this post was submitted on 28 Sep 2023
44 points (97.8% liked)

Selfhosted

39937 readers
334 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

I'd like to set up my identity and authentication service for my self hosted applications but it is not a beginner friendly subject.

I'm aware of the various tools available; authentik, authelia, LLDAP, keycloak, etc and see lots of useful discussions on them which is great.

But I can't seem to find a beginner friendly introduction to setting up one or more of these tools that helps me understand the core concepts at the same time. Does such a thing exist?

I'd like to try out LLDAP and Authelia on my home lab and then possibly roll this out to my production services.

But every tutorial I've come across seems to assume a fair amount of knowledge that I don't think I have.

For instance if I deploy LLDAP what should I use as my base DN? And how can I seperate a homelab directory from a seperate production directory?

Any pointers gratefully received.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 3 points 1 year ago (1 children)

Ok, I found this - https://www.linuxserver.io/blog/2020-08-26-setting-up-authelia.

Which, if I'm reading it correctly tells me that SWAG (Secure Web Application Gateway) is essentially a web server, reverse proxy with lets encrypt support. It doesn't seem to do any authentication.

Authelia is a component of an identity and authentication solution that provides single sign on and 2FA but, crucially, does not include a user directory, by default it uses a YAML file but can be connected to an LDAP server - https://www.authelia.com/overview/authentication/first-factor/

Which I think goes towards the point in my original post - none of this is simple so I'd like a nice explanation that helps me understand what I need running, how they work together and what settings to use.

[–] [email protected] 4 points 1 year ago* (last edited 1 year ago) (1 children)

You probably need to realise that this is advanced self hosting here.

I might suggest you start off with something a bit simpler.

Run an application, do DNS, point Nginx to it, get certbot and follow the instructions on their site to implement it. Read logs. Update stuff. Break stuff.

You need to build up to it, because Authentication is a compilation of 5-6 different basic tasks that you need to be across. And if you mess up any of them, it won't work and you need to work out why.

[–] [email protected] 1 points 1 year ago (1 children)

Thanks. I have all of that. I've been at this for a while and am now looking to move to centralised authentication and access management because I've got everything else working as I want it. It's just not ideal to have to maintain seperate logins across each of the services that I'm running. Hence starting to look at authentication. I know it's complex and the original post was wondering if there is a nice simple introduction to the subject matter.

[–] [email protected] 3 points 1 year ago

Yep if you've got the requisite skills the linuxserver guide is the best for authelia.

I've also ran Keycloak via the red hat documentation.

That's really as easy as it gets..if you want to learn, be prepared to pile through the documentation.