Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

New Blog Post -- Authelia - Traefik Setup Guide #8316

Open
wants to merge 7 commits into
base: master
Choose a base branch
from

Conversation

Crowley723
Copy link
Member

This PR adds a new blog post containing a guide to setting up Authelia with Traefik.

@authelia
Copy link

authelia bot commented Nov 24, 2024

Artifacts

These changes are published for testing on Buildkite, DockerHub and GitHub Container Registry.

Docker Container

  • docker pull authelia/authelia:docs-guide-blog
  • docker pull ghcr.io/authelia/authelia:docs-guide-blog

Copy link
Contributor

coderabbitai bot commented Nov 24, 2024

Walkthrough

A new document, index.md, has been added to the docs/content/blog/authelia-traefik-setup-guide/ directory. This guide provides a detailed setup process for integrating Authelia with Traefik as a reverse proxy. It includes prerequisites, project file structure, and specific configurations for both services, along with YAML snippets for Docker Compose setups. The guide emphasizes minimal configuration requirements and includes important notes on customization. I pity the fool who doesn’t read it!

Changes

File Path Change Summary
docs/content/blog/authelia-traefik-setup-guide/index.md New document added detailing the setup of Authelia with Traefik, including metadata, configurations, and YAML snippets.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant Traefik
    participant Authelia

    User->>Traefik: Request access
    Traefik->>Authelia: Validate user
    Authelia-->>Traefik: User validated
    Traefik-->>User: Access granted
Loading

Possibly related PRs

  • docs: traefik support #8058: The changes in this PR enhance the documentation related to Traefik, which is directly relevant to the setup guide for Authelia with Traefik in the main PR. I pity the fool who misses out on that connection!

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share
🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Generate unit testing code for this file.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai generate unit testing code for this file.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read src/utils.ts and generate unit testing code.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
    • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai or @coderabbitai title anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

Copy link

netlify bot commented Nov 24, 2024

Deploy Preview for authelia-staging ready!

Name Link
🔨 Latest commit 5e7e5ef
🔍 Latest deploy log https://app.netlify.com/sites/authelia-staging/deploys/6769df6dac8b96000854fddf
😎 Deploy Preview https://deploy-preview-8316--authelia-staging.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🧹 Outside diff range and nitpick comments (3)
docs/content/blog/authelia-traefik-setup-guide/index.md (3)

19-19: Let's make this intro stronger, fool!

Instead of "take a look", let's be more direct!

-This is not a demo. If you would like an all-in-one demo, please take a look at our [local bundle](https://www.authelia.com/integration/deployment/docker/#local).
+This is not a demo. If you would like an all-in-one demo, check out our [local bundle](https://www.authelia.com/integration/deployment/docker/#local).
🧰 Tools
🪛 LanguageTool

[style] ~19-~19: To make your writing clearer, consider a more direct alternative.
Context: ...u would like an all-in-one demo, please take a look at our [local bundle](https://www....

(TAKE_A_LOOK)


284-291: Listen up fool, your access control needs more explanation!

Add comments explaining the security levels for each policy to help users understand the difference between one_factor and two_factor authentication.

 access_control:
   default_policy: deny
   rules:
+    # Traefik dashboard requires single-factor authentication
     - domain: traefik.example.com
       policy: one_factor
+    # Secure whoami endpoint requires two-factor authentication for enhanced security
     - domain: whoami-secure.example.com
       policy: two_factor

1-313: I pity the fool who deploys without security guidance!

Consider adding a "Security Best Practices" section that covers:

  1. Proper secret management in production
  2. Regular security updates
  3. Network segmentation recommendations
  4. SSL/TLS best practices
  5. Monitoring and logging considerations

Would you like me to help draft this section?

🧰 Tools
🪛 LanguageTool

[style] ~19-~19: To make your writing clearer, consider a more direct alternative.
Context: ...u would like an all-in-one demo, please take a look at our [local bundle](https://www....

(TAKE_A_LOOK)


[style] ~21-~21: ‘prior to’ might be wordy. Consider a shorter alternative.
Context: ...these items have already been completed prior to starting this guide. - [Docker](https:/...

(EN_WORDINESS_PREMIUM_PRIOR_TO)

🪛 Markdownlint (0.35.0)

49-49: Expected: h3; Actual: h4
Heading levels should only increment by one level at a time

(MD001, heading-increment)


245-245: Expected: h3; Actual: h4
Heading levels should only increment by one level at a time

(MD001, heading-increment)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between 7cb60d5 and 0b204b7.

📒 Files selected for processing (1)
  • docs/content/blog/authelia-traefik-setup-guide/index.md (1 hunks)
🧰 Additional context used
🪛 LanguageTool
docs/content/blog/authelia-traefik-setup-guide/index.md

[style] ~19-~19: To make your writing clearer, consider a more direct alternative.
Context: ...u would like an all-in-one demo, please take a look at our [local bundle](https://www....

(TAKE_A_LOOK)


[style] ~21-~21: ‘prior to’ might be wordy. Consider a shorter alternative.
Context: ...these items have already been completed prior to starting this guide. - [Docker](https:/...

(EN_WORDINESS_PREMIUM_PRIOR_TO)

🪛 Markdownlint (0.35.0)
docs/content/blog/authelia-traefik-setup-guide/index.md

49-49: Expected: h3; Actual: h4
Heading levels should only increment by one level at a time

(MD001, heading-increment)


245-245: Expected: h3; Actual: h4
Heading levels should only increment by one level at a time

(MD001, heading-increment)

🔇 Additional comments (2)
docs/content/blog/authelia-traefik-setup-guide/index.md (2)

5-5: ⚠️ Potential issue

Hey fool, check that date! It's in the future!

The post date is set to November 2024, which might cause issues with blog visibility. Consider setting it to the current date.

-date: 2024-11-23T10:10:09+10:00
+date: 2023-11-23T10:10:09+10:00

Likely invalid or redundant comment.


138-138: ⚠️ Potential issue

I ain't letting this security risk slide, fool!

The insecureSkipVerify: true setting disables SSL/TLS verification, which could expose your system to man-in-the-middle attacks! You better explain why this is needed or remove it!

Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🧹 Outside diff range and nitpick comments (3)
docs/content/blog/authelia-traefik-setup-guide/index.md (3)

19-38: I pity the fool who don't make prerequisites crystal clear!

Let's make the prerequisites section more direct and structured, fool!

-This is not a demo. If you would like an all-in-one demo, please take a look at our [local bundle](https://www.authelia.com/integration/deployment/docker/#local).
+# Prerequisites
+
+Before you start:
+- This is a production setup guide. For a demo environment, check our [local bundle](https://www.authelia.com/integration/deployment/docker/#local)
+- Ensure you have [Docker](https://docs.docker.com/engine/install/) installed and configured
+- Have a domain name ready for use
+
 ## Assumptions and Adaptation
🧰 Tools
🪛 LanguageTool

[style] ~19-~19: To make your writing clearer, consider a more direct alternative.
Context: ...u would like an all-in-one demo, please take a look at our [local bundle](https://www....

(TAKE_A_LOOK)


138-138: Hey fool, you got a typo in there!

Fix that typo, sucka!

-Now we configure Traeifk.
+Now we configure Traefik.

65-65: Listen up, fool! Your markdown headings ain't following the rules!

Fix these heading levels to maintain proper hierarchy:

-#### Docker Compose
+### Docker Compose

-#### Authelia Configuration
+### Authelia Configuration

-###### Core Configuration
+#### Core Configuration

Also applies to: 247-247, 319-319

🧰 Tools
🪛 Markdownlint (0.35.0)

65-65: Expected: h3; Actual: h4
Heading levels should only increment by one level at a time

(MD001, heading-increment)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between 0b204b7 and e4489ed.

📒 Files selected for processing (1)
  • docs/content/blog/authelia-traefik-setup-guide/index.md (1 hunks)
🧰 Additional context used
🪛 LanguageTool
docs/content/blog/authelia-traefik-setup-guide/index.md

[style] ~19-~19: To make your writing clearer, consider a more direct alternative.
Context: ...u would like an all-in-one demo, please take a look at our [local bundle](https://www....

(TAKE_A_LOOK)


[style] ~40-~40: You have already used this phrasing in nearby sentences. Consider replacing it to add variety to your writing.
Context: ...n ## File Structure The first thing we want to do is set up the file structure. Which ...

(REP_WANT_TO_VB)


[uncategorized] ~335-~335: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ... - Configure brute-force protection and rate limiting * [Notifier](https://www.authelia.com/c...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

🪛 Markdownlint (0.35.0)
docs/content/blog/authelia-traefik-setup-guide/index.md

65-65: Expected: h3; Actual: h4
Heading levels should only increment by one level at a time

(MD001, heading-increment)


247-247: Expected: h3; Actual: h4
Heading levels should only increment by one level at a time

(MD001, heading-increment)


319-319: Expected: h5; Actual: h6
Heading levels should only increment by one level at a time

(MD001, heading-increment)


320-320: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)


321-321: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)


322-322: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)


325-325: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)


326-326: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)


327-327: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)


328-328: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)


331-331: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)


332-332: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)


335-335: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)


336-336: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)


344-344: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)


345-345: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)


346-346: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)

🔇 Additional comments (1)
docs/content/blog/authelia-traefik-setup-guide/index.md (1)

149-149: Debug logging in production? I ain't getting on no plane with that, fool!

docs/content/blog/authelia-traefik-setup-guide/index.md Outdated Show resolved Hide resolved
Copy link
Member

@nightah nightah left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Few suggestions and nits, there's a couple questions just to gauge thoughts.
I'm not overly fussed with where we land with regards to the questions.

docs/content/blog/authelia-traefik-setup-guide/index.md Outdated Show resolved Hide resolved
docs/content/blog/authelia-traefik-setup-guide/index.md Outdated Show resolved Hide resolved
docs/content/blog/authelia-traefik-setup-guide/index.md Outdated Show resolved Hide resolved
docs/content/blog/authelia-traefik-setup-guide/index.md Outdated Show resolved Hide resolved
docs/content/blog/authelia-traefik-setup-guide/index.md Outdated Show resolved Hide resolved
docs/content/blog/authelia-traefik-setup-guide/index.md Outdated Show resolved Hide resolved
docs/content/blog/authelia-traefik-setup-guide/index.md Outdated Show resolved Hide resolved
docs/content/blog/authelia-traefik-setup-guide/index.md Outdated Show resolved Hide resolved
docs/content/blog/authelia-traefik-setup-guide/index.md Outdated Show resolved Hide resolved
docs/content/blog/authelia-traefik-setup-guide/index.md Outdated Show resolved Hide resolved
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🧹 Outside diff range and nitpick comments (2)
docs/content/blog/authelia-traefik-setup-guide/index.md (2)

13-17: I pity the fool who don't optimize for search engines!

The SEO fields are empty. Add relevant descriptions to improve visibility:

 seo:
-  title: "" # custom title (optional)
-  description: "" # custom description (recommended)
+  title: "Complete Guide: Setting up Authelia with Traefik Reverse Proxy"
+  description: "Step-by-step tutorial for integrating Authelia authentication with Traefik proxy, including Docker Compose configurations and security best practices."
   canonical: "" # custom canonical URL (optional)
   noindex: false # false (default) or true

70-73: I ain't letting no container hog all the resources, fool!

Add resource limits to prevent potential denial of service:

   traefik:
     image: traefik:latest
     container_name: traefik
     restart: unless-stopped
+    deploy:
+      resources:
+        limits:
+          memory: 256M
+        reservations:
+          memory: 128M
📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between e4489ed and cb460f6.

📒 Files selected for processing (1)
  • docs/content/blog/authelia-traefik-setup-guide/index.md (1 hunks)
🧰 Additional context used
🪛 Markdownlint (0.35.0)
docs/content/blog/authelia-traefik-setup-guide/index.md

65-65: Expected: h3; Actual: h4
Heading levels should only increment by one level at a time

(MD001, heading-increment)


247-247: Expected: h3; Actual: h4
Heading levels should only increment by one level at a time

(MD001, heading-increment)


319-319: Expected: h5; Actual: h6
Heading levels should only increment by one level at a time

(MD001, heading-increment)


320-320: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)


321-321: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)


322-322: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)


325-325: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)


326-326: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)


327-327: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)


328-328: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)


331-331: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)


332-332: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)


335-335: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)


336-336: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)


344-344: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)


345-345: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)


346-346: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)

🪛 LanguageTool
docs/content/blog/authelia-traefik-setup-guide/index.md

[style] ~19-~19: To make your writing clearer, consider a more direct alternative.
Context: ...u would like an all-in-one demo, please take a look at our [local bundle](https://www....

(TAKE_A_LOOK)


[style] ~40-~40: You have already used this phrasing in nearby sentences. Consider replacing it to add variety to your writing.
Context: ...n ## File Structure The first thing we want to do is set up the file structure. Which ...

(REP_WANT_TO_VB)


[uncategorized] ~335-~335: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ... - Configure brute-force protection and rate limiting * [Notifier](https://www.authelia.com/c...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

🔇 Additional comments (3)
docs/content/blog/authelia-traefik-setup-guide/index.md (3)

253-253: Debug logging issue already addressed in previous review!


361-362: Default password warning already addressed in previous review!


76-81: 🛠️ Refactor suggestion

Listen up fool! Your network setup needs some muscle!

The current network configuration exposes services more than necessary. Consider using internal networks where possible and limit exposure:

    networks:
-     proxy: {}
+     proxy:
+       aliases: []  # Restrict unnecessary DNS aliases
      authelia:
        aliases:
          - '{{< sitevar name="subdomain-authelia" nojs="auth" >}}.{{< sitevar name="domain" nojs="example.com" >}}'

Likely invalid or redundant comment.

@jay-elizaga-dev
Copy link

Excited for this to come out! Once it's done, I'd like to copy this template to create a blog post using Podman instead of Docker, there's a few gotchas in Podman that have to deal with SELinux security in the docker-compose file. (following)

Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

🧹 Nitpick comments (4)
docs/content/blog/authelia-traefik-setup-guide/index.md (4)

358-364: I ain't letting you use default passwords in production, fool!

The warning about changing the default password is good, but let's make it even more prominent and add instructions for generating a secure password.

     displayname: "Authelia User"
-    # WARNING: This is a default password for testing only!
-    # IMPORTANT: Change this password before deploying to production!
-    # Generate a new hash using the instructions at:
-    # https://www.authelia.com/reference/guides/passwords/#passwords
+    # ⚠️ DANGER ZONE! ⚠️
+    # YOU MUST CHANGE THIS PASSWORD BEFORE DEPLOYING TO PRODUCTION!
+    #
+    # Generate a new secure password hash using:
+    # docker run authelia/authelia:latest authelia crypto hash generate argon2 --password 'your_secure_password'
+    #
+    # For more information visit:
+    # https://www.authelia.com/reference/guides/passwords/#passwords
     # Password is 'authelia'
     password: "$6$rounds=50000$BpLnfgDsc2WD8F2q$Zis.ixdg9s/UOJYrs56b5QEZFiZECu0qZVNsIYxBaNJ7ucIL.nlxVCT5tqh8KHG8X4tlwCFm5r6NTOZZ5qRFN/"

303-307: Tighten up that security regulation, fool!

The current regulation settings might be too lenient. Let's make it more secure by reducing retries and increasing ban time.

 regulation:
-  max_retries: 4
-  find_time: 120
-  ban_time: 300
+  max_retries: 3
+  find_time: 60
+  ban_time: 900

345-351: Listen up about them secrets, fool!

Add more specific instructions about generating secure secrets and handling them properly.

-There are 3 required secrets that we need to create and put in `authelia/secrets/` directory:
+There are 3 required secrets that we need to create and put in the `authelia/secrets/` directory:
 * jwt_secret.txt
 * storage_encryption_key.txt
 * session_secret.txt

-It is *strongly recommended* that these 3 values are [Random Alphanumeric Strings](https://www.authelia.com/reference/guides/generating-secure-values/#generating-a-random-alphanumeric-string) with 64 or more characters.
+It is *mandatory* to generate these secrets using secure random generators. Generate them using:
+
+```bash
+# Generate each secret
+openssl rand -base64 64 | tr -d '\n' > jwt_secret.txt
+openssl rand -base64 64 | tr -d '\n' > storage_encryption_key.txt
+openssl rand -base64 64 | tr -d '\n' > session_secret.txt
+
+# Set proper permissions
+chmod 600 *.txt
+```
🧰 Tools
🪛 LanguageTool

[uncategorized] ~345-~345: You might be missing the article “the” here.
Context: ...crets that we need to create and put in authelia/secrets/ directory: * jwt_secr...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

🪛 Markdownlint (0.37.0)

346-346: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)


347-347: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)


348-348: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)


372-373: Hold up fool! We need some verification steps!

Add verification steps after starting the stack to ensure everything is working correctly.

 ### Starting the Stack
 Once all the configuration for [Traefik](https://doc.traefik.io/traefik/) and [Authelia](https://www.authelia.com/) are complete, from the `project/` directory run `docker compose up -d` to download and start the containers.
+
+### Verification Steps
+
+1. Check if all containers are running:
+   ```bash
+   docker compose ps
+   ```
+
+2. Verify Traefik is accessible:
+   ```bash
+   curl -I https://traefik.example.com
+   ```
+
+3. Test Authelia authentication:
+   ```bash
+   curl -I https://whoami-secure.example.com
+   ```
+
+4. Check container logs for any errors:
+   ```bash
+   docker compose logs
+   ```
📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between cb460f6 and ae7ed61.

📒 Files selected for processing (1)
  • docs/content/blog/authelia-traefik-setup-guide/index.md (1 hunks)
🧰 Additional context used
🪛 LanguageTool
docs/content/blog/authelia-traefik-setup-guide/index.md

[style] ~19-~19: To make your writing clearer, consider a more direct alternative.
Context: ...u would like an all-in-one demo, please take a look at our [local bundle](https://www....

(TAKE_A_LOOK)


[style] ~40-~40: You have already used this phrasing in nearby sentences. Consider replacing it to add variety to your writing.
Context: ...n ## File Structure The first thing we want to do is set up the file structure. Which ...

(REP_WANT_TO_VB)


[uncategorized] ~337-~337: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ... - Configure brute-force protection and rate limiting * [Notifier](https://www.authelia.com/c...

(EN_COMPOUND_ADJECTIVE_INTERNAL)


[uncategorized] ~345-~345: You might be missing the article “the” here.
Context: ...crets that we need to create and put in authelia/secrets/ directory: * jwt_secr...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

🪛 Markdownlint (0.37.0)
docs/content/blog/authelia-traefik-setup-guide/index.md

66-66: Expected: h3; Actual: h4
Heading levels should only increment by one level at a time

(MD001, heading-increment)


247-247: Expected: h3; Actual: h4
Heading levels should only increment by one level at a time

(MD001, heading-increment)


321-321: Expected: h5; Actual: h6
Heading levels should only increment by one level at a time

(MD001, heading-increment)


322-322: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)


323-323: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)


324-324: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)


327-327: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)


328-328: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)


329-329: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)


330-330: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)


333-333: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)


334-334: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)


337-337: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)


338-338: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)


346-346: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)


347-347: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)


348-348: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)

🔇 Additional comments (3)
docs/content/blog/authelia-traefik-setup-guide/index.md (3)

253-253: ⚠️ Potential issue

I pity the fool who leaves debug logging enabled in production!

Change the log level from 'debug' to 'info' for production environments. Debug logging can expose sensitive information and impact performance!

-  level: debug
+  level: info

Likely invalid or redundant comment.


183-194: 🛠️ Refactor suggestion

Listen up fool! Your TLS config needs some muscle!

Strengthen your security by upgrading to TLS 1.3 and modern cipher suites!

 tls:
   options:
     default:
-      minVersion: "VersionTLS12"
+      minVersion: "VersionTLS13"
       cipherSuites:
-        - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
-        - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
-        - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
-        - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
-        - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
-        - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
+        - TLS_AES_128_GCM_SHA256
+        - TLS_AES_256_GCM_SHA384
+        - TLS_CHACHA20_POLY1305_SHA256

Likely invalid or redundant comment.


296-302: 🛠️ Refactor suggestion

Time to beef up that session security, fool!

Add security-related session configurations to protect against session hijacking and other attacks!

 session:
   name: authelia_session
   secret: {{ secret "/secrets/session_secret.txt" | mindent 0 "|" | msquote}}
+  expiration: 1h
+  inactivity: 5m
+  remember_me_duration: 1M
   cookies:
     - domain: '{{< sitevar name="domain" nojs="example.com" >}}'
       authelia_url: 'https://{{< sitevar name="subdomain-authelia" nojs="auth" >}}.{{< sitevar name="domain" nojs="example.com" >}}'
+      same_site: strict
+      secure: true
+      http_only: true

Likely invalid or redundant comment.

@james-d-elliott
Copy link
Member

Excited for this to come out! Once it's done, I'd like to copy this template to create a blog post using Podman instead of Docker, there's a few gotchas in Podman that have to deal with SELinux security in the docker-compose file. (following)

We appreciate the involvement from the community. In this instance I believe the intention is for this blog post to be a stop-gap solution to some feedback we've had. We're likely to integrate it with the get started guide long term where we can include podman elements too. It might be wise to start a discussion surrounding it so we can consider how this may look in the planning phase.

@hendrik1120
Copy link
Contributor

Some inconsistencies I noticed:

  • yaml is being used instead of yml which is uniformly being used in the docs
  • compose.yaml instead of docker-compose.yml which is being used in the Traefik integration guide
  • ... is being used to indicate the start of a yaml document instead of ---

Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

♻️ Duplicate comments (3)
docs/content/blog/authelia-traefik-setup-guide/index.md (3)

183-194: 🛠️ Refactor suggestion

Listen up fool, your TLS config needs some muscle!

The TLS configuration could be strengthened by using TLS 1.3 and modern cipher suites.

 tls:
   options:
     default:
-      minVersion: "VersionTLS12"
+      minVersion: "VersionTLS13"
       cipherSuites:
-        - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
-        - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
-        - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
-        - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
-        - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
-        - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
+        - TLS_AES_128_GCM_SHA256
+        - TLS_AES_256_GCM_SHA384
+        - TLS_CHACHA20_POLY1305_SHA256

254-254: ⚠️ Potential issue

Hey fool, you got debug logging in production!

Debug level logging can expose sensitive information and impact performance. Set it to 'info' for production environments!

-  level: debug
+  level: info

297-303: 🛠️ Refactor suggestion

Beef up that session security, fool!

The session configuration is missing important security-related settings.

 session:
   name: authelia_session
   secret: {{ secret "/secrets/session_secret.txt" | mindent 0 "|" | msquote}}
+  expiration: 1h
+  inactivity: 5m
+  remember_me_duration: 1M
   cookies:
     - domain: '{{< sitevar name="domain" nojs="example.com" >}}'
       authelia_url: 'https://{{< sitevar name="subdomain-authelia" nojs="auth" >}}.{{< sitevar name="domain" nojs="example.com" >}}'
+      same_site: strict
+      secure: true
+      http_only: true
🧹 Nitpick comments (2)
docs/content/blog/authelia-traefik-setup-guide/index.md (2)

21-21: I pity the fool who can't spell 'reasonably'!

There's a typo in the word "reasonablly" - it should be "reasonably".

-This guide makes a few assumptions. These assumptions may require adaptation in more advanced and complex scenarios. We can not reasonablly have examples for every advanced configuration option that exists.
+This guide makes a few assumptions. These assumptions may require adaptation in more advanced and complex scenarios. We can not reasonably have examples for every advanced configuration option that exists.

373-374: Listen up fool, we need more startup instructions!

The startup instructions could use more detail about verifying the setup and troubleshooting.

 ### Starting the Stack
 Once all the configuration for [Traefik](https://doc.traefik.io/traefik/) and [Authelia](https://www.authelia.com/) are complete, from the `project/` directory run `docker compose up -d` to download and start the containers.
+
+### Verifying the Setup
+1. Check container status: `docker compose ps`
+2. View logs for issues: `docker compose logs`
+3. Access Traefik dashboard at `https://traefik.example.com`
+4. Test authentication at `https://whoami-secure.example.com`
+
+### Troubleshooting
+- Check container logs: `docker compose logs authelia`
+- Verify network connectivity: `docker network inspect authelia`
+- Ensure all secrets files exist and have correct permissions
📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between ae7ed61 and 26c282d.

📒 Files selected for processing (1)
  • docs/content/blog/authelia-traefik-setup-guide/index.md (1 hunks)
🧰 Additional context used
🪛 LanguageTool
docs/content/blog/authelia-traefik-setup-guide/index.md

[style] ~19-~19: To make your writing clearer, consider a more direct alternative.
Context: ...u would like an all-in-one demo, please take a look at our [local bundle](https://www....

(TAKE_A_LOOK)


[style] ~40-~40: You have already used this phrasing in nearby sentences. Consider replacing it to add variety to your writing.
Context: ...n ## File Structure The first thing we want to do is set up the file structure. Which ...

(REP_WANT_TO_VB)


[uncategorized] ~338-~338: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ... - Configure brute-force protection and rate limiting * [Notifier](https://www.authelia.com/c...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

🪛 Markdownlint (0.37.0)
docs/content/blog/authelia-traefik-setup-guide/index.md

66-66: Expected: h3; Actual: h4
Heading levels should only increment by one level at a time

(MD001, heading-increment)


248-248: Expected: h3; Actual: h4
Heading levels should only increment by one level at a time

(MD001, heading-increment)


322-322: Expected: h5; Actual: h6
Heading levels should only increment by one level at a time

(MD001, heading-increment)


323-323: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)


324-324: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)


325-325: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)


328-328: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)


329-329: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)


330-330: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)


331-331: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)


334-334: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)


335-335: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)


338-338: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)


339-339: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)


347-347: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)


348-348: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)


349-349: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)

🔇 Additional comments (2)
docs/content/blog/authelia-traefik-setup-guide/index.md (2)

142-142: LGTM! You got that logging level right, fool!

The log level is appropriately set to INFO for production use.


357-370: 🛠️ Refactor suggestion

I ain't letting you use that default password in production, fool!

While the warning comment is good, let's make it more prominent and add a note about generating secure passwords.

 users:
   authelia: # Username
     displayname: "Authelia User"
+    # ⚠️ SECURITY WARNING ⚠️
     # WARNING: This is a default password for testing only!
     # IMPORTANT: Change this password before deploying to production!
     # Generate a new hash using the instructions at:
     # https://www.authelia.com/reference/guides/passwords/#passwords
+    # For production:
+    # 1. Generate a strong password (min 16 chars with mixed case, numbers, and symbols)
+    # 2. Generate a new hash using the link above
+    # 3. Replace the hash below
     # Password is 'authelia'
     password: "$6$rounds=50000$BpLnfgDsc2WD8F2q$Zis.ixdg9s/UOJYrs56b5QEZFiZECu0qZVNsIYxBaNJ7ucIL.nlxVCT5tqh8KHG8X4tlwCFm5r6NTOZZ5qRFN/"

Likely invalid or redundant comment.

@Crowley723
Copy link
Member Author

Crowley723 commented Dec 18, 2024

@hendrik1120

* `yaml` is being used instead of `yml` which is uniformly being used in the docs

it makes no difference either way, I'm happy to switch it to the other one.

* `compose.yaml` instead of `docker-compose.yml` which is being used in the Traefik integration guide

docker-compose.yml and compose.yml are interchangable, compose.yml is the "correct" one for the docker compose command (docker-compose command being the depreciated docker-compose plugin/standalone)

* `...` is being used to indicate the start of a yaml document instead of `---`

It wasn't meant to indicate the start of a new yaml document, a continuation of the existing compose.yaml. If you have a better way of indicating that, I am all ears.

Thanks for looking at it :)

Copy link

codecov bot commented Dec 18, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 73.89%. Comparing base (0d6817e) to head (806b471).
Report is 27 commits behind head on master.

Additional details and impacted files

Impacted file tree graph

@@            Coverage Diff             @@
##           master    #8316      +/-   ##
==========================================
+ Coverage   73.79%   73.89%   +0.10%     
==========================================
  Files         349      349              
  Lines       30294    30294              
  Branches      864      864              
==========================================
+ Hits        22354    22386      +32     
+ Misses       7057     7023      -34     
- Partials      883      885       +2     
Flag Coverage Δ
backend 74.78% <ø> (+0.11%) ⬆️
frontend 66.18% <ø> (+0.03%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

see 5 files with indirect coverage changes

@jay-elizaga-dev
Copy link

@hendrik1120

* `...` is being used to indicate the start of a yaml document instead of `---`

It wasn't meant to indicate the start of a new yaml document, a continuation of the existing compose.yaml. If you have a better way of indicating that, I am all ears.

Maybe something like ... # this is a continuation of the previous yaml document :)

@hendrik1120
Copy link
Contributor

@jay-elizaga-dev Triple dots have a special meaning in the yaml syntax, which most people don't know about.

Three dots ( “...”) indicate the end of a document without starting a new one, for use in communication channels.

From section 2.2 of the yaml specification. A solution has already been discussed.

Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

🧹 Nitpick comments (2)
docs/content/blog/authelia-traefik-setup-guide/index.md (2)

346-351: Listen up fool, secrets ain't no joke!

The secrets section needs more emphasis on secure generation and handling:

  1. Never store secrets in version control
  2. Use proper permissions (600) for secret files
  3. Consider using a secrets management service in production
🧰 Tools
🪛 LanguageTool

[uncategorized] ~346-~346: You might be missing the article “the” here.
Context: ...crets that we need to create and put in authelia/secrets/ directory: * jwt_secr...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

🪛 Markdownlint (0.37.0)

347-347: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)


348-348: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)


349-349: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)


373-374: I pity the fool who can't verify their setup!

Add verification steps after starting the stack:

  1. Check container logs for errors
  2. Verify services are accessible
  3. Test authentication flows

Would you like me to generate a troubleshooting section with common issues and solutions?

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 26c282d and 806b471.

📒 Files selected for processing (1)
  • docs/content/blog/authelia-traefik-setup-guide/index.md (1 hunks)
🧰 Additional context used
🪛 LanguageTool
docs/content/blog/authelia-traefik-setup-guide/index.md

[style] ~19-~19: To make your writing clearer, consider a more direct alternative.
Context: ...u would like an all-in-one demo, please take a look at our [local bundle](https://www....

(TAKE_A_LOOK)


[style] ~40-~40: You have already used this phrasing in nearby sentences. Consider replacing it to add variety to your writing.
Context: ...n ## File Structure The first thing we want to do is set up the file structure. Which ...

(REP_WANT_TO_VB)


[uncategorized] ~338-~338: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ... - Configure brute-force protection and rate limiting * [Notifier](https://www.authelia.com/c...

(EN_COMPOUND_ADJECTIVE_INTERNAL)


[uncategorized] ~346-~346: You might be missing the article “the” here.
Context: ...crets that we need to create and put in authelia/secrets/ directory: * jwt_secr...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

🪛 Markdownlint (0.37.0)
docs/content/blog/authelia-traefik-setup-guide/index.md

66-66: Expected: h3; Actual: h4
Heading levels should only increment by one level at a time

(MD001, heading-increment)


248-248: Expected: h3; Actual: h4
Heading levels should only increment by one level at a time

(MD001, heading-increment)


322-322: Expected: h5; Actual: h6
Heading levels should only increment by one level at a time

(MD001, heading-increment)


323-323: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)


324-324: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)


325-325: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)


328-328: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)


329-329: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)


330-330: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)


331-331: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)


334-334: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)


335-335: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)


338-338: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)


339-339: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)


347-347: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)


348-348: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)


349-349: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)

🔇 Additional comments (5)
docs/content/blog/authelia-traefik-setup-guide/index.md (5)

254-254: Hey fool, you still got debug logging in production!

Debug level logging can expose sensitive information and impact performance. Set it to 'info' for production environments!


183-194: Time to beef up that TLS security, fool!

Add modern cipher suites and strengthen the TLS configuration.


297-303: Strengthen that session security, fool!

Add security-related session configurations.


359-365: ⚠️ Potential issue

I pity the fool who deploys with default passwords!

The warning about changing the default password needs to be more prominent and visible.

Add this warning block at the top of the users.yaml file:

users:
  authelia: # Username
    displayname: "Authelia User"
+    # ⚠️ SECURITY RISK ⚠️
+    # DO NOT USE THIS DEFAULT PASSWORD IN PRODUCTION!
+    # THIS IS FOR TESTING PURPOSES ONLY!
+    # YOU MUST CHANGE THIS BEFORE DEPLOYMENT!
+    #
+    # Generate a new secure password hash using:
+    # https://www.authelia.com/reference/guides/passwords/#passwords
     # Password is 'authelia'

Likely invalid or redundant comment.


3-4: ⚠️ Potential issue

I pity the fool who leaves TODOs in production documentation!

The description and summary look good, but that TODO comment needs to be handled before this goes live, fool!

-summary: "In this guide we will walk through setting up Authelia with Traefik as the reverse proxy. This guide aims to provide an opinionated way to setup Authelia that is fully supported by the Authelia team." #TODO: change this description
+summary: "In this guide we will walk through setting up Authelia with Traefik as the reverse proxy. This guide aims to provide an opinionated way to setup Authelia that is fully supported by the Authelia team."

Likely invalid or redundant comment.

Crowley723 and others added 7 commits December 23, 2024 14:07
Signed-off-by: Brynn Crowley <littlehill723@gmail.com>
Co-authored-by: Hendrik Sievers <89412959+hendrik1120@users.noreply.github.com>
Signed-off-by: Brynn Crowley <littlehill723@gmail.com>
Signed-off-by: Brynn Crowley <littlehill723@gmail.com>
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

♻️ Duplicate comments (4)
docs/content/blog/authelia-traefik-setup-guide/index.md (4)

185-196: 🛠️ Refactor suggestion

Time to beef up that TLS security, fool!

Upgrade to TLS 1.3 and modern cipher suites for better security.

 tls:
   options:
     default:
-      minVersion: "VersionTLS12"
+      minVersion: "VersionTLS13"
       cipherSuites:
-        - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
-        - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
-        - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
-        - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
-        - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
-        - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
+        - TLS_AES_128_GCM_SHA256
+        - TLS_AES_256_GCM_SHA384
+        - TLS_CHACHA20_POLY1305_SHA256

254-255: ⚠️ Potential issue

Hey fool, you got debug logging in production!

Debug level logging can expose sensitive information and impact performance.

-  level: debug
+  level: info

298-304: 🛠️ Refactor suggestion

Strengthen that session security, fool!

Add security-related session configurations.

 session:
   name: authelia_session
   secret: {{ secret "/secrets/session_secret.txt" | mindent 0 "|" | msquote}}
+  expiration: 1h
+  inactivity: 5m
+  remember_me_duration: 1M
   cookies:
     - domain: '{{< sitevar name="domain" nojs="example.com" >}}'
       authelia_url: 'https://{{< sitevar name="subdomain-authelia" nojs="auth" >}}.{{< sitevar name="domain" nojs="example.com" >}}'
+      same_site: strict
+      secure: true
+      http_only: true

361-371: 🛠️ Refactor suggestion

I pity the fool who leaves default passwords in production!

The warning about changing the default password is good, but let's make it more prominent.

    displayname: "Authelia User"
-    # WARNING: This is a default password for testing only!
+    # ⚠️ WARNING: This is a default password for testing only!
+    # ⚠️ IMPORTANT: Change this password before deploying to production!
+    # ⚠️ Generate a new hash using the instructions at:
+    # ⚠️ https://www.authelia.com/reference/guides/passwords/#passwords
    # Password is 'authelia'
📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 806b471 and 5e7e5ef.

📒 Files selected for processing (1)
  • docs/content/blog/authelia-traefik-setup-guide/index.md (1 hunks)
🧰 Additional context used
🪛 LanguageTool
docs/content/blog/authelia-traefik-setup-guide/index.md

[style] ~19-~19: To make your writing clearer, consider a more direct alternative.
Context: ...u would like an all-in-one demo, please take a look at our [local bundle](https://www....

(TAKE_A_LOOK)


[style] ~21-~21: Unless you want to emphasize “not”, use “cannot” which is more common.
Context: ...more advanced and complex scenarios. We can not reasonably have examples for every adva...

(CAN_NOT_PREMIUM)


[style] ~40-~40: You have already used this phrasing in nearby sentences. Consider replacing it to add variety to your writing.
Context: ...n ## File Structure The first thing we want to do is set up the file structure. Which ...

(REP_WANT_TO_VB)


[uncategorized] ~339-~339: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ... - Configure brute-force protection and rate limiting * [Notifier](https://www.authelia.com/c...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

🪛 Markdownlint (0.37.0)
docs/content/blog/authelia-traefik-setup-guide/index.md

66-66: Expected: h3; Actual: h4
Heading levels should only increment by one level at a time

(MD001, heading-increment)


249-249: Expected: h3; Actual: h4
Heading levels should only increment by one level at a time

(MD001, heading-increment)


323-323: Expected: h5; Actual: h6
Heading levels should only increment by one level at a time

(MD001, heading-increment)


324-324: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)


325-325: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)


326-326: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)


329-329: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)


330-330: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)


331-331: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)


332-332: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)


335-335: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)


336-336: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)


339-339: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)


340-340: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)


348-348: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)


349-349: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)


350-350: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)

🔇 Additional comments (1)
docs/content/blog/authelia-traefik-setup-guide/index.md (1)

140-140: ⚠️ Potential issue

I pity the fool who leaves debug mode on!

Debug mode should be disabled in production environments as it may expose sensitive information.

-  debug: false

Likely invalid or redundant comment.

Copy link
Contributor

@hendrik1120 hendrik1120 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

After executing docker-compose up -d the traefik logs will indicate an error:

2024-12-23T23:16:21+01:00 ERR error="middleware \"authelia@docker\" does not exist" entryPointName=https routerName=whoami-secure@docker
2024-12-23T23:16:21+01:00 ERR error="middleware \"authelia@docker\" does not exist" entryPointName=https routerName=dashboard@docker

It should be noted that this error is expected on startup and that everything is working.

Comment on lines +96 to +97
- cloudflare_email
- cloudflare_api_key
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These secrets are not being mentioned in the secrets section

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should probably avoid using anything platform specific like this and instead use HTTP-01 ACME challenges.

Comment on lines +123 to +126
proxy:
external: true
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is no mention of this network in the guide. If this should be the primary proxy net, authelia itself has no access to it, which will generate the following traefik warning:

2024-12-23T22:41:06+01:00 WRN Defaulting to first available network (&{"project_authelia" "172.19.0.2" '\x00' "" "7ce3d349ad84c0cb0be75dd9aacf8da0977850a380c134b887452243a9051186"}) for container "/authelia". container=authelia-project-6baa555da2ba674e94ebc96d0e11ed733645e77842ef03f87b1872c19029d962 providerName=docker serviceName=authelia-project

A solution would be to either remove the proxy network entirely or adding authelia to the network as well.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

While yes its not mentioned, which I will fix, Authelia does not need to be on/have access to the proxy network to work correctly. This is an ideal situation because it prevents malicious services on the proxy network from inspecting non-tls traffic from authelia

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, sorry. I didn't think of that. Setting the traefik.docker.network to project_authelia will resolve the warning, because compose will always prefix the network with the stack name.

- cloudflare_api_key
labels:
traefik.enable: 'true'
traefik.http.routers.dashboard.rule: 'Host(`traefik.{{< sitevar name="domain" nojs="example.com" >}})'
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Missing `

Suggested change
traefik.http.routers.dashboard.rule: 'Host(`traefik.{{< sitevar name="domain" nojs="example.com" >}})'
traefik.http.routers.dashboard.rule: 'Host(`traefik.{{< sitevar name="domain" nojs="example.com" >}}`)'

address: ":443"
http:
tls:
certResolver: cloudflare@file
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The file operator isn't working here as the provider is in the same file

Suggested change
certResolver: cloudflare@file
certResolver: cloudflare

Comment on lines +143 to +145
log:
level: INFO
filePath: /logs/traefik.log
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since a log file is defined here, traefik won't log to stdout anymore.
Maybe a hint on how to view these logs would help?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm somewhat inclined to think it may be more beneficial to log the standard logs to the console and keep the access logs to a log file.

Comment on lines +78 to +81
proxy: {}
authelia:
aliases:
- '{{< sitevar name="subdomain-authelia" nojs="auth" >}}.{{< sitevar name="domain" nojs="example.com" >}}'
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
proxy: {}
authelia:
aliases:
- '{{< sitevar name="subdomain-authelia" nojs="auth" >}}.{{< sitevar name="domain" nojs="example.com" >}}'
proxy:
aliases:
- '{{< sitevar name="subdomain-authelia" nojs="auth" >}}.{{< sitevar name="domain" nojs="example.com" >}}'
authelia: {}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants