Authelia can be deployed as a lite setup with minimal external dependencies. The setup is called lite because it reduces the number of components in the architecture to a reverse proxy such as Nginx, Traefik or HAProxy, Authelia and Redis.
This setup assumes you have basic knowledge and understanding of IP addresses, DNS and port forwarding. You should setup the domain you intend to protect with Authelia to point to your external IP address and port forward ports
443 to the host you plan to host the
Port 80 is utilised by LetsEncrypt for certificate challenges, this will automatically provision up-to-date certificates for your domain(s).
Traefik publishes the respective services with LetsEncrypt provided certificates on port
443. The provided examples protect the Traefik dashboard with Authelia’s one-factor auth (traefik.example.com) and two instances of the whoami container with Authelia being bypassed (public.example.com) and another with it’s two-factor auth (secure.example.com).
If you happen to already have an external SQL instance (MariaDB, MySQL or Postgres) this setup can easily be adapted to utilise said service.
git clone https://github.com/authelia/authelia.git
git checkout $(git describe --tags `git rev-list --tags --max-count=1`)
- Modify the
users_database.ymlthe default username and password is
- Modify the
docker-compose.ymlwith your respective domains and secrets
docker-compose up -d
This documentation gives instructions that will make Authelia non resilient to failures and non scalable by preventing you from running multiple instances of the application. This means that Authelia won’t be able to distribute the load across multiple servers and it will prevent failover in case of a crash or an hardware issue.