ssl/cert.pem
tls_key: /config/ssl/key.pem
log_level: debug
@ -14,7 +14,7 @@ jwt_secret: very_important_secret
authentication_backend:
file:
path: /var/lib/authelia/users.yml
path: /config/users.yml
session:
secret: unsecure_session_secret

6
internal/suites/Postgres/docker-compose.yml
View File

@ -2,6 +2,6 @@ version: '3'
services:
authelia-backend:
volumes:
- './Postgres/configuration.yml:/etc/authelia/configuration.yml:ro'
- './Postgres/users.yml:/var/lib/authelia/users.yml'
- './common/ssl:/var/lib/authelia/ssl:ro'
- './Postgres/configuration.yml:/config/configuration.yml:ro'
- './Postgres/users.yml:/config/users.yml'
- './common/ssl:/config/ssl:ro'

8
internal/suites/ShortTimeouts/configuration.yml
View File

@ -3,8 +3,8 @@
###############################################################
port: 9091
tls_cert: /var/lib/authelia/ssl/cert.pem
tls_key: /var/lib/authelia/ssl/key.pem
tls_cert: /config/ssl/cert.pem
tls_key: /config/ssl/key.pem
log_level: debug
@ -14,7 +14,7 @@ default_redirection_url: https://home.example.com:8080/
authentication_backend:
file:
path: /var/lib/authelia/users.yml
path: /config/users.yml
session:
secret: unsecure_session_secret
@ -25,7 +25,7 @@ session:
storage:
local:
path: /var/lib/authelia/db.sqlite
path: /config/db.sqlite
totp:
issuer: example.com

6
internal/suites/ShortTimeouts/docker-compose.yml
View File

@ -2,6 +2,6 @@ version: '3'
services:
authelia-backend:
volumes:
- './ShortTimeouts/configuration.yml:/etc/authelia/configuration.yml:ro'
- './ShortTimeouts/users.yml:/var/lib/authelia/users.yml'
- './common/ssl:/var/lib/authelia/ssl:ro'
- './ShortTimeouts/configuration.yml:/config/configuration.yml:ro'
- './ShortTimeouts/users.yml:/config/users.yml'
- './common/ssl:/config/ssl:ro'

6
internal/suites/Standalone/configuration.yml
View File

@ -3,14 +3,14 @@
###############################################################
port: 9091
tls_cert: /var/lib/authelia/ssl/cert.pem
tls_key: /var/lib/authelia/ssl/key.pem
tls_cert: /config/ssl/cert.pem
tls_key: /config/ssl/key.pem
log_level: debug
authentication_backend:
file:
path: /var/lib/authelia/users.yml
path: /config/users.yml
session:
domain: example.com

6
internal/suites/Standalone/docker-compose.yml
View File

@ -5,8 +5,8 @@ services:
- AUTHELIA_JWT_SECRET_FILE=/tmp/authelia/StandaloneSuite/jwt
- AUTHELIA_SESSION_SECRET_FILE=/tmp/authelia/StandaloneSuite/session
volumes:
- './Standalone/configuration.yml:/etc/authelia/configuration.yml:ro'
- './Standalone/users.yml:/var/lib/authelia/users.yml'
- './common/ssl:/var/lib/authelia/ssl:ro'
- './Standalone/configuration.yml:/config/configuration.yml:ro'
- './Standalone/users.yml:/config/users.yml'
- './common/ssl:/config/ssl:ro'
- '/tmp:/tmp'
user: ${USER_ID}:${GROUP_ID}

8
internal/suites/Traefik/configuration.yml
View File

@ -3,8 +3,8 @@
###############################################################
port: 9091
tls_cert: /var/lib/authelia/ssl/cert.pem
tls_key: /var/lib/authelia/ssl/key.pem
tls_cert: /config/ssl/cert.pem
tls_key: /config/ssl/key.pem
log_level: debug
@ -12,7 +12,7 @@ jwt_secret: unsecure_secret
authentication_backend:
file:
path: /var/lib/authelia/users.yml
path: /config/users.yml
session:
secret: unsecure_session_secret
@ -23,7 +23,7 @@ session:
storage:
local:
path: /var/lib/authelia/db.sqlite
path: /config/db.sqlite
access_control:
default_policy: bypass

6
internal/suites/Traefik/docker-compose.yml
View File

@ -2,6 +2,6 @@ version: '3'
services:
authelia-backend:
volumes:
- './Traefik/configuration.yml:/etc/authelia/configuration.yml:ro'
- './Traefik/users.yml:/var/lib/authelia/users.yml'
- './common/ssl:/var/lib/authelia/ssl:ro'
- './Traefik/configuration.yml:/config/configuration.yml:ro'
- './Traefik/users.yml:/config/users.yml'
- './common/ssl:/config/ssl:ro'

8
internal/suites/Traefik2/configuration.yml
View File

@ -3,8 +3,8 @@
###############################################################
port: 9091
tls_cert: /var/lib/authelia/ssl/cert.pem
tls_key: /var/lib/authelia/ssl/key.pem
tls_cert: /config/ssl/cert.pem
tls_key: /config/ssl/key.pem
log_level: debug
@ -12,7 +12,7 @@ jwt_secret: unsecure_secret
authentication_backend:
file:
path: /var/lib/authelia/users.yml
path: /config/users.yml
session:
secret: unsecure_session_secret
@ -23,7 +23,7 @@ session:
storage:
local:
path: /var/lib/authelia/db.sqlite
path: /config/db.sqlite
access_control:
default_policy: bypass

6
internal/suites/Traefik2/docker-compose.yml
View File

@ -2,6 +2,6 @@ version: '3'
services:
authelia-backend:
volumes:
- './Traefik2/configuration.yml:/etc/authelia/configuration.yml:ro'
- './Traefik2/users.yml:/var/lib/authelia/users.yml'
- './common/ssl:/var/lib/authelia/ssl:ro'
- './Traefik2/configuration.yml:/config/configuration.yml:ro'
- './Traefik2/users.yml:/config/users.yml'
- './common/ssl:/config/ssl:ro'

6
internal/suites/example/compose/authelia/Dockerfile.backend
View File

@ -8,12 +8,10 @@ RUN addgroup --gid ${GROUP_ID} dev && \
adduser --uid ${USER_ID} -G dev -D dev && \
apk --no-cache add gcc musl-dev git
RUN mkdir -p /etc/authelia && chown dev:dev /etc/authelia
RUN mkdir -p /var/lib/authelia && chown dev:dev /var/lib/authelia
RUN mkdir -p /config && chown dev:dev /config
USER dev
VOLUME /etc/authelia
VOLUME /var/lib/authelia
VOLUME /config
EXPOSE 9091

2
internal/suites/example/compose/authelia/docker-compose.backend.dist.yml
View File

@ -12,7 +12,7 @@ services:
- 'traefik.http.routers.authelia_backend.tls=true'
- 'traefik.http.services.authelia_backend.loadbalancer.server.scheme=https'
volumes:
- '../..:/app'
- '../..:/authelia'
environment:
- ENVIRONMENT=dev
restart: always

2
internal/suites/example/compose/authelia/resources/run-backend-dev.sh
View File

@ -4,6 +4,6 @@ set -e
while true;
do
dlv --listen 0.0.0.0:2345 --headless=true --continue --accept-multiclient debug cmd/authelia/*.go -- --config /etc/authelia/configuration.yml
dlv --listen 0.0.0.0:2345 --headless=true --continue --accept-multiclient debug cmd/authelia/*.go -- --config /config/configuration.yml
sleep 10
done

4
internal/suites/example/kube/authelia/configs/configuration.yml
View File

@ -3,8 +3,8 @@
###############################################################
port: 443
tls_cert: /var/lib/authelia/ssl/cert.pem
tls_key: /var/lib/authelia/ssl/key.pem
tls_cert: /config/ssl/cert.pem
tls_key: /config/ssl/key.pem
log_level: debug

14
internal/suites/example/kube/authelia/deployment.yml
View File

@ -23,23 +23,23 @@ spec:
- containerPort: 443
volumeMounts:
- name: config-volume
mountPath: /etc/authelia
mountPath: /config
- name: ssl-volume
mountPath: /var/lib/authelia/ssl
mountPath: /config/ssl
- name: secrets
mountPath: /usr/app/secrets
mountPath: /app/secrets
readOnly: true
env:
# We set secrets directly here for ease of deployment but all secrets
# should be stored in the Kube Vault in production.
- name: AUTHELIA_JWT_SECRET_FILE
value: /usr/app/secrets/jwt_secret
value: /app/secrets/jwt_secret
- name: AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD_FILE
value: /usr/app/secrets/ldap_password
value: /app/secrets/ldap_password
- name: AUTHELIA_SESSION_SECRET_FILE
value: /usr/app/secrets/session
value: /app/secrets/session
- name: AUTHELIA_STORAGE_MYSQL_PASSWORD_FILE
value: /usr/app/secrets/sql_password
value: /app/secrets/sql_password
volumes:
- name: config-volume
configMap:

4
internal/suites/example/swarm/docker-compose.yml
View File

@ -5,7 +5,7 @@ services:
# Used for Docker configs
configs:
- source: authelia
target: /etc/authelia/configuration.yml
target: /config/configuration.yml
uid: '0'
gid: '0'
mode: 0444
@ -14,7 +14,7 @@ services:
# Where the authelia volume is to be mounted. To only use a single volume, the minimal config needs to be changed to read the users_database.yml also from this subdirectory.
# Otherwise a second volume will need to be configured here to mount the users_database.yml.
volumes:
- authelia:/etc/authelia/storage
- authelia:/config/storage
networks:
- overlay
deploy: