hello all,
Apologies if not allowed here … been struggling to get some kind of 2FA on a self hosted server. i would like nginx proxy manager behind 2FA have tried many many docker compose files from google searches none seem to work
does anyone happen to have this kind of config ?
background: ubuntu vm is running on promox and network traffic can reach the vm from outside.
cheers
Have a look on swag. It has reconfigured let’s encrypt, fail2ban and Authelia config.
I shared my very basic and easy setup with Caddy + Authelia some days ago.
If you are deadset on using NPM tho, i find that is harder to share a exact config because its UI based.
In general its a good idea to provide details of how exactly something has failed for you, instead of saying “it has not worked”.
Chances are high that someone spends their time and shares and explains their NPM+Authelia config to you, and you run into the exact same problems again and “its not working”.
Something like vouch might be what you’re looking for.
NPM + Authelia.
Do followingg: (A better formatted VERSION on Pastebin: https://pastebin.com/hHuDnPn7)
sudo mkdir -p /opt/docker/npm && sudo chown -R $USER:$USER /opt/docker/npm
-
That would be for your Nguni Proxy Manager
-
Then:
cd /opt/docker/npm
- Then:
nano docker-compose.yml Paste the following:
version: ‘3.8’ services: app: image: ‘jc21/nginx-proxy-manager:latest’ restart: unless-stopped ports: - ‘80:80’ - ‘443:443’ - ‘81:81’ environment: DB_MYSQL_HOST: “db” DB_MYSQL_PORT: 3306 DB_MYSQL_USER: “npm” DB_MYSQL_PASSWORD: “CHANGEME” DB_MYSQL_NAME: “npm” volumes: - ./data:/data - ./letsencrypt:/etc/letsencrypt depends_on: - db networks: - npm-proxy
db: image: ‘jc21/mariadb-aria:latest’ restart: unless-stopped environment: MYSQL_ROOT_PASSWORD: ‘SAME AS CHANGEME’ MYSQL_DATABASE: ‘npm’ MYSQL_USER: ‘npm’ MYSQL_PASSWORD: ‘SAME AS CHANGEME’ volumes: - ./mysql:/var/lib/mysql networks: - npm-proxy # Add the network here
networks: npm-proxy: # Define the network external: true
-
THEN: docker-compose up -d
-
GO THROUGH NPM setup by GOING to http://YourIP:81
-
NOW FOR AUTHENTIK
sudo mkdir -p /opt/docker/npm && sudo chown -R $USER:$USER /opt/docker/npm
- Then
cd /opt/docker/npm
- THEN
nano docker-compose.yml
- PASTE THE FOLLOWING AND SAVE
version: “3.4”
services: postgresql: image: docker.io/library/postgres:12-alpine restart: unless-stopped healthcheck: test: [“CMD-SHELL”, "pg_isready -d $$POSTGRES_DB} -U $${POSTGRES_USER}"] start_period: 20s interval: 30s retries: 5 timeout: 5s volumes: - database:/var/lib/postgresql/data environment: POSTGRES_PASSWORD: ${PG_PASS:?database password required} POSTGRES_USER: ${PG_USER:-authentik} POSTGRES_DB: ${PG_DB:-authentik} env_file: - .env networks: - npm-proxy redis: image: docker.io/library/redis:alpine command: --save 60 1 --loglevel warning restart: unless-stopped healthcheck: test: [“CMD-SHELL”, "redis-cli ping :${AUTHENTIK_TAG:-2023.8.3} container_name: authentik restart: unless-stopped command: server environment: AUTHENTIK_REDIS__HOST: redis AUTHENTIK_POSTGRESQL__HOST: postgresql AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik} AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik} AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS} volumes: - ./media:/media - ./custom-templates:/templates env_file: - .env depends_on: - postgresql - redis networks: - npm-proxy worker: image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2023.8.3} restart: unless-stopped command: worker environment: AUTHENTIK_REDIS__HOST: redis AUTHENTIK_POSTGRESQL__HOST: postgresql AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik} AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik} AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS} user: root volumes: - /var/run/docker.sock:/var/run/docker.sock - ./media:/media - ./certs:/certs - ./custom-templates:/templates env_file: - .env depends_on: - postgresql - redis networks: - npm-proxy
volumes: database: driver: local redis: driver: local
networks: proxy: npm-proxy: external: true
- THEN RUN
sudo apt-get install -y pwgen
- Next, run the following commands to generate a password and secret key and write them to your .env file:
echo “PG_PASS=$(pwgen -s 40 1)” >> .env echo “AUTHENTIK_SECRET_KEY=$(pwgen -s 50 1)” >> .env ———————
- An .env file would have been created which you can access by typing:
nano .env (you can configure other parameters here)
Now go to NPM and forward your domain to: (authentik as IP and 9443 in port) https://authentik:9443 (remember to select https and NOT http on NPM)
- To start the initial setup, navigate to https:///if/flow/initial-setup/
-
Amazing !!!with help from /u/poeticmichael i have a working authentik+npm server !!! yaaay i am so excited …now to learn authentik
cheers all