nginx and authelia or authentik working docker (alien.top)

submitted 1 year ago by ZeusRaman@alien.top to c/main@selfhosted.forum

7 comments fedilink hide all child comments

hello all,

Apologies if not allowed here .. been struggling to get some kind of 2FA on a self hosted server. i would like nginx proxy manager behind 2FA have tried many many docker compose files from google searches none seem to work

does anyone happen to have this kind of config ?

background: ubuntu vm is running on promox and network traffic can reach the vm from outside.

cheers

you are viewing a single comment's thread
view the rest of the comments

[-] poeticmichael@alien.top 1 points 1 year ago

Do followingg: (A better formatted VERSION on Pastebin: https://pastebin.com/hHuDnPn7)

sudo mkdir -p /opt/docker/npm && sudo chown -R $USER:$USER /opt/docker/npm

That would be for your Nguni Proxy Manager
Then:

cd /opt/docker/npm

Then:

nano docker-compose.yml Paste the following:

version: '3.8' services: app: image: 'jc21/nginx-proxy-manager:latest' restart: unless-stopped ports: - '80:80' - '443:443' - '81:81' environment: DB_MYSQL_HOST: "db" DB_MYSQL_PORT: 3306 DB_MYSQL_USER: "npm" DB_MYSQL_PASSWORD: “CHANGEME” DB_MYSQL_NAME: "npm" volumes: - ./data:/data - ./letsencrypt:/etc/letsencrypt depends_on: - db networks: - npm-proxy

db: image: 'jc21/mariadb-aria:latest' restart: unless-stopped environment: MYSQL_ROOT_PASSWORD: ‘SAME AS CHANGEME’ MYSQL_DATABASE: 'npm' MYSQL_USER: 'npm' MYSQL_PASSWORD: 'SAME AS CHANGEME' volumes: - ./mysql:/var/lib/mysql networks: - npm-proxy # Add the network here

networks: npm-proxy: # Define the network external: true

THEN: docker-compose up -d
GO THROUGH NPM setup by GOING to http://YourIP:81
NOW FOR AUTHENTIK

sudo mkdir -p /opt/docker/npm && sudo chown -R $USER:$USER /opt/docker/npm

Then

cd /opt/docker/npm

THEN

nano docker-compose.yml

PASTE THE FOLLOWING AND SAVE

version: "3.4"

services: postgresql: image: docker.io/library/postgres:12-alpine restart: unless-stopped healthcheck: test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"] start_period: 20s interval: 30s retries: 5 timeout: 5s volumes: - database:/var/lib/postgresql/data environment: POSTGRES_PASSWORD: ${PG_PASS:?database password required} POSTGRES_USER: ${PG_USER:-authentik} POSTGRES_DB: ${PG_DB:-authentik} env_file: - .env networks: - npm-proxy redis: image: docker.io/library/redis:alpine command: --save 60 1 --loglevel warning restart: unless-stopped healthcheck: test: ["CMD-SHELL", "redis-cli ping | grep PONG"] start_period: 20s interval: 30s retries: 5 timeout: 3s volumes: - redis:/data networks: - npm-proxy server: image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2023.8.3} container_name: authentik restart: unless-stopped command: server environment: AUTHENTIK_REDIS__HOST: redis AUTHENTIK_POSTGRESQL__HOST: postgresql AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik} AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik} AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS} volumes: - ./media:/media - ./custom-templates:/templates env_file: - .env depends_on: - postgresql - redis networks: - npm-proxy worker: image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2023.8.3} restart: unless-stopped command: worker environment: AUTHENTIK_REDIS__HOST: redis AUTHENTIK_POSTGRESQL__HOST: postgresql AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik} AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik} AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS} user: root volumes: - /var/run/docker.sock:/var/run/docker.sock - ./media:/media - ./certs:/certs - ./custom-templates:/templates env_file: - .env depends_on: - postgresql - redis networks: - npm-proxy

volumes: database: driver: local redis: driver: local

networks: proxy: npm-proxy: external: true

THEN RUN

sudo apt-get install -y pwgen

Next, run the following commands to generate a password and secret key and write them to your .env file:

echo "PG_PASS=$(pwgen -s 40 1)" >> .env echo "AUTHENTIK_SECRET_KEY=$(pwgen -s 50 1)" >> .env ———————

An .env file would have been created which you can access by typing:

nano .env (you can configure other parameters here)

Now go to NPM and forward your domain to: (authentik as IP and 9443 in port) https://authentik:9443 (remember to select https and NOT http on NPM)

To start the initial setup, navigate to https:///if/flow/initial-setup/

this post was submitted on 31 Oct 2023

1 points (100.0% liked)

Self-Hosted Main

504 readers

1 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

For Example

Service: Dropbox - Alternative: Nextcloud
Service: Google Reader - Alternative: Tiny Tiny RSS
Service: Blogger - Alternative: WordPress

We welcome posts that include suggestions for good self-hosted alternatives to popular online services, how they are better, or how they give back control of your data. Also include hints and tips for less technical readers.

Useful Lists

Awesome-Selfhosted List of Software
Awesome-Sysadmin List of Software

founded 1 year ago

MODERATORS

communick@selfhosted.forum