diff --git a/internal/server/server.go b/internal/server/server.go index 180bc7b5..7225456c 100644 --- a/internal/server/server.go +++ b/internal/server/server.go @@ -1,9 +1,12 @@ package server import ( + "io/ioutil" "net" "os" + "runtime" "strconv" + "strings" duoapi "github.com/duosecurity/duo_api_golang" "github.com/fasthttp/router" @@ -140,6 +143,22 @@ func StartServer(configuration schema.Configuration, providers middlewares.Provi logging.Logger().Fatalf("Error initializing listener: %s", err) } + if configuration.AuthenticationBackend.File != nil && configuration.AuthenticationBackend.File.Password.Algorithm == "argon2id" && runtime.GOOS == "linux" { + f, err := ioutil.ReadFile("/sys/fs/cgroup/memory/memory.limit_in_bytes") + if err != nil { + logging.Logger().Warnf("Error reading hosts memory limit: %s", err) + } else { + m, _ := strconv.Atoi(strings.TrimSuffix(string(f), "\n")) + hostMem := float64(m) / 1024 / 1024 / 1024 + argonMem := float64(configuration.AuthenticationBackend.File.Password.Memory) / 1024 + + if hostMem/argonMem <= 2 { + logging.Logger().Warnf("Authelia's password hashing memory parameter is set to: %gGB this is %g%% of the available memory: %gGB", argonMem, argonMem/hostMem*100, hostMem) + logging.Logger().Warn("Please read https://www.authelia.com/docs/configuration/authentication/file.html#memory and tune your deployment") + } + } + } + if configuration.TLSCert != "" && configuration.TLSKey != "" { logging.Logger().Infof("Authelia is listening for TLS connections on %s%s", addrPattern, configuration.Server.Path) logging.Logger().Fatal(server.ServeTLS(listener, configuration.TLSCert, configuration.TLSKey))