A place to share, discuss, discover, assist with, gain assistance for, and critique self-hosted alternatives to our favorite web apps, web services, and online tools.
Authelia integration with Nginx
I'm trying to integrate Authelia into my reverse proxy and I got a little confused by the documentation. Maybe you guys can help me understand things a bit better.
In the Get Started part it says that Authelia MUST be served with https, however in the config documentation it clearly says that it doesn't listen for TLS connections?
What am I to do here? I already issued a certificate from my internal CA to be used by Authelia since I want to use HTTPS and added it to the configuration. However Authelia doesn't respond to either HTTP or HTTPS requests.
Also somewhere I read that Authelia has to be served behind a reverse proxy (I can't find where that was anymore). Could it be that this is the issue? I doubt it since I saw some videos on how to set it up and they accessed it directly, but that behaviour might have changed.
Also if it has to be served behind a reverse proxy I'm a bit confused by their proxy integration documentation. My understanding is that if I'm serving it behind my Nginx reverse proxy I do something like this:
server {
listen 80;
listen 443 ssl;
server_name auth.home.local;
ssl_certificate /etc/ssl/auth.home.local.crt;
ssl_certificate_key /etc/ssl/auth.home.local.key;
if ($scheme == http) {
return 301 https://$server_name$request_uri;
}
location / {
include authelia-proxy.conf;
proxy_pass http://authelia.home.local:9091;
}
location /api/verify {
proxy_pass http://authelia.home.local:9091;
}
}After that I define a location per virtual server I want to use Authelia for:
location /authelia {
internal;
include authelia-headers.conf;
include authelia-proxy.conf;
proxy_pass https://auth.home.local/api/verify;
}
However in their examples they proxy_pass directly to http://authelia.home.local:9091/api/verify in the locations for the virtual servers that use Authelia instead of using the virtual server set up for Authelia.
In the Get Started part it says that Authelia MUST be served with https, however in the config documentation it clearly says that it doesn't listen for TLS connections?
Translation:
Authelia only works if nginx serves HTTPS to the client, but nginx must communicate with Authelia via HTTP.
If your reverse proxy config does not use SSL ( listen 443 ssl ) Authelia will not work.
But, if you check Authelia snippets you'll see:
cat authelia.conf # Virtual endpoint created by nginx to forward auth requests. location /authelia { internal; set $upstream_authelia http://10.0.2.4:9091/api/verify; proxy_pass_request_body off; proxy_pass $upstream_authelia; proxy_set_header Content-Length ""; .... ....TL;DR: User <-> nginx must use SSL, but nginx <-> Authelia must not.
Thanks for the explanation, I think I get it now. I'll play around with it a bit more and see if that fixes my issues.
This is not a techsuppot subreddit. Both nginx and Authelia have large communities with Github pages, forums and subreddits.
What is this subreddit there for in your opinion, if not for asking questions regarding applications many people on this subreddit use and in turn learning from them?
If it's bothering you that I'm asking questions to better understand what I'm doing just ignore it and scroll past. Nobody's forcing you to interact with posts you're not interested in.