initial commit

.env.example

@@ -0,0 +1,24 @@
+AUTHELIA_AUTHENTICATION_BACKEND_LDAP_ADDRESS='ldaps://ldap.example.edu.br'
+AUTHELIA_AUTHENTICATION_BACKEND_LDAP_IMPLEMENTATION='custom'
+AUTHELIA_AUTHENTICATION_BACKEND_LDAP_TIMEOUT='5s'
+AUTHELIA_AUTHENTICATION_BACKEND_LDAP_START_TLS=false
+AUTHELIA_AUTHENTICATION_BACKEND_LDAP_TLS_MINIMUM_VERSION='TLS1.2'
+# AUTHELIA_AUTHENTICATION_BACKEND_LDAP_TLS_MAXIMUM_VERSION=''
+AUTHELIA_AUTHENTICATION_BACKEND_LDAP_TLS_SKIP_VERIFY=false
+AUTHELIA_AUTHENTICATION_BACKEND_LDAP_TLS_SERVER_NAME='ldap.example.edu.br'
+AUTHELIA_AUTHENTICATION_BACKEND_LDAP_BASE_DN='DC=ldap,DC=example'
+AUTHELIA_AUTHENTICATION_BACKEND_LDAP_ADDITIONAL_USERS_DN='OU=users'
+AUTHELIA_AUTHENTICATION_BACKEND_LDAP_USERS_FILTER='(&(|({username_attribute}={input})({mail_attribute}={input}))(objectClass=posixAccount))'
+AUTHELIA_AUTHENTICATION_BACKEND_LDAP_ADDITIONAL_GROUPS_DN='OU=groups'
+AUTHELIA_AUTHENTICATION_BACKEND_LDAP_GROUPS_FILTER='(&(member=CN={input},OU=users,DC=ldap,DC=example)(objectClass=groupOfEntries))'
+# AUTHELIA_AUTHENTICATION_BACKEND_LDAP_GROUP_SEARCH_MODE=''
+AUTHELIA_AUTHENTICATION_BACKEND_LDAP_ATTRIBUTES_DISTINGUISHED_NAME='dn'
+AUTHELIA_AUTHENTICATION_BACKEND_LDAP_ATTRIBUTES_USERNAME='cn'
+AUTHELIA_AUTHENTICATION_BACKEND_LDAP_ATTRIBUTES_DISPLAY_NAME=''
+AUTHELIA_AUTHENTICATION_BACKEND_LDAP_ATTRIBUTES_MAIL='mail'
+AUTHELIA_AUTHENTICATION_BACKEND_LDAP_ATTRIBUTES_MEMBER_OF='memberOf'
+AUTHELIA_AUTHENTICATION_BACKEND_LDAP_ATTRIBUTES_GROUP_NAME='cn'
+# AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PERMIT_REFERRALS=''
+# AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PERMIT_UNAUTHENTICATED_BIND=''
+# AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PERMIT_FEATURE_DETECTION_FAILURE=''
+AUTHELIA_AUTHENTICATION_BACKEND_LDAP_USER='cn=binduser,DC=ldap,DC=example'

config/configuration.yml

@@ -0,0 +1,73 @@
+---
+###############################################################
+#                   Authelia configuration                    #
+###############################################################
+
+server:
+  address: 'tcp://:9091'
+
+theme: "dark"
+
+log:
+  level: 'debug'
+
+totp:
+  issuer: 'authelia.com'
+
+access_control:
+  default_policy: 'deny'
+  rules:
+    # Rules applied to everyone
+    # - domain: '*.alice.ufsj.edu.br'
+    #   policy: 'one_factor'
+    - domain: 'ldap.alice.ufsj.edu.br'
+      policy: 'bypass'
+    - domain: 'authelia.alice.ufsj.edu.br'
+      policy: 'bypass'
+    - domain: 'traefik.alice.ufsj.edu.br'
+      policy: 'one_factor'
+    - domain: 'docker.alice.ufsj.edu.br'
+      policy: 'one_factor'
+    - domain: 'dash.alice.ufsj.edu.br'
+      policy: 'one_factor'
+    # - domain: 'secure.example.com'
+    #   policy: 'two_factor'
+
+session:
+  # This secret can also be set using the env variables AUTHELIA_SESSION_SECRET_FILE
+  # secret: 'insecure_session_secret'
+
+  cookies:
+    - name: 'authelia_session'
+      domain: 'alice.ufsj.edu.br'  # Should match whatever your root protected domain is
+      authelia_url: 'https://authelia.alice.ufsj.edu.br'
+      expiration: '1 hour'
+      inactivity: '5 minutes'
+
+  # redis:
+  #   host: 'redis'
+  #   port: 6379
+    # This secret can also be set using the env variables AUTHELIA_SESSION_REDIS_PASSWORD_FILE
+    # password: authelia
+
+regulation:
+  max_retries: 3
+  find_time: '2 minutes'
+  ban_time: '5 minutes'
+
+storage:
+#   encryption_key: 'you_must_generate_a_random_string_of_more_than_twenty_chars_and_configure_this'
+  local:
+    path: '/config/db.sqlite3'
+notifier:
+  disable_startup_check: true
+  template_path: ''
+  # filesystem: {}
+  # smtp: {}
+#   filesystem:
+  smtp:
+    username: 'test'
+    # This secret can also be set using the env variables AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE
+    # password: 'password'
+    address: 'smtp://mail.alice.ufsj.edu.br:25'
+    sender: 'admin@alice.ufsj.edu.br'

docker-compose.yml

@@ -0,0 +1,35 @@
+services:
+  authelia:
+    container_name: 'authelia'
+    image: 'docker.io/authelia/authelia:latest'
+    restart: 'unless-stopped'
+    secrets: ['JWT_SECRET', 'SESSION_SECRET', 'STORAGE_ENCRYPTION_KEY']
+    environment:
+      AUTHELIA_IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET_FILE: '/run/secrets/JWT_SECRET'
+      AUTHELIA_SESSION_SECRET_FILE: '/run/secrets/SESSION_SECRET'
+      AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE: '/run/secrets/STORAGE_ENCRYPTION_KEY'
+      AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD_FILE: '/run/secrets/LDAP_BINDDN_PASSWORD'
+    volumes:
+      - ./config:/config
+    networks:
+      traefik-public:
+        aliases: []
+    labels:
+      traefik.enable: 'true'
+      traefik.http.routers.authelia.rule: 'Host(`authelia.alice.ufsj.edu.br`)'
+      traefik.http.routers.authelia.entrypoints: 'websecure'
+      traefik.http.routers.authelia.middlewares: 'authelia@docker'
+
+networks:
+  traefik-public:
+    external: true
+
+secrets:
+  JWT_SECRET:
+    file: './secrets/JWT_SECRET'
+  SESSION_SECRET:
+    file: './secrets/SESSION_SECRET'
+  STORAGE_ENCRYPTION_KEY:
+    file: './secrets/STORAGE_ENCRYPTION_KEY'
+  LDAP_BINDDN_PASSWORD:
+    file: './secrets/LDAP_BINDDN_PASSWORD'