September 23, 2023

Authelia Get Started: Chinese Translation - Authelia 快速开始

Get Started 快速开始

This document serves as a get started guide for Authelia. It contains links to various sections and has some key notes in questions frequently asked by people looking to perform setup for the first time.

It’s important to note that this guide has a layout which we suggest as the best order in areas to tackle, but you may obviously choose a different path if you are so inclined.

本 文档提供了Authelia的快速开始指南。它包含指向各个部分的链接，并为首次安装提供常见问题（FAQ）解答 。 需要注意的是，本指南的布局我们建议作为要解决的领域中的最佳顺序，当然您也可以选择不同的路径。

Prerequisites

The most important prerequisite that users understand that there is no single way to deploy software similar to Authelia. We provide as much information as possible for users to configure the critical parts usually in the most common scenarios however those using more advanced architectures are likely going to have to adapt. We can generally help with answering less specific questions about this and it may be possible if provided adequate information more specific questions may be answered.

Authelia MUST be served via the https scheme. This is not optional even for testing. This is a deliberate design decision to improve security directly (by using encrypted communication) and indirectly by reducing complexity.

Forwarded Authentication

Forwarded Authentication is a simple per-request authorization flow that checks the metadata of a request and a session cookie to determine if a user must be forwarded to the authentication portal.

In addition to the https scheme requirement for Authelia itself:

Due to the fact a cookie is used, it’s an intentional design decision that ALL applications/domains protected via this method MUST use secure schemes (https and wss) for all of their communication.

OpenID Connect

No additional requirements other than the use of the https scheme for Authelia itself exist excluding those mandated by the relevant specifications.

Configuration

It’s important to customize the configuration for Authelia in advance of deploying it. The configuration is static and not configured via web GUI. You can find a configuration template named config.template.yml on GitHub which can be used as a basis for configuration, alternatively Authelia will write this template relevant for your version the first time it is started. Users should expect that they have to configure elements of this file as part of initial setup.

The important sections to consider in initial configuration are as follows:

jwt_secret which is used to sign identity verification emails default_redirection_url which is the default URL users will be redirected to when visiting Authelia directly authentication_backend which you must pick between LDAP and a YAML File and is essential for users to authenticate. storage which you must pick between the SQL Storage Providers, the recommended one for testing and lite deployments is SQLite3 and the recommended one for production deployments otherwise is PostgreSQL. session which is used to configure the session cookies, the domain and secret are the most important, and redis is recommended for production environments. notifier which is used to send 2FA registration emails etc, there is an option for local file delivery but the SMTP option is recommended for production. access_control is also important but should be configured with a very basic policy to begin with. Something like: access_control: default_policy: deny rules:

• domain: "*.example.com" policy: one_factor Deployment There are several methods of deploying Authelia and we recommend reading the Deployment Documentation in order to perform deployment.

Proxy Integration

The default method of utilizing Authelia is via the Proxy Integrations. It’s recommended that you read the relevant Proxy Integration Documentation.

Important Note: When your Deployment is on Kubernetes we recommend viewing the dedicated Kubernetes Documentation prior to viewing the Proxy Integration Documentation.

Moving to Production

We consider it important to do several things in moving to a production environment.

Move all secret values out of the configuration and into secrets. Spend time understanding access control and granularly configure it to your requirements. Review the Security Measures and Threat Model documentation. Ensure you have reviewed the Forwarded Headers documentation to ensure your proxy is not allowing insecure headers to be passed to Authelia. Review the other Configuration Options.

Last modified on April 13, 2023