More sane authelia settings. Also bypass on local network.

Add services from old server. To transfer
2020-01-25 23:41:13 +01:00 · 2020-01-25 23:40:54 +01:00
2 changed files with 83 additions and 5 deletions
--- a/authelia/configuration.yml
+++ b/authelia/configuration.yml
@ -11,7 +11,7 @@ session:
  name: authelia_session
  secret: {{ env.Getenv "PRIVATE_DOMAIN" }}-token-secret
  domain: {{ env.Getenv "PRIVATE_DOMAIN" }}
-  expiration: 3600
+  expiration: 604800
  inactivity: 300

 storage:
@ -22,13 +22,19 @@ totp:
  issuer: {{ env.Getenv "PRIVATE_DOMAIN" }}

 access_control:
-  default_policy: one_factor
+  default_policy: two_factor
+
+  rules:
+    - domain: "*"
+      networks:
+        - 192.168.1.0/23
+      policy: bypass


 regulation:
-  max_retries: 1000
+  max_retries: 5
  find_time: 120
-  ban_time: 300
+  ban_time: 180

 notifier:
  filesystem:
--- a/traefik/tls.yaml
+++ b/traefik/tls.yaml
@ -17,12 +17,84 @@ http:
      loadBalancer:
        servers:
          - url: http://192.168.0.10:8123
+    plex:
+      loadBalancer:
+        servers:
+          - url: http://192.168.0.10:32400
+    portainer:
+      loadBalancer:
+        servers:
+          - url: http://192.168.0.10:9000
+    deconz:
+      loadBalancer:
+        servers:
+          - url: http://192.168.0.10:8082
+    proxmox:
+      loadBalancer:
+        servers:
+          - url: http://192.168.0.10:8006
+    nextcloud:
+      loadBalancer:
+        servers:
+          - url: http://192.168.0.10:8083
+      # client_max_body_size 10G
+      # client_body_buffer_size 400M
+      # proxy_hide_header Content-Security-Policy
+      # proxy_hide_header X-Frame-Options
+    keeweb:
+      loadBalancer:
+        servers:
+          - url: http://192.168.0.10:8084
+    grafana:
+      loadBalancer:
+        servers:
+          - url: http://192.168.0.10:3000

  routers:
    hass:
      service: hass
      rule: Host(`avagen.{{ env "PRIVATE_DOMAIN" }}`)
-      middleware: redir
+      tls:
+        certResolver: le
+    plex:
+      service: plex
+      rule: Host(`plex.{{ env "PRIVATE_DOMAIN" }}`)
+      tls:
+        certResolver: le
+    portainer:
+      service: portainer
+      rule: Host(`portainer.{{ env "PRIVATE_DOMAIN" }}`)
+      middlewares:
+        - auth
+      tls:
+        certResolver: le
+    deconz:
+      service: deconz
+      rule: Host(`deconz.{{ env "PRIVATE_DOMAIN" }}`)
+      middlewares:
+        - auth
+      tls:
+        certResolver: le
+    proxmox:
+      service: proxmox
+      rule: Host(`proxmox.{{ env "PRIVATE_DOMAIN" }}`)
+      middlewares:
+        - auth
+      tls:
+        certResolver: le
+    cloud:
+      service: nextcloud
+      rule: Host(`cloud.{{ env "PRIVATE_DOMAIN" }}`)
+      tls:
+        certResolver: le
+    pwd:
+      service: keeweb
+      rule: Host(`pwd.{{ env "PRIVATE_DOMAIN" }}`)
+      tls:
+        certResolver: le
+    grafana:
+      service: grafana
+      rule: Host(`grafana.{{ env "PRIVATE_DOMAIN" }}`)
      tls:
        certResolver: le
Author	SHA1	Message	Date
Thomas Lovén	834f7d0f2b	More sane authelia settings. Also bypass on local network.	2020-01-25 23:41:13 +01:00
Thomas Lovén	226a214e12	Add services from old server. To transfer	2020-01-25 23:40:54 +01:00