Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
    Calan0n#4708
    @_discord_795033081592414208:t2bot.io
    [m]
    now I have this
    mikhail
    @mikhail:mehome.dev
    [m]
    so in his config he first has policy: two_factor for ALL domains, that means the bypasses under it wont work right?
    Calan0n#4708
    @_discord_795033081592414208:t2bot.io
    [m]
    oh really?
    mikhail
    @mikhail:mehome.dev
    [m] 
    access_control:
  default_policy: deny
  rules:
    - domain: "*"
      policy: bypass
      networks:
        - 192.168.1.0/24
    - domain:
        - 'radarr.domain.com'
      resources:
        - '^/api([?/].*)?$'
      policy: bypass
    - domain:
        - 'sabnzbd.domain.com'
      resources:
        - '^/api([?/].*)?$'
      policy: bypass
    - domain:
        - "*.domain.com"
        - "domain.com"
      policy: two_factor
    try that
    James
    @james:authelia.com
    [m]
    It does, but if all your rules to override default behavior are before rules that indicate your default it should be fine. Let me check the actual rules one sec. 
        - domain: "*.domain.com"
      policy: bypass
      networks:
        - 192.168.1.0/24
    I'd do that one instead
    The rule order looks fine to me
    Calan0n#4708
    @_discord_795033081592414208:t2bot.io
    [m]
    ok thanks
    James
    @james:authelia.com
    [m]
    oh wait
    mikhail
    @mikhail:mehome.dev
    [m] 
        - domain:
        - "*.domain.com"
        - "domain.com"
      policy: two_factor
    that on line 8 doesnt matter?
    1 reply
    James
    @james:authelia.com
    [m]
    Mikhail is right
    mikhail
    @mikhail:mehome.dev
    [m]
    :D
    James
    @james:authelia.com
    [m]
    I was reading theirs by accident lol
    mikhail
    @mikhail:mehome.dev
    [m]
    Ok so i understood it right, it walks from top to bottom, first rules it matches => the one it takes
    if it finds nothing => default_policy
    James
    @james:authelia.com
    [m] 
        - domain:
        - "*.domain.com"
        - "domain.com"
      policy: two_factor
    That rule makes all subsequent rules implicitly ignored
    Yep, first rule that matches a request is applied.
    Just like firewalls
    mikhail
    @mikhail:mehome.dev
    [m]
    Calan0n: for your config: just set the default_policy to two_factor 
    access_control:
  default_policy: two_factor
  rules:
    - domain: "*"
      policy: bypass
      networks:
        - 192.168.1.0/24
    - domain: radarr.domain.com
      resources:
        - '^/api([?/].*)?$'
      policy: bypass
    - domain: sabnzbd.domain.com
      resources:
        - '^/api([?/].*)?$'
      policy: bypass
    Calan0n:
    Calan0n#4708
    @_discord_795033081592414208:t2bot.io
    [m]
    @Mikhail James it works perfect
    wtweeku
    @wtweeku:matrix.org
    [m]
    https://www.authelia.com/docs/features/2fa/push-notifications.html
    how do i make an account in duo.com
    mikhail
    @mikhail:mehome.dev
    [m]
    https://signup.duo.com/
    wtweeku
    @wtweeku:matrix.org
    [m]
    image.png
    1 reply
    why does it need all of this info?
    wtweeku
    @wtweeku:matrix.org
    [m]
    sick
    jaen
    @jaen:matrix.org
    [m]
    Hi, how hard would it be to get authelia/authelia#2845 (or similar) in? I'm especially interested in the invite-only mode (kind of makes me want to try Authentik, but then I remember it doesn't have as good configurability via config files as Authelia has). My knowledge of go is mostly limited to "it's just C with a garbage collector and CPS, what's the big deal", I've done a fix or two to traefik.
    tweek
    @wtweeku:matrix.org
    [m]
    i managed to get it to work with authelia
    it's awesome
    i wish there something foss like it tho
    1 reply
    Astral#0524
    @_discord_247176974164819968:t2bot.io
    [m]
    Just know duo is optional
    Southpaw1496#1397
    @_discord_349852668812066817:t2bot.io
    [m]

    Hi

    I'm wondering if Authelia would be appropriate for my use-case, or if I should look for something else:

    Basically, I have a few servers on my home network containing things that I might want to access over the internet, but since exposing things on your home network to the internet is a terrible idea, I'm going to use Cloudflare Tunnels to secure them. Tunnels is part of Cloudflare's Zero Trust offering, which also seems to be able to lock webpages behind a login gate for extra security, however, because it's designed for enterprise, it only supports SSO systems. After giving up on Keycloak, I found Authelia and noticed it has OpenID support, however, looking at the documentation it seems that my use-case might not be an intended one. But would it work?

    I have realised that I could forgo Cloudflare's authentication altogether and just use Authelia to secure everything, but would Authelia work with Cloudflare's system as well?

    2 replies
    Astral#0524
    @_discord_247176974164819968:t2bot.io
    [m]
    There's someone here that has that setup
    With CF's auth passing over to Authelia
    Southpaw1496#1397
    @_discord_349852668812066817:t2bot.io
    [m]
    Well, that's a good start then
    tweek
    @wtweeku:matrix.org
    [m]
    someday..
    James
    @james:authelia.com
    [m]
    DUO is one of the more respected ones in the industry though, they do offer a lot of open source projects as part of their security labs research
    Just not the duo backend itself
    In addition most people find Authelia averages 15-35mb of RAM (I see about 20 most days), and an average of 0.01% CPU utilization.
    Ornias#9313
    @_discord_181665085700308993:t2bot.io
    [m]

    Folks, the recent changes of openidc seems to have broken the nextcloud connection I had...

    what are the required changes away from previous setup to... like... not break?

    Maybe we can add it to the docs, so there is a functional basic example for nextcloud-oidc-login setup?

    James
    @james:authelia.com
    [m]
    Maybe supply your config, logs, version, etc. We're not mind readers. As far as the docs I believe the new docs have a nexcloud community doc, which should suffice, otherwise anyone can PR one and/or changes.
    Specifically version you had no issues on and version you had issues on
    2 replies
    tweek
    @wtweeku:matrix.org
    [m]
    image.png
    1 reply
    this is for bitwarden (vaultwarden)
    it didn't work however
    msg="Access to https://pw.example.com/identity/connect/token (method POST) is not authorized to user <anonymous>, responding with status code 401" method=GET path=/api/verify remote_ip=x