mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
e843a52a04
* [Docker] Create Lite docker-compose.yml example
* [Docker] Update README.md with 3 compose bundles {Local,Lite,Full}
* [DOCS] Update Traefik2 proxy example
* [Docker] Create Local docker-compose.yml example
* [MISC] Update examples to utilise Traefik 2.2
This change enables global http -> https redirection.
* [Docker] Update Local compose to utilise loopback address
* [Docker] Drop compose version to 3.3 to cater for more distros
* [DOCS] Adjust Getting Started
* [Docker] Tweak Local bundle setup for OSX
* [Docker] Optimise setup.sh for Local bundle
* [Docker] Fix read-only mounting of user database
* [DOCS] Implement feedback for compose bundles
* [DOCS] Provide feedback on self-signed certificates
* [DOCS] Implement additional feedback for compose bundles
Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>
52 lines
2.4 KiB
Markdown
52 lines
2.4 KiB
Markdown
---
|
|
layout: default
|
|
title: Deployment - Lite
|
|
parent: Deployment
|
|
---
|
|
|
|
# Lite Deployment
|
|
|
|
**Authelia** can be deployed as a lite setup with minimal external dependencies.
|
|
The setup is called lite because it reduces the number of components in the architecture
|
|
to a reverse proxy such as Nginx, Traefik or HAProxy, Authelia and Redis.
|
|
|
|
This setup assumes you have basic knowledge and understanding of IP addresses, DNS and port
|
|
forwarding. You should setup the domain you intend to protect with Authelia to point to your
|
|
external IP address and port forward ports `80` and `443` to the host you plan to host the
|
|
`docker-compose.yml` bundle.
|
|
|
|
Port 80 is utilised by LetsEncrypt for certificate challenges, this will [automatically
|
|
provision](https://docs.traefik.io/https/acme/) up-to-date certificates for your domain(s).
|
|
|
|
Traefik publishes the respective services with LetsEncrypt provided certificates on port `443`.
|
|
The provided examples protect the Traefik dashboard with Authelia's one-factor auth
|
|
(traefik.example.com) and two instances of the
|
|
[whoami container](https://hub.docker.com/r/containous/whoami) with Authelia being
|
|
bypassed (public.example.com) and another with it's two-factor auth (secure.example.com).
|
|
|
|
If you happen to already have an external SQL instance (MariaDB, MySQL or Postgres) this
|
|
setup can easily be adapted to utilise said [service](../configuration/storage/index.md).
|
|
|
|
## Steps
|
|
|
|
- `git clone https://github.com/authelia/authelia.git`
|
|
- `cd authelia/compose/lite`
|
|
- Modify the `users_database.yml` the default username and password is `authelia`
|
|
- Modify the `configuration.yml` and `docker-compose.yml` with your respective domains and secrets
|
|
- `docker-compose up -d`
|
|
|
|
## Reverse Proxy
|
|
|
|
The [Lite bundle](https://github.com/authelia/authelia/blob/master/compose/lite/docker-compose.yml)
|
|
provides pre-made examples with [Traefik2.x](./supported-proxies/traefik2.x.md), you can swap this
|
|
out for any of the [supported proxies](./supported-proxies/index.md).
|
|
|
|
## FAQ
|
|
|
|
### Can you give more details on why this is not suitable for production environments?
|
|
|
|
This documentation gives instructions that will make **Authelia** non
|
|
resilient to failures and non scalable by preventing you from running multiple
|
|
instances of the application. This means that **Authelia** won't be able to distribute
|
|
the load across multiple servers and it will prevent failover in case of a
|
|
crash or an hardware issue. |