mirror of
https://github.com/funkypenguin/geek-cookbook/
synced 2025-12-13 01:36:23 +00:00
Fix markdownlint, add Discourse page
Signed-off-by: David Young <davidy@funkypenguin.co.nz>
This commit is contained in:
David Young
@@ -242,8 +242,6 @@ services:
|
||||
1. Optionally used to test 1FA authentication
|
||||
2. Optionally used to test 2FA authentication
|
||||
|
||||
|
||||
|
||||
!!! question "Why not just use Traefik Forward Auth?"
|
||||
While [Traefik Forward Auth][tfa] is a very lightweight, minimal authentication layer, which provides OIDC-based authentication, Authelia provides more features such as multiple methods of authentication (*Hardware, OTP, Email*), advanced rules, and push notifications.
|
||||
|
||||
@@ -253,15 +251,15 @@ Launch the Authelia stack by running ```docker stack deploy authelia -c <path -t
|
||||
|
||||
### Test Authelia
|
||||
|
||||
To test the service works successfully, try logging into Authelia itself first, as a user whose password you've setup in `/var/data/config/authelia/users_database.yml`.
|
||||
To test the service works successfully, try logging into Authelia itself first, as a user whose password you've setup in `/var/data/config/authelia/users_database.yml`.
|
||||
|
||||
You'll notice that upon successful login, you're requested to setup 2FA. If (*like me!*) you didn't configure an SMTP server, you can still setup 2FA (*TOTP or webauthn*), and the setup link email instructions should be found in `/var/data/config/authelia/notifications.txt`
|
||||
|
||||
Now you're ready to test 1FA and 2FA auth, against the two "whoami" services defined in the docker-compose file.
|
||||
|
||||
Try to access each in turn, and confirm that you're _not_ prompted for 2FA on whoami-authelia-1fa, but you _are_ prompted for 2FA on whoami-authelia-2fa! :thumbsup:
|
||||
Try to access each in turn, and confirm that you're *not* prompted for 2FA on whoami-authelia-1fa, but you *are* prompted for 2FA on whoami-authelia-2fa! :thumbsup:
|
||||
|
||||
## Summary
|
||||
## Summary
|
||||
|
||||
What have we achieved? By adding a simple label to any service, we can secure any service behind our Authelia, with minimal processing / handling overhead, and benefit from the 1FA/2FA multi-layered features provided by Autheila.
|
||||
|
||||
@@ -272,8 +270,7 @@ What have we achieved? By adding a simple label to any service, we can secure an
|
||||
|
||||
### Authelia vs Keycloak
|
||||
|
||||
[KeyCloak][keycloak] is the "big daddy" of self-hosted authentication platforms - it has a beautiful GUI, and a very advanced and mature featureset. Like Authelia, KeyCloak can [use an LDAP server](/recipes/keycloak/authenticate-against-openldap/) as a backend, but _unlike_ Authelia, KeyCloak allows for 2-way sync between that LDAP backend, meaning KeyCloak can be used to _create_ and _update_ the LDAP entries (*Authelia's is just a one-way LDAP lookup - you'll need another tool to actually administer your LDAP database*).
|
||||
|
||||
[KeyCloak][keycloak] is the "big daddy" of self-hosted authentication platforms - it has a beautiful GUI, and a very advanced and mature featureset. Like Authelia, KeyCloak can [use an LDAP server](/recipes/keycloak/authenticate-against-openldap/) as a backend, but *unlike* Authelia, KeyCloak allows for 2-way sync between that LDAP backend, meaning KeyCloak can be used to *create* and *update* the LDAP entries (*Authelia's is just a one-way LDAP lookup - you'll need another tool to actually administer your LDAP database*).
|
||||
|
||||
[^1]: The initial inclusion of Authelia was due to the efforts of @bencey in Discord (Thanks Ben!)
|
||||
|
||||
|
||||
@@ -15,7 +15,7 @@ You too, action-geek, can save the day, by...
|
||||
2. Store your swarm configuration and application data in an [orderly and consistent structure](/reference/data_layout/)
|
||||
3. Expose all your services consistently using [Traefik](/docker-swarm/traefik/) with optional [additional per-service authentication][tfa]
|
||||
|
||||
Then you can really level-up your geek-fu, by:
|
||||
Then you can really level-up your geek-fu, by:
|
||||
|
||||
4. Making your Docker Swarm highly with [keepalived](/docker-swarm/keepalived/)
|
||||
5. Setup [shared storage](/docker-swarm/shared-storage-ceph/) to eliminate SPOFs
|
||||
@@ -26,4 +26,4 @@ Ready to enter the matrix? Jump in on one of the links above, or start reading t
|
||||
--8<-- "recipe-footer.md"
|
||||
|
||||
[^1]: This was an [iconic movie](https://www.imdb.com/title/tt0111257/). It even won 2 Oscars! (*but not for the acting*)
|
||||
[^2]: There are significant advantages to using Docker Swarm, even on just a single node.
|
||||
[^2]: There are significant advantages to using Docker Swarm, even on just a single node.
|
||||
|
||||
@@ -100,5 +100,4 @@ What have we achieved? By adding an additional three simple labels to any servic
|
||||
|
||||
[KeyCloak][keycloak] is the "big daddy" of self-hosted authentication platforms - it has a beautiful GUI, and a very advanced and mature featureset. Like Authelia, KeyCloak can [use an LDAP server](/recipes/keycloak/authenticate-against-openldap/) as a backend, but _unlike_ Authelia, KeyCloak allows for 2-way sync between that LDAP backend, meaning KeyCloak can be used to _create_ and _update_ the LDAP entries (*Authelia's is just a one-way LDAP lookup - you'll need another tool to actually administer your LDAP database*).
|
||||
|
||||
|
||||
--8<-- "recipe-footer.md"
|
||||
|
||||
Reference in New Issue
Block a user