Be sure to watch this video if the container wont' deploy and you you get errors in your container logs: kzread.info/dash/bejne/e6mko9WEYMjHnrg.html

@miggywiggy1988

2 жыл бұрын

Hi DB Tech, I follow most of your videos for guidance in deploying my containers. Can you possibly do a video on Authentik? I haven't been able to get it up and running. I've been using Authelia using this video but I'd like to try Authentik.

@naveenchandra6526

Жыл бұрын

@@miggywiggy1988 Authentik is way messier than Authelia, only if you need multiple flows switch to Authentik.

PRO TIP ---- If you're using a Gmail account, before you enter your configuration details at 18:00 go into your Google account settings, then security, then generate an App Password. This ensures that you have a single-use password for this program with it's own unique identifier, and it is not the same as your "normal" email password, and it also won't be challenged the same. It'll break if you don't do it this way with many old fashioned authentication schemes.

I just found the channel and your videos are exactly what I wish I found a year ago. You’re so easy to watch and so informative. Definitely a top tier contributor in the youtube homelab community.

I'm very late to this tutorial, as it's only something I've felt the need for recently. That said, thanks for another great tutorial (I know I've used at least one of your's before for something else, but I forget which one). I could trawl through all of the documentation for Authelia, and figure it out myself *eventually*, but it's always really time consuming. Your vids are a huge timesaver, as you condense things down to what we need to know, and you explain it really well; pretty quickly, but step by step and comprehensively. Easy to follow, even for beginners in the home server space. Bookmarked, and I'll go through this tomorrow (although it'll take some time to get through my 23 container setup). Thank you.

This worked like a charm. Thank you SO MUCH for putting this together. There is very little info on how to set this combo up, but your documentation has proved invaluable.

@DBTechYT

2 жыл бұрын

Great to hear!

@jamesdanielelliott

Жыл бұрын

@@DBTechYT There's actual an official guide now which has a method to simplify the advanced tab. That being said it is not geared towards portainer (more docker compose) and it requires a manual mount of a snippets directory that you add files, other than that it's very simple to implement.

Very helpful. Got me throught and was able to get Authelia up and running on my end. Tutorial still relevant as of July 2023

There is a tabulation before the comment line in "users_database.yml". My authelia container wouldn't start at all, removed the tab that's did the trick. Thank you very nice vid and well explained !

superb video, I thought setting this up was going to be a nightmare, but you've made it very manageable

This is gonna be REALLY helpful. Lots of great info here. Thank you so much for putting this together. As always, it was well explained. I definitely feel like I have a somewhat better understanding of what's going on here.

@DBTechYT

2 жыл бұрын

You are so welcome!

@markc7933

2 жыл бұрын

Right this is going to be a rewatch till I get it. But it’s what I’ve been looking for. This is the best channel to pick this stuff up!

This is a great tutorial!! Was looking to set up Authelia with Nginx Proxy Manager for a while but didn't find anything useful until I checked your channel. Great video as always ❤

@DBTechYT

2 жыл бұрын

Glad it was helpful!

Fantastic guide! Thank you so much, helped me get this all running in no time after struggling with other options :)

🎆🎆🎆 Find me on social media or support the channel here: dbte.ch/

Thank you! Very inspiring video! I'll use this auth in my serup. Love your content bro, you are laways amazing. You save me so much time researching

Well done. Thanks for all your hard work. I won't be implementing this right away but I watched it through just to get an idea of what's involved.

This was very helpful thank you. In regards to the "sessions:" variables @ 00:16:02. You can actually fill in minutes, or hours. You just have to denominate them differently, e.g. "expiration: 5m", or "expiration: 1h", instead of "expiration: 3600" And as @glassman3333 has pointed already, changing the name, as shown @ 00:29:43, is obsolete. You're just a changing a variable name that is being referenced in the next line. So all you have to do, is to make sure that it is consistent between the two, but you don't have to adjust it.

Thanks for this video about this awesome open source tool. I installiert it a few weeks ago and I love it! Now I have 2fa for every software that I would like to reach from outside my homelab! It‘s really great!

@DBTechYT

2 жыл бұрын

Very cool!

This is the best Authelia tutorial have come across. All my doubts are absolutely clear. Cheers!

@DBTechYT

2 жыл бұрын

Wow, thanks!

Thank you very much!! Absloutelly incredible job. I've seen the video twice: once for preparing, the second time for action and it worked flawless!!!

@DBTechYT

2 жыл бұрын

That's awesome!! I'm glad it was helpful!!

@tiagoriserio6334

2 жыл бұрын

@@DBTechYT Any tips on how to fix 403 forbidden? The first two containers I tried had no issues, but then I'm suffering with 403 forbidden after filling authelia. For example: it worked perfectly on Radarr or Bazarr, but there's no way to make it work on sonarr or homer dashboard. Thanks in advance!

This video was super helpful! Thank you for putting all of this together. I really appreciate it.

Easily one of the best videos for setting this up. Even using a different OS (TrueNAS), I was able to set it up without issue. Thanks!

@DBTechYT

11 ай бұрын

Glad it helped!

Thank you very much. Thanks to your tutorial I finally got Authelia up and running. Very good explanation that could be taken over 1 to 1 so with me without problems

@DBTechYT

10 ай бұрын

Glad it helped!

I really like the way you explain things. you have a great talent to deliver the message in a simple way, and make everything looks easy. Thank you.

@DBTechYT

9 ай бұрын

I appreciate that!

Best tutorial on KZread, Thank you I tried other tutorials and they all failed to work for me. Brilliant and really well presented... Subscribed Thank you.

@DBTechYT

2 жыл бұрын

Great to hear!

Fantastic walkthrough. I had commented on this topic on another authelia video of yours, promising I'd come back and review this video on nginx proxy and authelia working together. I've had this working on my personal stuff for about 6 months now without issue... but I went through absolute hell getting it going at first because of the limited and/or poor documentation on the topic. I'm rather proud to say that my solution was effectively the same as yours - but I could have saved about three days of slamming my head against nginx proxy manager to get it going if I had your video and templates to get me going. Your formatting is better than mine on your templates, so Im going to be going through all subdomains and just use yours. This was an excellent video making a fairly advanced topic manageable for a newer power user. Thanks for the great solution and the templates!

@DBTechYT

2 жыл бұрын

Thank you so much for this! It took me a while to figure out and I wanted to try to explain it in a way that made it easier for others :)

@omgMBP

2 жыл бұрын

@@DBTechYT yeah. This video should be a sticky over at authelia. Seriously. Ps: maybe worth adding a comment pin that this config will fail without adding that new requirement for a secret key in authelia config? Or have you updated the template? Edit: ohh. Hahaha I see you already did. Nice!

@DBTechYT

2 жыл бұрын

Yep. Even made a follow-up video about it :)

respect for all of your hard work and wunderful help to get this running at my side, you made my day. its working fine.

Great video! I dumped Traefik when I found NGINX Proxy Manager and this video is perfect for integrating Authelia. Thank you!

@DBTechYT

Жыл бұрын

Outstanding! Really glad to hear it! If you find my content helpful and would like to get ad-free access to a growing library of content, you can join my Patreon: www.patreon.com/dbtech or my private member site: dbtech.fans

It was very helpful and I spend today to secure all my services behind authelia and SSL. Thank you so much.

@DBTechYT

2 ай бұрын

Great to hear!

Thank you! This is what I've been looking for for so long.

@DBTechYT

2 ай бұрын

Glad I could help!

Fantastic!! This video was great, worked like a charm

Thank you! This tutorial helped me so much! I've spent countless hours trying to get Authelia running with NPM, with no luck. I've tried so many different variations, trying it with mariadb and whoami etc, following various tutorials. All of it was very hard to understand, and had zero success. This was by far the easiest to follow and most successful for me. I did have to make some changes to configuration.yml to get it working properly. I think some of the syntax you've used has changed. Some of it was just deprecated, but in other places, it just didn't work. After reading the logs though and comparing them with the Autherlia documentation, these were easy fixes. Just thought I'd mention it in case you wanted to update the config examples on your website. I learnt a lot from the process though, so these were "good" errors for me. Thanks again.

Excellent video I was able to get it working without too much trouble. btw, I think you should build on this further with another video showing full SSO into some standard applications like Bookstack and Portainer as to show the power of it all working together.

@DBTechYT

2 жыл бұрын

Thanks for the tip!

Reallly, really fantastic video, and I am using this configuration now for my sites and containers. I woudl love to see a follow (Part 2) showing 2FA and DUO Push?

Love your guide got it working on my homelab thanks to you

I just discovered your channel. I liked, subscribed and this video is bookmarked. Thanks

Thanks for this! Well worth the wait got it rolled out this evening and it solved my biggest problem!

@DBTechYT

2 жыл бұрын

That's awesome!! Glad to hear it!

@jakewhitworth5813

2 жыл бұрын

@@DBTechYT being able to reach out for help was really refreshing, do you run a discord server or anything? Its something I'd pay a subscription fee to especially if it meant discussing ideas like this?

@DBTechYT

2 жыл бұрын

I've got a Patreon with different levels of access and some of them include Discord benefits: dbte.ch/patreon

so happy to hear I'm not the only one that isn't a huge fan of Traefik.. I think NPM is just easier to use. Great video!!!!

@DBTechYT

2 жыл бұрын

Thanks!! And, yeah, I REALLY prefer NPM over Traefik for my use-case.

this is great! i would love a part 2 on setting up an ldap backend for the user accounts using something like freeipa or glauth.

@IBRACORP

2 жыл бұрын

We already covered this a while back, check it out: kzread.info/dash/bejne/nauT0tGhkq6rY7w.html We also have the config for FreeIPA/Authelia in our docs: docs.ibracorp.io

@neo85271

2 жыл бұрын

@@IBRACORP Your video skips ldap configuration entirely. Did you reply to the wrong person?

Thank you so much for all your work on this. It was a great video. The one part I was a little confused about was in the section where you made the protected domain conf. After looking at it for quite a while, I believe you can set your "set $upstream_" to whatever name you want, as long as the line below it matches, because we're setting a variable, correct? Also, I found that if you then simply define that variable name to "$forward_scheme://$server:$port;" to finish out the line (like you had it initially), it will always work (instead of putting in the actual server name and port). This is because $server and $port are already defined as the "Forward Hostname / IP*" and "Forward Port" values that we setup in the initial Proxy Host entry. I'm really just looking for some clarification, because I set it up this way, and it seems to be working. This is probably what you meant, and I just misunderstood along the way. Again, thank you for all your really hard work. I don't think there's any way I could've set this up successfully without your video.

@FreddieDK

Жыл бұрын

This should be a pinned comment. Saved time and confusion.

@BobbieERay

Жыл бұрын

I agree and I was puzzled about this as well. In essence, you're just a changing a variable name that is being referenced in the next line. So all you have to do, is to make sure that it is consistent between the two, but changing the name is obsolete.

Amazing video. Very well explained, made it super simple to get this set up. Many thanks

@DBTechYT

2 жыл бұрын

Thanks for watching

This video has been extremely helpful! Now my apps are finally secured :) Thanks!

@DBTechYT

2 жыл бұрын

Great to hear!

Bloody beautiful work man! Cheers!

@DBTechYT

2 жыл бұрын

Thank you! Cheers!

This was great! Thank you so much!

You can use docker container names instead of ip's in nginx proxy manager, just connect your containers to a network with user specified subnet.

OMG FINALLY. I GOT IT WORKING FOLLOWING YOU GUYS!!! YOU ARE LEGEND AND A SAINT

Thank you so much for this! Great tutorial.

Great tutorial! I will love to see a second part video setting a yubikey or any sort of 2FA

@DBTechYT

2 жыл бұрын

Definitely planning on this! :)

@iamrage4753

Жыл бұрын

@@DBTechYT can you refresh this guide to use caddy v2 instead of nginx please

@DBTechYT

Жыл бұрын

@@iamrage4753 Thanks for your comment, but I have zero interest in Caddy. for that matter, I don't use Nginx Proxy Manager any longer either.

@iamrage4753

Жыл бұрын

@@DBTechYT so what do you now use? thanks

@DBTechYT

Жыл бұрын

I use CloudFlare Tunnels for my remote access. Doesn't require any ports to be open on my network, I can control access to my services based on things like IP address, email address, and more. I don't use single-sign-on, so I've never investigated whether or not CloudFlare Tunnels supports it.

Great video for Nginx Manager users!😃

Hi there! Great video! I have a question for you. Is there a way to disable all published ports for the secured containers and let them be accessible only from authelia, and not from the other local hosts in the local network?

Massiv Video Thanks a lot for this very good video and updated configs!

@DBTechYT

Жыл бұрын

Happy to help

So many thanks for this awesome tutorial. 😃

@DBTechYT

2 жыл бұрын

Glad it was helpful!

many many thanks this worked awesome!

@DBTechYT

Жыл бұрын

Glad it helped

great instructions. keep up the good work

Hi very good job, much appreciate. I'm using nginx + Cloudflare as you explained in another video, but the integration with Authelia isn't working. Authelia works on its own, but the redirection system in the 'advanced' settings isn't functioning. I read that I also need to create redirect transformation rules in Cloudflare, but it's difficult for me. If you have any ideas, I'd appreciate it. Thanks again for your help

Thanks for the explanation I've got it working on one subdomain. So lets see if we can two factor authentication running also, because the we have the best security for now.

@DBTechYT

2 жыл бұрын

Fantastic! Definitely going to look at adding an authenticator app or hardware key to the setup soon!

Hello, thanks for all your content, it's very helpful and well explained. I don't know if I'm the only one, but the port 587 for the smtp configuration of gmail doesn't work, I've to use the port 465. And if you have a firewall on your system, don't forget to open the port 9091 ;)

Hi dude great video! I want to ask a question, is it possible to set up a subdomain which is on another server that hasn't nginx proxy manager?

the video is awesome, i'll put it on my joplin note for now

Thank you for the video!

@DBTechYT

2 жыл бұрын

My pleasure!

Thanks so much for posting this! I’ve been searching for a while for a more succinct video that just gets through the basics. Yours is the first I’ve found that checks all the boxes I was looking for. But since this is a couple years old already, hoping you even see this comment, is there any aspect of this that has changed since then that could bork my set up? I’m thinking about giving this a shot tomorrow.

@DBTechYT

4 ай бұрын

Thanks. This video was a pain to shoot, so I'm glad it's helpful. I haven't used this setup since a couple of months after I shot it. I use Cloudflare Tunnels for all my remote access needs.

@RobKraut

4 ай бұрын

@@DBTechYT yeah. I’ve been hearing about those as well. Not entirely sure what they are, but if you use them, do you not need Authelia at all? The single sign on with 2FA option is what I’ve been after since right now I just have reverse proxies set up through my own domain and using my NAS as the web server, using each app’s auth options (a pain). The goal is to be a little more portable with my setup, and not tied to Synology’s infrastructure as much. Also, just trying to learn more about this. I caught the self-hosting bug instead of COVID during the pandemic. 😜

@RobKraut

3 ай бұрын

@@DBTechYT FYI, apparently they made changes to the Authelia config a few weeks ago. Your template files are unfortunately out of date now. I'm working on changing my setup to match the new structure, and if I ever get t figured out, I will share it with you to update your templates, if you'd like. (you might be faster at it than me to be honest... I'm still trying to get it up and running in the first place)

Thanks a bunch for this Tutorial David. Been waiting for such a Tutorial. Going to try it this coming weekend. Now all I wonder is, can I also make Authelia authenticate for containers that already include authentication, like bookstack?

@DBTechYT

2 жыл бұрын

I'm not sure if that's possible, but it would be cool if it did. I think you would need something like LDAP setup for all of the involved containers, but I might be mistaken on that.

@bootifulghost8624

2 жыл бұрын

@@DBTechYT Yeah this would solve a big issue I currently have, as we're running multiple services with authentication and for every service it's a new login... thanks I'll see if I can find something with ldap

This is really helpful! Does this setup prevent direct access via the ip and port, while on the internal nw, or is that handled separately?

@DBTechYT

2 жыл бұрын

You can still access locally without Authelia. This is just a layer of protection when you're accessing from the internet

excellent video. If your using a web app that comes with it's own login configuration (jellyfin) is it possible to get Authelia to log in for you?

Thanks for the good content, I hit subscribe button

@DBTechYT

2 жыл бұрын

Awesome, thank you!

in this way it does not matter which ip adress you fill in to forward to in Proxy manager because when i change it it always go to what filled in in the custom config right

Great tutorial as always. Question and a pointer: 1. Does this work on Raspberry pi as it throws error on it? 2. You omitted the need to add restart: unless-stopped (or always) on the docker compose else if the docker host restarts, Authelia container wouldn't restart automatically and that means all hosted apps will become inaccessible/unreachable

@VinodBaliga

Жыл бұрын

Works on Rpi for me. Except for different issues I faced (posted in my comment earlier today).

Awesome tutorial thank you! One bit that I cannot overcome is finding the configuration.yml file after deploying the Authelia stack. I know it may be a stupid issue but I am a newbie and for the life of me I simply cannot go further with the setup. On your video you ssh to your server and I get that, but how do I find this configuration.yml file in Docker Desktop (Windows 11)? Do I need a WSL distro installed as well? In the docker-compose script I have the mount location exactly as in your video but when I go there the folder, it is empty (!) Any help would be greatly appreciated :)

excellent content - thanks for sharing

@DBTechYT

2 жыл бұрын

Much appreciated!

First, I love all of your videos, I would not be here now if they did not work. I got everything working. Thank you. BUT, for the life of me, I can not get any of the authelia enabled NGINX hosts to work for devices on other ip's!

Thanks for your tutorial. In the "protected-domain-conf" you have set "set_real_ip_from 192.168.1.0/16; #make sure this matches your network setup" at the very bottom. Shouldn't the /16 be /24 as in the authelia-conf? I kept getting the error "low address bits of 192.168.178.0/16 are meaningless", so I changed it to /24 and the error disappeared.

Wish the username could random then setup 2FA to display the entered username on duo app. That way I can see who's trying to get access and accept/deny.

Great Video ! Thanks ! I also saw your video about Nginx + Fail2ban + Cloudflare but had too much ban with the filter regex npm - docker (just browsing my containers with a VPN makes me banned whereas I don't do anything suspicious). So i wanted to add an extra layer of security to my server with Authelia, but the question is : is it possible to log in to Nextcloud or Bitwarden through their phone app (or add on apps on firefox) with authelia enabled ??? Thanks for your answer and thanks again for the video !

@user-cu7us4vj1j

2 жыл бұрын

Hi! I have the same question ⁉️ Did you figured out an answer?

THANKS !

Have you ever gotten Remote Desktop Gateway to work with reverse proxy manager?

How to get Authelia to work with Nextcloud or Vaultwarden when the apps need to sync on various platforms or browser extensions?

How do you create server by ip forward instead of container?

Great tutorial, man. Just one question. It's returning a 403 Forbidden error after Authelia authentication. I don't know if you have a clue about what can be the problem. I have been following your tutorial entirely. Thanks in advance.

Your video helped me out. I was watching other tutorials that were overly complicated for my use. Now, I would like to figure out if I can use single-sign on and not have to login. As an example, Jellyseer has its own user/password. Right now, I get Authelia asking me a password - then get Jellyseer's.

Great video, thanks so much. For some reason setting domain in nginx does not work for me. I could access authelia via locval iip and port but not hte domain. I also have about 5 other apps that I access with domain creating on cloudflare and proxy manager. The only one I can not get to work is authelia.

Since you use your modem in bridge mode there is no need to double port forward there and the unify as well. Except the modem is used otherwise (not to pass the connection in order for the unify to terminate there)

@DBTechYT

2 жыл бұрын

I deliberately don't use it in bridge mode.

@ierosgr

2 жыл бұрын

@@DBTechYT Since I am why you don't?

Thanks for the tutorial! Everything worked great, except now I'm trying to make a LAN bypass rule, which doesn't work for some reason. I feel like this is probably down to me not setting the correct values in the nginx proxy manager config for the protected domain, specifcally this section: set_real_ip_from 192.168.1.0/16; #make sure this matches your network setup real_ip_header CF-Connecting-IP; real_ip_recursive on; If my servers are on the 192.168.5.0/24 subnet and my home devices are on the 192.168.10.0/24 subnet, what would be the correct value for the "set_real_ip_from" directive? Also, if not using Cloudflare proxy, can I remove the "real_ip_header CF-Connecting-IP;" line?

very good job, thanks for your tech share！😃

@DBTechYT

2 жыл бұрын

Thank you! Cheers!

Excellent video, I put my Authelia to the test with it, but to make it part of my structure I need to resolve some situations. I can't get the NOVNC CONSOLE inside PROXMOX to work with NPM + Authelia... it always says connection. Has anyone found a solution they can share?

Hey dbtech, thx for the tutorial! I cant access your domain. Where can i find the authelia configuration files?

Thank you so much for listening your subscribers:) btw, it’s much easier with traefik an you are wrong. With traefik and file config it’s very easy to config services on other VMs. (Just 2 blocks in config that defines router and service behind it) I have 1 file with all configuration, editing it with file browser or VScode, and you don’t need to use docker labels at all, (dam I hate this labels and always recreate containers when I’m screwed with it)

@AntonStolov

2 жыл бұрын

On the contrary, I really like the label format.

@DBTechYT

2 жыл бұрын

This is good info! Thanks!

@MrSnyaify

2 жыл бұрын

@@DBTechYT another + to traefik is backup, just copy 1 config from traefik container and place it anywhere where you want to reproduce your environment. This is so by the way. And one more thing, traefik middlwares + chains, work like a charm. I don't like syntax of Ngnix when you need something to tune... as for me it's hard :(

@AntonStolov

2 жыл бұрын

@@MrSnyaifythats right, 'bout backup of your proxy stuff with traefik it's super easy

Thank you and everything works well. So just a short question: Why do I need to match the upstream for the container name? It also works if i just type a random name inside the config. Would be cool to understand it :)

@DBTechYT

11 ай бұрын

I never actually used authelia for any time. I leaned just enough about it to show people how to install it and do the basics. I encourage you to check out their online resources for more information

@Animizio2024

11 ай бұрын

@@DBTechYT thank you

Great video, everything works great up until added the CONF to the proxies. I use the code and change it as suggested, but as soon as I do, it sets the proxy to offline. Not sure what I am missing here?

@techsolo121

Жыл бұрын

I know the solution! Whoaa after 4 hours of searching... In CONF for proxied host which should be protected, it isnt't allowed to have a character like a minus. NPM don't realise that the chars after the minus belongs to the variable. Also you don't need to set the dcontainer_name to the $upstream var, because it set by "Forward Hostname / IP*" and "Forward Port" in the previous step. Wrong: location / { set $upstream_uptime-kuma $forward_scheme://$server:$port; proxy_pass $upstream_uptime-kuma; Right: location / { set $upstream $forward_scheme://$server:$port; proxy_pass $upstream; Thanks at @glassman3333 for your comment, it helps me a lot! :)

@ncstr5842

9 ай бұрын

@@techsolo121 you / glassman3333 are goats, it finally worked! tysm

Again a very excellent video. But this time, I really am stuck when you do the advanced configuration. I am using Docker, not Cloudflare. What do I have to change at the bottom? Thank you.

@DBTechYT

2 жыл бұрын

Docker and CloudFlare aren't the same thing at all. CloudFlare is a reverse proxy service to help add security to your hosting. Docker is the platform we're installing our containers on. I HIGHLY encourage CloudFlare to hide your home's IP address from the public as well as adding DDOS protection, DNS management, SSLs, and more.

@MarcusZurhorst

2 жыл бұрын

@@DBTechYT thanks. I am bisecting the issue. Really strange. I checked 20 times, I have no typo. As soon as I add a few lines starting from "proxy_set_header Host $host; onwards, NPM displays the status as offline; When I comment those out, the status is online again. -- Does NPM itself write some kind of error log when it parses the advanced config? -- I only see access logs and error logs, but they do not cover this aspect.

Why use Authelia instead of setting up the access lists in NginxProxyManager? Why we need to run an additional container to add that extra layer of security? Is there something more to gain?

@DBTechYT

2 жыл бұрын

Honestly I've had mixed results with access lists on NPM. Authelia also allows you to add people to groups and then assign access to different applications based on those groups. Authelia also has a feature that will block people from accessing your server if they use incorrect credentials too many times. Again, this tutorial/application may not be for everyone, but it's been requested for more than a year in my comments section and I thought it was time to make a video about it :)

@fragoulisnaval

2 жыл бұрын

​@@DBTechYT You are right, blocking people out cannot be done using access lists. I will try setting this up over weekend if I find some spare time... Thanks again for this video!

i tried to add 2nd verification but it is not possible i can not get it to work... EDIt: mistake in the auth proxy host

i think this is like using HTTP basic auth on nginx, let's say if i want SSO to my private gitlab, how to achieve that? because i'm pretty sure after entering my user pass on the authelia, the gitlab login page still prompt me to enter the username and password

Please do a video on how to get authelia to work with Navidrome so one can use apps on your phone with it

Could you take a look at Ory Katros? Thank you!

Great video ! thanks for the tuto, I'm having only one issue at the end, after the redirection of auth to my apps I'm getting 403 forbidden openresty, any idea ?

@DBTechYT

2 жыл бұрын

Are you trying to access more than one root domain on your Authelia setup?

Can I use NGINX through a cloudflare tunnel and use authelia? I am removing Ubunu server and I will use proxmox.

@DB Tech, Thank you very much for this video again. Nice, I managed to configure everything like you and it works as you. But I think Authelia provides SSO and we should be automatically logged in into each container app. Which is not the case. Here Authelia is just a first authentication level, and then we must authenticate again with authentication form of each container app. I think something doesn't work completly. Furthermore, if we configure a NPM "Proxy host" using an "Access list" with "Pass auth to Host" enabled, same result, we need a log in twice. It souldn't.

@DBTechYT

2 жыл бұрын

You've got the wrong idea about this. Access lists and Authelia aren't meant to log you into apps, only to add another level of security to your server by making you PROVE that you're authorized. After you've proven that you're authorized to be on the server, then each app will have its own authentication at the application level. This is the intended use case.

@FanouLive

2 жыл бұрын

@@DBTechYT OK, maybe for NPM "Access list", depends on what we understand by "Pass auth to Host", just credentials or an authenticated session. But for Authelia, from their web site "Single Sign-On, Enable your users to login once and access everything." It's not really the case, it's not really SSO. I think something is missing, but can't find the solution for the moment. Maybe OAuth or OpenID configuration ?

broadly speaking, would this be a more secure approach than using cloudflare zero trust tunnels and their built in auth apps?

@DBTechYT

3 ай бұрын

There are a lot of things that can weigh on both sides of the answer here. I used authelia for a while. Then I found Cloudflare tunnels. With tunnels, there is no port forwarding and you've got world-class DDOS protection and security

Awesome video! Really helpful as all others you've posted! I'm however getting a Error 526 from Cludflare when trying to access: Invalid SSL certificate. Will try to check the config files and the advanced in the NGINX, however please let me know if you have any tips. :)

@DBTechYT

2 жыл бұрын

I guess it depends on how you setup your SSLs. I generate SSLs from CloudFlare and install them in NPM. Also, I've received this when I tried to access a domain that wasn't setup in my NPM or CloudFlare correctly.

@denisbizottotrinconi

2 жыл бұрын

Yes I set it up the Cloudflare SSLs and install in NPM. However I found out the issue I was having, and it happened with 3 different containers. I had my container named "proxy-manager" or "portainer-ce" then when I was filling the Advanced tab in NPM I was using: set $upstream_portainer-ce http...... proxy_pass $upstream_portainer-ce; I believe the hyphen causes a problem in the config. My solution was to remove the hyphen and then everything worked as it should. I believe underscore should be fine as well, haven't tested tough. Once again thanks so much for your video! :)

Hi there, great video but I don't think you ever did one on how to install Portainer on CasaOS which, by the looks of it, appears to be pretty vital to this video.

@DBTechYT

2 жыл бұрын

CasaOS is meant to be a standalone product that doesn't use portainer because it has its own installation method. Last time I checked, the CasaOS dashboard doesn't show docker containers that aren't installed via the CasaOS interface.

@elpresso1983

2 жыл бұрын

@@DBTechYT gotcha! Thanks =)

Just a small question, we already can a password with access list on the nginx proxy manager, what's different? Why we should authelia for password authentication? We can do it basicy on the nginx proxy with access list username/password

@FanouLive

2 жыл бұрын

Indeed, something similar

@okanerdem

2 жыл бұрын

@@FanouLive then we can use nginix proxy access list

@FanouLive

2 жыл бұрын

@@okanerdem Yes, but it's a really basic authentication form, and there is less available configuration options like explained @DB Tech in another comment

Hello, I really like your videos, I have a more particular configuration, maybe you can help me, because, I can't make it work: - I have a dynamic IP - I had to create tunnels with cloudflare (if I don't create the tunnel in cloudflare, I can't access my containers) - I use nginx proxy manager (no use if I don't have the tunnels created on cloudflare) My issue is that, I can log into authelia, but I only get redirected to the default_redirection_url (like the page that I'n looking for is not found) I have search all over the internet, I haven't found the combine settings : dynamic ISP, cloudflare tunnels, authelia. The problem with the cloudflare tunnels, is that I can't point to a subdomain to that tunnel, I have to create a new tunnel with the subdomain. Thank you for your time