This ensures users checkout the latest tagged release when using the lite deployment. Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2.5 KiB
layout | title | parent | nav_order |
---|---|---|---|
default | Deployment - Lite | Deployment | 1 |
Lite Deployment
Authelia can be deployed as a lite setup with minimal external dependencies. The setup is called lite because it reduces the number of components in the architecture to a reverse proxy such as Nginx, Traefik or HAProxy, Authelia and Redis.
This setup assumes you have basic knowledge and understanding of IP addresses, DNS and port
forwarding. You should setup the domain you intend to protect with Authelia to point to your
external IP address and port forward ports 80
and 443
to the host you plan to host the
docker-compose.yml
bundle.
Port 80 is utilised by LetsEncrypt for certificate challenges, this will automatically provision up-to-date certificates for your domain(s).
Traefik publishes the respective services with LetsEncrypt provided certificates on port 443
.
The provided examples protect the Traefik dashboard with Authelia's one-factor auth
(traefik.example.com) and two instances of the
whoami container with Authelia being
bypassed (public.example.com) and another with it's two-factor auth (secure.example.com).
If you happen to already have an external SQL instance (MariaDB, MySQL or Postgres) this setup can easily be adapted to utilise said service.
Steps
git clone https://github.com/authelia/authelia.git
cd authelia/examples/compose/lite
git checkout $(git describe --tags `git rev-list --tags --max-count=1`)
- Modify the
users_database.yml
the default username and password isauthelia
- Modify the
configuration.yml
anddocker-compose.yml
with your respective domains and secrets docker-compose up -d
Reverse Proxy
The Lite bundle provides pre-made examples with Traefik2.x, you can swap this out for any of the supported proxies.
FAQ
Can you give more details on why this is not suitable for production environments?
This documentation gives instructions that will make Authelia non resilient to failures and non scalable by preventing you from running multiple instances of the application. This means that Authelia won't be able to distribute the load across multiple servers and it will prevent failover in case of a crash or an hardware issue.