Sycotix

Hi @Korshakov thanks for getting in touch. The rule looks good. To help troubleshoot, I would set the rule to : access_control: default_policy: deny rules: - domain: "*.lssolutions.ie" policy: one_factor Then test again. This will make sure the subdomain and group requirement is removed temporarily. How about your user config? Can you check the group is set correctly? Be mindful of the formatting in the conf files because it is VERY tempremental. One wrong space could throw it off but it should tell you in the logs if this happens anyway. Update me. EDIT: I just noticed in the official docs that anywhere there is a full URL in the rule, there isn't any quotation marks. (i.e. office.lssolutions.ie). But where there is a wildcard there is (i.e. "*.lssolutions.ie"). I'm at work and can't test right now, can you see if this makes a difference?

Hi all. A user has raised a question via PM regarding rules. If you are getting a 401 on a particular subdomain, it's important you don't simply change the default rule behaviour to 'allow'. Why? Well we're all about security right? The heirachy should be as follows: Default = Deny. If there is no rule set to explicitly allow a subdomain, or group, or both etc. then deny. Then, create a rule to allow access to that particular subdomain(s). Even if it is a public page, you can still protect it with Authelia by setting the rule to 'bypass', for example. For the official docs see here: https://www.authelia.com/docs/configuration/access-control.html Thanks

@nojutsu42 great to hear you got it working! And super happy to hear my doco helped. Thanks for sharing the outcome. It can be tricky getting to match your own setup but once you have it down pat it's worth it for the extra protection. I will check out this DUO right now and see what the go is.

Thanks for the feedback and picking that up @kaiguy. You're very welcome. Wanted to help out whatever way I could. I have amended the doco with the semicolon. I will also add the block/instruction you added to help those with LSIO Let'sEncrypt container.

Oh good pickup. So if you modify it similar to the ones in my doco does it work now? As for duo I'm not sure actually. I haven't configured that section as of yet.

I got a lot of information from here: https://discourse.linuxserver.io/t/need-some-help-with-authelia-plz/734 Which is based on a Let'sEncrypt setup. EDIT: Read the whole discussion as it develops more down the page.

Hi nojutsu42, Thanks for kind words. The container is the official one from Authelia, I just helped collect it all and get up for everyone to use after weeks of trying to get it going. With regards to your issue can you confirm: - After authenticating, are you able to hit (either manually or with the redirect): sonarr.domain.com? Your rules look good. Going forward you will want to set specific subdomain rules but here's mine atm while I'm testing each subdomain: access_control: # Default policy can either be 'bypass', 'one_factor', 'two_factor' or 'deny'. # It is the policy applied to any resource if there is no policy to be applied # to the user. default_policy: deny rules: # Rules applied to 'admins' group - domain: "*.domain.com" subject: - "group:admins" policy: one_factor The instructions I wrote for NPM utilize snippets from those letsencrypt files to get it to work. So in theory, you should not really need to change much for Let'sEncrypt In the letsencrypt\nginx\proxy-confs you can find the sample conf for Sonarr with the lines referencing Authelia. Do you have those? And do you also have: authelia-location.conf, authelia-server.conf Located here: \appdata\letsencrypt\nginx

It's now back up on CA. Won't be messing with it anymore!

Very sorry everyone, got a little too finicky with it. Issue was caused by changing the <overview> tags to null. I have replaced it again and waiting to see if that fixes it.

The app has been published in Community Apps and the support thread can be found here:

**CHANGELOG** 17/04/2021 Hi all! I have now updated the configuration.yml file for Authelia on Git. The new file is a replica of the latest official one with a lot of new changes and also customized ready for use with FreeIPA. Enjoy 02/03/2021 - Added Cachet template to CA store. As well as the URL plugin. Video will be coming out soon on our site first so check it out. 26/01/2021 - Created template for Serviio as requested. Should be up in next two hours. 14/01/2021 - Modified Protected Endpoint Conf file to hardcode https redirection 10/01/2021 - Added to link our YouTube: https://bit.ly/3q39SJO 29/11/2020 - Updated Git page for IBRACORP/Authelia with new and updated information as provided by the community. - Formatting and clean-up to make it easier to follow. - Added LDAP instructions and DUO 2FA tips A big thank you to all those who have helped develop the documentation! 16/11/2020 - Submitted XML template for Jira Service Desk for review to Community Applications. 04/07/2020 - Updated documentation to reflect the CONTAINERIP instead of SERVERIP where appropriate. Also updated the Protected Endpoint.conf to suit. (thanks to @Korshakov) 02/07/2020 - Under NPM config, added the YOURDOMAIN placeholder to Protected Endpoint.conf to be updated by the user. 30/06/2020 - Updated documentation with some advice for Let'sEncrypt (thanks to @kaiguy). - Fixed missing semicolon on database instructions. 29/06/2020 - Updated documentation to assist with issue: No/infinite native login screen on endpoint 28/06/2020 - Updated documentation for Authelia to reflect that the XML is now published in Community Apps and no longer requires manual pull. - Updated logo in XML for Authelia to show in CA. - Updated Categories in XML for Authelia to be Security. - Updated support thread with official Authelia links. - Updated documentation for Authelia with instructions on bypassing authentication for API's (i.e. Sonarr/Ombi)

Welcome to IBRACORP Support = Support Us = Membership Help support my work by subscribing to our site and our Youtube Channel. It's free with paid options. There are no fees involved and it really helps me give back to you. Become a free subscriber of our site to: Receive the latest YouTube videos first, before going public on YouTube. Read our articles which go with our videos and other work we do. Emails directly to your inbox with the latest content. No spam, no bs. More Become a paid subscriber of our site to: Get exclusive videos only for supporters. Ask for direct support with helping install or provide consultancy to you. Receive advanced tutorials and articles for your IT needs. Help support indie creators (and a father of two) to bring you the best content possible! = PayPal = Prefer to donate via PayPal? You can donate to us right HERE. We really appreciate your support in any shape or form. = IBRACORP = IBRACORP - https://ibracorp.io/ YouTube: https://youtube.com/c/IBRACORP GitHub - https://github.com/ibracorp Discord - https://discord.gg/VWAG7rZ Twitter - https://twitter.com/IBRACORP_IO == Contact Us == If you require support or have any questions you can contact us at [email protected]. All questions/issues related to getting any of my images running on Unraid can be asked here. If you think a template needs improvement, feel free to post that here too. <-------------------------------------------------------------------------------------------------------------------------------------------------------> Authelia Authelia is an open-source authentication and authorization server providing 2-factor authentication and single sign-on (SSO) for your applications via a web portal. It acts as a companion of reverse proxies like nginx, Traefik or HAProxy to let them know whether queries should pass through. Unauthenticated users are redirected to Authelia Sign-in portal instead. IBRACORP Links: Guide: unRAID Template: https://github.com/ibracorp/authelia.xml/blob/master/authelia.xml unRAID Installation instructions: https://github.com/ibracorp/authelia This documentation will help users who have NGINX Proxy Manager and want to use Authelia to secure their endpoint. i.e. radarr etc. Official Links: Authelia: https://www.authelia.com/ Docs: https://www.authelia.com/docs GitHub: https://github.com/authelia/authelia Docker Hub: https://hub.docker.com/r/authelia/authelia

Had a lot of trouble fining help getting Authelia working on unRAID. Mostly due to my own lack of knowledge. But thanks to some help and time put in, I present you my guide written based on what I did to get it working, alongside NGINX Proxy Manager. Never used git before but here you go: https://github.com/ibracorp/authelia If anyone knows how to put an XML on Community Apps for easier finding please let me know I'd be happy to do it. Cheers

Hi all. First a quick thank you to the whole unRAID community, I've been using unRAID for over a year now and I really don't know how I could live without it. I also apologize if this is in wrong category I couldn't make a thread under the Docker section? Issue: using the FiveM container, but a broader question in general, I am trying to figure out how to change it's internal container path. Using the the Docker application settings I changed it but when starting the Docker up again the log shows it still referring to the default path (/serverfiles/serverdata). Reason: Using a mod called FivePD, there is currently a bug requiring the main server folder to be named (server-data). On a normal folder setup on a desktop thats easy. But how do I change the Docker path internally to reflect this? Hope I make sense. Thanks in advance