this post was submitted on 12 Oct 2023
0 points (50.0% liked)

Self-Hosted Main

511 readers
1 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

For Example

We welcome posts that include suggestions for good self-hosted alternatives to popular online services, how they are better, or how they give back control of your data. Also include hints and tips for less technical readers.

Useful Lists

founded 1 year ago
MODERATORS
 

Has anyone tried to configure authelia or authentik with a local nfty server, do you know any way to protect the web interface?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 1 points 11 months ago (1 children)

So do you add 'ntfy.example.com' in your one/two_factor policies? And then a separate 'ntfy.example.com' with the resource regex for bypass policy?

For example:

    - domain:
      - ntfy.example.com
      policy: two_factor
      subject:
      - ["group:admins"]
    
    - domain:
      - ntfy.example.com
      methods:
      - GET
      resources: '^/test([/?].*)?$'
      policy: bypass
[–] [email protected] 1 points 11 months ago

I think it is the other way around. In the config file you first add more specific policy, and then the more general one. Because the first policy that the request matches will apply and next rules will not apply. Please refer to the docs, everything is there. There is also a specific section for rule matching.

https://www.authelia.com/configuration/security/access-control/