2018-08-27 04:46:15 +07:00
|
|
|
<p align="center">
|
2019-12-06 03:52:04 +07:00
|
|
|
<img src="./docs/images/authelia-title.png" width="350" title="Authelia">
|
2018-08-27 04:46:15 +07:00
|
|
|
</p>
|
2016-12-18 18:35:56 +07:00
|
|
|
|
2020-01-17 03:57:44 +07:00
|
|
|
[![Docker Tag](https://images.microbadger.com/badges/version/authelia/authelia.svg)](https://microbadger.com/images/authelia/authelia)
|
|
|
|
[![Docker Size](https://img.shields.io/microbadger/image-size/authelia/authelia?style=flat-square&=blue&logo=docker)](https://microbadger.com/images/authelia/authelia)
|
|
|
|
[![GitHub Release](https://img.shields.io/github/release/authelia/authelia.svg?style=flat-square&color=blue&logo=github&logoColor=FFFFFF)](https://github.com/authelia/authelia/releases)
|
|
|
|
[![License](https://img.shields.io/badge/license-Apache%202.0-blue.svg?style=flat-square)][Apache 2.0]
|
|
|
|
[![Build](https://img.shields.io/buildkite/d6543d3ece3433f46dbe5fd9fcfaf1f68a6dbc48eb1048bc22/master?style=flat-square&color=brightgreen)](https://buildkite.com/authelia/authelia)
|
|
|
|
[![Gitter](https://img.shields.io/gitter/room/badges/shields.svg?style=flat-square&color=brightgreen)](https://gitter.im/authelia/general?utm_source=share-link&utm_medium=link&utm_campaign=share-link)
|
2016-12-18 02:19:10 +07:00
|
|
|
|
2019-03-25 00:45:32 +07:00
|
|
|
**Authelia** is an open-source authentication and authorization server
|
|
|
|
providing 2-factor authentication and single sign-on (SSO) for your
|
2019-04-18 04:02:10 +07:00
|
|
|
applications via a web portal.
|
2019-12-10 04:34:33 +07:00
|
|
|
It acts as a companion of reverse proxies like [nginx] or [Traefik] to tell them wether queries should pass through. Unauthenticated user are
|
|
|
|
redirected to Authelia Sign-in portal instead.
|
2019-04-18 04:02:10 +07:00
|
|
|
|
2019-12-10 04:34:33 +07:00
|
|
|
The architecture is shown in the diagram below.
|
2019-10-29 05:41:21 +07:00
|
|
|
|
2019-12-10 04:34:33 +07:00
|
|
|
<p align="center" style="margin:50px">
|
|
|
|
<img src="./docs/images/archi.png"/>
|
2019-04-18 04:02:10 +07:00
|
|
|
</p>
|
2018-04-26 14:22:40 +07:00
|
|
|
|
2019-12-10 04:34:33 +07:00
|
|
|
**BREAKING NEWS: Authelia v4 has been released!
|
|
|
|
Please read BREAKING.md if you want to migrate from v3 to v4. Otherwise, start fresh in v4 and enjoy!**
|
|
|
|
|
2018-08-27 04:46:15 +07:00
|
|
|
**Authelia** can be installed as a standalone service using Docker or NPM
|
2019-04-18 04:02:10 +07:00
|
|
|
but can also be deployed easily on [Kubernetes] leveraging ingress controllers and ingress configuration.
|
|
|
|
|
|
|
|
<p align="center">
|
2019-12-06 03:52:04 +07:00
|
|
|
<img src="./docs/images/logos/kubernetes.logo.png" height="100"/>
|
|
|
|
<img src="./docs/images/logos/docker.logo.png" width="100">
|
2019-04-18 04:02:10 +07:00
|
|
|
</p>
|
|
|
|
|
|
|
|
Here is what Authelia's portal looks like
|
2018-04-26 14:22:40 +07:00
|
|
|
|
2018-08-27 04:46:15 +07:00
|
|
|
<p align="center">
|
2019-12-06 03:52:04 +07:00
|
|
|
<img src="./docs/images/1FA.png" width="400" />
|
|
|
|
<img src="./docs/images/2FA-METHODS.png" width="400" />
|
2018-08-27 04:46:15 +07:00
|
|
|
</p>
|
2017-01-29 22:29:36 +07:00
|
|
|
|
2018-08-27 04:46:15 +07:00
|
|
|
## Features summary
|
2017-07-14 05:52:07 +07:00
|
|
|
|
2018-08-27 04:46:15 +07:00
|
|
|
Here is the list of the main available features:
|
2017-07-14 05:52:07 +07:00
|
|
|
|
2019-03-25 00:45:32 +07:00
|
|
|
* Several kind of second factor:
|
2019-12-06 03:52:04 +07:00
|
|
|
* **[Security Key (U2F)](./docs/2factor/security-key.md)** with [Yubikey].
|
|
|
|
* **[Time-based One-Time password](./docs/2factor/time-based-one-time-password.md)** with [Google Authenticator].
|
|
|
|
* **[Mobile Push Notifications](./docs/2factor/duo-push-notifications.md)** with [Duo](https://duo.com/).
|
2019-04-18 04:02:10 +07:00
|
|
|
* Password reset with identity verification using email confirmation.
|
2018-08-27 04:46:15 +07:00
|
|
|
* Single-factor only authentication method available.
|
2017-01-29 22:29:36 +07:00
|
|
|
* Access restriction after too many authentication attempts.
|
2019-03-28 05:09:01 +07:00
|
|
|
* Fine-grained access control per subdomain, user, resource and network.
|
2019-04-18 04:02:10 +07:00
|
|
|
* Support of basic authentication for endpoints protected by single factor.
|
2019-12-07 20:39:21 +07:00
|
|
|
* Highly available using a remote database and Redis as a highly available KV store.
|
2019-04-18 04:02:10 +07:00
|
|
|
* Compatible with Kubernetes [ingress-nginx](https://github.com/kubernetes/ingress-nginx) controller out of the box.
|
2016-12-18 02:19:10 +07:00
|
|
|
|
2019-12-06 03:52:04 +07:00
|
|
|
For more details about the features, follow [Features](./docs/features.md).
|
2017-06-29 16:51:52 +07:00
|
|
|
|
2019-04-18 04:02:10 +07:00
|
|
|
## Proxy support
|
|
|
|
|
2020-01-17 03:57:44 +07:00
|
|
|
Authelia works in combination with [nginx], [Traefik] or [HAProxy]. It can be deployed on bare metal with
|
2019-04-18 04:02:10 +07:00
|
|
|
Docker or directly in [Kubernetes].
|
|
|
|
|
|
|
|
<p align="center">
|
2019-12-06 03:52:04 +07:00
|
|
|
<img src="./docs/images/logos/nginx.logo.png" height="50"/>
|
2020-01-10 12:03:58 +07:00
|
|
|
<img src="./docs/images/logos/traefik.logo.png" height="50"/>
|
|
|
|
<img src="./docs/images/logos/haproxy.logo.png" height="50"/>
|
2019-12-06 03:52:04 +07:00
|
|
|
<img src="./docs/images/logos/kubernetes.logo.png" height="50"/>
|
2019-04-18 04:02:10 +07:00
|
|
|
</p>
|
|
|
|
|
2018-08-27 04:46:15 +07:00
|
|
|
## Getting Started
|
2017-01-29 22:29:36 +07:00
|
|
|
|
2019-03-04 05:51:52 +07:00
|
|
|
You can start off with
|
|
|
|
|
2019-12-24 09:14:52 +07:00
|
|
|
git clone https://github.com/authelia/authelia.git && cd authelia
|
2019-03-04 05:51:52 +07:00
|
|
|
source bootstrap.sh
|
|
|
|
|
2019-12-06 03:52:04 +07:00
|
|
|
If you want to go further, please read [Getting Started](./docs/getting-started.md).
|
2018-11-16 14:39:57 +07:00
|
|
|
|
|
|
|
## Deployment
|
|
|
|
|
2019-03-04 05:51:52 +07:00
|
|
|
Now that you have tested **Authelia** and you want to try it out in your own infrastructure,
|
2019-12-06 03:52:04 +07:00
|
|
|
you can learn how to deploy and use it with [Deployment](./docs/deployment-production.md).
|
2019-03-04 05:51:52 +07:00
|
|
|
This guide will show you how to deploy it on bare metal as well as on
|
|
|
|
[Kubernetes](https://kubernetes.io/).
|
2017-07-14 05:52:07 +07:00
|
|
|
|
2017-10-15 22:57:12 +07:00
|
|
|
## Security
|
|
|
|
|
2018-08-27 04:46:15 +07:00
|
|
|
If you want more information about the security measures applied by
|
|
|
|
**Authelia** and some tips on how to set up **Authelia** in a secure way,
|
2019-12-06 03:52:04 +07:00
|
|
|
refer to [Security](./docs/security.md).
|
2017-10-15 22:57:12 +07:00
|
|
|
|
2019-04-17 03:58:45 +07:00
|
|
|
## Changelog & Breaking changes
|
2017-01-29 22:29:36 +07:00
|
|
|
|
2019-12-06 03:52:04 +07:00
|
|
|
See [CHANGELOG.md](./CHANGELOG.md) and [BREAKING.md](./BREAKING.md).
|
2018-04-26 14:22:40 +07:00
|
|
|
|
2018-11-16 04:47:27 +07:00
|
|
|
## Contribute
|
2017-01-29 22:29:36 +07:00
|
|
|
|
2018-11-16 04:47:27 +07:00
|
|
|
Anybody willing to contribute to the project either with code,
|
|
|
|
documentation, security reviews or whatever, are very welcome to issue
|
|
|
|
or review pull requests and take part to discussions in
|
|
|
|
[Gitter](https://gitter.im/authelia/general?utm_source=share-link&utm_medium=link&utm_campaign=share-link).
|
|
|
|
|
2019-12-05 17:10:02 +07:00
|
|
|
I am very grateful to contributors for their contributions to the project. Don't hesitate, be the next!
|
2018-11-16 14:39:57 +07:00
|
|
|
|
|
|
|
## Build Authelia
|
|
|
|
|
2019-12-06 03:52:04 +07:00
|
|
|
If you want to contribute with code, you should follow the documentation explaining how to [build](./docs/build-and-dev.md) the application.
|
2016-12-18 02:19:10 +07:00
|
|
|
|
|
|
|
## License
|
2018-08-27 04:46:15 +07:00
|
|
|
|
2019-04-17 04:40:15 +07:00
|
|
|
**Authelia** is **licensed** under the **[Apache 2.0]** license. The terms of the license are detailed
|
2019-12-06 03:52:04 +07:00
|
|
|
in [LICENSE](./LICENSE).
|
2016-12-18 02:19:10 +07:00
|
|
|
|
|
|
|
|
2019-04-17 04:40:15 +07:00
|
|
|
[Apache 2.0]: https://www.apache.org/licenses/LICENSE-2.0
|
2017-01-29 22:29:36 +07:00
|
|
|
[TOTP]: https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm
|
2019-03-25 00:45:32 +07:00
|
|
|
[Security Key]: https://www.yubico.com/about/background/fido/
|
2017-01-29 22:29:36 +07:00
|
|
|
[Yubikey]: https://www.yubico.com/products/yubikey-hardware/yubikey4/
|
2017-06-29 16:51:52 +07:00
|
|
|
[auth_request]: http://nginx.org/en/docs/http/ngx_http_auth_request_module.html
|
|
|
|
[Google Authenticator]: https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=en
|
2019-12-06 03:52:04 +07:00
|
|
|
[config.template.yml]: ./config.template.yml
|
2019-04-18 04:02:10 +07:00
|
|
|
[nginx]: https://www.nginx.com/
|
|
|
|
[Traefik]: https://traefik.io/
|
|
|
|
[HAproxy]: http://www.haproxy.org/
|
2020-01-10 12:03:58 +07:00
|
|
|
[Kubernetes]: https://kubernetes.io/
|