RWejlgaard/pez-docs
1
0
Fork 0
mirror of https://github.com/RWejlgaard/pez-docs.git synced 2026-05-06 03:34:44 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
pez-docs/workloads/authelia/README.md
Rasmus Wejlgaard 4508f740e5 Update documentation for current setup 
- Update locations/london.md with current server state (london-a FreeBSD monitoring, london-b Ubuntu/ZFS storage, london-c offline)
- Update locations/copenhagen.md with current servers (copenhagen-a Minecraft+WoW, copenhagen-b offline, copenhagen-c general)
- Add locations/helsinki.md documenting helsinki-a (Caddy gateway, Authelia, Bitwarden, LDAP) and nuremberg-a (mail/poste.io)
- Add workloads/jellyfin, navidrome, nextcloud, arr-stack, minecraft, wow, mail, monitoring, bitwarden, authelia
- Add principles/zfs documenting the london-b ZFS pool setup
- Add principles/caddy documenting the reverse proxy setup on helsinki-a
- Update introduction.md to mention all locations
2026-03-04 09:41:57 +00:00

953 B
Raw Permalink Blame History

Authelia

What

Authelia is my SSO (Single Sign-On) and 2FA provider. It sits in front of services that don't have their own auth or that I want under a unified login.

Where

Runs on helsinki-a as a Docker container.

  • URL: auth.pez.sh
  • Backend port: 9091
  • Integrated with LDAP (also on helsinki-a) for user management

How It Works

Caddy is configured with a forward auth middleware that calls Authelia before passing traffic to the backend. If the user isn't authenticated, they're redirected to auth.pez.sh to log in.

Services protected by Authelia:

  • Grafana, Prometheus
  • Radarr, Sonarr, Lidarr, Readarr, Prowlarr
  • Transmission (download.pez.sh)
  • Soulseek (soulseek.pez.sh)
  • apps.pez.sh

LDAP

User accounts are managed in LDAP on helsinki-a. Authelia authenticates against LDAP. This centralises user management — one place to add/remove users rather than configuring each service individually.