Hi Rusty,
Thank you for your awesome guides! Consice, yet enough details to get it working instantly
Regarding Authelia in combo with Ngingx Proxy Manager I have a question:
I've set up myapp.mydomain.com with a 2fa for traffic from internet and with 1fa from internal.
I expected that the following would work...
Code:
access_control:
default_policy: deny
networks:
- name: internal
networks:
- 192.168.0.0/24
rules:
- domain:
- auth.mydomain.com
policy: bypass
- domain: myapp.mydomain.com
policy: one_factor
networks:
- internal
- domain: myapp.mydomain.com
policy: two_factor
However, it does not work, because in the log of Authelia I see that my home computer (192.168.0.100) is presented with the external IP. So when I change 192.168.0.0/24 to 86.91.xxx.xx then it works.
This would not be a problem if I would have a fixed IP address. Unfortunately that's not the case, so when my external IP address changes I have to manually adjust configuration.yml and change the internal IP address.
The solution is probably in change something in NPM's "Custom Nginx Configuration"... but I don't know what.
Can you help?
Thanks,
Eddie
Edit: in docker auth.mydomain.com (authilia) is on 172.17.0.0/16 network (default bridge right?) and myapp.mydomain.com is on a different network: 172.18.0.0/16.
NPM's myapp.mydomain.com "Custom Nginx Configuration" 3rd line from the bottom reads:
set_real_ip_from 172.17.0.0/16; # change the subnet to match your own
Authelia's log file shows 86.91.xxx.xx as 'real IP' -- my external IP address.
Do I change it to:
set_real_ip_from 172.18.0.0/16; # change the subnet to match your own
Then Authelia log file shows 172.17.0.1 as 'real IP' -- what correctly can be marked as 'internal' though be it a docker network.
Also when I change it to 192.168.0.0./24 then too 172.17.0.1 is shown as 'real IP' -- it's always the docker bridge's IP address.