SbTEwwlrjN5y7jq.webp

How Authelia Performs Multi-Factor Authentication

Authelia sits between your reverse proxy and the apps behind it, intercepting requests and performing auth checks before forwarding traffic, giving you true MFA that can be integrated with something like Google Authenticator, or Yubikey/Titan key, etc…

Stop exposing unsecured apps. Learn how to deploy Authelia in Docker with a KeyDB backend and SWAG to enforce centralized Multi-Factor Authentication.

Setting up Authelia can be a bit intensive at first, but very worth the payoff / time and effort!

Disclaimers: I’m the author & run this exact setup, in production for myself. It’s a “battle tested” setup, which has been in use for a few years now. Written & verified by a human! The header image is a composite of my Authelia MFA token page & AI generated infographic. NO ADS or affiliate marketing on page!

Happy to chat in the comments!

  • KairuByte@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    1
    ·
    11 minutes ago

    Honestly, the one major thing I want from Authelia is the ability to add to it without deauthenticating the entire userbase.

    Well, that and an easier way to organize than everything in one single file…

  • gajahmada@awful.systems
    link
    fedilink
    English
    arrow-up
    1
    ·
    5 hours ago

    Oh, you’re actually that corelab. I use your Vaulwarden guide as reference when I rebuild a while ago. Thanks for the write up !

    Though, I wish you have something for Traefik and I know you wrote about why you chose SWAG but mine’s all docker anyway that’s why I go with Traefik.

    There’s not many articles talking about TF with multiple host without going full Kubernetes. Looking up forward auth (for something without native OIDC) is confusing af.

    • CoreLabJoe@piefed.caOP
      link
      fedilink
      English
      arrow-up
      2
      ·
      11 hours ago

      Never heard of Rayfish but just googled, it’s a mesh VPN so probably wouldn’t want to push that through a reverse proxy to authelia, it would just slow it down…

      I personally use wireguard as my VPN, not tailscale or headscale or any of that but I do understand some people need something that can get around CGNAT or other issues.

  • irmadlad@lemmy.world
    link
    fedilink
    English
    arrow-up
    5
    ·
    1 day ago

    Very nice site set up man. Looks like a lot of good info and a lot of work involved. I too use Authelia as an added security step. I have your site bookmarked and will peruse it’s contents in a bit. Thanks for sharing.

    • CoreLabJoe@piefed.caOP
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 day ago

      Thank you for taking a peek!

      Let me know if there’s something you’re looking for. The search function isn’t to bad but sometimes the posts can get buried a bit ;)

    • Helix 🧬@feddit.org
      link
      fedilink
      English
      arrow-up
      3
      ·
      19 hours ago

      Your link is broken and currently displays a Claude Code announcement. Are you even real?

    • CoreLabJoe@piefed.caOP
      link
      fedilink
      English
      arrow-up
      2
      ·
      23 hours ago

      No I had no issues flipping it over to keydb. I was on redis originally so I stopped the containers, took a backup and simply changed the image I was using for my backend to keydb end it was like a drop in replacement! Didn’t even need to do a dB upgrade or anything complex.