diff --git a/internal/suites/BypassAll/configuration.yml b/internal/suites/BypassAll/configuration.yml index 2b956f9c..01c8f94a 100644 --- a/internal/suites/BypassAll/configuration.yml +++ b/internal/suites/BypassAll/configuration.yml @@ -3,6 +3,8 @@ ############################################################### port: 9091 +tls_cert: /var/lib/authelia/ssl/cert.pem +tls_key: /var/lib/authelia/ssl/key.pem log_level: debug diff --git a/internal/suites/BypassAll/docker-compose.yml b/internal/suites/BypassAll/docker-compose.yml index 86f168e9..94777608 100644 --- a/internal/suites/BypassAll/docker-compose.yml +++ b/internal/suites/BypassAll/docker-compose.yml @@ -3,4 +3,5 @@ services: authelia-backend: volumes: - './BypassAll/configuration.yml:/etc/authelia/configuration.yml:ro' - - './BypassAll/users.yml:/var/lib/authelia/users.yml' \ No newline at end of file + - './BypassAll/users.yml:/var/lib/authelia/users.yml' + - './common/ssl:/var/lib/authelia/ssl:ro' \ No newline at end of file diff --git a/internal/suites/Docker/configuration.yml b/internal/suites/Docker/configuration.yml index 76d8ec4e..1392772b 100644 --- a/internal/suites/Docker/configuration.yml +++ b/internal/suites/Docker/configuration.yml @@ -3,6 +3,8 @@ ############################################################### port: 9091 +tls_cert: /var/lib/authelia/ssl/cert.pem +tls_key: /var/lib/authelia/ssl/key.pem log_level: debug diff --git a/internal/suites/Docker/docker-compose.yml b/internal/suites/Docker/docker-compose.yml index e0ae05ac..6a4cf388 100644 --- a/internal/suites/Docker/docker-compose.yml +++ b/internal/suites/Docker/docker-compose.yml @@ -3,4 +3,5 @@ services: authelia-backend: volumes: - './Docker/configuration.yml:/etc/authelia/configuration.yml:ro' - - './Docker/users.yml:/var/lib/authelia/users.yml' \ No newline at end of file + - './Docker/users.yml:/var/lib/authelia/users.yml' + - './common/ssl:/var/lib/authelia/ssl:ro' \ No newline at end of file diff --git a/internal/suites/DuoPush/configuration.yml b/internal/suites/DuoPush/configuration.yml index 5bb130d9..4648839d 100644 --- a/internal/suites/DuoPush/configuration.yml +++ b/internal/suites/DuoPush/configuration.yml @@ -3,6 +3,8 @@ ############################################################### port: 9091 +tls_cert: /var/lib/authelia/ssl/cert.pem +tls_key: /var/lib/authelia/ssl/key.pem log_level: trace diff --git a/internal/suites/DuoPush/docker-compose.yml b/internal/suites/DuoPush/docker-compose.yml index 1b7ae866..5913560d 100644 --- a/internal/suites/DuoPush/docker-compose.yml +++ b/internal/suites/DuoPush/docker-compose.yml @@ -3,4 +3,5 @@ services: authelia-backend: volumes: - './DuoPush/configuration.yml:/etc/authelia/configuration.yml:ro' - - './DuoPush/users.yml:/var/lib/authelia/users.yml' \ No newline at end of file + - './DuoPush/users.yml:/var/lib/authelia/users.yml' + - './common/ssl:/var/lib/authelia/ssl:ro' \ No newline at end of file diff --git a/internal/suites/HAProxy/configuration.yml b/internal/suites/HAProxy/configuration.yml index cf85a43c..c9c34ffc 100644 --- a/internal/suites/HAProxy/configuration.yml +++ b/internal/suites/HAProxy/configuration.yml @@ -3,6 +3,8 @@ ############################################################### port: 9091 +tls_cert: /var/lib/authelia/ssl/cert.pem +tls_key: /var/lib/authelia/ssl/key.pem log_level: debug diff --git a/internal/suites/HAProxy/docker-compose.yml b/internal/suites/HAProxy/docker-compose.yml index b4bf9668..2c6ddf17 100644 --- a/internal/suites/HAProxy/docker-compose.yml +++ b/internal/suites/HAProxy/docker-compose.yml @@ -3,4 +3,5 @@ services: authelia-backend: volumes: - './HAProxy/configuration.yml:/etc/authelia/configuration.yml:ro' - - './HAProxy/users.yml:/var/lib/authelia/users.yml' \ No newline at end of file + - './HAProxy/users.yml:/var/lib/authelia/users.yml' + - './common/ssl:/var/lib/authelia/ssl:ro' \ No newline at end of file diff --git a/internal/suites/HighAvailability/configuration.yml b/internal/suites/HighAvailability/configuration.yml index c82ddab7..2f4f588b 100644 --- a/internal/suites/HighAvailability/configuration.yml +++ b/internal/suites/HighAvailability/configuration.yml @@ -3,6 +3,8 @@ ############################################################### port: 9091 +tls_cert: /var/lib/authelia/ssl/cert.pem +tls_key: /var/lib/authelia/ssl/key.pem log_level: debug diff --git a/internal/suites/HighAvailability/docker-compose.yml b/internal/suites/HighAvailability/docker-compose.yml index 2961f325..38bba312 100644 --- a/internal/suites/HighAvailability/docker-compose.yml +++ b/internal/suites/HighAvailability/docker-compose.yml @@ -2,4 +2,5 @@ version: '3' services: authelia-backend: volumes: - - './HighAvailability/configuration.yml:/etc/authelia/configuration.yml:ro' \ No newline at end of file + - './HighAvailability/configuration.yml:/etc/authelia/configuration.yml:ro' + - './common/ssl:/var/lib/authelia/ssl:ro' \ No newline at end of file diff --git a/internal/suites/LDAP/configuration.yml b/internal/suites/LDAP/configuration.yml index d7a51cfa..be6d7412 100644 --- a/internal/suites/LDAP/configuration.yml +++ b/internal/suites/LDAP/configuration.yml @@ -3,6 +3,8 @@ ############################################################### port: 9091 +tls_cert: /var/lib/authelia/ssl/cert.pem +tls_key: /var/lib/authelia/ssl/key.pem log_level: debug diff --git a/internal/suites/LDAP/docker-compose.yml b/internal/suites/LDAP/docker-compose.yml index 5f0e55b4..dfb0d559 100644 --- a/internal/suites/LDAP/docker-compose.yml +++ b/internal/suites/LDAP/docker-compose.yml @@ -2,4 +2,5 @@ version: '3' services: authelia-backend: volumes: - - './LDAP/configuration.yml:/etc/authelia/configuration.yml:ro' \ No newline at end of file + - './LDAP/configuration.yml:/etc/authelia/configuration.yml:ro' + - './common/ssl:/var/lib/authelia/ssl:ro' \ No newline at end of file diff --git a/internal/suites/Mariadb/configuration.yml b/internal/suites/Mariadb/configuration.yml index dadfc6e4..a366c6fa 100644 --- a/internal/suites/Mariadb/configuration.yml +++ b/internal/suites/Mariadb/configuration.yml @@ -3,6 +3,8 @@ ############################################################### port: 9091 +tls_cert: /var/lib/authelia/ssl/cert.pem +tls_key: /var/lib/authelia/ssl/key.pem log_level: debug diff --git a/internal/suites/Mariadb/docker-compose.yml b/internal/suites/Mariadb/docker-compose.yml index ae7891ec..1bda82c0 100644 --- a/internal/suites/Mariadb/docker-compose.yml +++ b/internal/suites/Mariadb/docker-compose.yml @@ -3,4 +3,5 @@ services: authelia-backend: volumes: - './Mariadb/configuration.yml:/etc/authelia/configuration.yml:ro' - - './Mariadb/users.yml:/var/lib/authelia/users.yml' \ No newline at end of file + - './Mariadb/users.yml:/var/lib/authelia/users.yml' + - './common/ssl:/var/lib/authelia/ssl:ro' \ No newline at end of file diff --git a/internal/suites/MySQL/configuration.yml b/internal/suites/MySQL/configuration.yml index 447bfd12..962c6b3a 100644 --- a/internal/suites/MySQL/configuration.yml +++ b/internal/suites/MySQL/configuration.yml @@ -3,6 +3,8 @@ ############################################################### port: 9091 +tls_cert: /var/lib/authelia/ssl/cert.pem +tls_key: /var/lib/authelia/ssl/key.pem log_level: debug diff --git a/internal/suites/MySQL/docker-compose.yml b/internal/suites/MySQL/docker-compose.yml index b3a10235..ad9179ba 100644 --- a/internal/suites/MySQL/docker-compose.yml +++ b/internal/suites/MySQL/docker-compose.yml @@ -3,4 +3,5 @@ services: authelia-backend: volumes: - './MySQL/configuration.yml:/etc/authelia/configuration.yml:ro' - - './MySQL/users.yml:/var/lib/authelia/users.yml' \ No newline at end of file + - './MySQL/users.yml:/var/lib/authelia/users.yml' + - './common/ssl:/var/lib/authelia/ssl:ro' \ No newline at end of file diff --git a/internal/suites/NetworkACL/configuration.yml b/internal/suites/NetworkACL/configuration.yml index 3da03b5a..be4c4640 100644 --- a/internal/suites/NetworkACL/configuration.yml +++ b/internal/suites/NetworkACL/configuration.yml @@ -3,6 +3,8 @@ ############################################################### port: 9091 +tls_cert: /var/lib/authelia/ssl/cert.pem +tls_key: /var/lib/authelia/ssl/key.pem log_level: debug diff --git a/internal/suites/NetworkACL/docker-compose.yml b/internal/suites/NetworkACL/docker-compose.yml index c96df73b..34eb9a02 100644 --- a/internal/suites/NetworkACL/docker-compose.yml +++ b/internal/suites/NetworkACL/docker-compose.yml @@ -3,4 +3,5 @@ services: authelia-backend: volumes: - './NetworkACL/configuration.yml:/etc/authelia/configuration.yml:ro' - - './NetworkACL/users.yml:/var/lib/authelia/users.yml' \ No newline at end of file + - './NetworkACL/users.yml:/var/lib/authelia/users.yml' + - './common/ssl:/var/lib/authelia/ssl:ro' \ No newline at end of file diff --git a/internal/suites/OneFactorOnly/configuration.yml b/internal/suites/OneFactorOnly/configuration.yml index cb791f2c..61b84f20 100644 --- a/internal/suites/OneFactorOnly/configuration.yml +++ b/internal/suites/OneFactorOnly/configuration.yml @@ -3,6 +3,8 @@ ############################################################### port: 9091 +tls_cert: /var/lib/authelia/ssl/cert.pem +tls_key: /var/lib/authelia/ssl/key.pem log_level: debug diff --git a/internal/suites/OneFactorOnly/docker-compose.yml b/internal/suites/OneFactorOnly/docker-compose.yml index 14fdf72e..ab16e700 100644 --- a/internal/suites/OneFactorOnly/docker-compose.yml +++ b/internal/suites/OneFactorOnly/docker-compose.yml @@ -3,4 +3,5 @@ services: authelia-backend: volumes: - './OneFactorOnly/configuration.yml:/etc/authelia/configuration.yml:ro' - - './OneFactorOnly/users.yml:/var/lib/authelia/users.yml' \ No newline at end of file + - './OneFactorOnly/users.yml:/var/lib/authelia/users.yml' + - './common/ssl:/var/lib/authelia/ssl:ro' \ No newline at end of file diff --git a/internal/suites/Postgres/configuration.yml b/internal/suites/Postgres/configuration.yml index aff76b0a..2f9eff19 100644 --- a/internal/suites/Postgres/configuration.yml +++ b/internal/suites/Postgres/configuration.yml @@ -3,6 +3,8 @@ ############################################################### port: 9091 +tls_cert: /var/lib/authelia/ssl/cert.pem +tls_key: /var/lib/authelia/ssl/key.pem log_level: debug diff --git a/internal/suites/Postgres/docker-compose.yml b/internal/suites/Postgres/docker-compose.yml index 19720e36..03168aa7 100644 --- a/internal/suites/Postgres/docker-compose.yml +++ b/internal/suites/Postgres/docker-compose.yml @@ -3,4 +3,5 @@ services: authelia-backend: volumes: - './Postgres/configuration.yml:/etc/authelia/configuration.yml:ro' - - './Postgres/users.yml:/var/lib/authelia/users.yml' \ No newline at end of file + - './Postgres/users.yml:/var/lib/authelia/users.yml' + - './common/ssl:/var/lib/authelia/ssl:ro' \ No newline at end of file diff --git a/internal/suites/ShortTimeouts/configuration.yml b/internal/suites/ShortTimeouts/configuration.yml index 158b7c6a..67b2d2c0 100644 --- a/internal/suites/ShortTimeouts/configuration.yml +++ b/internal/suites/ShortTimeouts/configuration.yml @@ -3,6 +3,8 @@ ############################################################### port: 9091 +tls_cert: /var/lib/authelia/ssl/cert.pem +tls_key: /var/lib/authelia/ssl/key.pem log_level: debug diff --git a/internal/suites/ShortTimeouts/docker-compose.yml b/internal/suites/ShortTimeouts/docker-compose.yml index 5402c561..fda2f1a9 100644 --- a/internal/suites/ShortTimeouts/docker-compose.yml +++ b/internal/suites/ShortTimeouts/docker-compose.yml @@ -3,4 +3,5 @@ services: authelia-backend: volumes: - './ShortTimeouts/configuration.yml:/etc/authelia/configuration.yml:ro' - - './ShortTimeouts/users.yml:/var/lib/authelia/users.yml' \ No newline at end of file + - './ShortTimeouts/users.yml:/var/lib/authelia/users.yml' + - './common/ssl:/var/lib/authelia/ssl:ro' \ No newline at end of file diff --git a/internal/suites/Standalone/docker-compose.yml b/internal/suites/Standalone/docker-compose.yml index aa7cb4c5..258a6da1 100644 --- a/internal/suites/Standalone/docker-compose.yml +++ b/internal/suites/Standalone/docker-compose.yml @@ -7,6 +7,6 @@ services: volumes: - './Standalone/configuration.yml:/etc/authelia/configuration.yml:ro' - './Standalone/users.yml:/var/lib/authelia/users.yml' - - './Standalone/ssl:/var/lib/authelia/ssl' + - './common/ssl:/var/lib/authelia/ssl:ro' - '/tmp:/tmp' user: ${USER_ID}:${GROUP_ID} \ No newline at end of file diff --git a/internal/suites/Traefik/configuration.yml b/internal/suites/Traefik/configuration.yml index 154ba83a..cb6617eb 100644 --- a/internal/suites/Traefik/configuration.yml +++ b/internal/suites/Traefik/configuration.yml @@ -3,6 +3,8 @@ ############################################################### port: 9091 +tls_cert: /var/lib/authelia/ssl/cert.pem +tls_key: /var/lib/authelia/ssl/key.pem log_level: debug diff --git a/internal/suites/Traefik/docker-compose.yml b/internal/suites/Traefik/docker-compose.yml index 212e2d01..9737ffed 100644 --- a/internal/suites/Traefik/docker-compose.yml +++ b/internal/suites/Traefik/docker-compose.yml @@ -3,4 +3,5 @@ services: authelia-backend: volumes: - './Traefik/configuration.yml:/etc/authelia/configuration.yml:ro' - - './Traefik/users.yml:/var/lib/authelia/users.yml' \ No newline at end of file + - './Traefik/users.yml:/var/lib/authelia/users.yml' + - './common/ssl:/var/lib/authelia/ssl:ro' \ No newline at end of file diff --git a/internal/suites/Traefik2/configuration.yml b/internal/suites/Traefik2/configuration.yml index 154ba83a..cb6617eb 100644 --- a/internal/suites/Traefik2/configuration.yml +++ b/internal/suites/Traefik2/configuration.yml @@ -3,6 +3,8 @@ ############################################################### port: 9091 +tls_cert: /var/lib/authelia/ssl/cert.pem +tls_key: /var/lib/authelia/ssl/key.pem log_level: debug diff --git a/internal/suites/Traefik2/docker-compose.yml b/internal/suites/Traefik2/docker-compose.yml index 14d2c68b..6a75bff9 100644 --- a/internal/suites/Traefik2/docker-compose.yml +++ b/internal/suites/Traefik2/docker-compose.yml @@ -3,4 +3,5 @@ services: authelia-backend: volumes: - './Traefik2/configuration.yml:/etc/authelia/configuration.yml:ro' - - './Traefik2/users.yml:/var/lib/authelia/users.yml' \ No newline at end of file + - './Traefik2/users.yml:/var/lib/authelia/users.yml' + - './common/ssl:/var/lib/authelia/ssl:ro' \ No newline at end of file diff --git a/internal/suites/action_login.go b/internal/suites/action_login.go index 52df94ac..6a73750b 100644 --- a/internal/suites/action_login.go +++ b/internal/suites/action_login.go @@ -3,6 +3,7 @@ package suites import ( "context" "testing" + "time" "github.com/stretchr/testify/require" ) @@ -38,6 +39,10 @@ func (wds *WebDriverSession) doLoginTwoFactor(ctx context.Context, t *testing.T, wds.doLoginOneFactor(ctx, t, username, password, keepMeLoggedIn, targetURL) wds.verifyIsSecondFactorPage(ctx, t) wds.doValidateTOTP(ctx, t, otpSecret) + // timeout when targetURL is not defined to prevent a show stopping redirect when visiting a protected domain + if targetURL == "" { + time.Sleep(1 * time.Second) + } } // Login 1FA and register 2FA. @@ -53,6 +58,6 @@ func (wds *WebDriverSession) doLoginAndRegisterTOTP(ctx context.Context, t *test func (wds *WebDriverSession) doRegisterAndLogin2FA(ctx context.Context, t *testing.T, username, password string, keepMeLoggedIn bool, targetURL string) string { //nolint:unparam // Register TOTP secret and logout. secret := wds.doRegisterThenLogout(ctx, t, username, password) - wds.doLoginTwoFactor(ctx, t, username, password, false, secret, targetURL) + wds.doLoginTwoFactor(ctx, t, username, password, keepMeLoggedIn, secret, targetURL) return secret } diff --git a/internal/suites/Standalone/ssl/cert.pem b/internal/suites/common/ssl/cert.pem similarity index 100% rename from internal/suites/Standalone/ssl/cert.pem rename to internal/suites/common/ssl/cert.pem diff --git a/internal/suites/Standalone/ssl/key.pem b/internal/suites/common/ssl/key.pem similarity index 100% rename from internal/suites/Standalone/ssl/key.pem rename to internal/suites/common/ssl/key.pem diff --git a/internal/suites/example/compose/authelia/docker-compose.backend.dev.yml b/internal/suites/example/compose/authelia/docker-compose.backend.dev.yml index 05764a32..02a473f5 100644 --- a/internal/suites/example/compose/authelia/docker-compose.backend.dev.yml +++ b/internal/suites/example/compose/authelia/docker-compose.backend.dev.yml @@ -14,12 +14,15 @@ services: - '../..:/app' - '${GOPATH}:/go' labels: + # Traefik 1.x - 'traefik.frontend.rule=Host:login.example.com;PathPrefix:/api' + # Traefik 2.x - 'traefik.http.routers.authelia_backend.rule=Host(`login.example.com`) && PathPrefix(`/api`)' - 'traefik.http.routers.authelia_backend.entrypoints=https' - 'traefik.http.routers.authelia_backend.tls=true' + - 'traefik.http.services.authelia_backend.loadbalancer.server.scheme=https' environment: - ENVIRONMENT=dev networks: authelianet: - ipv4_address: 192.168.240.50 \ No newline at end of file + ipv4_address: 192.168.240.50 diff --git a/internal/suites/example/compose/authelia/docker-compose.backend.dist.yml b/internal/suites/example/compose/authelia/docker-compose.backend.dist.yml index 3b410cfe..2e992567 100644 --- a/internal/suites/example/compose/authelia/docker-compose.backend.dist.yml +++ b/internal/suites/example/compose/authelia/docker-compose.backend.dist.yml @@ -3,13 +3,17 @@ services: authelia-backend: image: authelia:dist labels: - - 'traefik.frontend.rule=Host:login.example.com' - - 'traefik.http.routers.authelia.rule=Host(`login.example.com`)' - - 'traefik.http.routers.authelia.entrypoints=https' - - 'traefik.http.routers.authelia.tls=true' + # Traefik 1.x + - 'traefik.frontend.rule=Host:login.example.com;PathPrefix:/api' + - 'traefik.protocol=https' + # Traefik 2.x + - 'traefik.http.routers.authelia_backend.rule=Host(`login.example.com`) && PathPrefix(`/api`)' + - 'traefik.http.routers.authelia_backend.entrypoints=https' + - 'traefik.http.routers.authelia_backend.tls=true' + - 'traefik.http.services.authelia_backend.loadbalancer.server.scheme=https' environment: - ENVIRONMENT=dev restart: always networks: authelianet: - ipv4_address: 192.168.240.50 \ No newline at end of file + ipv4_address: 192.168.240.50 diff --git a/internal/suites/example/compose/authelia/docker-compose.frontend.dev.yml b/internal/suites/example/compose/authelia/docker-compose.frontend.dev.yml index 1a159cf9..11f7f817 100644 --- a/internal/suites/example/compose/authelia/docker-compose.frontend.dev.yml +++ b/internal/suites/example/compose/authelia/docker-compose.frontend.dev.yml @@ -14,9 +14,11 @@ services: - './example/compose/authelia/resources/:/resources' - '../../web:/app' labels: + # Traefik 1.x - 'traefik.frontend.rule=Host:login.example.com' + # Traefik 2.x - 'traefik.http.routers.authelia_frontend.rule=Host(`login.example.com`)' - 'traefik.http.routers.authelia_frontend.entrypoints=https' - 'traefik.http.routers.authelia_frontend.tls=true' networks: - - authelianet \ No newline at end of file + - authelianet diff --git a/internal/suites/example/compose/authelia/docker-compose.frontend.dist.yml b/internal/suites/example/compose/authelia/docker-compose.frontend.dist.yml index ae368391..e439689a 100644 --- a/internal/suites/example/compose/authelia/docker-compose.frontend.dist.yml +++ b/internal/suites/example/compose/authelia/docker-compose.frontend.dist.yml @@ -4,5 +4,15 @@ services: image: nginx:alpine volumes: - './example/compose/authelia/resources/nginx.conf:/etc/nginx/nginx.conf' + labels: + # Traefik 1.x + - 'traefik.frontend.rule=Host:login.example.com' + # Traefik 2.x + - 'traefik.http.routers.authelia_frontend.rule=Host(`login.example.com`)' + - 'traefik.http.routers.authelia_frontend.entrypoints=https' + - 'traefik.http.routers.authelia_frontend.tls=true' + - 'traefik.http.services.authelia_frontend.loadbalancer.server.port=3000' networks: - - authelianet \ No newline at end of file + - authelianet + expose: + - 3000 diff --git a/internal/suites/example/compose/authelia/resources/nginx.conf b/internal/suites/example/compose/authelia/resources/nginx.conf index e26661ea..3961e7a3 100644 --- a/internal/suites/example/compose/authelia/resources/nginx.conf +++ b/internal/suites/example/compose/authelia/resources/nginx.conf @@ -9,19 +9,12 @@ http { server { listen 3000; - location / { - proxy_set_header Host $http_host; - proxy_pass http://authelia-backend:9091; - } - } - - server { - # Reach authelia-backend using TLS. - listen 3001; + resolver 127.0.0.11 ipv6=off; + set $backend_endpoint https://authelia-backend:9091; location / { proxy_set_header Host $http_host; - proxy_pass https://authelia-backend:9091; + proxy_pass $backend_endpoint; } } } \ No newline at end of file diff --git a/internal/suites/example/compose/haproxy/docker-compose.yml b/internal/suites/example/compose/haproxy/docker-compose.yml index 35d97c56..90ad45b5 100644 --- a/internal/suites/example/compose/haproxy/docker-compose.yml +++ b/internal/suites/example/compose/haproxy/docker-compose.yml @@ -3,7 +3,7 @@ services: haproxy: build: ./example/compose/haproxy/ volumes: - - ./example/compose/haproxy/haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg + - ./example/compose/haproxy/haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg:ro networks: authelianet: # Set the IP to be able to query on port 8080 diff --git a/internal/suites/example/compose/haproxy/haproxy.cfg b/internal/suites/example/compose/haproxy/haproxy.cfg index 705d91b2..b5b1ea9b 100644 --- a/internal/suites/example/compose/haproxy/haproxy.cfg +++ b/internal/suites/example/compose/haproxy/haproxy.cfg @@ -33,7 +33,9 @@ frontend fe_http http-request add-header X-Forwarded-Port %[dst_port] http-request set-header X-Forwarded-Uri %[path]%[var(req.questionmark)]%[query] - http-request lua.auth-request be_authelia /api/verify if protected-frontends + # be_auth_request is used to make HAProxy do the TLS termination since the Lua script + # does not know how to handle it (see https://github.com/TimWolla/haproxy-auth-request/issues/12). + http-request lua.auth-request be_auth_request /api/verify if protected-frontends use_backend be_authelia if host-authelia-portal api-path use_backend fe_authelia if host-authelia-portal !api-path @@ -42,7 +44,16 @@ frontend fe_http use_backend be_mail if { hdr(host) -i mail.example.com:8080 } backend be_authelia - server authelia-backend authelia-backend:9091 + server authelia-backend authelia-backend:9091 ssl verify none + +backend be_auth_request + mode http + server proxy 127.0.0.1:8085 + +listen be_auth_request_proxy + mode http + bind 127.0.0.1:8085 + server authelia-backend authelia-backend:9091 ssl verify none backend fe_authelia server authelia-frontend authelia-frontend:3000 @@ -51,4 +62,4 @@ backend be_mail server smtp-backend smtp:1080 backend be_protected - server nginx-backend nginx-backend:80 \ No newline at end of file + server nginx-backend nginx-backend:80 diff --git a/internal/suites/example/compose/nginx/backend/docker-compose.yml b/internal/suites/example/compose/nginx/backend/docker-compose.yml index bda2471e..42cf7a6b 100644 --- a/internal/suites/example/compose/nginx/backend/docker-compose.yml +++ b/internal/suites/example/compose/nginx/backend/docker-compose.yml @@ -5,7 +5,7 @@ services: context: ./example/compose/nginx/backend labels: - 'traefik.frontend.rule=Host:home.example.com,public.example.com,secure.example.com,admin.example.com,singlefactor.example.com' # Traefik 1.x - - 'traefik.frontend.auth.forward.address=http://authelia-backend:9091/api/verify?rd=https://login.example.com:8080/' # Traefik 1.x + - 'traefik.frontend.auth.forward.address=https://authelia-backend:9091/api/verify?rd=https://login.example.com:8080/' # Traefik 1.x - 'traefik.frontend.auth.forward.tls.insecureSkipVerify=true' # Traefik 1.x - 'traefik.frontend.auth.forward.trustForwardHeader=true' # Traefik 1.x - 'traefik.frontend.auth.forward.authResponseHeaders=Remote-User,Remote-Groups' # Traefik 1.x @@ -13,7 +13,7 @@ services: - 'traefik.http.routers.protectedapps.entrypoints=https' # Traefik 2.x - 'traefik.http.routers.protectedapps.tls=true' # Traefik 2.x - 'traefik.http.routers.protectedapps.middlewares=authelia' # Traefik 2.x - - 'traefik.http.middlewares.authelia.forwardauth.address=http://authelia-backend:9091/api/verify?rd=https://login.example.com:8080/' # Traefik 2.x + - 'traefik.http.middlewares.authelia.forwardauth.address=https://authelia-backend:9091/api/verify?rd=https://login.example.com:8080/' # Traefik 2.x - 'traefik.http.middlewares.authelia.forwardauth.tls.insecureSkipVerify=true' # Traefik 2.x - 'traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true' # Traefik 2.x - 'traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User, Remote-Groups' # Traefik 2.x diff --git a/internal/suites/example/compose/nginx/portal/docker-compose.https.yml b/internal/suites/example/compose/nginx/portal/docker-compose.https.yml deleted file mode 100644 index cf418a77..00000000 --- a/internal/suites/example/compose/nginx/portal/docker-compose.https.yml +++ /dev/null @@ -1,16 +0,0 @@ -version: '3' -services: - nginx-portal: - image: nginx:alpine - volumes: - - ./example/compose/nginx/portal/nginx.https.conf:/etc/nginx/nginx.conf - - ./example/compose/nginx/portal/ssl:/etc/ssl - networks: - authelianet: - aliases: - - public.example.com - - secure.example.com - - login.example.com - - duo.example.com - # Set the IP to be able to query on port 443 - ipv4_address: 192.168.240.100 diff --git a/internal/suites/example/compose/nginx/portal/nginx.conf b/internal/suites/example/compose/nginx/portal/nginx.conf index 261b0778..563d2452 100644 --- a/internal/suites/example/compose/nginx/portal/nginx.conf +++ b/internal/suites/example/compose/nginx/portal/nginx.conf @@ -14,7 +14,7 @@ http { resolver 127.0.0.11 ipv6=off; set $frontend_endpoint http://authelia-frontend:3000; - set $backend_endpoint http://authelia-backend:9091; + set $backend_endpoint https://authelia-backend:9091; ssl_certificate /etc/ssl/server.cert; ssl_certificate_key /etc/ssl/server.key; @@ -89,7 +89,7 @@ http { mx1.mail.example.com mx2.mail.example.com; resolver 127.0.0.11 ipv6=off; - set $upstream_verify http://authelia-backend:9091/api/verify; + set $upstream_verify https://authelia-backend:9091/api/verify; set $upstream_endpoint http://nginx-backend; set $upstream_headers http://httpbin:8000/headers; diff --git a/internal/suites/example/compose/nginx/portal/nginx.https.conf b/internal/suites/example/compose/nginx/portal/nginx.https.conf deleted file mode 100644 index f24da99a..00000000 --- a/internal/suites/example/compose/nginx/portal/nginx.https.conf +++ /dev/null @@ -1,242 +0,0 @@ -# -# You can find a documented example of configuration in ./docs/proxies/nginx.md. -# -worker_processes 1; - -events { - worker_connections 1024; -} - -http { - upstream authelia-frontend { - server authelia-frontend:3001 fail_timeout=180s; - server authelia-frontend:3000 backup; - } - - server { - listen 8080 ssl; - server_name login.example.com; - - resolver 127.0.0.11 ipv6=off; - set $frontend_endpoint http://authelia-frontend; - set $backend_endpoint https://authelia-backend:9091; - - ssl_certificate /etc/ssl/server.cert; - ssl_certificate_key /etc/ssl/server.key; - - add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; - add_header X-Frame-Options "SAMEORIGIN"; - - error_page 497 301 =307 https://$host:$server_port$request_uri; - - # Serve the backend API for the portal. - location /api { - proxy_set_header X-Real-IP $remote_addr; - - # Required by Authelia because "trust proxy" option is used. - # See https://expressjs.com/en/guide/behind-proxies.html - proxy_set_header X-Forwarded-Proto $scheme; - - # Required by Authelia to build correct links for identity validation. - proxy_set_header X-Forwarded-Host $http_host; - - # Needed for network ACLs to work. It appends the IP of the client to the list of IPs - # and allows Authelia to use it to match the network-based ACLs. - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - - proxy_intercept_errors on; - - proxy_pass $backend_endpoint; - } - - # Serves the portal application. - location / { - # Allow websockets for webpack to auto-reload. - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; - proxy_set_header Host "127.0.0.1"; - - proxy_pass $frontend_endpoint; - } - } - - # Serves the home page. - server { - listen 8080 ssl; - server_name home.example.com; - - resolver 127.0.0.11 ipv6=off; - set $upstream_endpoint http://nginx-backend; - - ssl_certificate /etc/ssl/server.cert; - ssl_certificate_key /etc/ssl/server.key; - - add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; - add_header X-Frame-Options "SAMEORIGIN"; - - error_page 497 301 =307 https://$host:$server_port$request_uri; - - location / { - proxy_set_header Host $http_host; - proxy_pass $upstream_endpoint; - } - } - - # Example configuration of domains protected by Authelia. - server { - listen 8080 ssl; - server_name public.example.com - admin.example.com - secure.example.com - dev.example.com - singlefactor.example.com - mx1.mail.example.com mx2.mail.example.com; - - resolver 127.0.0.11 ipv6=off; - set $upstream_verify https://authelia-backend:9091/api/verify; - set $upstream_endpoint http://nginx-backend; - set $upstream_headers http://httpbin:8000/headers; - - ssl_certificate /etc/ssl/server.cert; - ssl_certificate_key /etc/ssl/server.key; - - add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; - add_header X-Frame-Options "SAMEORIGIN"; - - error_page 497 301 =307 https://$host:$server_port$request_uri; - - # Reverse proxy to the backend. It is protected by Authelia by forwarding authorization checks - # to the virtual endpoint introduced by nginx and declared in the next block. - location / { - auth_request /auth_verify; - - auth_request_set $user $upstream_http_remote_user; - proxy_set_header X-Forwarded-User $user; - - auth_request_set $groups $upstream_http_remote_groups; - proxy_set_header Remote-Groups $groups; - - # Route the request to the correct virtual host in the backend. - proxy_set_header Host $http_host; - - # Authelia relies on Proxy-Authorization header to authenticate in basic auth. - # but for the sake of simplicity (because Authorization in supported in most - # clients) we take Authorization from the frontend and rewrite it to - # Proxy-Authorization before sending it to Authelia. - proxy_set_header Proxy-Authorization $http_authorization; - - # mitigate HTTPoxy Vulnerability - # https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/ - proxy_set_header Proxy ""; - - # Set the `target_url` variable based on the request. It will be used to build the portal - # URL with the correct redirection parameter. - set $target_url $scheme://$http_host$request_uri; - error_page 401 =302 https://login.example.com:8080/?rd=$target_url; - - proxy_pass $upstream_endpoint; - } - - # Virtual endpoint forwarding requests to Authelia server. - location /auth_verify { - internal; - proxy_set_header X-Real-IP $remote_addr; - - # Provide either X-Original-URL and X-Forwarded-Proto or - # X-Forwarded-Proto, X-Forwarded-Host and X-Forwarded-URI or both. - # Those headers will be used by Authelia to deduce the target url of the user. - # - # X-Forwarded-Proto is mandatory since Authelia uses the "trust proxy" option. - # See https://expressjs.com/en/guide/behind-proxies.html - proxy_set_header X-Original-URL $scheme://$http_host$request_uri; - - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-Host $http_host; - proxy_set_header X-Forwarded-URI $request_uri; - - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - - # Authelia can receive Proxy-Authorization to authenticate however most of the clients - # support Authorization instead. Therefore we rewrite Authorization into Proxy-Authorization. - proxy_set_header Proxy-Authorization $http_authorization; - - proxy_pass_request_body off; - proxy_set_header Content-Length ""; - - proxy_pass $upstream_verify; - } - - # Used by suites to test the forwarded users and groups headers produced by Authelia. - location /headers { - auth_request /auth_verify; - - auth_request_set $user $upstream_http_remote_user; - proxy_set_header Custom-Forwarded-User $user; - - auth_request_set $groups $upstream_http_remote_groups; - proxy_set_header Custom-Forwarded-Groups $groups; - - set $target_url $scheme://$http_host$request_uri; - error_page 401 =302 https://login.example.com:8080/?rd=$target_url; - - proxy_pass $upstream_headers; - } - } - - # Fake Web Mail used to receive emails sent by Authelia. - server { - listen 8080 ssl; - server_name mail.example.com; - - resolver 127.0.0.11 ipv6=off; - set $upstream_endpoint http://smtp:1080; - - ssl_certificate /etc/ssl/server.cert; - ssl_certificate_key /etc/ssl/server.key; - - add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; - add_header X-Frame-Options "SAMEORIGIN"; - - error_page 497 301 =307 https://$host:$server_port$request_uri; - - location / { - proxy_set_header Host $http_host; - proxy_pass $upstream_endpoint; - } - } - - # Fake API emulating Duo behavior - server { - listen 443 ssl; - server_name duo.example.com; - - resolver 127.0.0.11 ipv6=off; - set $upstream_endpoint http://duo-api:3000; - - ssl_certificate /etc/ssl/server.cert; - ssl_certificate_key /etc/ssl/server.key; - - add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; - add_header X-Frame-Options "SAMEORIGIN"; - - error_page 497 301 =307 https://$host:$server_port$request_uri; - - location / { - proxy_set_header Host $http_host; - proxy_pass $upstream_endpoint; - } - } - - # Matches all domains. It redirects to the home page. - server { - listen 8080 ssl; - server_name _; - - ssl_certificate /etc/ssl/server.cert; - ssl_certificate_key /etc/ssl/server.key; - - return 301 https://home.example.com:8080/; - } -} - diff --git a/internal/suites/example/compose/traefik/docker-compose.yml b/internal/suites/example/compose/traefik/docker-compose.yml index a54ddfc8..f157c8e5 100644 --- a/internal/suites/example/compose/traefik/docker-compose.yml +++ b/internal/suites/example/compose/traefik/docker-compose.yml @@ -17,6 +17,7 @@ services: - '--traefiklog.filepath=/var/log/traefik.log' - '--entryPoints=Name:https Address::8080 TLS' - '--entryPoints=Name:api Address::8081' + - '--insecureSkipVerify=true' networks: authelianet: # Set the IP to be able to query on port 8080 diff --git a/internal/suites/example/compose/traefik2/docker-compose.yml b/internal/suites/example/compose/traefik2/docker-compose.yml index 86f49704..027dc74f 100644 --- a/internal/suites/example/compose/traefik2/docker-compose.yml +++ b/internal/suites/example/compose/traefik2/docker-compose.yml @@ -17,6 +17,7 @@ services: - '--log=true' - '--log.level=DEBUG' - '--log.filepath=/var/log/traefik.log' + - '--serversTransport.insecureSkipVerify=true' networks: authelianet: # Set the IP to be able to query on port 8080 diff --git a/internal/suites/example/kube/apps/apps.yml b/internal/suites/example/kube/apps/apps.yml index 2d1ceae7..b0eb2ddf 100644 --- a/internal/suites/example/kube/apps/apps.yml +++ b/internal/suites/example/kube/apps/apps.yml @@ -74,7 +74,7 @@ metadata: kubernetes.io/ingress.class: "nginx" kubernetes.io/ingress.allow-http: "false" nginx.ingress.kubernetes.io/force-ssl-redirect: "true" - nginx.ingress.kubernetes.io/auth-url: "http://authelia-service.authelia.svc.cluster.local/api/verify" + nginx.ingress.kubernetes.io/auth-url: "https://authelia-service.authelia.svc.cluster.local/api/verify" nginx.ingress.kubernetes.io/auth-signin: "https://login.example.com:8080/" spec: tls: diff --git a/internal/suites/example/kube/authelia/configs/configuration.yml b/internal/suites/example/kube/authelia/configs/configuration.yml index 20eb1f48..a21c83e8 100644 --- a/internal/suites/example/kube/authelia/configs/configuration.yml +++ b/internal/suites/example/kube/authelia/configs/configuration.yml @@ -2,7 +2,10 @@ # Authelia configuration # ############################################################### -port: 80 +port: 443 +tls_cert: /var/lib/authelia/ssl/cert.pem +tls_key: /var/lib/authelia/ssl/key.pem + log_level: debug default_redirection_url: https://home.example.com:8080 diff --git a/internal/suites/example/kube/authelia/deployment.yml b/internal/suites/example/kube/authelia/deployment.yml index 199c23d1..5dd28679 100644 --- a/internal/suites/example/kube/authelia/deployment.yml +++ b/internal/suites/example/kube/authelia/deployment.yml @@ -20,10 +20,12 @@ spec: - name: authelia image: authelia:dist ports: - - containerPort: 80 + - containerPort: 443 volumeMounts: - name: config-volume mountPath: /etc/authelia + - name: ssl-volume + mountPath: /var/lib/authelia/ssl env: # We set secrets directly here for ease of deployment but all secrets # should be stored in the Kube Vault in production. @@ -42,3 +44,12 @@ spec: items: - key: configuration.yml path: configuration.yml + - name: ssl-volume + configMap: + name: authelia-ssl + items: + - key: cert.pem + path: cert.pem + - key: key.pem + path: key.pem + diff --git a/internal/suites/example/kube/authelia/ingress.yml b/internal/suites/example/kube/authelia/ingress.yml index 80b3638f..3b2699f2 100644 --- a/internal/suites/example/kube/authelia/ingress.yml +++ b/internal/suites/example/kube/authelia/ingress.yml @@ -6,6 +6,7 @@ metadata: namespace: authelia annotations: kubernetes.io/ingress.class: "nginx" + nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" spec: tls: - secretName: authelia-tls @@ -18,4 +19,4 @@ spec: - path: / backend: serviceName: authelia-service - servicePort: 80 + servicePort: 443 diff --git a/internal/suites/example/kube/authelia/service.yml b/internal/suites/example/kube/authelia/service.yml index 21a6b79c..50025fb4 100644 --- a/internal/suites/example/kube/authelia/service.yml +++ b/internal/suites/example/kube/authelia/service.yml @@ -9,5 +9,5 @@ spec: app: authelia ports: - protocol: TCP - port: 80 - targetPort: 80 + port: 443 + targetPort: 443 diff --git a/internal/suites/example/kube/authelia/ssl/cert.pem b/internal/suites/example/kube/authelia/ssl/cert.pem new file mode 100644 index 00000000..9fabcb42 --- /dev/null +++ b/internal/suites/example/kube/authelia/ssl/cert.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIC/jCCAeagAwIBAgIRAKF0IRxC55eee6icERVf6fgwDQYJKoZIhvcNAQELBQAw +EjEQMA4GA1UEChMHQWNtZSBDbzAgFw0yMDAzMDExMjMzMzlaGA8yMTIwMDIwNjEy +MzMzOVowEjEQMA4GA1UEChMHQWNtZSBDbzCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBAMi7/oSazFIxP3rHsSLjw5XPnpMKEaVwU1zLRzW6W80BDa/ER5to +I3POGLv8lAhtUwB6WvyilrCZfs/D5lkcCxswafU/2LNppFuODnW+PG9eobgOy6Nv +f+KbnZFPRV7PB2yK6DqMyb+tbTQ7F6rEf4i6n28DI0dNyNvUCk0ld3o93LZBvC/D +/+Ulf3Vtdfsd2TckXvdA8lH4VGQJ+FIxhboTlbW8VJlk1V7FZef7+m867kOnPSaj +zv5yygrIA0XPaMAZC/SZrXHMdhvcs43fgmmTel7JD4Sy/Z/pmFlrZr5Xa8jcWycJ +ILLuPnXhgKstgq5wtDkTMZ6rpgMrKcjMKcMCAwEAAaNNMEswDgYDVR0PAQH/BAQD +AgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB/wQCMAAwFgYDVR0RBA8w +DYILZXhhbXBsZS5jb20wDQYJKoZIhvcNAQELBQADggEBABdWkbipzPivAvvamMmQ +5iPPeStfdr5MBxJGT9nPbeXdtS/13FJnspLBMMYOw/2AZk7VFrNjxkXc4NHZSlGz +FcGMlSO40fyirdYaQTDtS230ucLB+LzfZx37y9dKpEKVmQ151kKJjJ4hAZ47LmAQ +aFoDLRo7PA2HmnJ60GrI9wVp96uy1sQ6PcToIyMcVEQ/tLEEow+ykSeiZb9+qBKV +K9GUcu2LorhBtUMmEWs0TJElaf6eKUoG6JXM2byulDg24w5b9gC26kAlHWc5WDU5 +pAXOjlN/OYHB0sDbYViWIL390376fYIfu2N5EDKY4QjEYsWEs4Wm9HVS9IgHP/Gi +Xbo= +-----END CERTIFICATE----- diff --git a/internal/suites/example/kube/authelia/ssl/key.pem b/internal/suites/example/kube/authelia/ssl/key.pem new file mode 100644 index 00000000..a190f8b4 --- /dev/null +++ b/internal/suites/example/kube/authelia/ssl/key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDIu/6EmsxSMT96 +x7Ei48OVz56TChGlcFNcy0c1ulvNAQ2vxEebaCNzzhi7/JQIbVMAelr8opawmX7P +w+ZZHAsbMGn1P9izaaRbjg51vjxvXqG4Dsujb3/im52RT0Vezwdsiug6jMm/rW00 +OxeqxH+Iup9vAyNHTcjb1ApNJXd6Pdy2Qbwvw//lJX91bXX7Hdk3JF73QPJR+FRk +CfhSMYW6E5W1vFSZZNVexWXn+/pvOu5Dpz0mo87+csoKyANFz2jAGQv0ma1xzHYb +3LON34Jpk3peyQ+Esv2f6ZhZa2a+V2vI3FsnCSCy7j514YCrLYKucLQ5EzGeq6YD +KynIzCnDAgMBAAECggEAC13R0LJvRWwyewJZvm8FQTNreEoGq8aLgeKk2p792cLo +gn5ry5n+/+y4q9RmkX+XRpynEE0omUFn09306jDTVCvOpCuEWsxtmR2XJgWqqGfE +Yoa78zo6FJvZNUQ22mKAuh23frFAL1FjsKRz96B+1EA1DPUxhzUZXZFJMAsiE9LZ +PxqPmnqXbPZsOb1XG33TAdCp6CC3H8KHICC+i4IC8prjKHGH/Q1saoNw8jmgwv0S +DelQUbEtqfmE6BmyTGxdeu4uW2Nv/wcENwySAOPKi5gstlbSKTa4IpKGp7CdquWi +stUW6pnSiEeDrDAzwC8uWdncOvnkAy2lRJkz/F9YoQKBgQDrCCqYdvGshecBBnfQ +fowxak2YBfG2jhAKPMHzrvQn5FIb+11x/jeXPEfOB6FShIzZ97JpFIpH3tcONlj3 +OVzGCTD6WdRTcltzXVneJtNog7DliNFY4YmIPmQJ+y+EvJW1rSZTZAZI1Nbijg3n +fSd0PTzvgOGHSl1//RI1mFx7MwKBgQDapIPPSF0yf1UJ6Hhzam5NHGZ9fSqV5Qs0 +Gi7uM08iDV5K7xiPglBkbN2EuMlgVnHaa5g8X897uwRSYR6nL4PRvcJiNSvnhWhe ++K3x7iHewIPYVfcghoqzuPKsXH2Zm26usdXHxBBa3IBbKtGaHnAd9h65AOUYAmAx +C2BzN90XMQKBgE2MjEFyPZunMulrsOziVG+Zm7ClhXOuvCwkj/pPp8/hzhXdgp+y +ObV09lxMuDX59l+VExEI7fd414yg8gngq3PMZJS2PxCpkvMlwhlCxk6d5ShXVHv3 +LuH9dBS3BJ7PerZPQ24QeuJdF+n45S2UZgg8jHaaF9AEAYXRgsicVSdxAoGAJI0U +K/bg/awjv0BJwqGsRt/Ukm32TJC5ysAF0HRrajnp5YULChKy9dbtQV7S63QIHIeY +L5+kw/6DvnHV+gULeGjMsjZJXK8Ev7u6+JLivqZYZDYa1iknztvAVegwZxmA61t3 +bantQgNSwerql2U3QQsAH9Vydw0On6RTP2+7WkECgYBWD3u64hBKmAxPkqPotkgI +w/jdOlv8FLHO79+oH1PtKvkzspcYaecKGDm/RNLIXLYnt0AmZEK4qQ4/zDFaR/rc +AhoxK2cKTRltMrhp1ivtFfLggVGogtYNxEnjnsD4KMvH3SjSNdt06YgtZ92++fOp +UsE8Mpf4/G5X7DmcHJHk+w== +-----END PRIVATE KEY----- diff --git a/internal/suites/example/kube/bootstrap-authelia.sh b/internal/suites/example/kube/bootstrap-authelia.sh index d0145941..80ad7c1e 100755 --- a/internal/suites/example/kube/bootstrap-authelia.sh +++ b/internal/suites/example/kube/bootstrap-authelia.sh @@ -2,6 +2,7 @@ start_authelia() { kubectl create configmap authelia-config --namespace=authelia --from-file=authelia/configs/configuration.yml + kubectl create configmap authelia-ssl --namespace=authelia --from-file=authelia/ssl/cert.pem --from-file=authelia/ssl/key.pem kubectl apply -f authelia } diff --git a/internal/suites/example/kube/bootstrap-dashboard.sh b/internal/suites/example/kube/bootstrap-dashboard.sh index 5c3213fa..608cff76 100755 --- a/internal/suites/example/kube/bootstrap-dashboard.sh +++ b/internal/suites/example/kube/bootstrap-dashboard.sh @@ -1,7 +1,7 @@ #!/bin/bash start_dashboard() { - kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta4/aio/deploy/recommended.yaml + kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta8/aio/deploy/recommended.yaml kubectl apply -f dashboard.yml echo "Bearer token for UI user." diff --git a/internal/suites/suite_bypass_all.go b/internal/suites/suite_bypass_all.go index d31bf6a1..94030a0b 100644 --- a/internal/suites/suite_bypass_all.go +++ b/internal/suites/suite_bypass_all.go @@ -28,7 +28,7 @@ func init() { return waitUntilAutheliaIsReady(dockerEnvironment) } - onSetupTimeout := func() error { + displayAutheliaLogs := func() error { backendLogs, err := dockerEnvironment.Logs("authelia-backend", nil) if err != nil { return err @@ -50,7 +50,8 @@ func init() { GlobalRegistry.Register(bypassAllSuiteName, Suite{ SetUp: setup, SetUpTimeout: 5 * time.Minute, - OnSetupTimeout: onSetupTimeout, + OnSetupTimeout: displayAutheliaLogs, + OnError: displayAutheliaLogs, TestTimeout: 1 * time.Minute, TearDown: teardown, TearDownTimeout: 2 * time.Minute, diff --git a/internal/suites/suite_docker.go b/internal/suites/suite_docker.go index ef8f5a93..dd17ca74 100644 --- a/internal/suites/suite_docker.go +++ b/internal/suites/suite_docker.go @@ -24,7 +24,7 @@ func init() { return waitUntilAutheliaIsReady(dockerEnvironment) } - onSetupTimeout := func() error { + displayAutheliaLogs := func() error { backendLogs, err := dockerEnvironment.Logs("authelia-backend", nil) if err != nil { return err @@ -46,7 +46,8 @@ func init() { GlobalRegistry.Register("Docker", Suite{ SetUp: setup, SetUpTimeout: 5 * time.Minute, - OnSetupTimeout: onSetupTimeout, + OnSetupTimeout: displayAutheliaLogs, + OnError: displayAutheliaLogs, TestTimeout: 1 * time.Minute, TearDown: teardown, TearDownTimeout: 2 * time.Minute, diff --git a/internal/suites/suite_duo_push.go b/internal/suites/suite_duo_push.go index 1b2ae9f5..115e32cc 100644 --- a/internal/suites/suite_duo_push.go +++ b/internal/suites/suite_duo_push.go @@ -26,7 +26,7 @@ func init() { return waitUntilAutheliaIsReady(dockerEnvironment) } - onSetupTimeout := func() error { + displayAutheliaLogs := func() error { backendLogs, err := dockerEnvironment.Logs("authelia-backend", nil) if err != nil { return err @@ -48,7 +48,8 @@ func init() { GlobalRegistry.Register(duoPushSuiteName, Suite{ SetUp: setup, SetUpTimeout: 5 * time.Minute, - OnSetupTimeout: onSetupTimeout, + OnSetupTimeout: displayAutheliaLogs, + OnError: displayAutheliaLogs, TestTimeout: 2 * time.Minute, TearDown: teardown, TearDownTimeout: 2 * time.Minute, diff --git a/internal/suites/suite_haproxy.go b/internal/suites/suite_haproxy.go index 24011217..df76888b 100644 --- a/internal/suites/suite_haproxy.go +++ b/internal/suites/suite_haproxy.go @@ -28,7 +28,7 @@ func init() { return waitUntilAutheliaIsReady(dockerEnvironment) } - onSetupTimeout := func() error { + displayAutheliaLogs := func() error { backendLogs, err := dockerEnvironment.Logs("authelia-backend", nil) if err != nil { return err @@ -51,7 +51,8 @@ func init() { GlobalRegistry.Register(haproxySuiteName, Suite{ SetUp: setup, SetUpTimeout: 5 * time.Minute, - OnSetupTimeout: onSetupTimeout, + OnSetupTimeout: displayAutheliaLogs, + OnError: displayAutheliaLogs, TestTimeout: 2 * time.Minute, TearDown: teardown, TearDownTimeout: 2 * time.Minute, diff --git a/internal/suites/suite_mariadb.go b/internal/suites/suite_mariadb.go index b10e542d..004f0788 100644 --- a/internal/suites/suite_mariadb.go +++ b/internal/suites/suite_mariadb.go @@ -28,7 +28,7 @@ func init() { return waitUntilAutheliaIsReady(dockerEnvironment) } - onSetupTimeout := func() error { + displayAutheliaLogs := func() error { backendLogs, err := dockerEnvironment.Logs("authelia-backend", nil) if err != nil { return err @@ -51,7 +51,8 @@ func init() { GlobalRegistry.Register(mariadbSuiteName, Suite{ SetUp: setup, SetUpTimeout: 5 * time.Minute, - OnSetupTimeout: onSetupTimeout, + OnSetupTimeout: displayAutheliaLogs, + OnError: displayAutheliaLogs, TearDown: teardown, TearDownTimeout: 2 * time.Minute, }) diff --git a/internal/suites/suite_mysql.go b/internal/suites/suite_mysql.go index 538bb39a..c2557e8c 100644 --- a/internal/suites/suite_mysql.go +++ b/internal/suites/suite_mysql.go @@ -28,7 +28,7 @@ func init() { return waitUntilAutheliaIsReady(dockerEnvironment) } - onSetupTimeout := func() error { + displayAutheliaLogs := func() error { backendLogs, err := dockerEnvironment.Logs("authelia-backend", nil) if err != nil { return err @@ -51,7 +51,8 @@ func init() { GlobalRegistry.Register(mysqlSuiteName, Suite{ SetUp: setup, SetUpTimeout: 5 * time.Minute, - OnSetupTimeout: onSetupTimeout, + OnSetupTimeout: displayAutheliaLogs, + OnError: displayAutheliaLogs, TearDown: teardown, TearDownTimeout: 2 * time.Minute, }) diff --git a/internal/suites/suite_network_acl.go b/internal/suites/suite_network_acl.go index 69c563fd..6101be07 100644 --- a/internal/suites/suite_network_acl.go +++ b/internal/suites/suite_network_acl.go @@ -29,7 +29,7 @@ func init() { return waitUntilAutheliaIsReady(dockerEnvironment) } - onSetupTimeout := func() error { + displayAutheliaLogs := func() error { backendLogs, err := dockerEnvironment.Logs("authelia-backend", nil) if err != nil { return err @@ -51,7 +51,8 @@ func init() { GlobalRegistry.Register(networkACLSuiteName, Suite{ SetUp: setup, SetUpTimeout: 5 * time.Minute, - OnSetupTimeout: onSetupTimeout, + OnSetupTimeout: displayAutheliaLogs, + OnError: displayAutheliaLogs, TestTimeout: 1 * time.Minute, TearDown: teardown, TearDownTimeout: 2 * time.Minute, diff --git a/internal/suites/suite_one_factor_only.go b/internal/suites/suite_one_factor_only.go index e05f74d6..42cf856a 100644 --- a/internal/suites/suite_one_factor_only.go +++ b/internal/suites/suite_one_factor_only.go @@ -25,7 +25,7 @@ func init() { return waitUntilAutheliaIsReady(dockerEnvironment) } - onSetupTimeout := func() error { + displayAutheliaLogs := func() error { backendLogs, err := dockerEnvironment.Logs("authelia-backend", nil) if err != nil { return err @@ -47,7 +47,8 @@ func init() { GlobalRegistry.Register(oneFactorOnlySuiteName, Suite{ SetUp: setup, SetUpTimeout: 5 * time.Minute, - OnSetupTimeout: onSetupTimeout, + OnSetupTimeout: displayAutheliaLogs, + OnError: displayAutheliaLogs, TestTimeout: 1 * time.Minute, TearDown: teardown, TearDownTimeout: 2 * time.Minute, diff --git a/internal/suites/suite_postgres.go b/internal/suites/suite_postgres.go index 5938a9cc..65e7d472 100644 --- a/internal/suites/suite_postgres.go +++ b/internal/suites/suite_postgres.go @@ -28,7 +28,7 @@ func init() { return waitUntilAutheliaIsReady(dockerEnvironment) } - onSetupTimeout := func() error { + displayAutheliaLogs := func() error { backendLogs, err := dockerEnvironment.Logs("authelia-backend", nil) if err != nil { return err @@ -51,7 +51,8 @@ func init() { GlobalRegistry.Register(postgresSuiteName, Suite{ SetUp: setup, SetUpTimeout: 5 * time.Minute, - OnSetupTimeout: onSetupTimeout, + OnSetupTimeout: displayAutheliaLogs, + OnError: displayAutheliaLogs, TearDown: teardown, TearDownTimeout: 2 * time.Minute, }) diff --git a/internal/suites/suite_short_timeouts.go b/internal/suites/suite_short_timeouts.go index 36cbaf1b..fc12ed86 100644 --- a/internal/suites/suite_short_timeouts.go +++ b/internal/suites/suite_short_timeouts.go @@ -26,7 +26,7 @@ func init() { return waitUntilAutheliaIsReady(dockerEnvironment) } - onSetupTimeout := func() error { + displayAutheliaLogs := func() error { backendLogs, err := dockerEnvironment.Logs("authelia-backend", nil) if err != nil { return err @@ -48,7 +48,8 @@ func init() { GlobalRegistry.Register(shortTimeoutsSuiteName, Suite{ SetUp: setup, SetUpTimeout: 5 * time.Minute, - OnSetupTimeout: onSetupTimeout, + OnSetupTimeout: displayAutheliaLogs, + OnError: displayAutheliaLogs, TestTimeout: 3 * time.Minute, TearDown: teardown, TearDownTimeout: 2 * time.Minute, diff --git a/internal/suites/suite_standalone.go b/internal/suites/suite_standalone.go index 04e2363e..783f5eba 100644 --- a/internal/suites/suite_standalone.go +++ b/internal/suites/suite_standalone.go @@ -14,7 +14,7 @@ func init() { "internal/suites/example/compose/authelia/docker-compose.backend.{}.yml", "internal/suites/example/compose/authelia/docker-compose.frontend.{}.yml", "internal/suites/example/compose/nginx/backend/docker-compose.yml", - "internal/suites/example/compose/nginx/portal/docker-compose.https.yml", + "internal/suites/example/compose/nginx/portal/docker-compose.yml", "internal/suites/example/compose/smtp/docker-compose.yml", }) diff --git a/internal/suites/suite_traefik.go b/internal/suites/suite_traefik.go index 0debc9ab..1fd5655b 100644 --- a/internal/suites/suite_traefik.go +++ b/internal/suites/suite_traefik.go @@ -28,7 +28,7 @@ func init() { return waitUntilAutheliaIsReady(dockerEnvironment) } - onSetupTimeout := func() error { + displayAutheliaLogs := func() error { backendLogs, err := dockerEnvironment.Logs("authelia-backend", nil) if err != nil { return err @@ -51,7 +51,8 @@ func init() { GlobalRegistry.Register(traefikSuiteName, Suite{ SetUp: setup, SetUpTimeout: 5 * time.Minute, - OnSetupTimeout: onSetupTimeout, + OnSetupTimeout: displayAutheliaLogs, + OnError: displayAutheliaLogs, TestTimeout: 2 * time.Minute, TearDown: teardown, TearDownTimeout: 2 * time.Minute, diff --git a/internal/suites/suite_traefik2.go b/internal/suites/suite_traefik2.go index edf18a78..ae574e96 100644 --- a/internal/suites/suite_traefik2.go +++ b/internal/suites/suite_traefik2.go @@ -28,7 +28,7 @@ func init() { return waitUntilAutheliaIsReady(dockerEnvironment) } - onSetupTimeout := func() error { + displayAutheliaLogs := func() error { backendLogs, err := dockerEnvironment.Logs("authelia-backend", nil) if err != nil { return err @@ -51,7 +51,8 @@ func init() { GlobalRegistry.Register(traefik2SuiteName, Suite{ SetUp: setup, SetUpTimeout: 5 * time.Minute, - OnSetupTimeout: onSetupTimeout, + OnSetupTimeout: displayAutheliaLogs, + OnError: displayAutheliaLogs, TestTimeout: 2 * time.Minute, TearDown: teardown, TearDownTimeout: 2 * time.Minute,