@toastal My ISP blocks ports. Cloudflare was the only way I could get reverse proxying to work.
RareBird15
joined 3 months ago
@tofuwabohu Yes, I'm running Docker directly on the Raspberry Pi. IDrive automatically backs up the folders you specify at a time you choose. I think it uses Cron or something.
@NegativeLookBehind I updated the gist with some log files. There are a lot of 401 errors in the homepage logs. I know my API keys are correct so I'm not sure how to fix them.
@MaggiWuerze I thought 443 might have been blocked by my ISP at first because I tried it and had the same issues with it.
@jyarbrough @selfhost
@bravemonkey @selfhosting @selfhosted @linux @MangoPenguin @geillescas Yeah, I'm very tempted to go back to the way I had things, which allowed me to access services with my Raspberry Pi's IP and a port number. Since I don't leave home much and I'm not the ISP account holder, this is starting to seem like more trouble than it's worth.
@bravemonkey The plan was to set it to low temporarily. The choices were high, medium, low, or off. One of the ports Traefik listens on is 80. I used portchecktool.com and it told me the connection was timing out.
@geillescas @selfhost @selfhosting @selfhosted @linux I'll have to see about this. I'm not the account holder and the one who is, my stepdad, isn't exactly tech-savvy. My router did have a firewall blocking traffic, but I changed its security level and looked at the rules, so that shouldn't be an issue anymore.
@selfhost @selfhosting @selfhosted @linux Authelia configuration.yml:
theme: light
server:
address: 0.0.0.0:9091
log:
level: debug
format: text
file\_path: /var/log/authelia/authelia.log
totp:
issuer: laniesplace.us
period: 30
skew: 1
authentication\_backend:
file:
path: /config/users\_database.yml
password:
algorithm: argon2id
iterations: 3
memory: 65536
parallelism: 4
salt\_length: 16
key\_length: 32
access\_control:
default\_policy: deny
rules:
\# Public Access
\- domain:
\- "pihole.laniesplace.us"
\- "homer.laniesplace.us"
policy: bypass
\# High Security (Two Factor)
\- domain:
\- "portainer.laniesplace.us"
\- "netdata.laniesplace.us"
\- "cockpit.laniesplace.us"
\- "glances.laniesplace.us"
\- "code.laniesplace.us"
policy: two\_factor
subject:
\- "group:admins"
\# Medium Security (One Factor Admin)
\- domain:
\- "forgejo.laniesplace.us"
\- "files.laniesplace.us"
\- "uptime.laniesplace.us"
policy: one\_factor
subject:
\- "group:admins"
\# Standard Auth (One Factor)
\- domain:
\- "thelounge.laniesplace.us"
\- "miniflux.laniesplace.us"
\- "linkding.laniesplace.us"
\- "wiki.laniesplace.us"
policy: one\_factor
\# Catch-all rule
\- domain: "\*.laniesplace.us"
policy: one\_factor
session:
name: authelia\_session
domain: laniesplace.us
same\_site: lax
expiration: 3600
inactivity: 300
remember\_me: 1M
regulation:
max\_retries: 3
find\_time: 120
ban\_time: 300
storage:
local:
path: /config/db.sqlite3
notifier:
disable\_startup\_check: false
smtp:
address: submission://smtp.gmail.com:587
username: laniegcarmelo@gmail.com
password: rcig lqpk cbsg aqcm
sender: "Authelia \<laniegcarmelo@gmail.com\>"
identifier: auth.laniesplace.us
subject: "[Authelia] {title}"
startup\_check\_address: laniegcarmelo@gmail.com
timeout: 5s
identity\_validation:
reset\_password:
jwt\_secret: ${AUTHELIA\_JWT\_SECRET\_FILE}
@selfhost @selfhosting @selfhosted @linux Authelia docker-compose.yml:
services:
authelia:
image: authelia/authelia:latest
container\_name: authelia
volumes:
\- ./config:/config
\- ./logs:/var/log/authelia
networks:
\- web
\- authelia\_internal
environment:
\- TZ=America/Chicago
\- AUTHELIA\_JWT\_SECRET\_FILE=/config/secrets/jwt\_secret
\- AUTHELIA\_SESSION\_SECRET\_FILE=/config/secrets/session\_secret
\- AUTHELIA\_STORAGE\_ENCRYPTION\_KEY\_FILE=/config/secrets/storage\_encryption\_key
labels:
\- "traefik.enable=true"
\- "traefik.http.routers.authelia.rule=Host(`auth.laniesplace.us`)"
\- "traefik.http.routers.authelia.entrypoints=websecure"
\- "traefik.http.routers.authelia.tls.certresolver=le"
\- "traefik.http.middlewares.authelia.forwardauth.authRequestHeaders=X-Forwarded-Proto,X-Forwarded-Host"
\- "traefik.http.middlewares.authelia-basic.forwardauth.authResponseHeaders=Remote-User,Remote-Name,Remote-Email"
\- "traefik.http.middlewares.authelia.forwardauth.tls.insecureSkipVerify=true"
\- "traefik.http.services.authelia.loadbalancer.server.port=9091"
\- "traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/verify?rd=%5Bhttps%3A%2F%2Fauth.laniesplace.us%5D%28https%3A%2F%2Fauth.laniesplace.us%29"
\- "traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true"
\- "traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email"
restart: unless-stopped
security\_opt:
\- no-new-privileges:true
depends\_on:
\- redis
healthcheck:
test: ["CMD", "wget", "--no-check-certificate", "--quiet", "--tries=1", "--spider", "http://localhost:9091/api/health"]
interval: 30s
timeout: 10s
retries: 3
start\_period: 60s
redis:
image: redis:alpine
container\_name: authelia\_redis
networks:
\- authelia\_internal
restart: unless-stopped
volumes:
\- ./redis:/data
command: redis-server --save 60 1 --loglevel warning
healthcheck:
test: ["CMD", "redis-cli", "ping"]
interval: 30s
timeout: 10s
retries: 3
security\_opt:
\- no-new-privileges:true
networks:
web:
external: true
authelia\_internal:
internal: true
@selfhost @selfhosting @selfhosted @linux traefik middlewares.yml:
http:
middlewares:
dashboard-auth:
basicAuth:
users:
\- "admin:$apr1$t5/O0mIb$M6Mkxlqxmi2RRJHNL007Q1"
view more: next βΊ
@Xanza Not sure what you mean. I wanted to use my services with my domain. I tried a reverse proxy by itself and it wouldn't work because my ISP blocks ports, so I set up Cloudflare instead. Then I found out my services would work better with Caddy, so I set that up. I also originally wasn't using Unbound, but then I realized my services were having trouble communicating, and I thought it would help to have more control over DNS rules, which it has.