archive

authelia/.gitignore

@@ -0,0 +1,3 @@
+/authelia
+/authelia.tar
+**/*.sw*

authelia/Dockerfile

@@ -0,0 +1,13 @@
+FROM golang:1.16.2 as builder
+
+WORKDIR /go/src/github.com/authelia/authelia
+COPY ./authelia/ ./
+RUN cd cmd/authelia && go build -o /authelia -a -installsuffix cgo -ldflags "-s -w" && /authelia -h
+
+FROM frolvlad/alpine-glibc:glibc-2.29
+WORKDIR /opt
+COPY --from=builder /authelia ./
+RUN ls && ./authelia -h && du -sh ./authelia
+
+CMD ["./authelia"]
+ENTRYPOINT []

authelia/autheliaserver.crt

@@ -0,0 +1,30 @@
+-----BEGIN CERTIFICATE-----
+MIIFHDCCAwSgAwIBAgIJAPYvXJ4jh54bMA0GCSqGSIb3DQEBCwUAMDwxCzAJBgNV
+BAYTAlVTMQswCQYDVQQIDAJVVDEOMAwGA1UECgwFYnJlZWwxEDAOBgNVBAMMB2Jl
+bC5sYW4wHhcNMjEwMzIxMDU1MTEwWhcNNDEwMzE2MDU1MTEwWjA8MQswCQYDVQQG
+EwJVUzELMAkGA1UECAwCVVQxDjAMBgNVBAoMBWJyZWVsMRAwDgYDVQQDDAdiZWwu
+bGFuMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAzdEjyzdYedzUcYy4
+/325S2HaLDa2XKjmmHR0X1zPCdsXC33U7GqNiUTdyzl9FRojUYZ7xrMtGKTnzRUk
+Jh6e59Ei0mhn75zxsRzCz6y3JJ5sYfQUMYjr9KnWY5r5x00Rb+FcpMzybWhwR4Wk
+4GRCoukU+bn0Lv3efTUPVjUjjCjMpbvD1x/8cLjZ/nBdWWNbI+t+j3jHxA2Z1vOw
+ZKCpJjbiQREimFpobzvGUatBPDp0i95pXIMRHTGfH5ykJjJe9zawZJYTsI4pXfOA
+0Gt8DhPltXR4jON1M8E+BvjCmgvvQX+x/GH8lVP9aJ5PnFbFLfZKEnvt6RKwsEun
+kcD6T1YmTP73lHWk4NLIniP90z65WVtW3MU91oXJbGM0gbuSqVT9TtVwXYyIqlAu
+9cr/GPZYrS8vKlIkjU0IW4d33B/0eRcYfzawtf0TsxluwqtBu6gwn8cpuLDONvYW
+K8ALBgG3kcjKa5hZ4Zxgj78Sl3lXhtuFLlYzl80tegDhHo55UU+abBW6VZU4+j+n
+GcdMKIoiSvJ9N6F+GaKtYSSDLwv//zcd2DsqeBUgIQsDIhD3Ve9C/m4zKAcWGeeq
+CxBh3AsJ1j9vY17IMp0xk5AFumL8wFhptVpUshLWhwNez2vFNHKWUJSPHefmEGiU
+W/A+BcfqyuaOHiCeQZS+Wi7//QECAwEAAaMhMB8wHQYDVR0RBBYwFIIHYmVsLmxh
+boIJKi5iZWwubGFuMA0GCSqGSIb3DQEBCwUAA4ICAQC4kJrJ8J1XnEYlS9xi8xC8
+qgEL1iiXv9hc7lP8rwo6OstXZPN5+0dxhdXho2dWjgd1MGfsMi/NOcQ8J6kp99YZ
+8ASpcTK9uAxfy5al34tmWJnrBiOfh+CATdlzBMvnirVAyvi9Zpb9otLNmXUOsmjL
+IHlrxck4EZhLEVEk6Cjvt1hh/2nWZ5M2Oa/dcuXU6WHFALXRuQzEd7m71W0ekoA7
+f+jqADMX2PCCyRtRXu7ex3NvgbK2pfvOZK2hPvNmDNsCgoMZAZnPizJfss2nELv1
+gRMJq2R6mn+E2nQQofUbkE83IUiG/qnQq1ATn+I/h/36E7J+LpuJmTrO+gEtUrTW
+rL7Ja7TA1o5vzn/lsgA1aWfG6PUKu5Ux5KPeAdER1p+09YSVxJpGMsNWnFkj+s1M
+Yb62Igm7D9e8e0Ehmh+sQiPT1VUSSaADpQcBc4NJt7HGsaTLcGqGcg5v6FInb0bm
+UwEGUsmX3EKzHIboc3KernVuvkPS1r5JeHWTFx6HCOMeUXiBiQbWCIdOxrxAEUN2
+/cmHfs1kQ7LtKoS/EqkUpx94X5rRvnt0LhNa6iGz2pMxCC6ctayxOeJjOuXMMgqM
+I/L8Ioku4mng+yTA06lS7sfIY1CG+EO3b8UGVMFrQm0SvYU/UaWBH55cNF6QvIg2
+/gEEz+x4DRV6Sb7a9hMOhA==
+-----END CERTIFICATE-----

authelia/autheliaserver.key

@@ -0,0 +1,51 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIJKQIBAAKCAgEAzdEjyzdYedzUcYy4/325S2HaLDa2XKjmmHR0X1zPCdsXC33U
+7GqNiUTdyzl9FRojUYZ7xrMtGKTnzRUkJh6e59Ei0mhn75zxsRzCz6y3JJ5sYfQU
+MYjr9KnWY5r5x00Rb+FcpMzybWhwR4Wk4GRCoukU+bn0Lv3efTUPVjUjjCjMpbvD
+1x/8cLjZ/nBdWWNbI+t+j3jHxA2Z1vOwZKCpJjbiQREimFpobzvGUatBPDp0i95p
+XIMRHTGfH5ykJjJe9zawZJYTsI4pXfOA0Gt8DhPltXR4jON1M8E+BvjCmgvvQX+x
+/GH8lVP9aJ5PnFbFLfZKEnvt6RKwsEunkcD6T1YmTP73lHWk4NLIniP90z65WVtW
+3MU91oXJbGM0gbuSqVT9TtVwXYyIqlAu9cr/GPZYrS8vKlIkjU0IW4d33B/0eRcY
+fzawtf0TsxluwqtBu6gwn8cpuLDONvYWK8ALBgG3kcjKa5hZ4Zxgj78Sl3lXhtuF
+LlYzl80tegDhHo55UU+abBW6VZU4+j+nGcdMKIoiSvJ9N6F+GaKtYSSDLwv//zcd
+2DsqeBUgIQsDIhD3Ve9C/m4zKAcWGeeqCxBh3AsJ1j9vY17IMp0xk5AFumL8wFhp
+tVpUshLWhwNez2vFNHKWUJSPHefmEGiUW/A+BcfqyuaOHiCeQZS+Wi7//QECAwEA
+AQKCAgEAiqoPDYj6SRAo6V+//BI+VrVUgllSP9djlO9QwDcNHjzHp+xdGfMn7IXD
+UHoo9aCojvKmTdbF2UaxDZDiy/PxZ4mVhmDlNaBtjcAs2DIrKba6mrwRJtZy8mHC
+mVT+V/JqfxA8lKOn6WJl0yoNTUj/RDb49M793vMXhQ/Mh25BxtpuFnMMnNFmCKPh
+6vTVT7YK34Z3vD3JiSMItLN18jX0AFUV1nSu9CplFhwVn0xcJTHU968fGT8MtriJ
+1oh4Z2ukY7Yq3XnnRhphcHTwIntoFyv8pWYVGgbdHcNiANx0b8j+pwhbaAi0Xf86
+SdPvGwuyySaX/SAVx+PZus0d1qtHeBptTD9y8JlgveMWS9v1jgggCAOBMx7svatq
+5fvvIYD2WAYRKhC5Jc5q1OZzAi0TIBBzeyzy+UIu4rFRIsGvJ3TuXdbRBZiLm9JK
+g9/cxVVaRsUTHvSyWxM8q+fmQ+DGdxNqF+eeuqQZgMXrj3yqKVgbtybmMOrQ1ND/
+J621uT0JxxYsvBJC3ACs0dFHPYA9et2qY2ESOCIjh/prvPJzHpQGThlmkKNr/kQB
+1jdJVQYui07QnSXHVRAHyf8TY9S6oQa/4mebmXXE4Eg9Jtq/G0RnOyT1TMpHz3vl
+dDn75Wi2RcgcLuI03WbAvQPyerlnB0MwGNAX1YlJgNnPNu1bPekCggEBAPLirga7
+0yW8/Tm0VuDA1pRf2M2blTcUktEIYdn1l63mpgQZjgDVj6o46Z8vlouPUONaM137
+0FlXBDB309p52jAnPQrWrFyF8LeFYhgEtp/7NziDnABHuYRN/Y9gXtQsVNaK99G/
+g/wAlJQm5oclh9cUWKVOocQ00YtVwwquoQv6+3SW7qkiWO2IyvSOyoUyXCIh19bQ
+BUAJphaP5QrhYd0dwMxWqsHrf/OVBsE9htleq8rUpBlezMR9ea/GGE8svKdyNPSO
+waSK3KUZhO6Wia3Q6gjDeGS7jliy6FUV8Tx9ZTTNcf99OFotfbR23PjwalvB/67r
+2mDliTMEFU8flV8CggEBANjuEzOP58j7LVYltoLVN2Zf8tglb2u+55CqKokfkvrs
+JLuNZhIr11ZM53LbNnn/10RiEvu7qJuVZTW6eLNqsySWMk/p2w2Ndct5PvXWgcxn
+yO+uqULkXRcklncyx/PMpl+pWk5MEk008W3HdSbws7xYxrFUSxg9sf0gT9vPBxzH
+8dSjEdI5rUvVUrq+nJrlQ19PKtWyx2tNON96l0eQAfLquDiKkPcpLr9Ev/NW7zVN
+id0GU8z4ePLzkkZyWctLDTjYUPLC2Pwr1mXCLx9gVgOgGVtY0IeY38z9CjwilQj1
+U25WHKQBuQ0chLcQP+ujpNk+mwA/qALX725PA/JKKZ8CggEAYUFHMccPuzK7qtl9
+WC2fPnZKl7nOu+lvCGh01hOzEp0iqM2awNbC2gRD98vUWjmeyAqcOuvT95ISSV4R
+5I+aQGHV3XssNTgktTehmcB5aAHtkKGSW8JclI+uEjUig47kwauPo9st/EA3PkN9
+V2w9wm+RN1APEkOcDFDg8mwObH+pJHwzQGJSfXqi2d47Va5emgQ3KvrMv2GdsbcY
+nYy15RY+1xN0+IVWDLEFrWb3kh6IZ4VR2B7Pm3YqvalynnFpcRsX/T0UaNB5nVpk
+kiyRIJpgu/WZRaycSQQKZ9eLaw9C8Su6k/UOFX3VsedOgBe0Xt2FhgNGxDnlABqI
+ddBNvQKCAQEAo7ReVy4FG925Y+aH6gnfielkiQsPH39snvZbrSlfsO5d9g+J9LKT
+CbR1gW6+mKiimh9s9f2zCt5eB4LWLYea80RJaZcwUPTs7QVtpvYe89Nqhr4HS8ys
+F5fr2L5AuNI6x7w0wxuTQCJxA4he92j0KnHQV+gl14BPfpdQzK9aTbTx4abB/yS5
+i53LldPcuOPEyPskdyo4Zdhb0AJigYXCgr/xD/I53dt9RKgsNwXm9RGztVFeEjN8
+itOXEoSfENRtgPV1eQ3j08F9RUOabhI0Nv4txIqsq3eJhNd8Ts9GKwF/2acwa/BE
+5wkbek7P/hJ7h9o//JsNPkAYluUYNFMVPwKCAQBMT6GyiuiDjneYzk2RGAtzI7/y
+eRiwNdx+K1b144p0Vn3Kb2g1afFEVOK+c6LwIkcbBJOctrsT3JnaK1dMuw5UElxq
+j9rt6FTs7PlU5BJd3m42xufCHNybm/GeIxGVAtf1hvcQcNRAdTSwS5+x2jPx6AfT
+xeJsuAiFaBnBU5+1OW+6/s/aouPuKfsQZUsg5S002Gta3a+AFoq8tk078/5Fb2Qr
+spJGjWsZBfVgnmZ6sFIoB/X3+xtOObEu3Tyzfe38nZbkPOU4I2UQLcV29YuWUuWQ
+xQiH8ZzhUloecCNpn7ZNK7wT9QZbV5NbA2EMRCm2jq9oKu8DA0JEGZ0vU8xu
+-----END RSA PRIVATE KEY-----

authelia/configuration.yml

@@ -0,0 +1,51 @@
+host: 0.0.0.0
+port: 9491
+log_level: trace
+# $AUTHELIA_JWT_SECRET_FILE
+jwt_secret: secret
+default_redirection_url: https://not-found.bel.lan:9500
+theme: dark
+totp:
+  issuer: bel.lan
+
+authentication_backend:
+  file:
+    path: ./users_database.yml
+
+access_control:
+  default_policy: deny
+  rules:
+    - domain: authelia.bel.lan
+      policy: bypass
+    - domain: x.bel.lan
+      policy: bypass
+    - domain: y.bel.lan
+      policy: one_factor
+    - domain: z.bel.lan
+      policy: two_factor
+
+session:
+  name: authelia_session
+  expiration: 1h # 1 hour
+  inactivity: 5m # 5 minutes
+  domain: bel.lan # Should match whatever your root protected domain is
+  remember_me_duration: 1M
+
+regulation:
+  max_retries: 3
+  find_time: 120
+  ban_time: 300
+
+storage:
+  local:
+    path: ./tmp/db.sqlite3
+
+notifier:
+  disable_startup_check: false
+  filesystem:
+    filename: ./tmp/email.txt
+
+#duo_api:
+#  hostname: x.bel.lan:9500
+#  integration_key: ABC
+#  secret_key: DEF

authelia/pretend.yaml

@@ -0,0 +1,12 @@
+port: 9501
+endpoints:
+  /auth/v2/auth:
+    body:
+      response:
+        result: "allow"
+        status: "200"
+        status_msg: "ok"
+      code: 200
+      message: "allow"
+      message_detail: "allow"
+      stat: "allow"

authelia/run.sh

@@ -0,0 +1,129 @@
+#! /bin/bash
+
+main() {
+   set -e
+   set -o pipefail
+   set -u
+   trap cleanup SIGINT ERR EXIT
+
+   cd "$(dirname "$BASH_SOURCE")"
+   mkdir -p "$PWD/tmp"
+
+   build_authelia
+   echo cp $GOPATH/src/github.com/authelia/authelia/compose/lite/authelia/* ./
+   start_sidecars
+}
+
+build_authelia_docker() {
+   build_authelia
+   rm -rf ./authelia
+   cp -r $GOPATH/src/github.com/authelia/authelia ./authelia
+   pushd authelia
+   export GOFLAGS=""
+   export GO111MODULE=""
+   go mod vendor
+   export GOFLAGS="-mod=vendor"
+   export GO111MODULE="off"
+   popd
+   docker build -t bel/authelia:v0.0 .
+}
+
+build_authelia() {
+   if which authelia &> /dev/null; then
+      return
+   fi
+   export INLINE_RUNTIME_CHUNK=false
+   export CGO_ENABLED=1
+   export GOFLAGS=""
+   export GO111MODULE=""
+   repo=github.com/authelia/authelia
+
+   pushd $GOPATH/src/$repo
+
+   if ! cat internal/server/public_html/index.html | grep -q .; then
+      pushd web
+      yarn install
+      yarn build
+      popd
+      rm -rf ./internal/server/public_html
+      mv web/build ./internal/server/public_html
+      cp -r api ./internal/server/public_html/
+   fi
+   rm -rf web/node_modules
+
+   git_commit=$(
+      (
+         git rev-list -1 HEAD
+         if git diff | grep . > /dev/null; then
+            echo "-dirty"
+         fi
+      ) 2> /dev/null | tr -d '\n'
+   )
+   common=("-a" "-installsuffix" "cgo" "-ldflags" "-s -w -X main.GitCommit=$git_commit")
+
+   pushd cmd/authelia
+   go build -o $GOPATH/bin/authelia "${common[@]}"
+   popd
+
+   popd
+
+   export GOFLAGS="-mod=vendor"
+   export GO111MODULE="off"
+}
+
+start_sidecars() {
+   start_cleanup
+   start_rproxy3 &
+   start_pretend &
+   start_echo &
+   start_authelia &
+   wait -n 1
+}
+
+start_cleanup() {
+   trap cleanup SIGINT ERR EXIT
+}
+
+start_rproxy3() {
+   rproxy3 \
+      -p 9500 \
+      -proxy authelia,http://localhost:9491$(
+         start_port=9500
+         for i in {x..z}; do
+            ((start_port+=1))
+            printf ",,%s,http://localhost:%d" $i $start_port
+         done
+      ) \
+      -crt ./*.crt \
+      -key ./*.key \
+      -authelia https://authelia.bel.lan:9500 \
+
+}
+
+start_pretend() {
+   pretend -config ./pretend.yaml
+}
+
+start_echo() {
+   start_cleanup
+   for p in {9502..9503}; do
+      echo-server -p $p &
+   done
+   wait -n 1
+}
+
+start_authelia() {
+   #export ENVIRONMENT=dev
+   authelia --config ./configuration.yml
+}
+
+cleanup() {
+   jobs -p
+   kill -9 $(jobs -p)
+   jobs
+   trap - SIGINT ERR EXIT
+}
+
+if [ "$0" == "$BASH_SOURCE" ]; then
+   main "$@"
+fi

authelia/users_database.yml

@@ -0,0 +1,8 @@
+users:
+  authelia:
+    displayname: "Authelia User"
+    password: "$6$rounds=50000$BpLnfgDsc2WD8F2q$Zis.ixdg9s/UOJYrs56b5QEZFiZECu0qZVNsIYxBaNJ7ucIL.nlxVCT5tqh8KHG8X4tlwCFm5r6NTOZZ5qRFN/" # Password is 'authelia'
+    email: authelia@authelia.com
+    groups:
+      - admins
+      - dev