Commit Graph

22 Commits

Author SHA1 Message Date
Amir Zarrinkafsh
771c220d38
[FEATURE] Support updated haproxy-auth-request (#1310)
* [FEATURE] Support updated haproxy-auth-request
This version removes the dependency of lua-socket which seemed to result in many unsupported and broken BSD/Pfsense deployments.

* Fix docs indentation

* Add haproxy-lua-http to TLS enabled configuration
2020-09-10 10:52:57 +10:00
Chris Smith
c70255f9ef
[DOCS] Add FAQ for Kubernetes deployment (#1252)
* Add note to Kubernetes page about potential OOM

See #1234
2020-08-14 13:30:37 +10:00
Amir Zarrinkafsh
c5916cbce6
[DOCS] Adjust Deployment navigation order (#1160) 2020-06-29 16:55:41 +10:00
Amir Zarrinkafsh
ff7f9a50ab
[FEATURE] Docker simplification and configuration generation (#1113)
* [FEATURE] Docker simplification and configuration generation
The Authelia binary now will attempt to generate configuration based on the latest template assuming that the config location specified on startup does not exist. If a file based backend is selected and the backend cannot be found similarly it will generate a `user_database.yml` based a template.

This will allow more seamless bootstrapping of an environment no matter the deployment method.

We have also squashed the Docker volume requirement down to just `/config` thus removing the requirement for `/var/lib/authelia` this is primarily in attempts to simplify the Docker deployment.

Users with the old volume mappings have two options:
1. Change their mappings to conform to `/config`
2. Change the container entrypoint from `authelia --config /config/configuration.yml` to their old mapping

* Adjust paths relative to `/etc/authelia` and simplify to single volume for compose
* Add generation for file backend based user database
* Refactor Docker volumes and paths to /config
* Refactor Docker WORKDIR to /app
* Fix integration tests
* Update BREAKING.md for v4.20.0
* Run go mod tidy
* Fix log_file_path in miscellaneous.md docs
* Generate config and userdb with 0600 permissions
* Fix log_file_path in config.template.yml
2020-06-17 16:25:35 +10:00
Clément Michaud
2c0fa811a2
[DOCS] Improve documentation around Remote-User and Remote-Groups usage. (#1091)
* [DOCS] Improve documentation around Remote-User and Remote-Groups usage.

* Update docs/deployment/supported-proxies/index.md

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2020-06-08 17:17:24 +10:00
Amir Zarrinkafsh
08d412ece8
[DOCS] Add FAQs to Traefik2 (#1038)
Closes #997.
2020-05-21 16:48:54 +02:00
Amir Zarrinkafsh
561a3f551c
[DOCS] Fix typos in proxy examples (#1015)
Also include global http -> https redirection in Traefik 2.x example.
2020-05-14 13:26:52 +10:00
Clément Michaud
da5c722cf8
[DOCS] Introduce an FAQ and document forwarded authentication. (#962)
* add FAQ docs section
* add forwarded authentication section to deployments > supported proxies
* apply suggestions from code review

Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2020-05-03 13:18:13 +10:00
Amir Zarrinkafsh
310c5dc09b
[DOCS] Harmonize Remote-User and Remote-Groups headers in nginx example (#963)
Fixes #957.

Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>
2020-05-02 17:10:26 +02:00
Amir Zarrinkafsh
f8bd506326
[FEATURE] Embed static assets in Go binary (#916)
* [FEATURE] Embed static assets in Go binary

* Refactor/consolidate code and specify public_html via configuration

* Update docs and config template for assets

* Update AUR package pre-requisites and systemd unit

* Include static assets as Buildkite and GitHub artifacts

* Remove references to PUBLIC_DIR

* Only serve assets via embedded filesystem and remove configuration references

* Update authelia-scripts helper to build the embedded filesystem

* Mock the embedded filesystem for unit tests
Add to gitignore to ensure this isn't overwritten.

* Move go:generate to satisfy linter
2020-04-29 00:07:20 +10:00
Amir Zarrinkafsh
ff2df8b039
[DOCS] Fix HAProxy typo (#937) 2020-04-28 21:00:10 +10:00
Amir Zarrinkafsh
69859aa5d4
[DOCS] Update HAProxy code syntax style (#936) 2020-04-28 20:53:06 +10:00
Amir Zarrinkafsh
dca8a5343a
[DOCS] Update proxy integration example for HAProxy (#935)
* [DOCS] Update proxy integration example for HAProxy

* Minor style tweak

* Update haproxy.md

Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2020-04-28 19:17:45 +10:00
Amir Zarrinkafsh
76e8142032
[DOCS] Add Remote-User and Remote-Groups headers to Traefik docs and examples (#849) 2020-04-11 11:49:54 +10:00
Amir Zarrinkafsh
e843a52a04
[Docker] Include docker-compose.yml examples to run Authelia (#642)
* [Docker] Create Lite docker-compose.yml example

* [Docker] Update README.md with 3 compose bundles {Local,Lite,Full}

* [DOCS] Update Traefik2 proxy example

* [Docker] Create Local docker-compose.yml example

* [MISC] Update examples to utilise Traefik 2.2
This change enables global http -> https redirection.

* [Docker] Update Local compose to utilise loopback address

* [Docker] Drop compose version to 3.3 to cater for more distros

* [DOCS] Adjust Getting Started

* [Docker] Tweak Local bundle setup for OSX

* [Docker] Optimise setup.sh for Local bundle

* [Docker] Fix read-only mounting of user database

* [DOCS] Implement feedback for compose bundles

* [DOCS] Provide feedback on self-signed certificates

* [DOCS] Implement additional feedback for compose bundles

Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>
2020-03-27 10:43:10 +11:00
Amir Zarrinkafsh
f3fd79d731
[DOCS] Review all docs and adjust since the initial refactoring (#698)
* [DOCS] Review all docs and adjust since the initial refactoring

* [DOCS] Minor tweaks
2020-03-10 09:37:46 +11:00
Clément Michaud
3c8babbd4f
[DOCS] Proxy documentation not available anymore. (#692) 2020-03-08 16:29:16 +01:00
James Elliott
26369fff3d
[FEATURE] Support Argon2id password hasing and improved entropy (#679)
* [FEATURE] Support Argon2id Passwords

- Updated go module github.com/simia-tech/crypt
- Added Argon2id support for file based authentication backend
- Made it the default method
- Made it so backwards compatibility with SHA512 exists
- Force seeding of the random string generator used for salts to ensure they are all different
- Added command params to the authelia hash-password command
- Automatically remove {CRYPT} from hashes as they are updated
- Automatically change hashes when they are updated to the configured algorithm
- Made the hashing algorithm parameters completely configurable
- Added reasonably comprehensive test suites
- Updated docs
- Updated config template

* Adjust error output

* Fix unit test

* Add unit tests and argon2 version check

* Fix new unit tests

* Update docs, added tests

* Implement configurable values and more comprehensive testing

* Added cmd params to hash_password, updated docs, misc fixes

* More detailed error for cmd, fixed a typo

* Fixed cmd flag error, minor refactoring

* Requested Changes and Minor refactoring

* Increase entropy

* Update docs for entropy changes

* Refactor to reduce nesting and easier code maintenance

* Cleanup Errors (uniformity for the function call)

* Check salt length, fix docs

* Add Base64 string validation for argon2id

* Cleanup and Finalization
- Moved RandomString function from ./internal/authentication/password_hash.go to ./internal/utils/strings.go
- Added SplitStringToArrayOfStrings func that splits strings into an array with a fixed max string len
- Fixed an error in validator that would allow a zero salt length
- Added a test to verify the upstream crypt module supports our defined random salt chars
- Updated docs
- Removed unused "HashingAlgorithm" string type

* Update crypt go mod, support argon2id key length and major refactor

* Config Template Update, Final Tests

* Use schema defaults for hash-password cmd

* Iterations check

* Docs requested changes

* Test Coverage, suggested edits

* Wording edit

* Doc changes

* Default sanity changes

* Default sanity changes - docs

* CI Sanity changes

* Memory in MB
2020-03-06 12:38:02 +11:00
Clément Michaud
0c43740a4e
[FEATURE] Add command to generate self-signed certs in authelia binary. (#676)
* [FEATURE] Add command to generate self-signed certs in authelia binary.
* Apply suggestions from code review

Fixes #454 

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2020-03-01 14:08:09 +01:00
James Elliott
ffc87c1006
[DOCS] Fix Docs Links (#674)
- Fixed a few broken links
2020-03-01 16:58:26 +11:00
Clément Michaud
b311bd5ead
[DOCS] Improve documentation about the integration with proxies. (#669)
* [DOCS] Improve documentation about the integration with proxies.

This improvement resolves #384.

* Update index.md
2020-03-01 12:11:16 +11:00
Clément Michaud
adf7bbaf5b
[DOCS] Bootstrap new documentation website based on just-the-docs (#659) 2020-02-29 01:43:59 +01:00