Thanks for the detailed and informative video. When you add the code in the Advanced tab in npm, you can utilizie the internal nginx variables, this way, you can use the same template for all the hosts without the need to change anything. Below is an example: set $upstream_app $forward_scheme://$server:$port; proxy_pass $upstream_app;
One of the best tutorials i've come across. Great details and great examples. Managed to get Authelia set up on a bunch of my selfhosted sites within an hour.
a shame the weather's so good atm. you're channel is an amazing resource for me since i'm trying to decouple from big tech. you always pop up in my searches with lengthy guides and explanations. god speed!
Thank you so much for doing this ! There are a good bit of how to’s for other reverse proxy’s and I was debating a change until I stumbled on yours. Thanks !
Hi there, I recently deployed a ubuntu 22.04 and am trying to reinstall the Authelia and NGINX. For NGINX proxy manager, it was fine. But Authelia has some significant change(s) that won't allow your configuration.yml file to perform successfully. Would you mind digging a bit and let me know if there is any part of the configuration.yml and the docker-compose.yml must make changes? By the way, the way to run docker-compose.yml has now becaome docker compose uo (no hyphen needed...). THANKS A MILLION
I'll try to take a look. I've updated it in the past, but I've moved to Authentik as my SSO as it doesn't require quite so much heavy configuration through yaml files.
It is really well constructed, details tutorial, thank you! I am also looking for a guide to setup a database to work with Authelia (such as mysql) to manage users instead of the file. But thank you again
how can i read login cookie information from authelia from another system. For example, I need to get the email value of the user logged in on authelia, what I am getting after logging in to authelia is just a cookie. Thanks you !
I notice there is sql information in the docker-compose.yml shown in this video. I am running ubuntu 22.04 and run your script and it does not have any db information in it. has this changed for the 22.04 version of ubuntu? or do I need add that information in it?
Excellent video, I put my Authelia to the test with it, but to make it part of my structure I need to resolve some situations. I can't get the NOVNC CONSOLE inside PROXMOX to work with NPM + Authelia... it always says connection. Has anyone found a solution they can share?
Awesome guide, been following and all good but I cant access to any host after adding the Advanced info. Hosts looks offline in NGINX and got this error in Chrome : ERR_SSL_UNRECOGNIZED_NAME_ALERT Can you assist please?
The nginx docker-compose.yml that is pulled in your script no longer comes with the mariadb config preloaded in it. It seems like nginx has removed it for whatever reason. It will have to be added manually unless it's no longer needed.
Thank you for your efforts. When doing my docker-up, I am getting i/o errors connecting to redis. I vaguely remember having similar troubles in some things because I am running ubuntu virtual machines as these hosts and there was something about being docker in vms and privileged mode. I'll keep investigating but if anyone has insight please let me know.
This video is a bit old now, so things may have changed a bit. Please make sure to check the source for any updated compose files, etc. Sounds like you're doing that already.
Hello, this is really a great tutorial. The first time I have (almost) managed to set up Authelia. My current problem is that after entering the login details in the Authelia window, the browser flashes briefly but there is no redirect to the app in question. Do you have a tip what the problem could be. Best regards, Eric
Curious about this as well. Following these instructions and other instructions that are older and newer, I'm able to get the Authelia portal page active on my local network. However, credentials do not work. When I input my UN/PW, the logs show successful 1FA attempt, but I don't login, and I don't get any error for UN/PW being wrong.
I'm having the same issue as well. Signing into Authelia works fine, but as mentioned, when trying to access an application through NGINX, the browser continues to load/re-load the app.
@@ceddytr7344 you and some others may be missing a critical few steps here. I just went through this so it might apply. After you've entered a new proxy host and dumped the config file into the advanced tab and saved it, you have to go back and modify the authelia config file to teach it about the sites, then bounce the authelia container so it reads the new config. It's as simple as opening /home/Configs/Authelia and editing the configuration.yaml file. FInd the access control section. Add your new proxy host and what type of auth you want it to use (there should be entries or examples already, super simple). Save the file, restart the authelia container. See what happens.
Thanks for video, awesome (sic) as always. Have a newbie type question. I'm about to show my lack of IT security understanding, but how does this improve upon Nginx Proxy Manager's Access Lists? It is a very intricate and complex set up, and aside from the fact that it is fun and challenging, what type(s) of additional protection does it offer?
Not a newbie question at all. Yes, NPM has access lists, and you can and should use those where appropriate. There is no 2 factor with NPM auth however - which from a security standpoint is considered far more secure than single factor authentication 2 times. I also believe that as more applications get Auth capability with LDAP and / or OAuth, you'll see the ability to more tightly integrate something like Authelia with the application, and not just in front of it.
Cloudflare can be a bit tempermental for sure. Make sure you're using the tunnel IPs for redirect, and so on inside the Authelia config and NPM advanced sections.
Great Video, took me a couple attempts but i was able to get Authelia up and running. This might be a dumb question, but would you need to stop the container and run it again with the -d flag?
Is it possible to use this without exposing the port on the host machine? For example, assigning it to a docker Network and just using the docker name instead of the IP address in the configuration
You should be able to do that, but I believe all sites you use this with will need to be on that same docker network for the redirect that happens before the authentication.
@@AwesomeOpenSource I managed to get it working using the docker names. I must have missed something the first time around when i tried! Thanks for your hard work on these videos!
Great tutorial, managed to get it working (I think). How do I know that Redis is managing the session? if I restart the Authelia container I don't need to login back again so that means Redis is doing it's job correctly?
I get to the last step of adding the json info to one of my services I want to access behind authelia. As soon as I input the json info in the advanced tab (changing the appropriate entries to reflect my settings and hit save. Nginx Proxy Manager appears to set the status of that service to OFFLINE. If I go back and remove everything from the advance tab and hit save, Nginx Proxy Manager sets it back to ONLINE. Can't seem to figure out whats went wrong with whats entered in the Advance Tab.
@Smoo Peezy yes that's it. If you ever come across this issue, you have to look for typos in your configuration, that's usually the cause. You can investigate this by checking the Nginx Proxy Manager docker logs. Everytime you save a config, Nginx parses it and will output an error for that specific host. If you are using subpaths in the locations tab, it can even stop nginx from working for all hosts! So this is quite important to know.
Love the Tutorial only did not get it to work. I have nginx already installed on my raspberry pi 4. Got already plenty docker containers. Not sure what I did wrong tried it 3 times to the tee. Can some one help ?
jump over to discuss.opensourceisawesome.com and post, and I'll be happy to try and help. You can use Google, Github accounts if you don't want to sign up for the Server.
Hi , Thank you for the nice video it help a lot , I want to use authelia with remtely , when authelia is up and i try to use remtely the agent cant get the Id do you have any suggestion ? tky
The issue here is that Authelia is a block-point to th ewebsocket that the agent needs in order to connect all the way to remotely. The agent is essentially hitting the Authelia wall and not able to get through to remotely. So, nothing that I'm aware of that can be done here., but you might ask over on the Remotely github.
AWESOME Video! Loved it..... BUTTT Can you go in to depth on 2 things.... How to setup the 2factor OTP, AND then show a differnce between the NPM advanced authelia server config, and a service config for another external service.... say lidarr.... look forward to seeing your reply.
@@AwesomeOpenSource Awesome, Thank you. I figured out my issue with the advanced config, it was an oversight and neede to read the shownotes.... just having a side-by-side would have been nice to see.
@@carlapr97 on iOS I was using FreeOTP for everything. I really like that one, but have been moving my personal stuff over to BitWarden lately as it’s all there together.
Really really fantastic overview and tutorial. First time I have been able to actually get authelia to spin up, However, I login fine with the credentials setup. I am then challenged to setup 2FA. When I click 'Register Device' to setup I get an error 'There was a problem initiating the registration process!' # Any Ideas anyone, so close but completely stuck now.
I haven't seen that issue, but my video is a bit older. I tried to update my yaml to some recent changes for the configuration file, but still may need some work. The @IBRACORP channel just did a great update to their Authelia video, and I highly recommend it as well. ruclips.net/video/IWNypK2WxB0/видео.html
True, i did EVERYTHING checking all steps 3 times, doesnt work...this was a pain to setup and now im reading everything in the Authelia docs to figure out how to make this work. I'm getting to the auth page, but the 2FA doesnt work, the mail is delivered, but i cant register my 2FA device, docker logs are not helpful either.
Thanks for the detailed and informative video.
When you add the code in the Advanced tab in npm, you can utilizie the internal nginx variables, this way, you can use the same template for all the hosts without the need to change anything.
Below is an example:
set $upstream_app $forward_scheme://$server:$port;
proxy_pass $upstream_app;
Thanks for the info!
WoW! I was thinking to ask you to please make a video about Authelia!!. Many many thanks. Awesome, as always.
You are welcome. Those mind reading classes are paying off. Hahaha. Enjoy!
One of the best tutorials i've come across. Great details and great examples. Managed to get Authelia set up on a bunch of my selfhosted sites within an hour.
Glad it helped!
a shame the weather's so good atm. you're channel is an amazing resource for me since i'm trying to decouple from big tech. you always pop up in my searches with lengthy guides and explanations. god speed!
Thank you. Enjoy that great weather, My videos will be here on the not so great days.
Wow, this is exactly what I was looking for!
Excellent! Hope it’s helpful!
Thank you so much Brian, awesome video. It took me awhile, but I finally put it all together. Thanks again man!
My pleasure, glad you stuck with it.
I really love your channel, super helpful and you don't skip ahead and stay with viewer, please keep making videos like these :)
I'll do my best. thank you for watching.
Thank you for making this video and sharing it with all of us! I am of course subscribed with notifications turned on and thumbs up!
Thanks for subbing!
Wow! I didn’t even know that I could do something like this!
Thank you so much!!!
My pleasure!
Cool video, subscribed and looking forward to seeing your future uploads!
Thanks for the sub!
love your channel and detailed tutorial. hope to see authentik tutorial in your channel. keep up the good work.
Been looking at Authetik, Keycloadk, and a few others for some future content.
Thank you so much for doing this ! There are a good bit of how to’s for other reverse proxy’s and I was debating a change until I stumbled on yours.
Thanks !
My pleasure.
Thanks for the demo and info, the scripts are awesome. Have a great day
My pleasure.
Thanks for setting the time zone for me! Nice tutorial.
Glad to help!
An easier way to copy from github files is to click the raw button on the right of the page. It gives you a text version without the line numbers.
Thanks for this, and I have started doing this more.
Annnnd we are back with a new great video...
You know it!
Great video. Do you have a tutorial for authelia on kubernetes?
No, sorry. I haven't dipped into Kubernetes just yet. I need to.
Hi there, I recently deployed a ubuntu 22.04 and am trying to reinstall the Authelia and NGINX. For NGINX proxy manager, it was fine. But Authelia has some significant change(s) that won't allow your configuration.yml file to perform successfully. Would you mind digging a bit and let me know if there is any part of the configuration.yml and the docker-compose.yml must make changes? By the way, the way to run docker-compose.yml has now becaome docker compose uo (no hyphen needed...). THANKS A MILLION
I'll try to take a look. I've updated it in the past, but I've moved to Authentik as my SSO as it doesn't require quite so much heavy configuration through yaml files.
How to get Authelia to work with applications that use programs to sync data, like Nextcloud or Bitwarden if they require authentication to access?
Instead of Authelia, you might need / want to look to something like Authentik. Check out the @cooptonian channel for a ton of Authentik info.
It is really well constructed, details tutorial, thank you! I am also looking for a guide to setup a database to work with Authelia (such as mysql) to manage users instead of the file. But thank you again
I'll see what I can do in a future video.
Great video and many thank!
Glad you liked it!
In the advance tab of NPM, what ips go into set_real_ip_from? Are these just general subnets to capture all ips? If so will 0.0.0.0/0 be better?
That just sets the various private subnets. So you wouldn't want 0.0.0.0/0 in there. It's better to enter the private ip subnets there.
how can i read login cookie information from authelia from another system. For example, I need to get the email value of the user logged in on authelia, what I am getting after logging in to authelia is just a cookie. Thanks you !
This is definitely a question more suitable for the Authelia team. You might go to their github page and ask this.
Thanks it was helpfull!
Glad it helped!
I notice there is sql information in the docker-compose.yml shown in this video. I am running ubuntu 22.04 and run your script and it does not have any db information in it. has this changed for the 22.04 version of ubuntu? or do I need add that information in it?
If you mean for nginx-proxy-manager, then the application changed, and the maker removed the need for a sql db for that to work.
I am using free ddns pointed to my ip and subfolder ... how can I config authelia with nginx in this situation?
Excellent video, I put my Authelia to the test with it, but to make it part of my structure I need to resolve some situations. I can't get the NOVNC CONSOLE inside PROXMOX to work with NPM + Authelia... it always says connection. Has anyone found a solution they can share?
Outstanding work.
Thank you very much.
Nice quick overview.
I hope it was helpful.
Awesome guide, been following and all good but I cant access to any host after adding the Advanced info.
Hosts looks offline in NGINX and got this error in Chrome : ERR_SSL_UNRECOGNIZED_NAME_ALERT
Can you assist please?
I've never run across that error, you may want to reach out to the authelia team and see if they can provide some help.
@@AwesomeOpenSource solved , thanks
@@JanDemore i've the same error. How do you solved it?
Sorry but I can’t reminder, I think I I have edited something
The nginx docker-compose.yml that is pulled in your script no longer comes with the mariadb config preloaded in it. It seems like nginx has removed it for whatever reason. It will have to be added manually unless it's no longer needed.
I removed it based on the project setup. I'm simply following what the project uses to try and keep up to date.
Hey Brian , Thanks Awesome content. Please do a Fineract
Let me run through it and see what I can figure out. Looks like it has a Docker-compose option already.
this is awsome thank you so much
My pleasure.
Thank you for your efforts. When doing my docker-up, I am getting i/o errors connecting to redis. I vaguely remember having similar troubles in some things because I am running ubuntu virtual machines as these hosts and there was something about being docker in vms and privileged mode. I'll keep investigating but if anyone has insight please let me know.
This video is a bit old now, so things may have changed a bit. Please make sure to check the source for any updated compose files, etc. Sounds like you're doing that already.
just comment the redis part in configuration.yml and remove the redis container in the authelia yml docker compose file
Great Video.Thanks
My pleasure.
Hello, this is really a great tutorial. The first time I have (almost) managed to set up Authelia. My current problem is that after entering the login details in the Authelia window, the browser flashes briefly but there is no redirect to the app in question. Do you have a tip what the problem could be. Best regards, Eric
Not off the top of my head, but jump over to discuss.opensourceisawesome.com and send me a DM (@ mickintx) and I'll do my best to help you out.
@@AwesomeOpenSource I'm having the same issue
Curious about this as well. Following these instructions and other instructions that are older and newer, I'm able to get the Authelia portal page active on my local network. However, credentials do not work. When I input my UN/PW, the logs show successful 1FA attempt, but I don't login, and I don't get any error for UN/PW being wrong.
I'm having the same issue as well. Signing into Authelia works fine, but as mentioned, when trying to access an application through NGINX, the browser continues to load/re-load the app.
@@ceddytr7344 you and some others may be missing a critical few steps here. I just went through this so it might apply.
After you've entered a new proxy host and dumped the config file into the advanced tab and saved it, you have to go back and modify the authelia config file to teach it about the sites, then bounce the authelia container so it reads the new config. It's as simple as opening /home/Configs/Authelia and editing the configuration.yaml file. FInd the access control section. Add your new proxy host and what type of auth you want it to use (there should be entries or examples already, super simple). Save the file, restart the authelia container. See what happens.
Thanks for video, awesome (sic) as always. Have a newbie type question. I'm about to show my lack of IT security understanding, but how does this improve upon Nginx Proxy Manager's Access Lists? It is a very intricate and complex set up, and aside from the fact that it is fun and challenging, what type(s) of additional protection does it offer?
Not a newbie question at all. Yes, NPM has access lists, and you can and should use those where appropriate. There is no 2 factor with NPM auth however - which from a security standpoint is considered far more secure than single factor authentication 2 times. I also believe that as more applications get Auth capability with LDAP and / or OAuth, you'll see the ability to more tightly integrate something like Authelia with the application, and not just in front of it.
I love it!
Thank you!
so awesome! I'm trying to build a cloudflare tunnel so I don't need to open ports...can't seem to get authelia and nginx working...it's killing me
Cloudflare can be a bit tempermental for sure. Make sure you're using the tunnel IPs for redirect, and so on inside the Authelia config and NPM advanced sections.
Great Video, took me a couple attempts but i was able to get Authelia up and running. This might be a dumb question, but would you need to stop the container and run it again with the -d flag?
If you didn't run it with -d to start, then yes.
Is it possible to use this without exposing the port on the host machine? For example, assigning it to a docker Network and just using the docker name instead of the IP address in the configuration
You should be able to do that, but I believe all sites you use this with will need to be on that same docker network for the redirect that happens before the authentication.
@@AwesomeOpenSource would you mind or are you able to test it? I tried doing this and I kept getting a 500 internal server error
@@AwesomeOpenSource I managed to get it working using the docker names. I must have missed something the first time around when i tried! Thanks for your hard work on these videos!
Great tutorial, managed to get it working (I think). How do I know that Redis is managing the session? if I restart the Authelia container I don't need to login back again so that means Redis is doing it's job correctly?
That's a good question, but I actually don't know. I'd say it's a better question for reddit perhaps.
I get to the last step of adding the json info to one of my services I want to access behind authelia. As soon as I input the json info in the advanced tab (changing the appropriate entries to reflect my settings and hit save. Nginx Proxy Manager appears to set the status of that service to OFFLINE. If I go back and remove everything from the advance tab and hit save, Nginx Proxy Manager sets it back to ONLINE.
Can't seem to figure out whats went wrong with whats entered in the Advance Tab.
Interesting. I haven't seen that yet. Can you tell me what the service is you're setting up?
@Smoo Peezy Excellent info! I hope it will help others, and thank you for sharing.
@Smoo Peezy yes that's it. If you ever come across this issue, you have to look for typos in your configuration, that's usually the cause. You can investigate this by checking the Nginx Proxy Manager docker logs. Everytime you save a config, Nginx parses it and will output an error for that specific host. If you are using subpaths in the locations tab, it can even stop nginx from working for all hosts! So this is quite important to know.
Love the Tutorial only did not get it to work. I have nginx already installed on my raspberry pi 4. Got already plenty docker containers. Not sure what I did wrong tried it 3 times to the tee. Can some one help ?
jump over to discuss.opensourceisawesome.com and post, and I'll be happy to try and help. You can use Google, Github accounts if you don't want to sign up for the Server.
@@AwesomeOpenSource thank you I will check it out
got it to work and love it
What app are you using on your phone to get the MFA code?
I like FreeOTP if it's just for OTP, but generally I use my BitWarden app for OTP and Username and Password all together for various logins.
Hi , Thank you for the nice video it help a lot ,
I want to use authelia with remtely ,
when authelia is up and i try to use remtely the agent cant get the Id
do you have any suggestion ?
tky
The issue here is that Authelia is a block-point to th ewebsocket that the agent needs in order to connect all the way to remotely. The agent is essentially hitting the Authelia wall and not able to get through to remotely. So, nothing that I'm aware of that can be done here., but you might ask over on the Remotely github.
@@AwesomeOpenSource Thank you
Good stuff thanks
You bet.
Can you do a tutorial on keycloak?
I’ll take a look at it.
AWESOME Video! Loved it..... BUTTT Can you go in to depth on 2 things.... How to setup the 2factor OTP, AND then show a differnce between the NPM advanced authelia server config, and a service config for another external service.... say lidarr.... look forward to seeing your reply.
Bet I can. Let me work on it.
@@AwesomeOpenSource Awesome, Thank you. I figured out my issue with the advanced config, it was an oversight and neede to read the shownotes.... just having a side-by-side would have been nice to see.
@@AwesomeOpenSource what app are you using to get the otp?
@@carlapr97 on iOS I was using FreeOTP for everything. I really like that one, but have been moving my personal stuff over to BitWarden lately as it’s all there together.
@@AwesomeOpenSource thanks! do you know if the 6 digit code could be replaced with fingerprint/face ID, that would be really cool!
Has anyone tried this with bitwarden
You can put this in front of bit warden, just remember it's not an integration, but an extra layer of protection.
@@AwesomeOpenSource so as it's not an integration can I get authelia to do the 2fa instead of bitwarden
Really really fantastic overview and tutorial. First time I have been able to actually get authelia to spin up,
However, I login fine with the credentials setup. I am then challenged to setup 2FA. When I click 'Register Device' to setup I get an error 'There was a problem initiating the registration process!'
#
Any Ideas anyone, so close but completely stuck now.
I haven't seen that issue, but my video is a bit older. I tried to update my yaml to some recent changes for the configuration file, but still may need some work. The @IBRACORP channel just did a great update to their Authelia video, and I highly recommend it as well. ruclips.net/video/IWNypK2WxB0/видео.html
Your tutorial does not work anymore, you should mention this
Can you tell me what specifically you are having trouble with? I haven't had any issues with it.
True, i did EVERYTHING checking all steps 3 times, doesnt work...this was a pain to setup and now im reading everything in the Authelia docs to figure out how to make this work.
I'm getting to the auth page, but the 2FA doesnt work, the mail is delivered, but i cant register my 2FA device, docker logs are not helpful either.
TFS
My pleasure.
Surprised to see bash scripts instead of ansible.
I don't know ansible, and bash is built into most Linux and Mac distos.
I'm more surprised to see "open nano, select text in the browser, cope, paste into nano" instead of curling or wgeting the scripts.
Don't watch this. What a mess.
Sorry you feel that way.