├── compose
    ├── .env_template
    ├── generate_secrets
    │   ├── Dockerfile
    │   └── entrypoint.sh
    └── compose.yaml
├── .gitignore
├── README.md
└── data
    └── authelia
        └── configuration.yml


/compose/.env_template:
--------------------------------------------------------------------------------
1 | MY_DOMAIN=
2 | DUCKDNS_TOKEN=
3 | 


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | data/*
2 | !data/authelia
3 | data/authelia/*
4 | !data/authelia/configuration.yml
5 | compose/.env
6 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | ### Generating a hash for a user password
2 | ```bash
3 | docker run authelia/authelia:latest authelia crypto hash generate argon2 --password 'YOUR PASSWORD HERE'
4 | ```
5 | 
6 | 


--------------------------------------------------------------------------------
/compose/generate_secrets/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM alpine
 2 | 
 3 | WORKDIR /secrets
 4 | 
 5 | RUN apk add --no-cache openssl
 6 | 
 7 | ADD entrypoint.sh /bin/entrypoint.sh
 8 | 
 9 | RUN chmod +x /bin/entrypoint.sh
10 | 
11 | ENTRYPOINT /bin/entrypoint.sh
12 | 


--------------------------------------------------------------------------------
/compose/generate_secrets/entrypoint.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | 
 3 | if [ ! -f /secrets/SESSION_SECRET ]; then
 4 |   echo "Generating session secret..."
 5 |   openssl rand -hex 23 > /secrets/SESSION_SECRET
 6 | fi
 7 | 
 8 | if [ ! -f /secrets/JWT_SECRET ]; then
 9 |   echo "Generating JWT secret..."
10 |   openssl rand -hex 23 > /secrets/JWT_SECRET
11 | fi
12 | 
13 | if [ ! -f /secrets/STORAGE_ENCRYPTION_KEY ]; then
14 |   echo "Generating storage encryption key..."
15 |   openssl rand -hex 23 > /secrets/STORAGE_ENCRYPTION_KEY
16 | fi
17 | 


--------------------------------------------------------------------------------
/data/authelia/configuration.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | server:
 3 |   address: 'tcp://:9091'
 4 | 
 5 | log:
 6 |   level: 'debug'
 7 | 
 8 | totp:
 9 |   issuer: 'authelia.com'
10 | 
11 | authentication_backend:
12 |   file:
13 |     path: '/config/users_database.yml'
14 | 
15 | access_control:
16 |   default_policy: 'one_factor'
17 | 
18 | session:
19 |   cookies:
20 |     - name: 'authelia_session'
21 |       domain: '{{ env "MY_DOMAIN" }}'
22 |       authelia_url: 'https://auth.{{ env "MY_DOMAIN" }}'
23 |       expiration: '1 hour'
24 |       inactivity: '5 minutes'
25 | 
26 |   redis:
27 |     host: 'authelia_redis'
28 |     port: 6379
29 | 
30 | regulation:
31 |   max_retries: 3
32 |   find_time: '2 minutes'
33 |   ban_time: '5 minutes'
34 | 
35 | storage:
36 |   local:
37 |     path: '/config/db.sqlite3'
38 | 
39 | notifier:
40 |   filesystem:
41 |     filename: /config/notification.txt
42 | 


--------------------------------------------------------------------------------
/compose/compose.yaml:
--------------------------------------------------------------------------------
  1 | services:
  2 |   proxy:
  3 |     image: traefik
  4 |     container_name: traefik
  5 |     depends_on: 
  6 |       - authelia
  7 |     restart: unless-stopped
  8 |     command:
  9 |       - "--log.level=DEBUG"
 10 |       - "--api.insecure=true"
 11 |       - "--providers.docker=true"
 12 |       - "--providers.docker.exposedbydefault=false"
 13 |       - "--certificatesresolvers.letsencrypt.acme.dnschallenge=true"
 14 |       - "--certificatesresolvers.letsencrypt.acme.dnschallenge.provider=duckdns"
 15 |       - "--certificatesresolvers.letsencrypt.acme.email=mail@mail.com"
 16 |       - "--certificatesresolvers.letsencrypt.acme.dnschallenge.disablePropagationCheck=true"
 17 |       - "--certificatesresolvers.letsencrypt.acme.dnschallenge.resolvers=1.1.1.1:53,8.8.8.8:53"
 18 |       - "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"
 19 |       - "--entrypoints.web.address=:80"
 20 |       - "--entrypoints.web.http.redirections.entrypoint.to=websecure"
 21 |       - "--entrypoints.web.http.redirections.entrypoint.scheme=https"
 22 |       - "--entrypoints.websecure.address=:443"
 23 |       - "--entrypoints.websecure.http.tls=true"
 24 |       - "--entrypoints.websecure.http.tls.certResolver=letsencrypt"
 25 |       - "--entrypoints.websecure.http.tls.domains[0].main=${MY_DOMAIN}"
 26 |       - "--entrypoints.websecure.http.tls.domains[0].sans=*.${MY_DOMAIN}"
 27 |     volumes:
 28 |       - "../data/traefik/letsencrypt:/letsencrypt"
 29 |       - "/var/run/docker.sock:/var/run/docker.sock:ro"
 30 |     labels:
 31 |       - 'traefik.enable=true'
 32 |       - 'traefik.http.routers.api.rule=Host(`${MY_DOMAIN}`)'
 33 |       - 'traefik.http.routers.api.entryPoints=websecure'
 34 |       - 'traefik.http.routers.api.service=api@internal'
 35 |       - 'traefik.http.routers.api.middlewares=authelia@docker'
 36 |     ports:
 37 |       - "443:443"
 38 |       - "80:80"
 39 |     environment:
 40 |       DUCKDNS_TOKEN: "${DUCKDNS_TOKEN}"
 41 | 
 42 |   authelia_redis:
 43 |     image: redis
 44 |     restart: unless-stopped
 45 |     container_name: authelia_redis
 46 | 
 47 |   authelia_generate_secrets:
 48 |     build: generate_secrets
 49 |     volumes:
 50 |       - ../data/authelia/secrets:/secrets
 51 | 
 52 |   authelia:
 53 |     image: authelia/authelia
 54 |     container_name: authelia
 55 |     labels:
 56 |       - 'traefik.enable=true'
 57 |       - 'traefik.http.routers.authelia.rule=Host(`auth.${MY_DOMAIN}`)'
 58 |       - 'traefik.http.routers.authelia.entryPoints=websecure'
 59 |       - 'traefik.http.middlewares.authelia.forwardAuth.address=http://authelia:9091/api/authz/forward-auth'
 60 |       - 'traefik.http.middlewares.authelia.forwardAuth.trustForwardHeader=true'
 61 |       - 'traefik.http.middlewares.authelia.forwardAuth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Email,Remote-Name'
 62 |     depends_on:
 63 |       authelia_generate_secrets:
 64 |         condition: service_completed_successfully
 65 |     volumes:
 66 |       - ../data/authelia:/config
 67 |     restart: unless-stopped
 68 |     expose: 
 69 |       - 9091
 70 |     environment:
 71 |       TZ: Europe/Amsterdam
 72 |       X_AUTHELIA_CONFIG_FILTERS: template
 73 |       MY_DOMAIN: ${MY_DOMAIN}
 74 |       AUTHELIA_IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET_FILE: /config/secrets/JWT_SECRET
 75 |       AUTHELIA_SESSION_SECRET_FILE: /config/secrets/SESSION_SECRET
 76 |       AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE: /config/secrets/STORAGE_ENCRYPTION_KEY
 77 | 
 78 |   sonarr:
 79 |     container_name: sonarr
 80 |     image: linuxserver/sonarr:latest
 81 |     restart: unless-stopped
 82 |     labels:
 83 |       - 'traefik.enable=true'
 84 |       - 'traefik.http.routers.sonarr.rule=Host(`sonarr.${MY_DOMAIN}`)'
 85 |       - 'traefik.http.routers.sonarr.entryPoints=websecure'
 86 |       - 'traefik.http.routers.sonarr.middlewares=authelia@docker'
 87 |     environment:
 88 |       TZ: Europe/Amsterdam
 89 |     volumes:
 90 |       - ../data/sonarr:/config
 91 |       - /mnt/media/TV:/tv
 92 |       - /mnt/media/Downloads:/downloads
 93 | 
 94 |   radarr:
 95 |     container_name: radarr
 96 |     image: linuxserver/radarr:latest
 97 |     restart: unless-stopped
 98 |     labels:
 99 |       - 'traefik.enable=true'
100 |       - 'traefik.http.routers.radarr.rule=Host(`radarr.${MY_DOMAIN}`)'
101 |       - 'traefik.http.routers.radarr.entryPoints=websecure'
102 |       - 'traefik.http.routers.radarr.middlewares=authelia@docker'
103 |     environment:
104 |       TZ: Europe/Amsterdam
105 |     volumes:
106 |       - ../data/radarr:/config
107 |       - /mnt/media/Movies:/movies
108 |       - /mnt/media/Downloads:/downloads
109 | 
110 |   deluge:
111 |     container_name: deluge
112 |     image: linuxserver/deluge:latest
113 |     restart: unless-stopped
114 |     labels:
115 |       - 'traefik.enable=true'
116 |       - 'traefik.http.routers.deluge.rule=Host(`deluge.${MY_DOMAIN}`)'
117 |       - 'traefik.http.routers.deluge.entryPoints=websecure'
118 |       - 'traefik.http.routers.deluge.middlewares=authelia@docker'
119 |     environment:
120 |       TZ: Europe/Amsterdam
121 |     volumes:
122 |       - ../data/deluge:/config
123 |       - /mnt/media/Downloads:/downloads
124 | 
125 |   jellyfin:
126 |     container_name: jellyfin
127 |     image: jellyfin/jellyfin:latest
128 |     restart: unless-stopped
129 |     labels:
130 |       - 'traefik.enable=true'
131 |       - 'traefik.http.routers.jellyfin.rule=Host(`jellyfin.${MY_DOMAIN}`)'
132 |       - 'traefik.http.routers.jellyfin.entryPoints=websecure'
133 |     environment:
134 |       TZ: Europe/Amsterdam
135 |     volumes:
136 |       - ../data/jellyfin:/config
137 |       - /mnt/media/Movies:/movies
138 |       - /mnt/media/TV:/tv
139 | 


--------------------------------------------------------------------------------