SSO and 2FA for Traefik and Docker containers
Note
I used Authelia for a while, but I had the problem with some services.
I suggest you use client certificates (mTLS) instead and follow this guide.
In my last vacation day’s just before the car trip to go back home. I have read this tweet about traefik.
Google OAuth with Traefik - Secure SSO for Docker Serviceshttps://t.co/QjGA6b7Tn3 pic.twitter.com/ussXNNBzko
— Smart Home Beginner (@anandslab) June 3, 2020
The guide describes the use of OAuth for securing Docker containers. The same example I have already made on my GitHub repositories. But the interesting thing is the reference of another way to secure container: with Authelia.
What is Authelia? Small Google search and the answer is an open-source authentication server you can install in a docker container. It provides an authentication page and the ability to protect applications with 2-factor authentication (2FA) and Single Sign-On (SSO). Nice, so I can be independent from third providers, and its all local. The 2FA provides the option for a physical key like Yubikey.
Back home I have made a night test and voila I have a working configuration. Some hours later there is also an example on my GitHub repo. With an SSO example to a Grafana container.
I am now happy with this solution that brings to me more flexibility in my home network.