Help configuring Authelia and Docker apps

Currently reading
Help configuring Authelia and Docker apps

35
2
NAS
DS1019+
Operating system
  1. Windows
Mobile operating system
  1. Android
Hello all,

I've just finished setting up Authelia following this guide. I've got Nginx Proxy Manager working properly for all my subdomains/apps; Authelia is on a subdomain of its own (auth.mydomain.com), LDAP seems to be functioning correctly (as in, I can log in, use TOTP code and am redirected to the selected page).

What I can't figure out is how exactly does the authentication to any given apps work. I've tried with Gogs (a git app) - put the Nginx config in NPM and when I try to open gogs.mydomain.com, I'm redirected to Authelia (so far, so good), I enter my credentials and then the browser goes to gogs.mydomain.com where I can see 403 Forbidden error message.

I'm new to Nginx and I don't understand if there's additional configuration that needs to be done at each individual app so as to recognize the credentials passed by Authelia.

Ideally, I'd like successful authentication to load my Heimdall dashboard with tiles/apps for each individual user and then the user could click on the tile and be automatically logged in the respective app.

Thank you in advance for helping me.
 
Thanks for the hint. I looked at the access policies and simplified them to these:
YAML:
access_control:
  default_policy: deny
      
  networks:
    - name: internal
      networks:
        - 10.0.0.1/16
 
  rules:
    - domain: "*.mydomain.com"
      subject: "user:zkvvoob"
      policy: two_factor

As a result, I'm now redirected to Gog's login page. Now, what do I need to do in order to be logged in automatically without having to submit separate credentials?
 
Upvote 0
Thanks for the hint. I looked at the access policies and simplified them to these:
YAML:
access_control:
  default_policy: deny
     
  networks:
    - name: internal
      networks:
        - 10.0.0.1/16
 
  rules:
    - domain: "*.mydomain.com"
      subject: "user:zkvvoob"
      policy: two_factor

As a result, I'm now redirected to Gog's login page. Now, what do I need to do in order to be logged in automatically without having to submit separate credentials?
That’s not work that way. You have reached your limit.

The ide sod Authelia is to protect your non protected sites. Unless that destination app support and it’s configured to work with your LDAP that Authelia uses, you can’t log in without using a separate account in your case Gog credentials.

So authelia was here to protect access mainly for apps that a) don’t have login options or b) can work with your ldap but you want 2fa on top of that.

So you have passed authelia and reached your site, that’s it. Next you log into it.

This would work fine with heimdall for example but not for any app that already has its own login mechanism.
 
Upvote 0
That's a pity, but I understand.
Let's assume that Gogs can work with LDAP (which it really can). Is there a way for Authelia to pass the log in information to Gogs and skip the login screen, then?
 
Upvote 0
Is there a way for Authelia to pass the log in information to Gogs and skip the login screen, then?
I can't answer that because I haven't tried it, but as long as Gogs can talk to your LDAP, I see no reason not for this to work. How to pass info further down after you have logged in is also something that needs to be looked in Authelia docs.

My setup for Authelia was to protect the unprotected sites, so as I said, I don't have the answer for this of the top of my head.
 
Upvote 0

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

What do you mean by ‘my root folder’? Are you talking about Linux ‘/‘ or somewhere located on /volume1...
Replies
2
Views
353
After lots of trialing external sharing options (specifically quick connect vs VPN vs reverse proxy), the...
Replies
0
Views
613
Hey @fredbert and @strikes2k. It worked. I created a test-bed with a test camera and Netgear GS308E. Each...
Replies
7
Views
1,900
  • Question
Thank you all for your help I am now able to use the 5tb drive. I reformatted the drive using exfat and...
Replies
13
Views
1,665
For failure rate, the backblaze article on the topic is interesting...
Replies
6
Views
876
  • Question
Well that is a relief thank you Rusty, I've submitted a support ticket with Synology. Like you say, I...
Replies
2
Views
1,045

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending threads

Back
Top