mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
[FEATURE] Make Authelia serve over TLS in all suites (#864)
* [BUGFIX] Fix dev workflow by using TLS for all suites. * Fix traefik 1.x and 2.x suites. * Display authelia logs on suite failure. * Fix HAProxy suite. * Extend timeout of test case. * Display current URL in verify assertion. * fix doLoginTwoFactor by adding a timeout * when doLoginTwoFactor is used with blank target and a protected domain is quickly visited authelia sometimes redirects back to the portal * fix by adding one second timeout * bump go version to 1.14.2 * Fix Kube suite and bump dashboard. * Update dist authelia-frontend to proxy_pass with variable * Apply suggestions from code review Co-Authored-By: Amir Zarrinkafsh <nightah@me.com> * Apply suggestions from code review Co-Authored-By: Amir Zarrinkafsh <nightah@me.com> * Remove debug logs since it's polluting logs. Also set timeout back to 5 seconds in HA suite. Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com> Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
This commit is contained in:
parent
94fb28c6c0
commit
730e88df9d
|
@ -3,6 +3,8 @@
|
||||||
###############################################################
|
###############################################################
|
||||||
|
|
||||||
port: 9091
|
port: 9091
|
||||||
|
tls_cert: /var/lib/authelia/ssl/cert.pem
|
||||||
|
tls_key: /var/lib/authelia/ssl/key.pem
|
||||||
|
|
||||||
log_level: debug
|
log_level: debug
|
||||||
|
|
||||||
|
|
|
@ -3,4 +3,5 @@ services:
|
||||||
authelia-backend:
|
authelia-backend:
|
||||||
volumes:
|
volumes:
|
||||||
- './BypassAll/configuration.yml:/etc/authelia/configuration.yml:ro'
|
- './BypassAll/configuration.yml:/etc/authelia/configuration.yml:ro'
|
||||||
- './BypassAll/users.yml:/var/lib/authelia/users.yml'
|
- './BypassAll/users.yml:/var/lib/authelia/users.yml'
|
||||||
|
- './common/ssl:/var/lib/authelia/ssl:ro'
|
|
@ -3,6 +3,8 @@
|
||||||
###############################################################
|
###############################################################
|
||||||
|
|
||||||
port: 9091
|
port: 9091
|
||||||
|
tls_cert: /var/lib/authelia/ssl/cert.pem
|
||||||
|
tls_key: /var/lib/authelia/ssl/key.pem
|
||||||
|
|
||||||
log_level: debug
|
log_level: debug
|
||||||
|
|
||||||
|
|
|
@ -3,4 +3,5 @@ services:
|
||||||
authelia-backend:
|
authelia-backend:
|
||||||
volumes:
|
volumes:
|
||||||
- './Docker/configuration.yml:/etc/authelia/configuration.yml:ro'
|
- './Docker/configuration.yml:/etc/authelia/configuration.yml:ro'
|
||||||
- './Docker/users.yml:/var/lib/authelia/users.yml'
|
- './Docker/users.yml:/var/lib/authelia/users.yml'
|
||||||
|
- './common/ssl:/var/lib/authelia/ssl:ro'
|
|
@ -3,6 +3,8 @@
|
||||||
###############################################################
|
###############################################################
|
||||||
|
|
||||||
port: 9091
|
port: 9091
|
||||||
|
tls_cert: /var/lib/authelia/ssl/cert.pem
|
||||||
|
tls_key: /var/lib/authelia/ssl/key.pem
|
||||||
|
|
||||||
log_level: trace
|
log_level: trace
|
||||||
|
|
||||||
|
|
|
@ -3,4 +3,5 @@ services:
|
||||||
authelia-backend:
|
authelia-backend:
|
||||||
volumes:
|
volumes:
|
||||||
- './DuoPush/configuration.yml:/etc/authelia/configuration.yml:ro'
|
- './DuoPush/configuration.yml:/etc/authelia/configuration.yml:ro'
|
||||||
- './DuoPush/users.yml:/var/lib/authelia/users.yml'
|
- './DuoPush/users.yml:/var/lib/authelia/users.yml'
|
||||||
|
- './common/ssl:/var/lib/authelia/ssl:ro'
|
|
@ -3,6 +3,8 @@
|
||||||
###############################################################
|
###############################################################
|
||||||
|
|
||||||
port: 9091
|
port: 9091
|
||||||
|
tls_cert: /var/lib/authelia/ssl/cert.pem
|
||||||
|
tls_key: /var/lib/authelia/ssl/key.pem
|
||||||
|
|
||||||
log_level: debug
|
log_level: debug
|
||||||
|
|
||||||
|
|
|
@ -3,4 +3,5 @@ services:
|
||||||
authelia-backend:
|
authelia-backend:
|
||||||
volumes:
|
volumes:
|
||||||
- './HAProxy/configuration.yml:/etc/authelia/configuration.yml:ro'
|
- './HAProxy/configuration.yml:/etc/authelia/configuration.yml:ro'
|
||||||
- './HAProxy/users.yml:/var/lib/authelia/users.yml'
|
- './HAProxy/users.yml:/var/lib/authelia/users.yml'
|
||||||
|
- './common/ssl:/var/lib/authelia/ssl:ro'
|
|
@ -3,6 +3,8 @@
|
||||||
###############################################################
|
###############################################################
|
||||||
|
|
||||||
port: 9091
|
port: 9091
|
||||||
|
tls_cert: /var/lib/authelia/ssl/cert.pem
|
||||||
|
tls_key: /var/lib/authelia/ssl/key.pem
|
||||||
|
|
||||||
log_level: debug
|
log_level: debug
|
||||||
|
|
||||||
|
|
|
@ -2,4 +2,5 @@ version: '3'
|
||||||
services:
|
services:
|
||||||
authelia-backend:
|
authelia-backend:
|
||||||
volumes:
|
volumes:
|
||||||
- './HighAvailability/configuration.yml:/etc/authelia/configuration.yml:ro'
|
- './HighAvailability/configuration.yml:/etc/authelia/configuration.yml:ro'
|
||||||
|
- './common/ssl:/var/lib/authelia/ssl:ro'
|
|
@ -3,6 +3,8 @@
|
||||||
###############################################################
|
###############################################################
|
||||||
|
|
||||||
port: 9091
|
port: 9091
|
||||||
|
tls_cert: /var/lib/authelia/ssl/cert.pem
|
||||||
|
tls_key: /var/lib/authelia/ssl/key.pem
|
||||||
|
|
||||||
log_level: debug
|
log_level: debug
|
||||||
|
|
||||||
|
|
|
@ -2,4 +2,5 @@ version: '3'
|
||||||
services:
|
services:
|
||||||
authelia-backend:
|
authelia-backend:
|
||||||
volumes:
|
volumes:
|
||||||
- './LDAP/configuration.yml:/etc/authelia/configuration.yml:ro'
|
- './LDAP/configuration.yml:/etc/authelia/configuration.yml:ro'
|
||||||
|
- './common/ssl:/var/lib/authelia/ssl:ro'
|
|
@ -3,6 +3,8 @@
|
||||||
###############################################################
|
###############################################################
|
||||||
|
|
||||||
port: 9091
|
port: 9091
|
||||||
|
tls_cert: /var/lib/authelia/ssl/cert.pem
|
||||||
|
tls_key: /var/lib/authelia/ssl/key.pem
|
||||||
|
|
||||||
log_level: debug
|
log_level: debug
|
||||||
|
|
||||||
|
|
|
@ -3,4 +3,5 @@ services:
|
||||||
authelia-backend:
|
authelia-backend:
|
||||||
volumes:
|
volumes:
|
||||||
- './Mariadb/configuration.yml:/etc/authelia/configuration.yml:ro'
|
- './Mariadb/configuration.yml:/etc/authelia/configuration.yml:ro'
|
||||||
- './Mariadb/users.yml:/var/lib/authelia/users.yml'
|
- './Mariadb/users.yml:/var/lib/authelia/users.yml'
|
||||||
|
- './common/ssl:/var/lib/authelia/ssl:ro'
|
|
@ -3,6 +3,8 @@
|
||||||
###############################################################
|
###############################################################
|
||||||
|
|
||||||
port: 9091
|
port: 9091
|
||||||
|
tls_cert: /var/lib/authelia/ssl/cert.pem
|
||||||
|
tls_key: /var/lib/authelia/ssl/key.pem
|
||||||
|
|
||||||
log_level: debug
|
log_level: debug
|
||||||
|
|
||||||
|
|
|
@ -3,4 +3,5 @@ services:
|
||||||
authelia-backend:
|
authelia-backend:
|
||||||
volumes:
|
volumes:
|
||||||
- './MySQL/configuration.yml:/etc/authelia/configuration.yml:ro'
|
- './MySQL/configuration.yml:/etc/authelia/configuration.yml:ro'
|
||||||
- './MySQL/users.yml:/var/lib/authelia/users.yml'
|
- './MySQL/users.yml:/var/lib/authelia/users.yml'
|
||||||
|
- './common/ssl:/var/lib/authelia/ssl:ro'
|
|
@ -3,6 +3,8 @@
|
||||||
###############################################################
|
###############################################################
|
||||||
|
|
||||||
port: 9091
|
port: 9091
|
||||||
|
tls_cert: /var/lib/authelia/ssl/cert.pem
|
||||||
|
tls_key: /var/lib/authelia/ssl/key.pem
|
||||||
|
|
||||||
log_level: debug
|
log_level: debug
|
||||||
|
|
||||||
|
|
|
@ -3,4 +3,5 @@ services:
|
||||||
authelia-backend:
|
authelia-backend:
|
||||||
volumes:
|
volumes:
|
||||||
- './NetworkACL/configuration.yml:/etc/authelia/configuration.yml:ro'
|
- './NetworkACL/configuration.yml:/etc/authelia/configuration.yml:ro'
|
||||||
- './NetworkACL/users.yml:/var/lib/authelia/users.yml'
|
- './NetworkACL/users.yml:/var/lib/authelia/users.yml'
|
||||||
|
- './common/ssl:/var/lib/authelia/ssl:ro'
|
|
@ -3,6 +3,8 @@
|
||||||
###############################################################
|
###############################################################
|
||||||
|
|
||||||
port: 9091
|
port: 9091
|
||||||
|
tls_cert: /var/lib/authelia/ssl/cert.pem
|
||||||
|
tls_key: /var/lib/authelia/ssl/key.pem
|
||||||
|
|
||||||
log_level: debug
|
log_level: debug
|
||||||
|
|
||||||
|
|
|
@ -3,4 +3,5 @@ services:
|
||||||
authelia-backend:
|
authelia-backend:
|
||||||
volumes:
|
volumes:
|
||||||
- './OneFactorOnly/configuration.yml:/etc/authelia/configuration.yml:ro'
|
- './OneFactorOnly/configuration.yml:/etc/authelia/configuration.yml:ro'
|
||||||
- './OneFactorOnly/users.yml:/var/lib/authelia/users.yml'
|
- './OneFactorOnly/users.yml:/var/lib/authelia/users.yml'
|
||||||
|
- './common/ssl:/var/lib/authelia/ssl:ro'
|
|
@ -3,6 +3,8 @@
|
||||||
###############################################################
|
###############################################################
|
||||||
|
|
||||||
port: 9091
|
port: 9091
|
||||||
|
tls_cert: /var/lib/authelia/ssl/cert.pem
|
||||||
|
tls_key: /var/lib/authelia/ssl/key.pem
|
||||||
|
|
||||||
log_level: debug
|
log_level: debug
|
||||||
|
|
||||||
|
|
|
@ -3,4 +3,5 @@ services:
|
||||||
authelia-backend:
|
authelia-backend:
|
||||||
volumes:
|
volumes:
|
||||||
- './Postgres/configuration.yml:/etc/authelia/configuration.yml:ro'
|
- './Postgres/configuration.yml:/etc/authelia/configuration.yml:ro'
|
||||||
- './Postgres/users.yml:/var/lib/authelia/users.yml'
|
- './Postgres/users.yml:/var/lib/authelia/users.yml'
|
||||||
|
- './common/ssl:/var/lib/authelia/ssl:ro'
|
|
@ -3,6 +3,8 @@
|
||||||
###############################################################
|
###############################################################
|
||||||
|
|
||||||
port: 9091
|
port: 9091
|
||||||
|
tls_cert: /var/lib/authelia/ssl/cert.pem
|
||||||
|
tls_key: /var/lib/authelia/ssl/key.pem
|
||||||
|
|
||||||
log_level: debug
|
log_level: debug
|
||||||
|
|
||||||
|
|
|
@ -3,4 +3,5 @@ services:
|
||||||
authelia-backend:
|
authelia-backend:
|
||||||
volumes:
|
volumes:
|
||||||
- './ShortTimeouts/configuration.yml:/etc/authelia/configuration.yml:ro'
|
- './ShortTimeouts/configuration.yml:/etc/authelia/configuration.yml:ro'
|
||||||
- './ShortTimeouts/users.yml:/var/lib/authelia/users.yml'
|
- './ShortTimeouts/users.yml:/var/lib/authelia/users.yml'
|
||||||
|
- './common/ssl:/var/lib/authelia/ssl:ro'
|
|
@ -7,6 +7,6 @@ services:
|
||||||
volumes:
|
volumes:
|
||||||
- './Standalone/configuration.yml:/etc/authelia/configuration.yml:ro'
|
- './Standalone/configuration.yml:/etc/authelia/configuration.yml:ro'
|
||||||
- './Standalone/users.yml:/var/lib/authelia/users.yml'
|
- './Standalone/users.yml:/var/lib/authelia/users.yml'
|
||||||
- './Standalone/ssl:/var/lib/authelia/ssl'
|
- './common/ssl:/var/lib/authelia/ssl:ro'
|
||||||
- '/tmp:/tmp'
|
- '/tmp:/tmp'
|
||||||
user: ${USER_ID}:${GROUP_ID}
|
user: ${USER_ID}:${GROUP_ID}
|
|
@ -3,6 +3,8 @@
|
||||||
###############################################################
|
###############################################################
|
||||||
|
|
||||||
port: 9091
|
port: 9091
|
||||||
|
tls_cert: /var/lib/authelia/ssl/cert.pem
|
||||||
|
tls_key: /var/lib/authelia/ssl/key.pem
|
||||||
|
|
||||||
log_level: debug
|
log_level: debug
|
||||||
|
|
||||||
|
|
|
@ -3,4 +3,5 @@ services:
|
||||||
authelia-backend:
|
authelia-backend:
|
||||||
volumes:
|
volumes:
|
||||||
- './Traefik/configuration.yml:/etc/authelia/configuration.yml:ro'
|
- './Traefik/configuration.yml:/etc/authelia/configuration.yml:ro'
|
||||||
- './Traefik/users.yml:/var/lib/authelia/users.yml'
|
- './Traefik/users.yml:/var/lib/authelia/users.yml'
|
||||||
|
- './common/ssl:/var/lib/authelia/ssl:ro'
|
|
@ -3,6 +3,8 @@
|
||||||
###############################################################
|
###############################################################
|
||||||
|
|
||||||
port: 9091
|
port: 9091
|
||||||
|
tls_cert: /var/lib/authelia/ssl/cert.pem
|
||||||
|
tls_key: /var/lib/authelia/ssl/key.pem
|
||||||
|
|
||||||
log_level: debug
|
log_level: debug
|
||||||
|
|
||||||
|
|
|
@ -3,4 +3,5 @@ services:
|
||||||
authelia-backend:
|
authelia-backend:
|
||||||
volumes:
|
volumes:
|
||||||
- './Traefik2/configuration.yml:/etc/authelia/configuration.yml:ro'
|
- './Traefik2/configuration.yml:/etc/authelia/configuration.yml:ro'
|
||||||
- './Traefik2/users.yml:/var/lib/authelia/users.yml'
|
- './Traefik2/users.yml:/var/lib/authelia/users.yml'
|
||||||
|
- './common/ssl:/var/lib/authelia/ssl:ro'
|
|
@ -3,6 +3,7 @@ package suites
|
||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
"testing"
|
"testing"
|
||||||
|
"time"
|
||||||
|
|
||||||
"github.com/stretchr/testify/require"
|
"github.com/stretchr/testify/require"
|
||||||
)
|
)
|
||||||
|
@ -38,6 +39,10 @@ func (wds *WebDriverSession) doLoginTwoFactor(ctx context.Context, t *testing.T,
|
||||||
wds.doLoginOneFactor(ctx, t, username, password, keepMeLoggedIn, targetURL)
|
wds.doLoginOneFactor(ctx, t, username, password, keepMeLoggedIn, targetURL)
|
||||||
wds.verifyIsSecondFactorPage(ctx, t)
|
wds.verifyIsSecondFactorPage(ctx, t)
|
||||||
wds.doValidateTOTP(ctx, t, otpSecret)
|
wds.doValidateTOTP(ctx, t, otpSecret)
|
||||||
|
// timeout when targetURL is not defined to prevent a show stopping redirect when visiting a protected domain
|
||||||
|
if targetURL == "" {
|
||||||
|
time.Sleep(1 * time.Second)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Login 1FA and register 2FA.
|
// Login 1FA and register 2FA.
|
||||||
|
@ -53,6 +58,6 @@ func (wds *WebDriverSession) doLoginAndRegisterTOTP(ctx context.Context, t *test
|
||||||
func (wds *WebDriverSession) doRegisterAndLogin2FA(ctx context.Context, t *testing.T, username, password string, keepMeLoggedIn bool, targetURL string) string { //nolint:unparam
|
func (wds *WebDriverSession) doRegisterAndLogin2FA(ctx context.Context, t *testing.T, username, password string, keepMeLoggedIn bool, targetURL string) string { //nolint:unparam
|
||||||
// Register TOTP secret and logout.
|
// Register TOTP secret and logout.
|
||||||
secret := wds.doRegisterThenLogout(ctx, t, username, password)
|
secret := wds.doRegisterThenLogout(ctx, t, username, password)
|
||||||
wds.doLoginTwoFactor(ctx, t, username, password, false, secret, targetURL)
|
wds.doLoginTwoFactor(ctx, t, username, password, keepMeLoggedIn, secret, targetURL)
|
||||||
return secret
|
return secret
|
||||||
}
|
}
|
||||||
|
|
|
@ -14,12 +14,15 @@ services:
|
||||||
- '../..:/app'
|
- '../..:/app'
|
||||||
- '${GOPATH}:/go'
|
- '${GOPATH}:/go'
|
||||||
labels:
|
labels:
|
||||||
|
# Traefik 1.x
|
||||||
- 'traefik.frontend.rule=Host:login.example.com;PathPrefix:/api'
|
- 'traefik.frontend.rule=Host:login.example.com;PathPrefix:/api'
|
||||||
|
# Traefik 2.x
|
||||||
- 'traefik.http.routers.authelia_backend.rule=Host(`login.example.com`) && PathPrefix(`/api`)'
|
- 'traefik.http.routers.authelia_backend.rule=Host(`login.example.com`) && PathPrefix(`/api`)'
|
||||||
- 'traefik.http.routers.authelia_backend.entrypoints=https'
|
- 'traefik.http.routers.authelia_backend.entrypoints=https'
|
||||||
- 'traefik.http.routers.authelia_backend.tls=true'
|
- 'traefik.http.routers.authelia_backend.tls=true'
|
||||||
|
- 'traefik.http.services.authelia_backend.loadbalancer.server.scheme=https'
|
||||||
environment:
|
environment:
|
||||||
- ENVIRONMENT=dev
|
- ENVIRONMENT=dev
|
||||||
networks:
|
networks:
|
||||||
authelianet:
|
authelianet:
|
||||||
ipv4_address: 192.168.240.50
|
ipv4_address: 192.168.240.50
|
||||||
|
|
|
@ -3,13 +3,17 @@ services:
|
||||||
authelia-backend:
|
authelia-backend:
|
||||||
image: authelia:dist
|
image: authelia:dist
|
||||||
labels:
|
labels:
|
||||||
- 'traefik.frontend.rule=Host:login.example.com'
|
# Traefik 1.x
|
||||||
- 'traefik.http.routers.authelia.rule=Host(`login.example.com`)'
|
- 'traefik.frontend.rule=Host:login.example.com;PathPrefix:/api'
|
||||||
- 'traefik.http.routers.authelia.entrypoints=https'
|
- 'traefik.protocol=https'
|
||||||
- 'traefik.http.routers.authelia.tls=true'
|
# Traefik 2.x
|
||||||
|
- 'traefik.http.routers.authelia_backend.rule=Host(`login.example.com`) && PathPrefix(`/api`)'
|
||||||
|
- 'traefik.http.routers.authelia_backend.entrypoints=https'
|
||||||
|
- 'traefik.http.routers.authelia_backend.tls=true'
|
||||||
|
- 'traefik.http.services.authelia_backend.loadbalancer.server.scheme=https'
|
||||||
environment:
|
environment:
|
||||||
- ENVIRONMENT=dev
|
- ENVIRONMENT=dev
|
||||||
restart: always
|
restart: always
|
||||||
networks:
|
networks:
|
||||||
authelianet:
|
authelianet:
|
||||||
ipv4_address: 192.168.240.50
|
ipv4_address: 192.168.240.50
|
||||||
|
|
|
@ -14,9 +14,11 @@ services:
|
||||||
- './example/compose/authelia/resources/:/resources'
|
- './example/compose/authelia/resources/:/resources'
|
||||||
- '../../web:/app'
|
- '../../web:/app'
|
||||||
labels:
|
labels:
|
||||||
|
# Traefik 1.x
|
||||||
- 'traefik.frontend.rule=Host:login.example.com'
|
- 'traefik.frontend.rule=Host:login.example.com'
|
||||||
|
# Traefik 2.x
|
||||||
- 'traefik.http.routers.authelia_frontend.rule=Host(`login.example.com`)'
|
- 'traefik.http.routers.authelia_frontend.rule=Host(`login.example.com`)'
|
||||||
- 'traefik.http.routers.authelia_frontend.entrypoints=https'
|
- 'traefik.http.routers.authelia_frontend.entrypoints=https'
|
||||||
- 'traefik.http.routers.authelia_frontend.tls=true'
|
- 'traefik.http.routers.authelia_frontend.tls=true'
|
||||||
networks:
|
networks:
|
||||||
- authelianet
|
- authelianet
|
||||||
|
|
|
@ -4,5 +4,15 @@ services:
|
||||||
image: nginx:alpine
|
image: nginx:alpine
|
||||||
volumes:
|
volumes:
|
||||||
- './example/compose/authelia/resources/nginx.conf:/etc/nginx/nginx.conf'
|
- './example/compose/authelia/resources/nginx.conf:/etc/nginx/nginx.conf'
|
||||||
|
labels:
|
||||||
|
# Traefik 1.x
|
||||||
|
- 'traefik.frontend.rule=Host:login.example.com'
|
||||||
|
# Traefik 2.x
|
||||||
|
- 'traefik.http.routers.authelia_frontend.rule=Host(`login.example.com`)'
|
||||||
|
- 'traefik.http.routers.authelia_frontend.entrypoints=https'
|
||||||
|
- 'traefik.http.routers.authelia_frontend.tls=true'
|
||||||
|
- 'traefik.http.services.authelia_frontend.loadbalancer.server.port=3000'
|
||||||
networks:
|
networks:
|
||||||
- authelianet
|
- authelianet
|
||||||
|
expose:
|
||||||
|
- 3000
|
||||||
|
|
|
@ -9,19 +9,12 @@ http {
|
||||||
server {
|
server {
|
||||||
listen 3000;
|
listen 3000;
|
||||||
|
|
||||||
location / {
|
resolver 127.0.0.11 ipv6=off;
|
||||||
proxy_set_header Host $http_host;
|
set $backend_endpoint https://authelia-backend:9091;
|
||||||
proxy_pass http://authelia-backend:9091;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
server {
|
|
||||||
# Reach authelia-backend using TLS.
|
|
||||||
listen 3001;
|
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
proxy_set_header Host $http_host;
|
proxy_set_header Host $http_host;
|
||||||
proxy_pass https://authelia-backend:9091;
|
proxy_pass $backend_endpoint;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
|
@ -3,7 +3,7 @@ services:
|
||||||
haproxy:
|
haproxy:
|
||||||
build: ./example/compose/haproxy/
|
build: ./example/compose/haproxy/
|
||||||
volumes:
|
volumes:
|
||||||
- ./example/compose/haproxy/haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg
|
- ./example/compose/haproxy/haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg:ro
|
||||||
networks:
|
networks:
|
||||||
authelianet:
|
authelianet:
|
||||||
# Set the IP to be able to query on port 8080
|
# Set the IP to be able to query on port 8080
|
||||||
|
|
|
@ -33,7 +33,9 @@ frontend fe_http
|
||||||
http-request add-header X-Forwarded-Port %[dst_port]
|
http-request add-header X-Forwarded-Port %[dst_port]
|
||||||
http-request set-header X-Forwarded-Uri %[path]%[var(req.questionmark)]%[query]
|
http-request set-header X-Forwarded-Uri %[path]%[var(req.questionmark)]%[query]
|
||||||
|
|
||||||
http-request lua.auth-request be_authelia /api/verify if protected-frontends
|
# be_auth_request is used to make HAProxy do the TLS termination since the Lua script
|
||||||
|
# does not know how to handle it (see https://github.com/TimWolla/haproxy-auth-request/issues/12).
|
||||||
|
http-request lua.auth-request be_auth_request /api/verify if protected-frontends
|
||||||
|
|
||||||
use_backend be_authelia if host-authelia-portal api-path
|
use_backend be_authelia if host-authelia-portal api-path
|
||||||
use_backend fe_authelia if host-authelia-portal !api-path
|
use_backend fe_authelia if host-authelia-portal !api-path
|
||||||
|
@ -42,7 +44,16 @@ frontend fe_http
|
||||||
use_backend be_mail if { hdr(host) -i mail.example.com:8080 }
|
use_backend be_mail if { hdr(host) -i mail.example.com:8080 }
|
||||||
|
|
||||||
backend be_authelia
|
backend be_authelia
|
||||||
server authelia-backend authelia-backend:9091
|
server authelia-backend authelia-backend:9091 ssl verify none
|
||||||
|
|
||||||
|
backend be_auth_request
|
||||||
|
mode http
|
||||||
|
server proxy 127.0.0.1:8085
|
||||||
|
|
||||||
|
listen be_auth_request_proxy
|
||||||
|
mode http
|
||||||
|
bind 127.0.0.1:8085
|
||||||
|
server authelia-backend authelia-backend:9091 ssl verify none
|
||||||
|
|
||||||
backend fe_authelia
|
backend fe_authelia
|
||||||
server authelia-frontend authelia-frontend:3000
|
server authelia-frontend authelia-frontend:3000
|
||||||
|
@ -51,4 +62,4 @@ backend be_mail
|
||||||
server smtp-backend smtp:1080
|
server smtp-backend smtp:1080
|
||||||
|
|
||||||
backend be_protected
|
backend be_protected
|
||||||
server nginx-backend nginx-backend:80
|
server nginx-backend nginx-backend:80
|
||||||
|
|
|
@ -5,7 +5,7 @@ services:
|
||||||
context: ./example/compose/nginx/backend
|
context: ./example/compose/nginx/backend
|
||||||
labels:
|
labels:
|
||||||
- 'traefik.frontend.rule=Host:home.example.com,public.example.com,secure.example.com,admin.example.com,singlefactor.example.com' # Traefik 1.x
|
- 'traefik.frontend.rule=Host:home.example.com,public.example.com,secure.example.com,admin.example.com,singlefactor.example.com' # Traefik 1.x
|
||||||
- 'traefik.frontend.auth.forward.address=http://authelia-backend:9091/api/verify?rd=https://login.example.com:8080/' # Traefik 1.x
|
- 'traefik.frontend.auth.forward.address=https://authelia-backend:9091/api/verify?rd=https://login.example.com:8080/' # Traefik 1.x
|
||||||
- 'traefik.frontend.auth.forward.tls.insecureSkipVerify=true' # Traefik 1.x
|
- 'traefik.frontend.auth.forward.tls.insecureSkipVerify=true' # Traefik 1.x
|
||||||
- 'traefik.frontend.auth.forward.trustForwardHeader=true' # Traefik 1.x
|
- 'traefik.frontend.auth.forward.trustForwardHeader=true' # Traefik 1.x
|
||||||
- 'traefik.frontend.auth.forward.authResponseHeaders=Remote-User,Remote-Groups' # Traefik 1.x
|
- 'traefik.frontend.auth.forward.authResponseHeaders=Remote-User,Remote-Groups' # Traefik 1.x
|
||||||
|
@ -13,7 +13,7 @@ services:
|
||||||
- 'traefik.http.routers.protectedapps.entrypoints=https' # Traefik 2.x
|
- 'traefik.http.routers.protectedapps.entrypoints=https' # Traefik 2.x
|
||||||
- 'traefik.http.routers.protectedapps.tls=true' # Traefik 2.x
|
- 'traefik.http.routers.protectedapps.tls=true' # Traefik 2.x
|
||||||
- 'traefik.http.routers.protectedapps.middlewares=authelia' # Traefik 2.x
|
- 'traefik.http.routers.protectedapps.middlewares=authelia' # Traefik 2.x
|
||||||
- 'traefik.http.middlewares.authelia.forwardauth.address=http://authelia-backend:9091/api/verify?rd=https://login.example.com:8080/' # Traefik 2.x
|
- 'traefik.http.middlewares.authelia.forwardauth.address=https://authelia-backend:9091/api/verify?rd=https://login.example.com:8080/' # Traefik 2.x
|
||||||
- 'traefik.http.middlewares.authelia.forwardauth.tls.insecureSkipVerify=true' # Traefik 2.x
|
- 'traefik.http.middlewares.authelia.forwardauth.tls.insecureSkipVerify=true' # Traefik 2.x
|
||||||
- 'traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true' # Traefik 2.x
|
- 'traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true' # Traefik 2.x
|
||||||
- 'traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User, Remote-Groups' # Traefik 2.x
|
- 'traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User, Remote-Groups' # Traefik 2.x
|
||||||
|
|
|
@ -1,16 +0,0 @@
|
||||||
version: '3'
|
|
||||||
services:
|
|
||||||
nginx-portal:
|
|
||||||
image: nginx:alpine
|
|
||||||
volumes:
|
|
||||||
- ./example/compose/nginx/portal/nginx.https.conf:/etc/nginx/nginx.conf
|
|
||||||
- ./example/compose/nginx/portal/ssl:/etc/ssl
|
|
||||||
networks:
|
|
||||||
authelianet:
|
|
||||||
aliases:
|
|
||||||
- public.example.com
|
|
||||||
- secure.example.com
|
|
||||||
- login.example.com
|
|
||||||
- duo.example.com
|
|
||||||
# Set the IP to be able to query on port 443
|
|
||||||
ipv4_address: 192.168.240.100
|
|
|
@ -14,7 +14,7 @@ http {
|
||||||
|
|
||||||
resolver 127.0.0.11 ipv6=off;
|
resolver 127.0.0.11 ipv6=off;
|
||||||
set $frontend_endpoint http://authelia-frontend:3000;
|
set $frontend_endpoint http://authelia-frontend:3000;
|
||||||
set $backend_endpoint http://authelia-backend:9091;
|
set $backend_endpoint https://authelia-backend:9091;
|
||||||
|
|
||||||
ssl_certificate /etc/ssl/server.cert;
|
ssl_certificate /etc/ssl/server.cert;
|
||||||
ssl_certificate_key /etc/ssl/server.key;
|
ssl_certificate_key /etc/ssl/server.key;
|
||||||
|
@ -89,7 +89,7 @@ http {
|
||||||
mx1.mail.example.com mx2.mail.example.com;
|
mx1.mail.example.com mx2.mail.example.com;
|
||||||
|
|
||||||
resolver 127.0.0.11 ipv6=off;
|
resolver 127.0.0.11 ipv6=off;
|
||||||
set $upstream_verify http://authelia-backend:9091/api/verify;
|
set $upstream_verify https://authelia-backend:9091/api/verify;
|
||||||
set $upstream_endpoint http://nginx-backend;
|
set $upstream_endpoint http://nginx-backend;
|
||||||
set $upstream_headers http://httpbin:8000/headers;
|
set $upstream_headers http://httpbin:8000/headers;
|
||||||
|
|
||||||
|
|
|
@ -1,242 +0,0 @@
|
||||||
#
|
|
||||||
# You can find a documented example of configuration in ./docs/proxies/nginx.md.
|
|
||||||
#
|
|
||||||
worker_processes 1;
|
|
||||||
|
|
||||||
events {
|
|
||||||
worker_connections 1024;
|
|
||||||
}
|
|
||||||
|
|
||||||
http {
|
|
||||||
upstream authelia-frontend {
|
|
||||||
server authelia-frontend:3001 fail_timeout=180s;
|
|
||||||
server authelia-frontend:3000 backup;
|
|
||||||
}
|
|
||||||
|
|
||||||
server {
|
|
||||||
listen 8080 ssl;
|
|
||||||
server_name login.example.com;
|
|
||||||
|
|
||||||
resolver 127.0.0.11 ipv6=off;
|
|
||||||
set $frontend_endpoint http://authelia-frontend;
|
|
||||||
set $backend_endpoint https://authelia-backend:9091;
|
|
||||||
|
|
||||||
ssl_certificate /etc/ssl/server.cert;
|
|
||||||
ssl_certificate_key /etc/ssl/server.key;
|
|
||||||
|
|
||||||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
|
||||||
add_header X-Frame-Options "SAMEORIGIN";
|
|
||||||
|
|
||||||
error_page 497 301 =307 https://$host:$server_port$request_uri;
|
|
||||||
|
|
||||||
# Serve the backend API for the portal.
|
|
||||||
location /api {
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
|
|
||||||
# Required by Authelia because "trust proxy" option is used.
|
|
||||||
# See https://expressjs.com/en/guide/behind-proxies.html
|
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
|
||||||
|
|
||||||
# Required by Authelia to build correct links for identity validation.
|
|
||||||
proxy_set_header X-Forwarded-Host $http_host;
|
|
||||||
|
|
||||||
# Needed for network ACLs to work. It appends the IP of the client to the list of IPs
|
|
||||||
# and allows Authelia to use it to match the network-based ACLs.
|
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
|
|
||||||
proxy_intercept_errors on;
|
|
||||||
|
|
||||||
proxy_pass $backend_endpoint;
|
|
||||||
}
|
|
||||||
|
|
||||||
# Serves the portal application.
|
|
||||||
location / {
|
|
||||||
# Allow websockets for webpack to auto-reload.
|
|
||||||
proxy_http_version 1.1;
|
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
|
||||||
proxy_set_header Connection "Upgrade";
|
|
||||||
proxy_set_header Host "127.0.0.1";
|
|
||||||
|
|
||||||
proxy_pass $frontend_endpoint;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
# Serves the home page.
|
|
||||||
server {
|
|
||||||
listen 8080 ssl;
|
|
||||||
server_name home.example.com;
|
|
||||||
|
|
||||||
resolver 127.0.0.11 ipv6=off;
|
|
||||||
set $upstream_endpoint http://nginx-backend;
|
|
||||||
|
|
||||||
ssl_certificate /etc/ssl/server.cert;
|
|
||||||
ssl_certificate_key /etc/ssl/server.key;
|
|
||||||
|
|
||||||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
|
||||||
add_header X-Frame-Options "SAMEORIGIN";
|
|
||||||
|
|
||||||
error_page 497 301 =307 https://$host:$server_port$request_uri;
|
|
||||||
|
|
||||||
location / {
|
|
||||||
proxy_set_header Host $http_host;
|
|
||||||
proxy_pass $upstream_endpoint;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
# Example configuration of domains protected by Authelia.
|
|
||||||
server {
|
|
||||||
listen 8080 ssl;
|
|
||||||
server_name public.example.com
|
|
||||||
admin.example.com
|
|
||||||
secure.example.com
|
|
||||||
dev.example.com
|
|
||||||
singlefactor.example.com
|
|
||||||
mx1.mail.example.com mx2.mail.example.com;
|
|
||||||
|
|
||||||
resolver 127.0.0.11 ipv6=off;
|
|
||||||
set $upstream_verify https://authelia-backend:9091/api/verify;
|
|
||||||
set $upstream_endpoint http://nginx-backend;
|
|
||||||
set $upstream_headers http://httpbin:8000/headers;
|
|
||||||
|
|
||||||
ssl_certificate /etc/ssl/server.cert;
|
|
||||||
ssl_certificate_key /etc/ssl/server.key;
|
|
||||||
|
|
||||||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
|
||||||
add_header X-Frame-Options "SAMEORIGIN";
|
|
||||||
|
|
||||||
error_page 497 301 =307 https://$host:$server_port$request_uri;
|
|
||||||
|
|
||||||
# Reverse proxy to the backend. It is protected by Authelia by forwarding authorization checks
|
|
||||||
# to the virtual endpoint introduced by nginx and declared in the next block.
|
|
||||||
location / {
|
|
||||||
auth_request /auth_verify;
|
|
||||||
|
|
||||||
auth_request_set $user $upstream_http_remote_user;
|
|
||||||
proxy_set_header X-Forwarded-User $user;
|
|
||||||
|
|
||||||
auth_request_set $groups $upstream_http_remote_groups;
|
|
||||||
proxy_set_header Remote-Groups $groups;
|
|
||||||
|
|
||||||
# Route the request to the correct virtual host in the backend.
|
|
||||||
proxy_set_header Host $http_host;
|
|
||||||
|
|
||||||
# Authelia relies on Proxy-Authorization header to authenticate in basic auth.
|
|
||||||
# but for the sake of simplicity (because Authorization in supported in most
|
|
||||||
# clients) we take Authorization from the frontend and rewrite it to
|
|
||||||
# Proxy-Authorization before sending it to Authelia.
|
|
||||||
proxy_set_header Proxy-Authorization $http_authorization;
|
|
||||||
|
|
||||||
# mitigate HTTPoxy Vulnerability
|
|
||||||
# https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/
|
|
||||||
proxy_set_header Proxy "";
|
|
||||||
|
|
||||||
# Set the `target_url` variable based on the request. It will be used to build the portal
|
|
||||||
# URL with the correct redirection parameter.
|
|
||||||
set $target_url $scheme://$http_host$request_uri;
|
|
||||||
error_page 401 =302 https://login.example.com:8080/?rd=$target_url;
|
|
||||||
|
|
||||||
proxy_pass $upstream_endpoint;
|
|
||||||
}
|
|
||||||
|
|
||||||
# Virtual endpoint forwarding requests to Authelia server.
|
|
||||||
location /auth_verify {
|
|
||||||
internal;
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
|
|
||||||
# Provide either X-Original-URL and X-Forwarded-Proto or
|
|
||||||
# X-Forwarded-Proto, X-Forwarded-Host and X-Forwarded-URI or both.
|
|
||||||
# Those headers will be used by Authelia to deduce the target url of the user.
|
|
||||||
#
|
|
||||||
# X-Forwarded-Proto is mandatory since Authelia uses the "trust proxy" option.
|
|
||||||
# See https://expressjs.com/en/guide/behind-proxies.html
|
|
||||||
proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
|
|
||||||
|
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
|
||||||
proxy_set_header X-Forwarded-Host $http_host;
|
|
||||||
proxy_set_header X-Forwarded-URI $request_uri;
|
|
||||||
|
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
|
|
||||||
# Authelia can receive Proxy-Authorization to authenticate however most of the clients
|
|
||||||
# support Authorization instead. Therefore we rewrite Authorization into Proxy-Authorization.
|
|
||||||
proxy_set_header Proxy-Authorization $http_authorization;
|
|
||||||
|
|
||||||
proxy_pass_request_body off;
|
|
||||||
proxy_set_header Content-Length "";
|
|
||||||
|
|
||||||
proxy_pass $upstream_verify;
|
|
||||||
}
|
|
||||||
|
|
||||||
# Used by suites to test the forwarded users and groups headers produced by Authelia.
|
|
||||||
location /headers {
|
|
||||||
auth_request /auth_verify;
|
|
||||||
|
|
||||||
auth_request_set $user $upstream_http_remote_user;
|
|
||||||
proxy_set_header Custom-Forwarded-User $user;
|
|
||||||
|
|
||||||
auth_request_set $groups $upstream_http_remote_groups;
|
|
||||||
proxy_set_header Custom-Forwarded-Groups $groups;
|
|
||||||
|
|
||||||
set $target_url $scheme://$http_host$request_uri;
|
|
||||||
error_page 401 =302 https://login.example.com:8080/?rd=$target_url;
|
|
||||||
|
|
||||||
proxy_pass $upstream_headers;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
# Fake Web Mail used to receive emails sent by Authelia.
|
|
||||||
server {
|
|
||||||
listen 8080 ssl;
|
|
||||||
server_name mail.example.com;
|
|
||||||
|
|
||||||
resolver 127.0.0.11 ipv6=off;
|
|
||||||
set $upstream_endpoint http://smtp:1080;
|
|
||||||
|
|
||||||
ssl_certificate /etc/ssl/server.cert;
|
|
||||||
ssl_certificate_key /etc/ssl/server.key;
|
|
||||||
|
|
||||||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
|
||||||
add_header X-Frame-Options "SAMEORIGIN";
|
|
||||||
|
|
||||||
error_page 497 301 =307 https://$host:$server_port$request_uri;
|
|
||||||
|
|
||||||
location / {
|
|
||||||
proxy_set_header Host $http_host;
|
|
||||||
proxy_pass $upstream_endpoint;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
# Fake API emulating Duo behavior
|
|
||||||
server {
|
|
||||||
listen 443 ssl;
|
|
||||||
server_name duo.example.com;
|
|
||||||
|
|
||||||
resolver 127.0.0.11 ipv6=off;
|
|
||||||
set $upstream_endpoint http://duo-api:3000;
|
|
||||||
|
|
||||||
ssl_certificate /etc/ssl/server.cert;
|
|
||||||
ssl_certificate_key /etc/ssl/server.key;
|
|
||||||
|
|
||||||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
|
||||||
add_header X-Frame-Options "SAMEORIGIN";
|
|
||||||
|
|
||||||
error_page 497 301 =307 https://$host:$server_port$request_uri;
|
|
||||||
|
|
||||||
location / {
|
|
||||||
proxy_set_header Host $http_host;
|
|
||||||
proxy_pass $upstream_endpoint;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
# Matches all domains. It redirects to the home page.
|
|
||||||
server {
|
|
||||||
listen 8080 ssl;
|
|
||||||
server_name _;
|
|
||||||
|
|
||||||
ssl_certificate /etc/ssl/server.cert;
|
|
||||||
ssl_certificate_key /etc/ssl/server.key;
|
|
||||||
|
|
||||||
return 301 https://home.example.com:8080/;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
|
@ -17,6 +17,7 @@ services:
|
||||||
- '--traefiklog.filepath=/var/log/traefik.log'
|
- '--traefiklog.filepath=/var/log/traefik.log'
|
||||||
- '--entryPoints=Name:https Address::8080 TLS'
|
- '--entryPoints=Name:https Address::8080 TLS'
|
||||||
- '--entryPoints=Name:api Address::8081'
|
- '--entryPoints=Name:api Address::8081'
|
||||||
|
- '--insecureSkipVerify=true'
|
||||||
networks:
|
networks:
|
||||||
authelianet:
|
authelianet:
|
||||||
# Set the IP to be able to query on port 8080
|
# Set the IP to be able to query on port 8080
|
||||||
|
|
|
@ -17,6 +17,7 @@ services:
|
||||||
- '--log=true'
|
- '--log=true'
|
||||||
- '--log.level=DEBUG'
|
- '--log.level=DEBUG'
|
||||||
- '--log.filepath=/var/log/traefik.log'
|
- '--log.filepath=/var/log/traefik.log'
|
||||||
|
- '--serversTransport.insecureSkipVerify=true'
|
||||||
networks:
|
networks:
|
||||||
authelianet:
|
authelianet:
|
||||||
# Set the IP to be able to query on port 8080
|
# Set the IP to be able to query on port 8080
|
||||||
|
|
|
@ -74,7 +74,7 @@ metadata:
|
||||||
kubernetes.io/ingress.class: "nginx"
|
kubernetes.io/ingress.class: "nginx"
|
||||||
kubernetes.io/ingress.allow-http: "false"
|
kubernetes.io/ingress.allow-http: "false"
|
||||||
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
|
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
|
||||||
nginx.ingress.kubernetes.io/auth-url: "http://authelia-service.authelia.svc.cluster.local/api/verify"
|
nginx.ingress.kubernetes.io/auth-url: "https://authelia-service.authelia.svc.cluster.local/api/verify"
|
||||||
nginx.ingress.kubernetes.io/auth-signin: "https://login.example.com:8080/"
|
nginx.ingress.kubernetes.io/auth-signin: "https://login.example.com:8080/"
|
||||||
spec:
|
spec:
|
||||||
tls:
|
tls:
|
||||||
|
|
|
@ -2,7 +2,10 @@
|
||||||
# Authelia configuration #
|
# Authelia configuration #
|
||||||
###############################################################
|
###############################################################
|
||||||
|
|
||||||
port: 80
|
port: 443
|
||||||
|
tls_cert: /var/lib/authelia/ssl/cert.pem
|
||||||
|
tls_key: /var/lib/authelia/ssl/key.pem
|
||||||
|
|
||||||
log_level: debug
|
log_level: debug
|
||||||
|
|
||||||
default_redirection_url: https://home.example.com:8080
|
default_redirection_url: https://home.example.com:8080
|
||||||
|
|
|
@ -20,10 +20,12 @@ spec:
|
||||||
- name: authelia
|
- name: authelia
|
||||||
image: authelia:dist
|
image: authelia:dist
|
||||||
ports:
|
ports:
|
||||||
- containerPort: 80
|
- containerPort: 443
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: config-volume
|
- name: config-volume
|
||||||
mountPath: /etc/authelia
|
mountPath: /etc/authelia
|
||||||
|
- name: ssl-volume
|
||||||
|
mountPath: /var/lib/authelia/ssl
|
||||||
env:
|
env:
|
||||||
# We set secrets directly here for ease of deployment but all secrets
|
# We set secrets directly here for ease of deployment but all secrets
|
||||||
# should be stored in the Kube Vault in production.
|
# should be stored in the Kube Vault in production.
|
||||||
|
@ -42,3 +44,12 @@ spec:
|
||||||
items:
|
items:
|
||||||
- key: configuration.yml
|
- key: configuration.yml
|
||||||
path: configuration.yml
|
path: configuration.yml
|
||||||
|
- name: ssl-volume
|
||||||
|
configMap:
|
||||||
|
name: authelia-ssl
|
||||||
|
items:
|
||||||
|
- key: cert.pem
|
||||||
|
path: cert.pem
|
||||||
|
- key: key.pem
|
||||||
|
path: key.pem
|
||||||
|
|
||||||
|
|
|
@ -6,6 +6,7 @@ metadata:
|
||||||
namespace: authelia
|
namespace: authelia
|
||||||
annotations:
|
annotations:
|
||||||
kubernetes.io/ingress.class: "nginx"
|
kubernetes.io/ingress.class: "nginx"
|
||||||
|
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
|
||||||
spec:
|
spec:
|
||||||
tls:
|
tls:
|
||||||
- secretName: authelia-tls
|
- secretName: authelia-tls
|
||||||
|
@ -18,4 +19,4 @@ spec:
|
||||||
- path: /
|
- path: /
|
||||||
backend:
|
backend:
|
||||||
serviceName: authelia-service
|
serviceName: authelia-service
|
||||||
servicePort: 80
|
servicePort: 443
|
||||||
|
|
|
@ -9,5 +9,5 @@ spec:
|
||||||
app: authelia
|
app: authelia
|
||||||
ports:
|
ports:
|
||||||
- protocol: TCP
|
- protocol: TCP
|
||||||
port: 80
|
port: 443
|
||||||
targetPort: 80
|
targetPort: 443
|
||||||
|
|
19
internal/suites/example/kube/authelia/ssl/cert.pem
Normal file
19
internal/suites/example/kube/authelia/ssl/cert.pem
Normal file
|
@ -0,0 +1,19 @@
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIC/jCCAeagAwIBAgIRAKF0IRxC55eee6icERVf6fgwDQYJKoZIhvcNAQELBQAw
|
||||||
|
EjEQMA4GA1UEChMHQWNtZSBDbzAgFw0yMDAzMDExMjMzMzlaGA8yMTIwMDIwNjEy
|
||||||
|
MzMzOVowEjEQMA4GA1UEChMHQWNtZSBDbzCCASIwDQYJKoZIhvcNAQEBBQADggEP
|
||||||
|
ADCCAQoCggEBAMi7/oSazFIxP3rHsSLjw5XPnpMKEaVwU1zLRzW6W80BDa/ER5to
|
||||||
|
I3POGLv8lAhtUwB6WvyilrCZfs/D5lkcCxswafU/2LNppFuODnW+PG9eobgOy6Nv
|
||||||
|
f+KbnZFPRV7PB2yK6DqMyb+tbTQ7F6rEf4i6n28DI0dNyNvUCk0ld3o93LZBvC/D
|
||||||
|
/+Ulf3Vtdfsd2TckXvdA8lH4VGQJ+FIxhboTlbW8VJlk1V7FZef7+m867kOnPSaj
|
||||||
|
zv5yygrIA0XPaMAZC/SZrXHMdhvcs43fgmmTel7JD4Sy/Z/pmFlrZr5Xa8jcWycJ
|
||||||
|
ILLuPnXhgKstgq5wtDkTMZ6rpgMrKcjMKcMCAwEAAaNNMEswDgYDVR0PAQH/BAQD
|
||||||
|
AgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB/wQCMAAwFgYDVR0RBA8w
|
||||||
|
DYILZXhhbXBsZS5jb20wDQYJKoZIhvcNAQELBQADggEBABdWkbipzPivAvvamMmQ
|
||||||
|
5iPPeStfdr5MBxJGT9nPbeXdtS/13FJnspLBMMYOw/2AZk7VFrNjxkXc4NHZSlGz
|
||||||
|
FcGMlSO40fyirdYaQTDtS230ucLB+LzfZx37y9dKpEKVmQ151kKJjJ4hAZ47LmAQ
|
||||||
|
aFoDLRo7PA2HmnJ60GrI9wVp96uy1sQ6PcToIyMcVEQ/tLEEow+ykSeiZb9+qBKV
|
||||||
|
K9GUcu2LorhBtUMmEWs0TJElaf6eKUoG6JXM2byulDg24w5b9gC26kAlHWc5WDU5
|
||||||
|
pAXOjlN/OYHB0sDbYViWIL390376fYIfu2N5EDKY4QjEYsWEs4Wm9HVS9IgHP/Gi
|
||||||
|
Xbo=
|
||||||
|
-----END CERTIFICATE-----
|
28
internal/suites/example/kube/authelia/ssl/key.pem
Normal file
28
internal/suites/example/kube/authelia/ssl/key.pem
Normal file
|
@ -0,0 +1,28 @@
|
||||||
|
-----BEGIN PRIVATE KEY-----
|
||||||
|
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDIu/6EmsxSMT96
|
||||||
|
x7Ei48OVz56TChGlcFNcy0c1ulvNAQ2vxEebaCNzzhi7/JQIbVMAelr8opawmX7P
|
||||||
|
w+ZZHAsbMGn1P9izaaRbjg51vjxvXqG4Dsujb3/im52RT0Vezwdsiug6jMm/rW00
|
||||||
|
OxeqxH+Iup9vAyNHTcjb1ApNJXd6Pdy2Qbwvw//lJX91bXX7Hdk3JF73QPJR+FRk
|
||||||
|
CfhSMYW6E5W1vFSZZNVexWXn+/pvOu5Dpz0mo87+csoKyANFz2jAGQv0ma1xzHYb
|
||||||
|
3LON34Jpk3peyQ+Esv2f6ZhZa2a+V2vI3FsnCSCy7j514YCrLYKucLQ5EzGeq6YD
|
||||||
|
KynIzCnDAgMBAAECggEAC13R0LJvRWwyewJZvm8FQTNreEoGq8aLgeKk2p792cLo
|
||||||
|
gn5ry5n+/+y4q9RmkX+XRpynEE0omUFn09306jDTVCvOpCuEWsxtmR2XJgWqqGfE
|
||||||
|
Yoa78zo6FJvZNUQ22mKAuh23frFAL1FjsKRz96B+1EA1DPUxhzUZXZFJMAsiE9LZ
|
||||||
|
PxqPmnqXbPZsOb1XG33TAdCp6CC3H8KHICC+i4IC8prjKHGH/Q1saoNw8jmgwv0S
|
||||||
|
DelQUbEtqfmE6BmyTGxdeu4uW2Nv/wcENwySAOPKi5gstlbSKTa4IpKGp7CdquWi
|
||||||
|
stUW6pnSiEeDrDAzwC8uWdncOvnkAy2lRJkz/F9YoQKBgQDrCCqYdvGshecBBnfQ
|
||||||
|
fowxak2YBfG2jhAKPMHzrvQn5FIb+11x/jeXPEfOB6FShIzZ97JpFIpH3tcONlj3
|
||||||
|
OVzGCTD6WdRTcltzXVneJtNog7DliNFY4YmIPmQJ+y+EvJW1rSZTZAZI1Nbijg3n
|
||||||
|
fSd0PTzvgOGHSl1//RI1mFx7MwKBgQDapIPPSF0yf1UJ6Hhzam5NHGZ9fSqV5Qs0
|
||||||
|
Gi7uM08iDV5K7xiPglBkbN2EuMlgVnHaa5g8X897uwRSYR6nL4PRvcJiNSvnhWhe
|
||||||
|
+K3x7iHewIPYVfcghoqzuPKsXH2Zm26usdXHxBBa3IBbKtGaHnAd9h65AOUYAmAx
|
||||||
|
C2BzN90XMQKBgE2MjEFyPZunMulrsOziVG+Zm7ClhXOuvCwkj/pPp8/hzhXdgp+y
|
||||||
|
ObV09lxMuDX59l+VExEI7fd414yg8gngq3PMZJS2PxCpkvMlwhlCxk6d5ShXVHv3
|
||||||
|
LuH9dBS3BJ7PerZPQ24QeuJdF+n45S2UZgg8jHaaF9AEAYXRgsicVSdxAoGAJI0U
|
||||||
|
K/bg/awjv0BJwqGsRt/Ukm32TJC5ysAF0HRrajnp5YULChKy9dbtQV7S63QIHIeY
|
||||||
|
L5+kw/6DvnHV+gULeGjMsjZJXK8Ev7u6+JLivqZYZDYa1iknztvAVegwZxmA61t3
|
||||||
|
bantQgNSwerql2U3QQsAH9Vydw0On6RTP2+7WkECgYBWD3u64hBKmAxPkqPotkgI
|
||||||
|
w/jdOlv8FLHO79+oH1PtKvkzspcYaecKGDm/RNLIXLYnt0AmZEK4qQ4/zDFaR/rc
|
||||||
|
AhoxK2cKTRltMrhp1ivtFfLggVGogtYNxEnjnsD4KMvH3SjSNdt06YgtZ92++fOp
|
||||||
|
UsE8Mpf4/G5X7DmcHJHk+w==
|
||||||
|
-----END PRIVATE KEY-----
|
|
@ -2,6 +2,7 @@
|
||||||
|
|
||||||
start_authelia() {
|
start_authelia() {
|
||||||
kubectl create configmap authelia-config --namespace=authelia --from-file=authelia/configs/configuration.yml
|
kubectl create configmap authelia-config --namespace=authelia --from-file=authelia/configs/configuration.yml
|
||||||
|
kubectl create configmap authelia-ssl --namespace=authelia --from-file=authelia/ssl/cert.pem --from-file=authelia/ssl/key.pem
|
||||||
kubectl apply -f authelia
|
kubectl apply -f authelia
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
start_dashboard() {
|
start_dashboard() {
|
||||||
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta4/aio/deploy/recommended.yaml
|
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta8/aio/deploy/recommended.yaml
|
||||||
kubectl apply -f dashboard.yml
|
kubectl apply -f dashboard.yml
|
||||||
|
|
||||||
echo "Bearer token for UI user."
|
echo "Bearer token for UI user."
|
||||||
|
|
|
@ -28,7 +28,7 @@ func init() {
|
||||||
return waitUntilAutheliaIsReady(dockerEnvironment)
|
return waitUntilAutheliaIsReady(dockerEnvironment)
|
||||||
}
|
}
|
||||||
|
|
||||||
onSetupTimeout := func() error {
|
displayAutheliaLogs := func() error {
|
||||||
backendLogs, err := dockerEnvironment.Logs("authelia-backend", nil)
|
backendLogs, err := dockerEnvironment.Logs("authelia-backend", nil)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
|
@ -50,7 +50,8 @@ func init() {
|
||||||
GlobalRegistry.Register(bypassAllSuiteName, Suite{
|
GlobalRegistry.Register(bypassAllSuiteName, Suite{
|
||||||
SetUp: setup,
|
SetUp: setup,
|
||||||
SetUpTimeout: 5 * time.Minute,
|
SetUpTimeout: 5 * time.Minute,
|
||||||
OnSetupTimeout: onSetupTimeout,
|
OnSetupTimeout: displayAutheliaLogs,
|
||||||
|
OnError: displayAutheliaLogs,
|
||||||
TestTimeout: 1 * time.Minute,
|
TestTimeout: 1 * time.Minute,
|
||||||
TearDown: teardown,
|
TearDown: teardown,
|
||||||
TearDownTimeout: 2 * time.Minute,
|
TearDownTimeout: 2 * time.Minute,
|
||||||
|
|
|
@ -24,7 +24,7 @@ func init() {
|
||||||
return waitUntilAutheliaIsReady(dockerEnvironment)
|
return waitUntilAutheliaIsReady(dockerEnvironment)
|
||||||
}
|
}
|
||||||
|
|
||||||
onSetupTimeout := func() error {
|
displayAutheliaLogs := func() error {
|
||||||
backendLogs, err := dockerEnvironment.Logs("authelia-backend", nil)
|
backendLogs, err := dockerEnvironment.Logs("authelia-backend", nil)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
|
@ -46,7 +46,8 @@ func init() {
|
||||||
GlobalRegistry.Register("Docker", Suite{
|
GlobalRegistry.Register("Docker", Suite{
|
||||||
SetUp: setup,
|
SetUp: setup,
|
||||||
SetUpTimeout: 5 * time.Minute,
|
SetUpTimeout: 5 * time.Minute,
|
||||||
OnSetupTimeout: onSetupTimeout,
|
OnSetupTimeout: displayAutheliaLogs,
|
||||||
|
OnError: displayAutheliaLogs,
|
||||||
TestTimeout: 1 * time.Minute,
|
TestTimeout: 1 * time.Minute,
|
||||||
TearDown: teardown,
|
TearDown: teardown,
|
||||||
TearDownTimeout: 2 * time.Minute,
|
TearDownTimeout: 2 * time.Minute,
|
||||||
|
|
|
@ -26,7 +26,7 @@ func init() {
|
||||||
return waitUntilAutheliaIsReady(dockerEnvironment)
|
return waitUntilAutheliaIsReady(dockerEnvironment)
|
||||||
}
|
}
|
||||||
|
|
||||||
onSetupTimeout := func() error {
|
displayAutheliaLogs := func() error {
|
||||||
backendLogs, err := dockerEnvironment.Logs("authelia-backend", nil)
|
backendLogs, err := dockerEnvironment.Logs("authelia-backend", nil)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
|
@ -48,7 +48,8 @@ func init() {
|
||||||
GlobalRegistry.Register(duoPushSuiteName, Suite{
|
GlobalRegistry.Register(duoPushSuiteName, Suite{
|
||||||
SetUp: setup,
|
SetUp: setup,
|
||||||
SetUpTimeout: 5 * time.Minute,
|
SetUpTimeout: 5 * time.Minute,
|
||||||
OnSetupTimeout: onSetupTimeout,
|
OnSetupTimeout: displayAutheliaLogs,
|
||||||
|
OnError: displayAutheliaLogs,
|
||||||
TestTimeout: 2 * time.Minute,
|
TestTimeout: 2 * time.Minute,
|
||||||
TearDown: teardown,
|
TearDown: teardown,
|
||||||
TearDownTimeout: 2 * time.Minute,
|
TearDownTimeout: 2 * time.Minute,
|
||||||
|
|
|
@ -28,7 +28,7 @@ func init() {
|
||||||
return waitUntilAutheliaIsReady(dockerEnvironment)
|
return waitUntilAutheliaIsReady(dockerEnvironment)
|
||||||
}
|
}
|
||||||
|
|
||||||
onSetupTimeout := func() error {
|
displayAutheliaLogs := func() error {
|
||||||
backendLogs, err := dockerEnvironment.Logs("authelia-backend", nil)
|
backendLogs, err := dockerEnvironment.Logs("authelia-backend", nil)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
|
@ -51,7 +51,8 @@ func init() {
|
||||||
GlobalRegistry.Register(haproxySuiteName, Suite{
|
GlobalRegistry.Register(haproxySuiteName, Suite{
|
||||||
SetUp: setup,
|
SetUp: setup,
|
||||||
SetUpTimeout: 5 * time.Minute,
|
SetUpTimeout: 5 * time.Minute,
|
||||||
OnSetupTimeout: onSetupTimeout,
|
OnSetupTimeout: displayAutheliaLogs,
|
||||||
|
OnError: displayAutheliaLogs,
|
||||||
TestTimeout: 2 * time.Minute,
|
TestTimeout: 2 * time.Minute,
|
||||||
TearDown: teardown,
|
TearDown: teardown,
|
||||||
TearDownTimeout: 2 * time.Minute,
|
TearDownTimeout: 2 * time.Minute,
|
||||||
|
|
|
@ -28,7 +28,7 @@ func init() {
|
||||||
return waitUntilAutheliaIsReady(dockerEnvironment)
|
return waitUntilAutheliaIsReady(dockerEnvironment)
|
||||||
}
|
}
|
||||||
|
|
||||||
onSetupTimeout := func() error {
|
displayAutheliaLogs := func() error {
|
||||||
backendLogs, err := dockerEnvironment.Logs("authelia-backend", nil)
|
backendLogs, err := dockerEnvironment.Logs("authelia-backend", nil)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
|
@ -51,7 +51,8 @@ func init() {
|
||||||
GlobalRegistry.Register(mariadbSuiteName, Suite{
|
GlobalRegistry.Register(mariadbSuiteName, Suite{
|
||||||
SetUp: setup,
|
SetUp: setup,
|
||||||
SetUpTimeout: 5 * time.Minute,
|
SetUpTimeout: 5 * time.Minute,
|
||||||
OnSetupTimeout: onSetupTimeout,
|
OnSetupTimeout: displayAutheliaLogs,
|
||||||
|
OnError: displayAutheliaLogs,
|
||||||
TearDown: teardown,
|
TearDown: teardown,
|
||||||
TearDownTimeout: 2 * time.Minute,
|
TearDownTimeout: 2 * time.Minute,
|
||||||
})
|
})
|
||||||
|
|
|
@ -28,7 +28,7 @@ func init() {
|
||||||
return waitUntilAutheliaIsReady(dockerEnvironment)
|
return waitUntilAutheliaIsReady(dockerEnvironment)
|
||||||
}
|
}
|
||||||
|
|
||||||
onSetupTimeout := func() error {
|
displayAutheliaLogs := func() error {
|
||||||
backendLogs, err := dockerEnvironment.Logs("authelia-backend", nil)
|
backendLogs, err := dockerEnvironment.Logs("authelia-backend", nil)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
|
@ -51,7 +51,8 @@ func init() {
|
||||||
GlobalRegistry.Register(mysqlSuiteName, Suite{
|
GlobalRegistry.Register(mysqlSuiteName, Suite{
|
||||||
SetUp: setup,
|
SetUp: setup,
|
||||||
SetUpTimeout: 5 * time.Minute,
|
SetUpTimeout: 5 * time.Minute,
|
||||||
OnSetupTimeout: onSetupTimeout,
|
OnSetupTimeout: displayAutheliaLogs,
|
||||||
|
OnError: displayAutheliaLogs,
|
||||||
TearDown: teardown,
|
TearDown: teardown,
|
||||||
TearDownTimeout: 2 * time.Minute,
|
TearDownTimeout: 2 * time.Minute,
|
||||||
})
|
})
|
||||||
|
|
|
@ -29,7 +29,7 @@ func init() {
|
||||||
return waitUntilAutheliaIsReady(dockerEnvironment)
|
return waitUntilAutheliaIsReady(dockerEnvironment)
|
||||||
}
|
}
|
||||||
|
|
||||||
onSetupTimeout := func() error {
|
displayAutheliaLogs := func() error {
|
||||||
backendLogs, err := dockerEnvironment.Logs("authelia-backend", nil)
|
backendLogs, err := dockerEnvironment.Logs("authelia-backend", nil)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
|
@ -51,7 +51,8 @@ func init() {
|
||||||
GlobalRegistry.Register(networkACLSuiteName, Suite{
|
GlobalRegistry.Register(networkACLSuiteName, Suite{
|
||||||
SetUp: setup,
|
SetUp: setup,
|
||||||
SetUpTimeout: 5 * time.Minute,
|
SetUpTimeout: 5 * time.Minute,
|
||||||
OnSetupTimeout: onSetupTimeout,
|
OnSetupTimeout: displayAutheliaLogs,
|
||||||
|
OnError: displayAutheliaLogs,
|
||||||
TestTimeout: 1 * time.Minute,
|
TestTimeout: 1 * time.Minute,
|
||||||
TearDown: teardown,
|
TearDown: teardown,
|
||||||
TearDownTimeout: 2 * time.Minute,
|
TearDownTimeout: 2 * time.Minute,
|
||||||
|
|
|
@ -25,7 +25,7 @@ func init() {
|
||||||
return waitUntilAutheliaIsReady(dockerEnvironment)
|
return waitUntilAutheliaIsReady(dockerEnvironment)
|
||||||
}
|
}
|
||||||
|
|
||||||
onSetupTimeout := func() error {
|
displayAutheliaLogs := func() error {
|
||||||
backendLogs, err := dockerEnvironment.Logs("authelia-backend", nil)
|
backendLogs, err := dockerEnvironment.Logs("authelia-backend", nil)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
|
@ -47,7 +47,8 @@ func init() {
|
||||||
GlobalRegistry.Register(oneFactorOnlySuiteName, Suite{
|
GlobalRegistry.Register(oneFactorOnlySuiteName, Suite{
|
||||||
SetUp: setup,
|
SetUp: setup,
|
||||||
SetUpTimeout: 5 * time.Minute,
|
SetUpTimeout: 5 * time.Minute,
|
||||||
OnSetupTimeout: onSetupTimeout,
|
OnSetupTimeout: displayAutheliaLogs,
|
||||||
|
OnError: displayAutheliaLogs,
|
||||||
TestTimeout: 1 * time.Minute,
|
TestTimeout: 1 * time.Minute,
|
||||||
TearDown: teardown,
|
TearDown: teardown,
|
||||||
TearDownTimeout: 2 * time.Minute,
|
TearDownTimeout: 2 * time.Minute,
|
||||||
|
|
|
@ -28,7 +28,7 @@ func init() {
|
||||||
return waitUntilAutheliaIsReady(dockerEnvironment)
|
return waitUntilAutheliaIsReady(dockerEnvironment)
|
||||||
}
|
}
|
||||||
|
|
||||||
onSetupTimeout := func() error {
|
displayAutheliaLogs := func() error {
|
||||||
backendLogs, err := dockerEnvironment.Logs("authelia-backend", nil)
|
backendLogs, err := dockerEnvironment.Logs("authelia-backend", nil)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
|
@ -51,7 +51,8 @@ func init() {
|
||||||
GlobalRegistry.Register(postgresSuiteName, Suite{
|
GlobalRegistry.Register(postgresSuiteName, Suite{
|
||||||
SetUp: setup,
|
SetUp: setup,
|
||||||
SetUpTimeout: 5 * time.Minute,
|
SetUpTimeout: 5 * time.Minute,
|
||||||
OnSetupTimeout: onSetupTimeout,
|
OnSetupTimeout: displayAutheliaLogs,
|
||||||
|
OnError: displayAutheliaLogs,
|
||||||
TearDown: teardown,
|
TearDown: teardown,
|
||||||
TearDownTimeout: 2 * time.Minute,
|
TearDownTimeout: 2 * time.Minute,
|
||||||
})
|
})
|
||||||
|
|
|
@ -26,7 +26,7 @@ func init() {
|
||||||
return waitUntilAutheliaIsReady(dockerEnvironment)
|
return waitUntilAutheliaIsReady(dockerEnvironment)
|
||||||
}
|
}
|
||||||
|
|
||||||
onSetupTimeout := func() error {
|
displayAutheliaLogs := func() error {
|
||||||
backendLogs, err := dockerEnvironment.Logs("authelia-backend", nil)
|
backendLogs, err := dockerEnvironment.Logs("authelia-backend", nil)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
|
@ -48,7 +48,8 @@ func init() {
|
||||||
GlobalRegistry.Register(shortTimeoutsSuiteName, Suite{
|
GlobalRegistry.Register(shortTimeoutsSuiteName, Suite{
|
||||||
SetUp: setup,
|
SetUp: setup,
|
||||||
SetUpTimeout: 5 * time.Minute,
|
SetUpTimeout: 5 * time.Minute,
|
||||||
OnSetupTimeout: onSetupTimeout,
|
OnSetupTimeout: displayAutheliaLogs,
|
||||||
|
OnError: displayAutheliaLogs,
|
||||||
TestTimeout: 3 * time.Minute,
|
TestTimeout: 3 * time.Minute,
|
||||||
TearDown: teardown,
|
TearDown: teardown,
|
||||||
TearDownTimeout: 2 * time.Minute,
|
TearDownTimeout: 2 * time.Minute,
|
||||||
|
|
|
@ -14,7 +14,7 @@ func init() {
|
||||||
"internal/suites/example/compose/authelia/docker-compose.backend.{}.yml",
|
"internal/suites/example/compose/authelia/docker-compose.backend.{}.yml",
|
||||||
"internal/suites/example/compose/authelia/docker-compose.frontend.{}.yml",
|
"internal/suites/example/compose/authelia/docker-compose.frontend.{}.yml",
|
||||||
"internal/suites/example/compose/nginx/backend/docker-compose.yml",
|
"internal/suites/example/compose/nginx/backend/docker-compose.yml",
|
||||||
"internal/suites/example/compose/nginx/portal/docker-compose.https.yml",
|
"internal/suites/example/compose/nginx/portal/docker-compose.yml",
|
||||||
"internal/suites/example/compose/smtp/docker-compose.yml",
|
"internal/suites/example/compose/smtp/docker-compose.yml",
|
||||||
})
|
})
|
||||||
|
|
||||||
|
|
|
@ -28,7 +28,7 @@ func init() {
|
||||||
return waitUntilAutheliaIsReady(dockerEnvironment)
|
return waitUntilAutheliaIsReady(dockerEnvironment)
|
||||||
}
|
}
|
||||||
|
|
||||||
onSetupTimeout := func() error {
|
displayAutheliaLogs := func() error {
|
||||||
backendLogs, err := dockerEnvironment.Logs("authelia-backend", nil)
|
backendLogs, err := dockerEnvironment.Logs("authelia-backend", nil)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
|
@ -51,7 +51,8 @@ func init() {
|
||||||
GlobalRegistry.Register(traefikSuiteName, Suite{
|
GlobalRegistry.Register(traefikSuiteName, Suite{
|
||||||
SetUp: setup,
|
SetUp: setup,
|
||||||
SetUpTimeout: 5 * time.Minute,
|
SetUpTimeout: 5 * time.Minute,
|
||||||
OnSetupTimeout: onSetupTimeout,
|
OnSetupTimeout: displayAutheliaLogs,
|
||||||
|
OnError: displayAutheliaLogs,
|
||||||
TestTimeout: 2 * time.Minute,
|
TestTimeout: 2 * time.Minute,
|
||||||
TearDown: teardown,
|
TearDown: teardown,
|
||||||
TearDownTimeout: 2 * time.Minute,
|
TearDownTimeout: 2 * time.Minute,
|
||||||
|
|
|
@ -28,7 +28,7 @@ func init() {
|
||||||
return waitUntilAutheliaIsReady(dockerEnvironment)
|
return waitUntilAutheliaIsReady(dockerEnvironment)
|
||||||
}
|
}
|
||||||
|
|
||||||
onSetupTimeout := func() error {
|
displayAutheliaLogs := func() error {
|
||||||
backendLogs, err := dockerEnvironment.Logs("authelia-backend", nil)
|
backendLogs, err := dockerEnvironment.Logs("authelia-backend", nil)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
|
@ -51,7 +51,8 @@ func init() {
|
||||||
GlobalRegistry.Register(traefik2SuiteName, Suite{
|
GlobalRegistry.Register(traefik2SuiteName, Suite{
|
||||||
SetUp: setup,
|
SetUp: setup,
|
||||||
SetUpTimeout: 5 * time.Minute,
|
SetUpTimeout: 5 * time.Minute,
|
||||||
OnSetupTimeout: onSetupTimeout,
|
OnSetupTimeout: displayAutheliaLogs,
|
||||||
|
OnError: displayAutheliaLogs,
|
||||||
TestTimeout: 2 * time.Minute,
|
TestTimeout: 2 * time.Minute,
|
||||||
TearDown: teardown,
|
TearDown: teardown,
|
||||||
TearDownTimeout: 2 * time.Minute,
|
TearDownTimeout: 2 * time.Minute,
|
||||||
|
|
Loading…
Reference in New Issue
Block a user