Working authelia config

docker_config/traefik/authelia/configuration.yml

@@ -27,15 +27,9 @@ access_control:
   default_policy: deny
   rules:
     # Rules applied to everyone
-    - domain: 5e.jafner.net
-      policy: bypass
     - domain: 
       - "*.jafner.net"
       - "jafner.net"
-      policy: one_factor
-    - domain:
-      - "traefik.jafner.net"
-      - "portainer.jafner.net"
       policy: two_factor
 
 session:

docker_config/traefik/authelia/notification.txt

@@ -1,10 +0,0 @@
-Date: 2021-07-11 04:41:16.893712971 +0000 UTC m=+183.566466012
-Recipient: jafner425@gmail.com
-Subject: Register your mobile
-Body: 
-This email has been sent to you in order to validate your identity.
-If you did not initiate the process your credentials might have been compromised. You should reset your password and contact an administrator.
-
-To setup your 2FA please visit the following URL: https://auth.jafner.net/one-time-password/register?token=***REMOVED***
-
-Please ignore this email if you did not initiate the process.

docker_config/traefik/docker-compose.yml

@@ -18,6 +18,7 @@ services:
       - ./traefik_dynamic.toml:/traefik_dynamic.toml
       - ./acme.json:/acme.json
       - ./.htpasswd:/.htpasswd
+
   authelia:
     image: authelia/authelia
     container_name: authelia
@@ -28,13 +29,7 @@ services:
     labels:
       - 'traefik.http.routers.authelia.rule=Host(`auth.jafner.net`)'
       - 'traefik.http.routers.authelia.entrypoints=websecure'
-      - 'traefik.http.routers.authelia.tls=true'
-      - 'traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/verify?rd=https://auth.jafner.net/'
-      - 'traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true'
-      - 'traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User, Remote-Groups, Remote-Name, Remote-Email'
-      - 'traefik.http.middlewares.authelia-basic.forwardauth.address=http://authelia:9091/api/verify?auth=basic'
-      - 'traefik.http.middlewares.authelia-basic.forwardauth.trustForwardHeader=true'
-      - 'traefik.http.middlewares.authelia-basic.forwardauth.authResponseHeaders=Remote-User, Remote-Groups, Remote-Name, Remote-Email'
+      - 'traefik.http.routers.authelia.tls.certresolver=lets-encrypt'
 
   redis:
     image: redis:alpine

docker_config/traefik/traefik_dynamic.toml

@@ -1,14 +1,17 @@
-[http.middlewares.simpleauth.basicAuth]
-  usersFile = "/.htpasswd"
-
 [http.middlewares]
   [http.middlewares.lan-only.ipWhiteList]
     sourceRange = ["127.0.0.1/32", "192.168.1.1/24"]
+  [http.middlewares.simpleauth.basicAuth]
+    usersFile = "/.htpasswd"
+  [http.middlewares.authelia.forwardAuth]
+    address = "http://authelia:9091/api/verify?rd=https://auth.jafner.net"
+    trustForwardHeader = "true"
+    authResponseHeaders = ["Remote-User", "Remote-Groups", "Remote-Name", "Remote-Email"]
 
 [http.routers.api]
   rule = "Host(`traefik.jafner.net`)"
   entrypoints = ["websecure"]
-  middlewares = ["authelia@docker"]
+  middlewares = ["authelia@file"]
   service = "api@internal"
   [http.routers.api.tls]
     certResolver = "lets-encrypt"