Step by Step Setup Guide for Authelia

This article provides detailed instructions on integrating Authelia as a middleware with Traefik. Using Docker labels for configuration, this setup allows Traefik to query Authelia for authorization on every web request. Authelia validates session cookies and access permissions for secure resource control. The information is partially sourced from Brynn Crowley, referencing his setup guide.

Prerequisites

Docker Swarm

GlusterFS & Keepalived

Traefik Reverse Proxy

Important Notes

Configuration uses Docker labels directly in docker-compose.yaml.

Examples use a whoami application for demonstration.

Advanced configurations (e.g., SMTP) are available in Authelia documentation.

Step-by-Step Guide

Step 1: Create Folders

mkdir -p /mnt/glustermount/data/authelia_data/{logs,config,secrets}

Step 2: Create External Network

Create the management_net network:

docker network create -d overlay management_net

Step 3: Configure User Database

Create a basic user database:

users:
  authelia:
    displayname: 'Authelia User'
    password: '$6$rounds=50000$BpLnfgDsc2WD8F2q$Zis.ixdg9s/UOJYrs56b5QEZFiZECu0qZVNsIYxBaNJ7ucIL.nlxVCT5tqh8KHG8X4tlwCFm5r6NTOZZ5qRFN/'
    email: '[email protected]'
    groups:
      - 'admin'
      - 'dev'

Step 3.1: Generate Password Hash (Optional)

docker run --rm -it authelia/authelia:latest authelia crypto hash generate argon2

Step 4: Create Secrets

docker run --rm -u 8000:8000 -v /mnt/glustermount/data/authelia_data/secrets:/secrets docker.io/authelia/authelia \
  sh -c "cd /secrets && authelia crypto rand --length 64 session_secret.txt storage_encryption_key.txt jwt_secret.txt"

Step 5: Create Docker Compose

version: '3.3'

services:
  traefik:
    image: 'traefik:latest'
    depends_on:
      - authelia
    networks:
      management_net:
        aliases:
          - 'auth.domain.com'
      authelia: {}
    volumes:
      - '/var/run/docker.sock:/var/run/docker.sock:ro'
      - '/mnt/glustermount/data/traefik_data/acme.json:/le/acme.json'
    labels:
      - 'traefik.enable=true'
      - 'traefik.http.routers.traefik.rule=Host(`traefik.domain.com`)'
      - 'traefik.http.routers.dashboard.middlewares=authelia@docker'

  authelia:
    image: 'authelia/authelia:4.38'
    volumes:
      - '/mnt/glustermount/data/authelia_data/secrets:/secrets:ro'
    networks:
      management_net: {}

  whoami-secure:
    image: 'traefik/whoami'
    labels:
      - 'traefik.enable=true'
      - 'traefik.http.routers.whoami-secure.middlewares=authelia@docker'

networks:
  management_net:
    external: true
  authelia:

Step 6: Start the Stack

docker compose up -d

Step 7: Verify Setup

Check container status: docker compose ps

Access Traefik dashboard: https://traefik.domain.com

Test authentication: https://whoami-secure.domain.com

Troubleshooting

Check logs: docker logs authelia

Ensure secret files exist and have correct permissions.