🔐If you want to improve your security stack even more, head over to my newest video about using a docker-socket-proxy instead of using it directly mounted from the host system! th-cam.com/video/bOmnkJYv39M/w-d-xo.html
I made several attempts to configure Authelia a few weeks ago, but I was unsuccessful. However, after watching your video and going through it quickly, I was finally able to reach the sign-in page of my Authelia stack. I wanted to express my appreciation for your excellent work. Keep it up! :)
Great guide. Previously, I didn't know how to make these settings and wasted a lot of time. Now I managed to set everything up. Thank you very much for the excellent instructions!
Great Video, i'm more familiar with portainer config, but not with oauth. I guess you have to map a certain group in authelia with a group in portainer. Or you can map the new user in portainer manually to the correct user rights, but i guess that is not that fancy ;)
Yeah it's not that fancy, but if it serves the purpose then I guess it's okay 😀 But I you are right, you can map specific groups of portainer to some custom claim in the token, which contains the groups of Authelia!
Nice video as always! I'm curious how you setup your instance running docker, do you setup anything in particular to secure it? Like changing the docker namespace?
Thanks @Nemesees ! For this demonstration purpose I did nothing in particular to harden the server completely because I shut it down afterwards. But in other cases I mostly do stuff like denying root logins, disable pw logins, only allow ssh logins and sometimes extend ssh logins to provide a totp. UFW is a nice tool which I enable, and extend to work with docker (github.com/chaifeng/ufw-docker). On traefik I use crowdsec, and sometimes authelia. You could extend this with really private services to run only in a private subnet and make them accesable via a vpn connection or tailscale... millions of possibilities 😄 But until now I did not use docker namespace remapping. I will check that out and will learn how to do it. Thanks for the hint! And sometimes I use cloud-init scripts or ansible playbooks, and sometimes do it with my bare hands, as it is fun (only when you do not too often 😄) What do you usually do to harden your servers? Maybe I can create a video about different possibilities to harden servers :-) Cheers!
@@techwithmarco Thanks for the detailed answer. As of now, I always apply the standard techniques to harden a server (such as no root via SSH, no password auth and only with key pairs etc), then I change the namespace by following the simple guide on the docker documentation so that the containers don't run as root. Unfortunately, by changing this particular setting, I often find myself having to pass in the docker compose files the parameter "userns_mode: host" due to the fact that some services containerized require higher privileges. I'm always on the lookout for possible ways to harden my servers and by not blocking too much that it becomes hard working on them.
That won't work because you do not have the control over the google site, to redirect to your authentication website. Correct me if I'm wrong about your setup 😄
so i need to use a google product as an authentication tool in my google site , i just want to make members area page that will be inaccessible to non members thank you :) @@techwithmarco
🔐If you want to improve your security stack even more, head over to my newest video about using a docker-socket-proxy instead of using it directly mounted from the host system!
th-cam.com/video/bOmnkJYv39M/w-d-xo.html
I made several attempts to configure Authelia a few weeks ago, but I was unsuccessful. However, after watching your video and going through it quickly, I was finally able to reach the sign-in page of my Authelia stack. I wanted to express my appreciation for your excellent work. Keep it up! :)
Very kind of you! I am really happy that I could help you out! 😊
I have watched so much content on traefik and authelia and struggled so hard until now. Your two videos on the subject are so great. Thanks!
Glad to hear that! Hope you having fun configuring your instances!
Great guide. Previously, I didn't know how to make these settings and wasted a lot of time. Now I managed to set everything up. Thank you very much for the excellent instructions!
Glad to hear that :)
Thanks for the great video! It helped me a lot!
Great Video, i'm more familiar with portainer config, but not with oauth. I guess you have to map a certain group in authelia with a group in portainer. Or you can map the new user in portainer manually to the correct user rights, but i guess that is not that fancy ;)
Yeah it's not that fancy, but if it serves the purpose then I guess it's okay 😀
But I you are right, you can map specific groups of portainer to some custom claim in the token, which contains the groups of Authelia!
Is it possible to use dockge instead of portainer?
great thing - saved a lot of headaches.
Always happy to save someone a headache :)
Very useful video, THX.
Thanks! Always appreciate these comments 🙂
Nice video as always!
I'm curious how you setup your instance running docker, do you setup anything in particular to secure it? Like changing the docker namespace?
Thanks @Nemesees !
For this demonstration purpose I did nothing in particular to harden the server completely because I shut it down afterwards. But in other cases I mostly do stuff like denying root logins, disable pw logins, only allow ssh logins and sometimes extend ssh logins to provide a totp. UFW is a nice tool which I enable, and extend to work with docker (github.com/chaifeng/ufw-docker).
On traefik I use crowdsec, and sometimes authelia. You could extend this with really private services to run only in a private subnet and make them accesable via a vpn connection or tailscale... millions of possibilities 😄
But until now I did not use docker namespace remapping. I will check that out and will learn how to do it. Thanks for the hint!
And sometimes I use cloud-init scripts or ansible playbooks, and sometimes do it with my bare hands, as it is fun (only when you do not too often 😄)
What do you usually do to harden your servers?
Maybe I can create a video about different possibilities to harden servers :-)
Cheers!
@@techwithmarco Thanks for the detailed answer.
As of now, I always apply the standard techniques to harden a server (such as no root via SSH, no password auth and only with key pairs etc), then I change the namespace by following the simple guide on the docker documentation so that the containers don't run as root. Unfortunately, by changing this particular setting, I often find myself having to pass in the docker compose files the parameter "userns_mode: host" due to the fact that some services containerized require higher privileges.
I'm always on the lookout for possible ways to harden my servers and by not blocking too much that it becomes hard working on them.
Super, weiter so. 😎
Danke, Meister 😎
could i implement it as authentication tool for a google site ?
That won't work because you do not have the control over the google site, to redirect to your authentication website.
Correct me if I'm wrong about your setup 😄
so i need to use a google product as an authentication tool in my google site , i just want to make members area page that will be inaccessible to non members thank you :) @@techwithmarco
Somebody tell this guy that the code should be shown in large print, otherwise the video just wants to turn off
I already tried to do that in my newest videos :)
Nice video. Would it be working with OpnSense and HAProxy as Reverse Proxy? I have some difficulties with that Combination. Great Job.
I am not sure as I have never used HAproxy, nor OpnSense...
All I can do now is guessing 😄
Great video, Thank you
Thanks! Always appreciate these comments 🙂