mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
Edit README to make the user add more subdomains in /etc/hosts for testing the example locally
This commit is contained in:
parent
b403cfe2f8
commit
7d21f8d5df
29
README.md
29
README.md
|
@ -40,6 +40,9 @@ Add the following lines to your /etc/hosts to simulate multiple subdomains
|
|||
127.0.0.1 secret.test.local
|
||||
127.0.0.1 secret1.test.local
|
||||
127.0.0.1 secret2.test.local
|
||||
127.0.0.1 home.test.local
|
||||
127.0.0.1 mx1.mail.test.local
|
||||
127.0.0.1 mx2.mail.test.local
|
||||
127.0.0.1 auth.test.local
|
||||
|
||||
Then, type the following command to build and deploy the services:
|
||||
|
@ -48,20 +51,28 @@ Then, type the following command to build and deploy the services:
|
|||
docker-compose up -d
|
||||
|
||||
After few seconds the services should be running and you should be able to visit
|
||||
[https://secret.test.local:8080/](https://secret.test.local:8080/).
|
||||
[https://home.test.local:8080/](https://home.test.local:8080/).
|
||||
|
||||
Normally, a self-signed certificate exception should appear, it has to be
|
||||
accepted before getting to the login page:
|
||||
|
||||
![first-factor-page](https://raw.githubusercontent.com/clems4ever/authelia/master/images/first_factor.png)
|
||||
|
||||
### 1st factor: LDAP
|
||||
An LDAP server has been deployed for you with the following credentials:
|
||||
### 1st factor: LDAP and ACL
|
||||
An LDAP server has been deployed for you with the following credentials and
|
||||
access control list:
|
||||
|
||||
- **john/password** is in the admin group and has access to every subdomain.
|
||||
- **bob/password** is in the dev group and has only access to *secret2.test.local*
|
||||
- **harry/password** is not in a group but has access to *secret1.test.local*
|
||||
as per the configuration file.
|
||||
- **john / password** is in the admin group and has access to the secret from
|
||||
any subdomain.
|
||||
- **bob / password** is in the dev group and has access to the secret from
|
||||
- [secret.test.local](https://secret.test.local:8080/secret.html)
|
||||
- [secret2.test.local](https://secret2.test.local:8080/secret.html)
|
||||
- [home.test.local](https://home.test.local:8080/secret.html)
|
||||
- [\*.mail.test.local](https://mx1.mail.test.local:8080/secret.html)
|
||||
- **harry / password** is not in a group but has rules giving him has access to
|
||||
the secret from
|
||||
- [secret1.test.local](https://secret1.test.local:8080/secret.html)
|
||||
- [home.test.local](https://home.test.local:8080/secret.html)
|
||||
|
||||
Type them in the login page and validate. Then, the second factor page should
|
||||
have appeared as shown below.
|
||||
|
@ -107,8 +118,8 @@ Paste the link in your browser and you should be able to reset the password.
|
|||
### Access Control
|
||||
With **Authelia**, you can define your own access control rules for restricting
|
||||
the access to certain subdomains to your users. Those rules are defined in the
|
||||
configuration file and are per-user or per-group. Check out the
|
||||
*config.template.yml* to see how they are defined.
|
||||
configuration file and can be either default, per-user or per-group policies.
|
||||
Check out the *config.template.yml* to see how they are defined.
|
||||
|
||||
## Documentation
|
||||
### Configuration
|
||||
|
|
|
@ -36,12 +36,16 @@ ldap:
|
|||
|
||||
# Access Control
|
||||
#
|
||||
# Access control is a set of rules where you can specify a group-based
|
||||
# subdomain restrictions.
|
||||
# Access control is a set of rules you can use to restrict the user access.
|
||||
# Default (anyone), per-user or per-group rules can be defined.
|
||||
#
|
||||
# If access_control is not defined, ACL rules are disabled and default policy
|
||||
# is allowed to everyone.
|
||||
# Otherwise, the default policy is denied for any user and any subdomain.
|
||||
# If 'access_control' is not defined, ACL rules are disabled and default policy
|
||||
# is applied, i.e., access is allowed to anyone. Otherwise restrictions follow
|
||||
# the rules defined below.
|
||||
# If no rule is provided, all domains are denied.
|
||||
#
|
||||
# '*' means 'any' subdomains and matches any string. It must stand at the
|
||||
# beginning of the pattern.
|
||||
access_control:
|
||||
default:
|
||||
- home.test.local
|
||||
|
|
Loading…
Reference in New Issue
Block a user