Self-hosted Single Sign-on Authentication with Authelia and lldap

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hello this is channel easy self-host in this video we are going to host an authentication solution for self-helstra web services that doesn't have any authentication and we can also enable two-factor authentication for better security I'm using the Silver Bullet app as an example we hosted this app in the last video and as I mentioned it doesn't have any authentication built-in we are going to host authelia as our single sign-on service and LL Dev to manage our username and passwords the final architecture will look like this our proxy server will send an authenticated user to Australia and athelia will verify our username and password by looking up the ldap service then authoria will send us back to the actual apps okay let's get started the docker compose another configuration will be more complicated this time but I have pre-configured a lot of stuff that you only need to change a few things I move the engine ex proxy manager service config to this new compose file because we are going to change it a little you can still maintain the previous data by using the same data and let's increase volume we are adding this new volume for the proxy manager to work with the authoria is some nginx configuration under the same directory we are going to use them later in the proxy manager UI next is Australia the new service we are adding it has its own configuration file and some environment variable configuration in this dot EnV file we are going to take a look at that later next is our ildap service using lldap project we are also going to configure it in the same.env file in this dot EMV file we only need to change the first section for the default configuration to work first you need to provide the base domain name for every service you are going to run in my case this home.easyselfhost.com next you are going to enter the same thing in another format then there are three keys and secrets that authelia and llw Dev use to encrypt session or storage please use randomly generated content for them lastly you need to provide a password for the default admin user in lldap please remember to keep this secret value safe I pre-configured other part of Azalea but I recommend reading their documentation to understand how things work and also customize your config you also need to change one thing in the proxy configuration that is located at the end of the first one you are going to change the host name to the authoria host that you are going to use in my case is auth and my base domain name that's all for the configuration part hope is not too complex like before we are going to connect to our server and find our Docker compose file and use the command Docker compose app Dash D to bring up all the services wait for a while and you're good to go next let's go to the nginx proxy manager we configured before let's first add a proxy rule for our ldap service the port of this service is 17170 the rest of the fields is like other services and remember to enable https then let's go to the ldap service page here we log in the admin account using the password we provide in the configuration file using the admin we can register and manage user in this system let's create our first user by filling this form within account created we can go back to nginx proxy manager here let's add another proxy rule for athelia I'm using the domain aus.home.easyselfhost.com and the port is 1991. let's also enable https in the SSL section and then we need to go to the advanced section and enter these lines in the text box it references the configuration we add in the docker compose that saved the proxy Rule and then we need to modify the proxy rule for the services that need authentication we only need to add this content to the advanced section it guards the proxy rule with authentication let's save the proxy Rule and try it out for the first time we might need to click clear the browser cache for this site you can do this in every browser after this you will be redirected to the authentication page here let's enter the username and password we just added for the first time every user will be prompted to set up their two Vector authentication you can choose to use time-based password or authentication keys I'm going to use time based password right click register device it says an email will be sent to your address but actually we haven't set up our email services but instead we can find the email content in a local file on our server let's head to our server connection and show the file content and then copy this one time link and open it in our browser here we are given the time-based password say create to generate the six digit code you can use any authenticator app that supports this like Google Authenticator but I'm using the word and server I set up in another video here let's paste the authentication key in the totp section and then save it and open the item again in and you can see the code in real time let's go back and click done and then input the code and your two-factor authentication is successfully set up let's go back to the previous page since you already authenticated you can just refresh the page and you're in if you want to sign out you can go to the authoria page and click log out then you are signed out and need to fill in username and password again that's all for setting up authentication I highly recommend reading through authelia documentation to discover more features for example you can set up real email notification using your Gmail account and you can use authoria as an oauth identity provider for other apps that support it that's all for this video please consider subscribing for Content like this you can find the docker compose file on GitHub and the link is in description below thank you for watching
Info
Channel: Easy Self Host
Views: 6,587
Rating: undefined out of 5
Keywords: self-hosted, authentication, tech, raspberrypi, homelab, authelia, ldap, sso, docker
Id: 9vlLaQWxCL4
Channel Id: undefined
Length: 5min 58sec (358 seconds)
Published: Mon Aug 14 2023
Related Videos
Paperless-ngx: Self-hosted Document Management System That Helps You Organize Your Docs
Easy Self Host
12K
Single Sign On With OAuth2.0 - Authentik Is AWESOME!
Jim's Garage
22K
Authelia on Proxmox - 2FA SSO with Nextcloud, Proxmox, Portainer Gitea OpenID Connect Single Sign On
OneMarcFifty
18K
Authentik - Passwordless Login
Cooptonian
5.7K
A Year of Self-Hosting: The Open-Source Projects To Check Out in 2024
Let's Talk Dev
4.2K
Secure Self Hosted with Authentik | Traefik & NGINX Proxy Manager
IBRACORP
46K
Authelia - Free, Open Source, Self Hosted authorization and authentication for your web applications
Awesome Open Source
56K
Protect Your Privacy! Use Matrix: A Self-Hosted, E2E Encrypted, Alternative to WhatsApp and Signal
Jim's Garage
15K
Self-Hosted SSO: How to Set Up Authentik with Docker Compose for Unified Login
Techdox
1.9K
Authentik - open source, self hosted authentication system with OIDC, SAML, and more...
Awesome Open Source
39K
Self-Hosting Security Guide for your HomeLab
Techno Tim
293K
Additional Self-Hosted Security with Authelia on NGINX Proxy Manager
DB Tech
94K
2 Factor Auth and Single Sign On with Authelia
Techno Tim
130K
Difference between cookies, session and tokens
Valentin Despa
494K
Self Hosting on your Home Server - Cloudflare + Nginx Proxy Manager - Easy SSL Setup
Raid Owl
295K
Kopia: An Automatic Backup Solution for Your Self-Hosted App Data or Documents
Easy Self Host
535
Authelia | Authentication for Traefik - Ultimate Guide / Keycloak alternative
Tech with Marco
7.7K
Replace Authelia With Authentik Web Proxies And OAuth2
Jim's Garage
17K
Quickly Authenticate Users with FastAPI and Token Authentication
Akamai Developer
72K
Is this the BEST Reverse Proxy for Docker? // Traefik Tutorial
Christian Lempa
462K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.