openssl rand -base64 64 | sudo tee session_secret >/dev/null
openssl rand -base64 64 | sudo tee encryption_key > /dev/null
openssl rand -base64 64 | sudo tee jwt_secert > /dev/null
openssl rand -base64 32 | sudo tee postgres_passwd > /dev/null用上面的命令生成secert和password文件
services:
authelia:
container_name: authelia
image: authelia/authelia:latest
restart: unless-stopped
hostname: authelia
networks:
- default
ports:
- 9091:9091
volumes:
- $PWD/config:/config
- $PWD/secrets:/secrets
environment:
- AUTHELIA_SESSION_SECRET=/secrets/session_secret
- AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD_FILE=/secrets/ldap_passwd
- AUTHELIA_STORAGE_POSTGRES_PASSWORD_FILE=/secrets/postgres_passwd
- AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE=/secrets/encryption_key
- AUTHELIA_IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET_FILE=/secrets/jwt_secret
postgres:
container_name: authelia_db
image: postgres:15
restart: unless-stopped
hostname: authelia_pgdb
volumes:
- pgdb_vol:/var/lib/postgresql/data
- $PWD/secrets/postgres_passwd:/secrets/postgres_passwd:ro
networks:
- default
environment:
- POSTGRES_DB=authelia
- POSTGRES_USER=authelia
- POSTGRES_PASSWORD_FILE=/secrets/postgres_passwd
networks:
default:
name: caddy_default
external: true
volumes:
pgdb_vol:
name: authelia_pgdata
configuration.yaml模板:https://github.com/authelia/authelia/blob/v4.37.5/config.template.yml
docker run --rm authelia/authelia:latest authelia crypto hash generate pbkdf2 --help
Generate cryptographic PBKDF2 hash digests.
This subcommand allows generating cryptographic PBKDF2 hash digests.
Usage:
authelia crypto hash generate pbkdf2 [flags]
Examples:
authelia crypto hash generate pbkdf2 --help
Flags:
-h, --help help for pbkdf2
-i, --iterations int number of iterations (default is determined by the variant)
-s, --salt-size int salt size in bytes (default 16)
-v, --variant string variant, options are 'sha1', 'sha224', 'sha256', 'sha384', and 'sha512' (default "sha512")
Global Flags:
-c, --config strings configuration files or directories to load, for more information run 'authelia -h authelia config' (default [configuration.yml])
--config.experimental.filters strings list of filters to apply to all configuration files, for more information run 'authelia -h authelia filters'
--no-confirm skip the password confirmation prompt
--password string manually supply the password rather than using the terminal prompt
--random uses a randomly generated password
--random.characters string sets the explicit characters for the random string
--random.charset string sets the charset for the random password, options are 'ascii', 'alphanumeric', 'alphabetic', 'numeric', 'numeric-hex', and 'rfc3986' (default "alphanumeric")
--random.length int sets the character length for the random string (default 72)
docker run --rm authelia/authelia:latest authelia crypto hash generate pbkdf2 --iterations 310000 --password 'insecure_secret'