Sycotix
-
Posts
164 -
Joined
-
Last visited
Content Type
Profiles
Forums
Downloads
Store
Gallery
Bug Reports
Documentation
Landing
Posts posted by Sycotix
-
-
6 hours ago, SohailS said:
Thanks Sycotix
Really appreciate it. Linuxserver used to do one but it's now a really old version and it's deprecated, really appreciate your time
Created and tested mate, seems to work for me. I've just put it on Github so give it a few hours then check app store
-
1
-
-
10 hours ago, SohailS said:
I have just recently stumbled across your Channel on YouTube and want to tell you that you are on to a winner here you have some great content already and look forward to upcoming videos.
a question is do you do requests? i would love a upto date and supported container for Serviio if that is possible
Hi Sohail thanks for the feedback mate that's very much appreciated.
I can look into it and if it's a quick one shouldn't be hard to get a template up
-
Thanks for the extra info Squid much appreciated. Glad I could put something out there, I'll dig deeper as we go along since in also always learning.
-
21 minutes ago, bobokun said:
Can confirm it's fixed now! thank you
Thank you mate appreciate that. Cheers
-
41 minutes ago, mikedm139 said:
Thanks. I have chimed in on the github issue for tracking.
Great thanks for that
-
1 hour ago, mikedm139 said:
I'm in the process of switching my install over from the LetsEncrypt/SWAG container to NginxProxyManager for my reverse proxy. I had Authelia set up and working with SWAG and it appears that it should be working with NPM, but my protected endpoints are all exposed without authenticating through Authelia. I have been following the guide (although I have not set up Redis or MariaDB, if that is possibly relevant).
I am able to access Authelia at "auth.MYDOMAIN.ca" . I have copied the conf files to the advanced tabs for authelia and each of my endpoints needing protection, and edited them appropriately. When I try to access any of the "protected" endpoints via private browsing in FireFox or from outside my LAN, it bypasses authelia entirely.
Here is the Access Control section of my authelia configuration.yml:
access_control: # Default policy can either be 'bypass', 'one_factor', 'two_factor' or 'deny'. # It is the policy applied to any resource if there is no policy to be applied # to the user. default_policy: deny rules: - domain: "*.REDACTED.ca" policy: two_factorI have tried configuring several different containers/endpoints (cloud9, ApacheGuacamol, sonarr) and they all seem to bypass Authelia.
Any suggestions on how to fix or troubleshoot would be much appreciated.
I'm not too sure how much the redis or mariadb would impact it.
It's more likely the NGINX config, another user has reported the same issue (https://github.com/ibracorp/authelia/issues/3) but for the life of me I don't see why
-
8 hours ago, bobokun said:
Not sure if you changed something with your templates but as of this morning I started receiving this warning in my Fix Common Problems plugin and as soon as I press apply fix and rescan the error still persists showing that the url should be pointing to authelia. I think you have two templates (Jira service desk and Authelia) both pointing to Authelia docker?
Thank you again, appreciate you coming back here to report it. Indeed, the issue was the JIRA template had Authelia repository linked. Should now be fixed, if you could confirm that would be great. Changes should take effect within 2 hours.
-
46 minutes ago, bobokun said:
Fyi your recent changelog has a date year of 2020 instead of 2021
Thank you, fixed now
-
-
On 12/22/2020 at 5:45 AM, HALPtech said:
Looks like I'm having the exact same issue with Radarr that some other folks were having, but I don't see a resolution for it in this thread.
I have reverse proxies set up for Sonarr and Radarr in NGINX Proxy Manager almost identically (both with a scheme of 'http'), with the only difference between their port. Both work great.
I began following this guide (which is fantastic, by the way - thank you) to set up Authelia and was successfully able to route Sonarr through Authelia on the first try.
However, when I perform the exact same steps with Radarr and Portainer (add the rules to the Authelia conf file, add Protected Endpoint conf block in the advanced tab for each proxy host in NPM), Authelia redirects the subdomain to http://radarr.subdomain.com instead of https://radarr.subdomain.com and throws an error. (I can access it just fine if I manually add an 's' to 'http' myself.)
Note that I've used the exact same Protected Endpoint conf as Sonarr, replacing only the container name for Radarr/Portainer. I have no idea why Sonarr is the only one being automatically redirect to https right off the bat.
Edit: It looks like this is an NPM issue - I was able to resolve it using the recommended fix per this support thread.
Essentially, replace this line in OP's original config:
auth_request_set $target_url $scheme://$http_host$request_uri;with this:
auth_request_set $target_url https://$http_host$request_uri;Thank you for this. I will update the conf file to address this issue going forward.
-
-
On 1/14/2021 at 6:20 AM, bpage said:
Has anyone had issues with this working on Safari and/or mobile safari? Everything seems to work ok in Chrome browser, but trying from Safari, either I do not get forwarded after authentication or my rules (allow local networks) do not work at all.
Possible cookie issue? No real answer for you at this time from me never tested with Safari but are cookies being saved?
-
I have created a walkthrough guide video to help those who need it:
-
Just wishing to let everyone know of our YouTube channel, where we'll be making videos, including Authelia. We already have some videos up if you're interested and if you enjoy please subscribe to help us out.
Thank you
Link: https://bit.ly/3q39SJO
-
1 hour ago, chenci said:
Found the error, it was in the configuration.yml. Syntax error, as I have two "rules"
Glad you got it. The rules can be sensitive so test them as you add them until you're sure of them
-
43 minutes ago, chenci said:
Hi, anyone have this problem after setting up authelia config file?
I try other ports, but it show the same bind error.
Any help appreciated
Check your YML config file as well as Unraid for the port setting.
-
6 hours ago, DioxideC said:
Can anyone shed some light on this? Otherwise I think ill have to start again from scratch.
Heres what ive done/noticed so far:
1. Copied your config and pasted over the one created and continued to follow the instructions.
2. At this part I wasn't sure if I had to literally type in 'YOURPASSWORD' or replace it with one of the 128bit keys or a normal txt password, So i used a 128b key.
3. When trying to start up I keep getting these errors which seem to relate to smtp which I do not have setup yet?:
4. Commented out smtp part of the config and set up txt file for notifications, tried true and false for notification check made no difference.
5. Line 324 in my config doesn't reference a key so not sure what's going on?
I'm sure its just something stupid I've done, but any help is appreciated otherwise I will delete it all and start over.
2. YOURPASSWORD is whatever you like. Obviously the more secure, the better. Just make sure it's the same in your Authelia config.
3-5. If you don't want Authelia to test for SMTP, you need to set "disable_startup_check: true". Source: https://www.authelia.com/docs/configuration/notifier/
I would recommend you actually just use SMTP such as Gmail (or your own). Because if you like it, you will need to set it up anyway.
-
2 hours ago, ThreeFN said:
I probably don't need it but do any of us really need anything we implement on the sever?
Probably the funniest and most accurate thing I've read hahah
And yes great recommendation, the startup order is critical and I've got almost 15-30 secs delay between each container depending what it is.
-
On 9/4/2020 at 10:29 PM, Nano said:
Hey, I actually got Authelia working with a much simplier guide, it did not require any other dockers, If you turn on SQ lite in authelia it can all be done within the docker itself. Much much easier for people to follow.
storage
local
path configdb.sqlite3I'm sure your much smarter than me and can tell me why this is not as good as your guide but who knows.
I agree with you it is 'easier'. However the reason it's not wise is because it's not as reliable as having a dedicated database to store the information.
While I understand most small deployments would be fine using the built-in SQL, I would not recommend it (and Authelia also doesn't recommend it) outside of a test environment.
When you're happy with it, I suggest launching a mariadb or MySQL database and following our instructions, it's really easy.
-
I have updated the Git page. Better formatting and better information thanks to everyone's input. Cheers
-
On 9/6/2020 at 12:33 PM, TX_Pilot said:
A couple of ideas to keep things a bit cleaner.
1) I used environment variables available through NPM rather than hardcoding the ip and port into the Advanced Config.
So I made the following changes to the Protected Endpoint:
set $upstream_CONTAINERNAME http://CONTAINERIP:CONTAINERPORT;became:
set $upstream_CONTAINERNAME $forward_scheme://$server:$port;
This will allow you to make the changes to IP/Port within NPM rather than both under the Details Tab and the Advanced Tab
2) I also used the actual container name as well so that I don't have to worry about IP. All of the reverse proxy guides recommend you create a network and use the internal Docker network for your reverse proxy. If you do that then you can specify the container name instead of the IP.
So:
set $upstream_authelia http://SERVERIP:9091/api/verify;
became:
set $upstream_authelia http://Authelia:9091/api/verify;
In this case Authelia is the name of my Authelia container.
I have found it is much easier to use container name and internal port references in your NPM config so that if you container IPs change you are stuck fixing your reverse proxy. Just make sure if you do this, your are using the container port, not the translated port for your UnRaid IP address.
With these changes you can almost use the same Protected Endpoint for each proxy host. The only thing that would be different is the CONTAINERNAME. I am not sure if it would be a problem for that to be the same between proxy hosts. I am going to do some testing and see if it matters.
--Scott
I know I;m a little late but just wanted to say thank you for sharing this. Certainly makes sense to use the variables and I did not realise at the time. I have updated the Protected Endpoint conf to match now.
As for the using the container name, I haven't been able to test it yet so I will keep it as is but your comment will help those who want to change it.
Thanks again
-
8 hours ago, ThreeFN said:
Here's a few gotchas that I ran into that may help others. Caveat emptor, I'm using a hybrid of Sycotix and the LSIO instructions (I'm using swag for ssl/nginx) so your mileage may vary, etc, etc.
>On Duo, you actually need TWO logins. The first is your admin account that sets-up your hostname/integration_key/secret_key via Partner Auth API. Now with with you need to go into the config for the Application->PartnerAuthAPI and add a user that is THE SAME NAME as the user you have in file/ldap and then EMAIL THEM which will give you the ability to enroll the phone app to that user. Then you can enroll that in authelia when you get to that point. This page sort of says this but it's a bit cryptic and doesn't fill in all the blanks.
>I wasn't able to get to the second page of the 2FA enrollment when following Sycotix instructions as described.
I was in the same position, but managed to get 2FA enrollment going by going one step further in the setup and setting up a quick hiemdall instance and going to heimdall.YOURDOMAIN.etc and trying to 'login properly' and get pointed back to the target page, and at that point I was able to get to the second factor page and setup OTP and Push.
Have you tried going to directly to the sub domain you setup for Authelia? i.e. auth.example.com? After logging in and having a valid session this should work. In any case, I have added your instructions to the Git page (crediting you of course). Thank you for coming back with a solution!
-
39 minutes ago, doesntaffect said:
I am fairly new to Unraid and want to put Authelia in front of my nextcloud / heimdall. What I understood so far is that the template https://github.com/ibracorp/authelia.xml/blob/master/authelia.xml is meant as a docker template. Please correct me if thats not the case.
My question is, how do I get a authelia container set up, which is based on this template? In the CA "Apps" I see only the official authelia container for download.
Thanks for any advise
Hi there and welcome to the unraid community!
So in the App Store you will see the Authelia container showing as official because I link the XML to the official repository and docker hub page. What I have done is simply provide the XML so that it shows up on the app store for everyone.
In other words, I basically created the link. So the Authelia container you see is the same one referenced here. You can then follow the instructions provided in the link on page 1 here (https://github.com/ibracorp/authelia) plus everyone else's comments.
To everyone else who has taken the time to provide valuable feedback I would like to thank you very much. I've been really busy lately and so it's been hard to make updates but I implore anyone who comes into this thread read everything that's been posted as a lot of information here helps a lot!
I'm currently working on an LDAP implementation via FreeIPA and using Authelia as protection. It's nearly ready and is working so I'll post my Authelia config, with any changes recommended by the user's here, to my GitHub link on page 1 (https://github.com/ibracorp/authelia).
EDIT: I should also add that Authelia does have official documentation, as written on page 1. Please use it to help you if stuck. My instructions were meant to help those using it on unraid as well Nginx Proxy Manager. https://www.authelia.com/docs/
-
3 hours ago, jinx8503 said:
Thanks in advance for any help with this,
In the reverse proxy, have you added a bypass for the API? In the guide down the bottom you will see a section explaining this called: No/infinite native login screen on endpoint.
I believe it should help as the API needs to bypass the proxy check in order to work. This also goes for things like Tautull or Ombi in order to use their mobile apps.
[Support] IBRACORP - All images and files
in Docker Containers
Posted
My pleasure