2020-06-18 14:49:13 +07:00
#!/usr/bin/env bash
2020-03-27 06:43:10 +07:00
2021-06-18 07:01:09 +07:00
writehosts( ) {
echo " \
127.0.0.1 authelia.$DOMAIN
127.0.0.1 public.$DOMAIN
127.0.0.1 traefik.$DOMAIN
127.0.0.1 secure.$DOMAIN " | sudo tee -a /etc/hosts > /dev/null
}
2020-03-27 06:43:10 +07:00
username( ) {
read -ep "Enter your username for Authelia: " USERNAME
}
password( ) {
read -esp " Enter a password for $USERNAME : " PASSWORD
}
2020-06-19 17:50:21 +07:00
displayname( ) {
read -ep "Enter your display name for Authelia (eg. John Doe): " DISPLAYNAME
}
2020-03-27 06:43:10 +07:00
echo "Checking for pre-requisites"
if [ [ ! -x " $( command -v docker) " ] ] ; then
echo "You must install Docker on your machine" ;
2021-03-30 18:37:34 +07:00
exit 1
2020-03-27 06:43:10 +07:00
fi
if [ [ ! -x " $( command -v docker-compose) " ] ] ; then
echo "You must install Docker Compose on your machine" ;
2021-03-30 18:37:34 +07:00
exit 1
2020-03-27 06:43:10 +07:00
fi
echo "Pulling Authelia docker image for setup"
docker pull authelia/authelia > /dev/null
2021-06-18 07:01:09 +07:00
if [ [ $( id -u) != 0 ] ] ; then
echo "The script requires root access to perform some functions such as modifying your /etc/hosts file"
read -rp "Would you like to elevate access with sudo? [y/N] " confirmsudo
if ! [ [ " $confirmsudo " = ~ ^( [ yY] [ eE] [ sS] | [ yY] ) $ ] ] ; then
echo "Sudo elevation denied, exiting"
exit
fi
fi
echo "Resetting docker-compose.yml, configuration.yml and users_database.yml"
sudo git checkout -- docker-compose.yml authelia/configuration.yml authelia/users_database.yml
2020-03-27 06:43:10 +07:00
read -ep "What root domain would you like to protect? (default/no selection is example.com): " DOMAIN
if [ [ $DOMAIN = = "" ] ] ; then
DOMAIN = "example.com"
fi
MODIFIED = $( cat /etc/hosts | grep $DOMAIN && echo true || echo false )
if [ [ $MODIFIED = = "false" ] ] ; then
2021-06-18 07:01:09 +07:00
writehosts
2020-03-27 06:43:10 +07:00
fi
echo " Generating SSL certificate for *. $DOMAIN "
docker run -a stdout -v $PWD /traefik/certs:/tmp/certs authelia/authelia authelia certificates generate --host *.$DOMAIN --dir /tmp/certs/ > /dev/null
if [ [ $DOMAIN != "example.com" ] ] ; then
if [ [ $( uname) = = "Darwin" ] ] ; then
2021-06-18 07:01:09 +07:00
sudo sed -i '' " s/example.com/ $DOMAIN /g " { docker-compose.yml,authelia/configuration.yml}
2020-03-27 06:43:10 +07:00
else
2021-06-18 07:01:09 +07:00
sudo sed -i " s/example.com/ $DOMAIN /g " { docker-compose.yml,authelia/configuration.yml}
2020-03-27 06:43:10 +07:00
fi
fi
username
if [ [ $USERNAME != "" ] ] ; then
if [ [ $( uname) = = "Darwin" ] ] ; then
2021-06-18 07:01:09 +07:00
sudo sed -i '' " s/<USERNAME>/ $USERNAME /g " authelia/users_database.yml
2020-03-27 06:43:10 +07:00
else
2021-06-18 07:01:09 +07:00
sudo sed -i " s/<USERNAME>/ $USERNAME /g " authelia/users_database.yml
2020-03-27 06:43:10 +07:00
fi
else
echo "Username cannot be empty"
username
fi
2020-06-19 17:50:21 +07:00
displayname
if [ [ $DISPLAYNAME != "" ] ] ; then
if [ [ $( uname) = = "Darwin" ] ] ; then
2021-06-18 07:01:09 +07:00
sudo sed -i '' " s/<DISPLAYNAME>/ $DISPLAYNAME /g " authelia/users_database.yml
2020-06-19 17:50:21 +07:00
else
2021-06-18 07:01:09 +07:00
sudo sed -i " s/<DISPLAYNAME>/ $DISPLAYNAME /g " authelia/users_database.yml
2020-06-19 17:50:21 +07:00
fi
else
echo "Display name cannot be empty"
displayname
fi
2020-03-27 06:43:10 +07:00
password
if [ [ $PASSWORD != "" ] ] ; then
PASSWORD = $( docker run authelia/authelia authelia hash-password $PASSWORD | sed 's/Password hash: //g' )
if [ [ $( uname) = = "Darwin" ] ] ; then
2021-06-18 07:01:09 +07:00
sudo sed -i '' " s/<PASSWORD>/ $( echo $PASSWORD | sed -e 's/[\/&]/\\&/g' ) /g " authelia/users_database.yml
2020-03-27 06:43:10 +07:00
else
2021-06-18 07:01:09 +07:00
sudo sed -i " s/<PASSWORD>/ $( echo $PASSWORD | sed -e 's/[\/&]/\\&/g' ) /g " authelia/users_database.yml
2020-03-27 06:43:10 +07:00
fi
else
echo "Password cannot be empty"
password
fi
docker-compose up -d
cat << EOF
Setup completed successfully.
You can now visit the following locations:
- https://public.$DOMAIN - Bypasses Authelia
- https://traefik.$DOMAIN - Secured with Authelia one-factor authentication
- https://secure.$DOMAIN - Secured with Authelia two-factor authentication ( see note below)
You will need to authorize the self-signed certificate upon visiting each domain.
To visit https://secure.$DOMAIN you will need to register a device for second factor authentication and confirm by clicking on a link sent by email. Since this is a demo with a fake email address, the content of the email will be stored in './authelia/notification.txt' .
Upon registering, you can grab this link easily by running the following command: 'grep -Eo ' "https://.*" ' ./authelia/notification.txt' .
EOF