Skip to content

Latest commit

 

History

History
64 lines (52 loc) · 2.62 KB

README.md

File metadata and controls

64 lines (52 loc) · 2.62 KB

WireGuard + Traefik + Authelia

Docker Compose stack to deploy a WireGuard VPN server (wg-easy), Traefik as a reverse proxy to access the wg-easy UI, and Authelia for authentication.

WireGuard Logo        Traefik Logo        Authelia Logo

Deploy

  • Ensure docker and docker-compose are installed.

  • Generate a password hash for users in Authelia:

    docker run --rm authelia/authelia:latest \
    authelia crypto hash generate argon2 \
    --password 'my-password'
  • Update the Authelia users configuration in ./config/users_database.yml:

    users:
      your-user-name:
        disabled: false
        displayname: "User Name"
        password: "<generated-password-hash>"
        email: "root@localhost"
  • Obtain your DuckDNS token and export the following environmental variables:

    export MY_PROVIDER="duckdns"
    export MY_DOMAIN=""
    export DUCKDNS_TOKEN=""
    
    docker-compose up -d
  • Once the stack is up and running, go to your domain (${MY_DOMAIN}), log in with your password, and click register as shown below:

    drawing

  • Retrieve the first 2FA code from config/notification.txt.

    NOTE: This config/notification.txt is automatically created by Authelia. For example:

    cat config/notification.txt
    Date: 2024-07-21 14:55:11.30894104 +0000 UTC m=+43.154509640
    Recipient: {Test User [email protected]}
    Subject: Confirm your identity
    Hi Test User,
    
    This email has been sent to you in order to validate your identity. Purpose: Confirm your identity.
    
    If you did not initiate the process, your credentials might have been compromised and you should:
        1. Visit the revocation link.
        2. Reset your password or other login credentials.
        3. Contact an Administrator.
    
    To confirm your identity, please use the following single-use code: TXQAT55T
    
    This email was generated by a user with the IP XXXXXX.
    
    The following link can be used to revoke the code (this is a logged event): XXXX