Compare commits
No commits in common. "dec7a652a54d0ee3050d4ee02c23a869a7680258" and "78459d843bfa1377f84ec516b660f10bc22cbf12" have entirely different histories.
dec7a652a5
...
78459d843b
@ -13,14 +13,6 @@ identity_validation:
|
|||||||
reset_password:
|
reset_password:
|
||||||
jwt_algorithm: "HS512"
|
jwt_algorithm: "HS512"
|
||||||
|
|
||||||
identity_providers:
|
|
||||||
oidc:
|
|
||||||
jwks:
|
|
||||||
- key_id: "example"
|
|
||||||
algorithm: "RS256"
|
|
||||||
use: "sig"
|
|
||||||
key: {{ secret "/config/secrets/oidc/jwks/rsa.2048.key" | mindent 10 "|" | msquote }}
|
|
||||||
|
|
||||||
session:
|
session:
|
||||||
cookies:
|
cookies:
|
||||||
- name: "authelia_session"
|
- name: "authelia_session"
|
||||||
|
|||||||
@ -1,28 +0,0 @@
|
|||||||
-----BEGIN PRIVATE KEY-----
|
|
||||||
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC3HSoRzZVj14+q
|
|
||||||
tpV8rshNYv5Cwf7TdBrf+xRhy345GQWqHTp3w+YhTopgIfpprbJKx3P54nq9z8uV
|
|
||||||
JFajW8DEK5aZXXXQcEGO3GKTnOyqqqHpXkh3S+q6IOeac8lCVYQcXEIAGPist+Li
|
|
||||||
nBXzXccsS0gwiyICaB0WFPy2ARg32BSwbTaPz54R99wcBNI3aojOtYnCEJ7gQLF0
|
|
||||||
FZRQrYEE8wh7if0aL9XY3ihaaal9Uuz/JBSip/SZKB2qh8SZj3LTiv0BgJlo/nux
|
|
||||||
Lt3Hn+hMBhaDw7HKF3zvUF9JIDzuIETrDN3np4GSpnFmSBQyDu4H7DyxkG+wdkjf
|
|
||||||
u9MeXU2HAgMBAAECggEBAIr2WAHQuWleokmUbFeFsL6BvKFe5YsFFowZ1/rrWivs
|
|
||||||
oE7cBY30HcXy+7I+tvHR/ncfbBUb2bgIZOAXBqTMMbrttUlIEuuO9UF8YFbThQtz
|
|
||||||
mJIomefmtghwhjLBYd+0VCDNpsy6JqW0mzsL5uCcr1UfAHbOb43SAxjJ7ooUxJND
|
|
||||||
XxO+zpsuXhO/P9Cc5ihEw5CXBEwDVwZu3OrKQy2UBDlyyks8UVbMK9PriqYF71Ti
|
|
||||||
7GgsvqH/Lvpji4F7zEfmG5aMcFCtG/XymtrFHt3U5P8goVRpMpRWacq4TJiVJZA0
|
|
||||||
11Ze3vI9suvm04eu/cmqTGOfEo/eo46Mw3ApWFdOPFkCgYEAw+NcQ0eAyoHLBTnR
|
|
||||||
iryR2wYjTVQv1HcGWz0EZbecTQeeMXgdzzzwYYGa5UGxndDJT/5eWAzyQUxNWXIi
|
|
||||||
XQWcP5WcrHbcrHjirAUnlQjCuhJWISFBnXAaam1C6cImEsQ71cZV/VOCy04hssV5
|
|
||||||
znrILX+CCMSGlrk97AuZkEAa7NsCgYEA705IvWk8NmfkDyDug0JwEP2HUwvUVDMk
|
|
||||||
DWnr2/gtemWW6WY6BBVLQlRVAHjvHVHcm0Xk+0z0MuSpHcm5DeStjhFEkCqgPJ9o
|
|
||||||
GvBRSyuQw9IVtSbT7Sw9VI1VvvGK7RLq/S54+CMgW0atMeTLIpz9IAaP4Ua+hnGL
|
|
||||||
LBBOgTAo68UCgYEAsA2mfV1FNjwC0FaPqkYiPJw+nCBewHCdCOFFE3o7Aswm9EUF
|
|
||||||
XZ1iWfAW25b4YGMmmzt9ZVt1WxSNrCc1FS+Wp1r6rdJCMMyQxJP5aCuwf3U9bZcr
|
|
||||||
FqmLRD2g1uDEQTeWo2IXJI+qzLgS904eVGHriWDA6MpgQBSKv5wJTykeSeMCgYAE
|
|
||||||
0tYig0GEczmkmGxWVvt9TC7zHJTuEY3Te2QWrfz0r6GIGNhohqlar+p6tPVU6PaC
|
|
||||||
ZrlD23w8nmFOSWeigQ6Cg5SXN1S9hBUMHfX1hu5HFC/908eHy1F9J9AnpiS/vJbh
|
|
||||||
/ZLQpZycWmNZUxxJGVL810UFLHDgst80Ryvd7MOWZQKBgFsd+s4hXrp4KNFogHoC
|
|
||||||
JHM7gIsRMtHY46yXqGeDPdzS1vhOWmcEyDgGrYrDkH16evc6dumjVaYDanSbbigZ
|
|
||||||
n3eSjiHLlKRBuRx9uePd8HzHG3tFrdPq2eHN2wmcfl3ukakHJ6MzlZn1G9vifNKc
|
|
||||||
hE8f6upznVDdQj7k95MWrey2
|
|
||||||
-----END PRIVATE KEY-----
|
|
||||||
@ -1,9 +0,0 @@
|
|||||||
-----BEGIN PUBLIC KEY-----
|
|
||||||
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtx0qEc2VY9ePqraVfK7I
|
|
||||||
TWL+QsH+03Qa3/sUYct+ORkFqh06d8PmIU6KYCH6aa2ySsdz+eJ6vc/LlSRWo1vA
|
|
||||||
xCuWmV110HBBjtxik5zsqqqh6V5Id0vquiDnmnPJQlWEHFxCABj4rLfi4pwV813H
|
|
||||||
LEtIMIsiAmgdFhT8tgEYN9gUsG02j8+eEffcHATSN2qIzrWJwhCe4ECxdBWUUK2B
|
|
||||||
BPMIe4n9Gi/V2N4oWmmpfVLs/yQUoqf0mSgdqofEmY9y04r9AYCZaP57sS7dx5/o
|
|
||||||
TAYWg8Oxyhd871BfSSA87iBE6wzd56eBkqZxZkgUMg7uB+w8sZBvsHZI37vTHl1N
|
|
||||||
hwIDAQAB
|
|
||||||
-----END PUBLIC KEY-----
|
|
||||||
@ -14,7 +14,6 @@ services:
|
|||||||
environment:
|
environment:
|
||||||
- PUID=1000
|
- PUID=1000
|
||||||
- PGID=1000
|
- PGID=1000
|
||||||
- X_AUTHELIA_CONFIG_FILTERS=expand-env,template
|
|
||||||
- TZ=${TIME_ZONE}
|
- TZ=${TIME_ZONE}
|
||||||
- AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE=/config/secrets/STORAGE_ENCRYPTION
|
- AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE=/config/secrets/STORAGE_ENCRYPTION
|
||||||
- AUTHELIA_SESSION_SECRET_FILE=/config/secrets/SESSION_SECRET
|
- AUTHELIA_SESSION_SECRET_FILE=/config/secrets/SESSION_SECRET
|
||||||
|
|||||||
@ -9,25 +9,3 @@ Authelia 是一个开源的身份验证和授权服务器,它通过 Web 界面
|
|||||||
本应用分为 `lite` 版本与全量版本(尚未制作),`lite` 版本适用于个人轻量使用环境,不依赖其他任何服务,资源消耗少;全量版本适用于较大规模的服务,需要部署 LDAP、PostgreSQL、Redis。
|
本应用分为 `lite` 版本与全量版本(尚未制作),`lite` 版本适用于个人轻量使用环境,不依赖其他任何服务,资源消耗少;全量版本适用于较大规模的服务,需要部署 LDAP、PostgreSQL、Redis。
|
||||||
|
|
||||||
安装完成后,请到应用目录的 `data` 目录下修改 `configuration.yml` 进行配置,`lite` 版本还需修改 `users_database.yml`。
|
安装完成后,请到应用目录的 `data` 目录下修改 `configuration.yml` 进行配置,`lite` 版本还需修改 `users_database.yml`。
|
||||||
|
|
||||||
### 机密配置
|
|
||||||
目前版本中,机密均位于 data/secrets 目录下,**所有 secrets 目录下的文件均需要进行修改!**
|
|
||||||
|
|
||||||
#### 机密清单
|
|
||||||
- `STORAGE_ENCRYPTION`:应为不低于 20 位的随机字符串
|
|
||||||
- `SESSION_SECRET`:应为不低于 64 位,且仅包含大小写字母与数字的随机字符串
|
|
||||||
- `JWT_SECRET`:应为不低于 64 位,且仅包含大小写字母与数字的随机字符串
|
|
||||||
- `HMAC_SECRET`:应为不低于 64 位,且仅包含大小写字母与数字的随机字符串
|
|
||||||
- `oidc/jwks/rsa.2048.key` 与 `oidc/jwks/rsa.2048.key.pub`:应为使用 RSA 方法生成的、位数不低于 2048 的一对公私钥
|
|
||||||
|
|
||||||
#### 设置方法
|
|
||||||
所有机密均可使用 Authelia 进行生成。可以通过打开 1Panel 中应用对应容器的终端使用,或者记下容器名称,在 ssh 连接到服务器后,使用 `docker exec -it 1Panel-xxxxx /bin/sh` 进入应用对应容器的终端。
|
|
||||||
|
|
||||||
- 随机字符串:
|
|
||||||
```bash
|
|
||||||
authelia crypto rand --length 64 --charset alphanumeric
|
|
||||||
```
|
|
||||||
- RSA 密钥对:
|
|
||||||
```bash
|
|
||||||
authelia crypto pair rsa generate --directory /config/secrets/oidc/jwks --file.private-key rsa.2048.key --file.public-key rsa.2048.key.pub
|
|
||||||
```
|
|
||||||
Loading…
Reference in New Issue
Block a user