Use Authelia To Protect Public Applications
Authelia is an open-source authentication application which can be used for single sign-on and 2FA (two-factor authentication) for applications through a login portal.
Main Features of Authelia
- Several kinds of second factor authentication:
- Security Key (U2F) with Yubikey.
- Time-based One-Time password with Google Authenticator.
- Mobile Push Notifications with Duo.
- Password reset with identity verification using email confirmation.
- Single-factor only authentication method available.
- Access restriction after too many authentication attempts.
- Fine-grained access control per subdomain, user, resource and network.
- Support of basic authentication for endpoints protected by single factor.
Example of the Authelia Flow
Docker Compose Example
authelia:
container_name: authelia
image: authelia/authelia
volumes:
- C:\Docker\authelia\authelia\:/config
environment:
- 'TZ=America/New_York'
networks:
- default
- authelia
ports:
- 9091:9091
restart: always
redis:
image: redis:alpine
container_name: redis
networks:
- authelia
volumes:
- ./redis:/data
ports:
- 6379:6379
restart: always
environment:
- TZ=America/New_York
Authelia Setup
Authelia provides different configuration types depending on the required types of authentication and external dependencies. If used in a small scale for public services the Lite bundle should be fine. Take a look at the Authelia Github page for more information.
Authelia Reverse Proxy Setup
I use the Swag Nginx Docker container which includes Authelia built in but needs to be enabled. Additional information for troubleshooting can be found on the Proxy Integration page maintained by Authelia.
Summary
Authelia provides additional security to any services or hosted applications which are public facing and might not provide its own login method or where a 2FA is needed. Installation requires no coding to integrate and is done with some basic configuration files and reverse proxy setup which is all covered in the documentation.