mirror of
https://github.com/RWejlgaard/pez-docs.git
synced 2026-05-06 03:34:44 +00:00
Rasmus Wejlgaard
4508f740e5
- Update locations/london.md with current server state (london-a FreeBSD monitoring, london-b Ubuntu/ZFS storage, london-c offline) - Update locations/copenhagen.md with current servers (copenhagen-a Minecraft+WoW, copenhagen-b offline, copenhagen-c general) - Add locations/helsinki.md documenting helsinki-a (Caddy gateway, Authelia, Bitwarden, LDAP) and nuremberg-a (mail/poste.io) - Add workloads/jellyfin, navidrome, nextcloud, arr-stack, minecraft, wow, mail, monitoring, bitwarden, authelia - Add principles/zfs documenting the london-b ZFS pool setup - Add principles/caddy documenting the reverse proxy setup on helsinki-a - Update introduction.md to mention all locations
28 lines
953 B
Markdown
28 lines
953 B
Markdown
# Authelia
|
|
|
|
## What
|
|
|
|
Authelia is my SSO (Single Sign-On) and 2FA provider. It sits in front of services that don't have their own auth or that I want under a unified login.
|
|
|
|
## Where
|
|
|
|
Runs on **helsinki-a** as a Docker container.
|
|
|
|
- URL: [auth.pez.sh](https://auth.pez.sh)
|
|
- Backend port: 9091
|
|
- Integrated with LDAP (also on helsinki-a) for user management
|
|
|
|
## How It Works
|
|
|
|
Caddy is configured with a forward auth middleware that calls Authelia before passing traffic to the backend. If the user isn't authenticated, they're redirected to auth.pez.sh to log in.
|
|
|
|
Services protected by Authelia:
|
|
- Grafana, Prometheus
|
|
- Radarr, Sonarr, Lidarr, Readarr, Prowlarr
|
|
- Transmission (download.pez.sh)
|
|
- Soulseek (soulseek.pez.sh)
|
|
- apps.pez.sh
|
|
|
|
## LDAP
|
|
|
|
User accounts are managed in LDAP on helsinki-a. Authelia authenticates against LDAP. This centralises user management — one place to add/remove users rather than configuring each service individually.
|