forked from Nixius/authelia
Leopere
4ac4de9df2
- Path-based routing: bc.a250.ca/login, /dashboard, /activate, etc. - Tiered pricing: first 10 free (3mo), next 40 $20/yr->$100/mo, 51+ $200/mo - Success page: instructs to check inbox for password + 2FA setup - Messaging: LANDING_TAGLINE, LANDING_FEATURES env vars - Domain validation: required, must resolve via DNS - Customer details: phone required, sanitized email/phone, stored in LLDAP - Stripe MCP: .cursor/mcp.json, stripe-setup.sh for products/prices - Invoice webhook: migrate $20/yr subs to $100/mo on renewal Made-with: Cursor |
||
|---|---|---|
| .. | ||
| CI_CD_VAULT_SETUP.md | ||
| OAUTH_SETUP.md | ||
| README.md | ||
| STRIPE_PAYMENT_LINK.md | ||
| STRIPE_TIERED_PRICING.md | ||
README.md
Documentation Index
This directory contains comprehensive guides for Authelia deployment and configuration.
📚 Available Guides
🔧 Setup & Configuration
- OAuth/OIDC Setup Guide - Complete OAuth integration for Portainer, Gitea, and other services
- CI/CD Vault Setup - Secret management and Woodpecker CI vault configuration
🚀 Getting Started
-
Initial Deployment
- Follow the main README.md for basic setup
- Generate core secrets with
./generate-secrets.sh - Set up CI/CD vault using CI/CD Vault Setup
-
OAuth Integration
- Generate OAuth client secrets with
./scripts/generate-oauth-secrets.sh - Follow OAuth Setup Guide for service configuration
- Configure individual services (Portainer, Gitea) with OAuth
- Generate OAuth client secrets with
-
Production Deployment
- Commit changes to trigger CI/CD pipeline
- Monitor deployment through Woodpecker CI
- Verify service health and authentication flows
-
Full rebuild and redeploy (remove old stack/images)
- Push to
main(or run the production pipeline in Woodpecker). The pipeline: builds production images with--no-cache, pushes to registry, runsscripts/ci-deploy-production.sh(stack rm → wait → recreate secrets → deploy stack → health check → prune unused images). - No manual steps on the swarm manager; everything runs in CI.
- Push to
🔑 Quick Reference
Essential Commands
# Generate core Authelia secrets (10 secrets)
./generate-secrets.sh
# Generate OAuth client secrets (2 additional secrets)
./scripts/generate-oauth-secrets.sh
# Run development environment
docker compose -f docker-compose.dev.yml up -d
# Run tests
./tests/precommit.sh
Important URLs
- Authelia: https://login.a250.ca
- Development: http://localhost:9091
- Health Check: https://login.a250.ca/api/health
- OIDC Discovery: https://login.a250.ca/.well-known/openid_configuration
Required Secrets (12 Total)
- Core Secrets (5): LDAP, JWT, encryption, session, SMTP
- OIDC Secrets (3): HMAC, private key, JWKS key
- Client Secrets (4): Headscale (2), Portainer, Gitea
🔍 Troubleshooting
Common Issues
- Service won't start: Check secrets in CI vault
- OAuth fails: Verify redirect URIs and client secrets
- Database errors: Check MariaDB connectivity and initialization
- Health check fails: Verify Authelia startup and port binding
Useful Commands
# Check service logs
ssh macmini7 'docker service logs authelia_authelia --follow'
# Verify secrets access
ssh macmini7 'docker service logs authelia_authelia | grep -i secret'
# Test OAuth endpoints
curl -s https://login.a250.ca/.well-known/openid_configuration | jq .
📞 Support
For issues not covered in these guides:
- Check service logs for specific error messages
- Verify all secrets are present in CI vault
- Confirm network connectivity between services
- Review Authelia configuration for syntax errors
🔄 Updates
Keep documentation synchronized with code changes:
- Update OAuth client configurations when adding new services
- Refresh secret generation procedures when security requirements change
- Document new troubleshooting steps as issues are resolved