HomeLab

Authelia with Caddy

Johnny

2 min read
Authelia with Caddy
Authelia authorisation architecture

It's now possible to use Authelia with Caddy V2.5.1 - no plugins necessary!

What is it?

Authelia is an open source authentication and authorization server protecting modern web applications by collaborating with reverse proxies such as NGINX, Traefik and HAProxy. Consequently, no code is required to protect your apps.

A few helpful hints:

Creating a password for Authelia users (local accounts) when using Docker image: 

docker-compose exec authelia authelia hash-password "Pass To Convert Goes Here"

HTTP only sites:

To prevent "Cookie Theft", the Caddy entry point (e.g. "https://blog.xga.ie") must be HTTPS, so HTTP only won't work with Authelia.

Caddy Documentation:

There is no longer a need for a plugin if using V2.5.1.
The default Caddy program includes a forward_auth directive - documentation (see below for example config):

forward_auth (Caddyfile directive) - Caddy Documentation
Caddy is a powerful, enterprise-ready, open source web server with automatic HTTPS written in Go
Caddy Web Server

Caddy Configuration:

The caddy-side configuration is pretty simple:

Caddy
Authelia is an open source multi-factor single sign-on portal for web applications
Authelia

Authelia Simple Configuration:

This post gives details for a (small) default configuration. There is a green bar with a link to GitHub configuration.yml.

This configuration is much easier than the bulky default Authelia configuration:

https://www.smarthomebeginner.com/docker-authelia-tutorial/