Skip to content

Authelia

Join DockServer on Discord Total Releases Downloaded from GitHub Latest Official Release on GitHub GNU General Public License

Authelia

Authelia

Build Go Report Card

Docker Tag Docker Size GitHub Release

AUR source version AUR binary version AUR development version LICENSE

Sponsor Discord Matrix


Authelia is an open-source authentication and authorization server providing 2-factor authentication and single sign-on (SSO) for your applications via a web portal. It acts as a companion of reverse proxies like nginx, Traefik or HAProxy to let them know whether queries should pass through. Unauthenticated users are redirected to Authelia Sign-in portal instead.

Features summary

Here is the list of the main available features:

  • Several second factor methods:
  • Security Key (U2F) with Yubikey.
  • Time-based One-Time password with Google Authenticator.
  • Mobile Push Notifications with Duo.
  • Password reset with identity verification using email confirmation.
  • Single-factor only authentication method available.
  • Access restriction after too many authentication attempts.
  • Fine-grained access control per subdomain, user, resource and network.
  • Support of basic authentication for endpoints protected by single factor.
  • Beta support for OpenID Connect.
  • Highly available using a remote database and Redis as a highly available KV store.
  • Compatible with Kubernetes ingress-nginx controller out of the box.

For more details about the features, follow Features.

If you want to know more about the roadmap, follow Roadmap.


Installation and Setup

  • Authelia is deployed via the DockServer main menu, option
[ 1 ] Dockserver - Traefik + Authelia

Follow the Instructions


Two-Factor Authentication (2FA) (Optional)

Requirements


2FA Setup

Once Authelia is deployed, open it's configuration file:

sudo nano /opt/appdata/authelia/configuration.yml

Change the following:

totp:
  issuer: authelia

to:

totp:
  issuer: authelia
  period: 30
  skew: 1

Scroll further and change the following:

## one factor login
- domain: "*.YOURDOMAIN.COM"
  policy: one_factor

to this:

## two factor login
- domain: "*.YOURDOMAIN.COM"
  policy: two_factor

Save and exit by typing CTRL + X, then Y.

Restart the container:

sudo docker restart authelia

Now visit https://authelia.YOURDOMAIN.com and login with the username/password. You'll be presented with a screen saying you need to register your device for TOTP. Click "Not registered yet?" and a message will appear on screen saying "An email has been sent to your address to complete the process". As we didn't set up SMTP, no email has been sent. However, the link you need to continue the setup can be found here:

cat /opt/appdata/authelia/notification.txt

Copy and paste the URL found in this file into your browser, and then scan the QR code with your favourite OTP app (Google Authenticator, 1Password, Authy, AndOTP, etc). Follow the setup instructions in your app, and enter the 6-digit OTP in Authelia.

Congrats, you've got 2FA setup with Authelia!


Support

Kindly report any issues/broken-parts/bugs on github or discord

  • Join our Join DockServer on Discord for Support

License

Authelia is licensed under the Apache 2.0 license. The terms of the license are detailed in LICENSE.

FOSSA Status

Back to top