Authelia | Authentication for Traefik - Ultimate Guide / Keycloak alternative

Поделиться
HTML-код
  • Опубликовано: 24 дек 2024

Комментарии • 30

  • @techwithmarco
    @techwithmarco  Год назад

    🔐If you want to improve your security stack even more, head over to my newest video about using a docker-socket-proxy instead of using it directly mounted from the host system!
    ruclips.net/video/bOmnkJYv39M/видео.html

  • @olsenlid
    @olsenlid Год назад +5

    I made several attempts to configure Authelia a few weeks ago, but I was unsuccessful. However, after watching your video and going through it quickly, I was finally able to reach the sign-in page of my Authelia stack. I wanted to express my appreciation for your excellent work. Keep it up! :)

    • @techwithmarco
      @techwithmarco  Год назад

      Very kind of you! I am really happy that I could help you out! 😊

  • @dalgardnerd
    @dalgardnerd 10 месяцев назад

    I have watched so much content on traefik and authelia and struggled so hard until now. Your two videos on the subject are so great. Thanks!

    • @techwithmarco
      @techwithmarco  9 месяцев назад

      Glad to hear that! Hope you having fun configuring your instances!

  • @avdokuchaev
    @avdokuchaev Год назад

    Great guide. Previously, I didn't know how to make these settings and wasted a lot of time. Now I managed to set everything up. Thank you very much for the excellent instructions!

  • @FedorRasputin
    @FedorRasputin 2 месяца назад

    Awesome! Thanks for video.

  • @justhackerthings
    @justhackerthings 7 месяцев назад

    Thanks for the great video! It helped me a lot!

  • @jkandersen
    @jkandersen Год назад

    great thing - saved a lot of headaches.

    • @techwithmarco
      @techwithmarco  Год назад

      Always happy to save someone a headache :)

  • @Invaderjason123
    @Invaderjason123 4 месяца назад

    Is it possible to use dockge instead of portainer?

  • @cybr774
    @cybr774 Год назад

    Nice video as always!
    I'm curious how you setup your instance running docker, do you setup anything in particular to secure it? Like changing the docker namespace?

    • @techwithmarco
      @techwithmarco  Год назад

      Thanks @Nemesees !
      For this demonstration purpose I did nothing in particular to harden the server completely because I shut it down afterwards. But in other cases I mostly do stuff like denying root logins, disable pw logins, only allow ssh logins and sometimes extend ssh logins to provide a totp. UFW is a nice tool which I enable, and extend to work with docker (github.com/chaifeng/ufw-docker).
      On traefik I use crowdsec, and sometimes authelia. You could extend this with really private services to run only in a private subnet and make them accesable via a vpn connection or tailscale... millions of possibilities 😄
      But until now I did not use docker namespace remapping. I will check that out and will learn how to do it. Thanks for the hint!
      And sometimes I use cloud-init scripts or ansible playbooks, and sometimes do it with my bare hands, as it is fun (only when you do not too often 😄)
      What do you usually do to harden your servers?
      Maybe I can create a video about different possibilities to harden servers :-)
      Cheers!

    • @cybr774
      @cybr774 Год назад +1

      @@techwithmarco Thanks for the detailed answer.
      As of now, I always apply the standard techniques to harden a server (such as no root via SSH, no password auth and only with key pairs etc), then I change the namespace by following the simple guide on the docker documentation so that the containers don't run as root. Unfortunately, by changing this particular setting, I often find myself having to pass in the docker compose files the parameter "userns_mode: host" due to the fact that some services containerized require higher privileges.
      I'm always on the lookout for possible ways to harden my servers and by not blocking too much that it becomes hard working on them.

  • @RR-vi1oz
    @RR-vi1oz Год назад +1

    Great video, Thank you

    • @techwithmarco
      @techwithmarco  Год назад

      Thanks! Always appreciate these comments 🙂

  • @TheOnlyEpsilonAlpha
    @TheOnlyEpsilonAlpha Год назад +1

    Great Video, i'm more familiar with portainer config, but not with oauth. I guess you have to map a certain group in authelia with a group in portainer. Or you can map the new user in portainer manually to the correct user rights, but i guess that is not that fancy ;)

    • @techwithmarco
      @techwithmarco  Год назад +1

      Yeah it's not that fancy, but if it serves the purpose then I guess it's okay 😀
      But I you are right, you can map specific groups of portainer to some custom claim in the token, which contains the groups of Authelia!

  • @YTDIMIR
    @YTDIMIR Год назад

    Super, weiter so. 😎

  • @cafetaha
    @cafetaha Год назад

    could i implement it as authentication tool for a google site ?

    • @techwithmarco
      @techwithmarco  Год назад

      That won't work because you do not have the control over the google site, to redirect to your authentication website.
      Correct me if I'm wrong about your setup 😄

    • @cafetaha
      @cafetaha Год назад

      so i need to use a google product as an authentication tool in my google site , i just want to make members area page that will be inaccessible to non members thank you :) @@techwithmarco

  • @ИванРагозин-я8я
    @ИванРагозин-я8я Год назад

    Somebody tell this guy that the code should be shown in large print, otherwise the video just wants to turn off

    • @techwithmarco
      @techwithmarco  Год назад

      I already tried to do that in my newest videos :)

  • @ronnybeer471
    @ronnybeer471 Год назад

    Nice video. Would it be working with OpnSense and HAProxy as Reverse Proxy? I have some difficulties with that Combination. Great Job.

    • @techwithmarco
      @techwithmarco  Год назад

      I am not sure as I have never used HAproxy, nor OpnSense...
      All I can do now is guessing 😄

  • @nicoladellino8124
    @nicoladellino8124 Год назад +1

    Very useful video, THX.

    • @techwithmarco
      @techwithmarco  Год назад

      Thanks! Always appreciate these comments 🙂