docker.recipes

Authelia

advanced

SSO portal with multi-factor authentication.

Overview

Authelia is an open-source authentication and authorization server that provides single sign-on (SSO), multi-factor authentication (MFA), and access control for modern web applications. Originally developed to address the security challenges of self-hosted services and microservice architectures, Authelia acts as a forward authentication provider that integrates with reverse proxies like Traefik, nginx, and HAProxy to protect applications without requiring code changes to existing services. This stack combines Authelia with Redis to create a high-performance authentication infrastructure. Redis serves as the session store and cache for Authelia, providing sub-millisecond response times for authentication checks and session management. The pairing ensures that authentication decisions are lightning-fast while maintaining security through features like brute-force protection, session invalidation, and real-time policy enforcement across multiple applications. This configuration is ideal for organizations running multiple internal applications, homelab enthusiasts securing self-hosted services, and development teams needing centralized authentication for microservices. The Redis backend enables Authelia to scale horizontally and provides the reliability needed for production authentication workflows, making it suitable for everything from small team setups to enterprise-grade deployments with thousands of users.

Key Features

  • Multi-factor authentication support including TOTP, WebAuthn (passwordless), Duo Push, and mobile push notifications
  • Fine-grained access control policies with support for domain-based, path-based, and user/group-based rules
  • Forward authentication integration with popular reverse proxies without application code modifications
  • Redis-backed session management providing sub-millisecond authentication checks and horizontal scaling capability
  • LDAP/Active Directory integration for enterprise user directories and group-based access controls
  • Comprehensive audit logging and security event tracking for compliance and monitoring requirements
  • Password reset workflows with secure token generation and email-based verification
  • Brute-force protection with Redis-based rate limiting and automatic account lockout mechanisms

Common Use Cases

  • 1Protecting multiple self-hosted applications (Nextcloud, Grafana, Sonarr) with centralized SSO and MFA
  • 2Securing microservices architecture with per-service access policies and user authentication
  • 3Enterprise internal application gateway requiring LDAP integration and compliance logging
  • 4Development team authentication for staging environments and internal tools
  • 5Homelab security layer for personal cloud services and media management applications
  • 6Multi-tenant SaaS application authentication with per-tenant access controls
  • 7Remote access security for internal company resources and admin panels

Prerequisites

  • Minimum 512MB RAM for Redis session storage and 1GB for Authelia application server
  • Domain names or subdomains for services requiring authentication protection
  • Reverse proxy (Traefik, nginx, HAProxy) configured for forward authentication integration
  • SMTP server credentials for password reset emails and security notifications
  • SSL/TLS certificates for secure authentication flows and session cookie protection
  • Understanding of YAML configuration for Authelia's complex policy and user management rules

For development & testing. Review security settings, change default credentials, and test thoroughly before production use. See Terms

docker-compose.yml

docker-compose.yml
1services: 
2  authelia: 
3    image: authelia/authelia:latest
4    container_name: authelia
5    restart: unless-stopped
6    environment: 
7      TZ: UTC
8    volumes: 
9      - ./authelia:/config
10    ports: 
11      - "9091:9091"
12    depends_on: 
13      - redis
14
15  redis: 
16    image: redis:7-alpine
17    container_name: authelia-redis
18    restart: unless-stopped
19    volumes: 
20      - authelia_redis:/data
21
22volumes: 
23  authelia_redis:

.env Template

.env
1# Configure authelia/configuration.yml
2# See docs.authelia.com for setup

Usage Notes

  1. 1Docs: https://www.authelia.com/docs/
  2. 2Portal at http://localhost:9091
  3. 3Create configuration.yml in ./authelia folder before starting
  4. 4Configure reverse proxy (Traefik/nginx) for forward auth
  5. 5Supports TOTP, Duo, WebAuthn for 2FA
  6. 6Access rules defined in configuration.yml by domain/resource

Individual Services(2 services)

Copy individual services to mix and match with your existing compose files.

authelia
authelia:
  image: authelia/authelia:latest
  container_name: authelia
  restart: unless-stopped
  environment:
    TZ: UTC
  volumes:
    - ./authelia:/config
  ports:
    - "9091:9091"
  depends_on:
    - redis
redis
redis:
  image: redis:7-alpine
  container_name: authelia-redis
  restart: unless-stopped
  volumes:
    - authelia_redis:/data

Quick Start

terminal
1# 1. Create the compose file
2cat > docker-compose.yml << 'EOF'
3services:
4  authelia:
5    image: authelia/authelia:latest
6    container_name: authelia
7    restart: unless-stopped
8    environment:
9      TZ: UTC
10    volumes:
11      - ./authelia:/config
12    ports:
13      - "9091:9091"
14    depends_on:
15      - redis
16
17  redis:
18    image: redis:7-alpine
19    container_name: authelia-redis
20    restart: unless-stopped
21    volumes:
22      - authelia_redis:/data
23
24volumes:
25  authelia_redis:
26EOF
27
28# 2. Create the .env file
29cat > .env << 'EOF'
30# Configure authelia/configuration.yml
31# See docs.authelia.com for setup
32EOF
33
34# 3. Start the services
35docker compose up -d
36
37# 4. View logs
38docker compose logs -f

One-Liner

Run this command to download and set up the recipe in one step:

terminal
1curl -fsSL https://docker.recipes/api/recipes/authelia/run | bash

Troubleshooting

  • Authentication loops or redirects: Verify reverse proxy forward auth configuration matches Authelia's expected headers and endpoints
  • Redis connection failures: Check Redis container health and ensure Authelia configuration.yml points to correct Redis hostname and port
  • TOTP codes not working: Confirm system time synchronization between Authelia container and client devices using NTP
  • Access denied despite correct credentials: Review access control rules in configuration.yml for proper domain/path matching and user group assignments
  • Session timeouts too aggressive: Adjust Redis session expiration and Authelia's session configuration for appropriate timeout values
  • Email notifications not sending: Verify SMTP configuration in Authelia settings and check container logs for authentication errors with mail server

Community Notes

Loading...
Loading notes...

Download Recipe Kit

Get all files in a ready-to-deploy package

Includes docker-compose.yml, .env template, README, and license

Components

autheliaredis

Tags

#authelia#sso#2fa#authentication

Category

Security & Networking

Related Recipes

Ad Space