diff --git a/authelia_config/configuration.yml b/authelia_config/configuration.yml index c386bcf..e33de74 100644 --- a/authelia_config/configuration.yml +++ b/authelia_config/configuration.yml @@ -42,4 +42,62 @@ storage: notifier: filesystem: - filename: /config/notification.txt \ No newline at end of file + filename: /config/notification.txt + +identity_providers: + oidc: + ## See: https://www.authelia.com/c/oidc + hmac_secret: 'U+2FTcapX1p8WWsGRZcVzZrPnQnfPXsWOWNWnESAyqU=' # openssl rand -base64 32 + jwks: # openssl genrsa 2048 + - key: | + -----BEGIN PRIVATE KEY----- + MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDW0Jjp5QA9lrkQ + PhNWId5eRZgC9ls2yRkPpF22i2OFMl/5sY5xCCxPNzLgYKKmQoSUEyOCHvgid4SI + xTTu7IqqHyLX9KbN/LLgSw06PGl51Md2ZblkIw7t7RAvLj9FxM3e7A0MXwb/WJLt + ooxrFbYwbZIEp7yzgIPx16FtK++5BkW7M+J0BxCy986O3v+VgAmYLJZBdbOSI/dT + jwn5EcTvJgyWQI6F0yY6vSwnAeticp2xNk/lsu/uEfQmgVMJBHBta2hJHtHYQiAB + AOPzMV/PrSqD0TD6WgxqYpxn8OOBRAPmjxg2lHOWgrUn1VTj/8hSNHo6crwFGrM9 + ilpNymAnAgMBAAECggEAB+WM1tL2wneBymw7F2hQ/YPZwIjK4JrdjiV7gRmNqS3+ + uOCYkmTRBYEgyykc7DdiGp67fZiNhELYKej0obCAsRv06B2+a1sV6PM0A3HeFL7y + 2CeJfE9iSJ0gLQPVCp0J+Qm8ubmH5HzJO0LFnlgi0D6ZkWHofhbELZtA0WZok74V + 10lquSOo6ui46N6CVeu60KTBjYEqHPdCmLZxaL1bMywgpPnaDjLi/H9rCqOwDDaf + JZ2rpM1OB6js1CVFHBhuAO/Zc7TPOWxwhy4TLxCp7V4KrW6J4Y5o9GQedpT69+nV + pu3tm9t18hrpV+xnipZdNfP2BcUL88ZkW4E6ectOSQKBgQD6Vvxp9dK0hrKXA5rB + 48hrhSYzM1YX/73z9GutuB2riNdEeulVsETXexHqLuno0m1ODieK/26CalF4YmtK + XpAysWnqF0tAS5KmU+YE4/gaHg4DICIo+Jew5pqQPWOxtH55iWWbOfV237ve31Qx + ymN9Di/b2tGCtk4ZtLpz9tzdGQKBgQDbq/x1njOTI0tPkSMi/qktJnaPTYU3SIHv + d+SHki3t4f72voo91z6Xo2Dabfc+fIoQOiUA0Nfvh0x3MHGjkq7Q1MxEoXqQlg3t + t88D/OjwnG0MEMJ2ItiiuwwETJ03g4sgINCq96eiB/UZ9BbcwZnoKViVwnZysJxz + FDeYPEePPwKBgBo5HG25C15Psctx3DctNiRVKUA5w232Ix633sOuwqTiS7JnsaOB + OGTeBm1ihqwVxs9jWi8MPLY6jtgubxC2QSKeRPr5f693eyAjL7gZbTbHKS6Yohtq + lvE35r7vP08xGgJ/Kv6MnrLaEuLwv/ALREqoPskn7cRkdl/o95MIK/CZAoGAM90S + OO7F/Ho7wKhipFN9u8Q1/7Vsu1WqH9CtqvhvUZem67imyNz10TVom4mU8zLSIeyo + ad3k7Y+DFSzh1529Gl7zb0y0tEhJN5PLE4T1tkEoWc3nK58kiJ8iwi0YfU/YXBiD + S6o28MFyM9N2Rl6LKM4CNTF5Z7Cc72qZiZ7Jwl8CgYAbNhQ4yVHXHqJzIPutTV8I + TBU+mzBDavEF/du//EZPbtuTqqDTLknhSdp5iTiPXPJ94E/F6PWF0WL1PN43oa/4 + qhabV+4IzLU1JhuVj/DhUtHLaQERBwnZx0GPljJWex07gSTG+kTndVuCGK+ic/K/ + pah8ZiGEoowrQ5eHOIi2/g== + -----END PRIVATE KEY----- + enable_client_debug_messages: false + clients: + - client_id: 'open-webui' + client_name: 'Open WebUI' # docker run authelia/authelia:latest authelia crypto hash generate pbkdf2 --variant sha512 --random --random.length 72 --random.charset rfc3986 + client_secret: '$pbkdf2-sha512$310000$lQb.leTfGeCRlWlbAU.F/w$rSnBWv1URTEBvdHtsRoqYzxzxzTqauYX4IYfxHWi4cXTUAEZFFnVJlxMM.zSRuTTC/FYtl6vdx1nro4qou6XiQ' + public: false + authorization_policy: 'two_factor' + require_pkce: false + pkce_challenge_method: '' + redirect_uris: + - 'https://gpt.imranr.cloud/oauth/oidc/callback' + scopes: + - 'openid' + - 'profile' + - 'groups' + - 'email' + response_types: + - 'code' + grant_types: + - 'authorization_code' + access_token_signed_response_alg: 'none' + userinfo_signed_response_alg: 'none' + token_endpoint_auth_method: 'client_secret_basic' \ No newline at end of file diff --git a/server.docker-compose.yaml b/server.docker-compose.yaml index 3325ff4..d0cade2 100644 --- a/server.docker-compose.yaml +++ b/server.docker-compose.yaml @@ -182,12 +182,57 @@ services: - "traefik.http.routers.filebrowser.tls.certresolver=le" - "traefik.http.routers.filebrowser.middlewares=authelia@docker" + ollama: + image: ollama/ollama + container_name: ollama + volumes: + - ollama:/root/.ollama + networks: + - traefik + tty: true + restart: unless-stopped + ollama-webui: + image: ghcr.io/open-webui/open-webui:main + container_name: ollama-webui + environment: + - OLLAMA_BASE_URL=http://ollama:11434 + - WEBUI_URL=https://gpt.imranr.cloud + - ENABLE_OAUTH_SIGNUP=true + - OAUTH_MERGE_ACCOUNTS_BY_EMAIL=true + - OAUTH_CLIENT_ID=open-webui + - OAUTH_CLIENT_SECRET=T9GGizmCpZCFp6mez~.kiB.1wxu~~VTi9m42IuqSC2q-xYlpsdlDPAd50~IMZGVQuInmgSkL # Corresponds to 'client_secret' in configuration.yml + - OPENID_PROVIDER_URL=https://auth.imranr.cloud/.well-known/openid-configuration + - OAUTH_PROVIDER_NAME=Authelia + - OAUTH_SCOPES=openid email profile groups + - ENABLE_OAUTH_ROLE_MANAGEMENT=true + - OAUTH_ALLOWED_ROLES=admins,dev,family + - OAUTH_ADMIN_ROLES=admins + - OAUTH_ROLES_CLAIM=groups + volumes: + - ollama_webui:/app/backend/data + networks: + - traefik + depends_on: + - ollama + - traefik + restart: unless-stopped + labels: + - "traefik.enable=true" + - "traefik.http.routers.ollama-webui.rule=Host(`gpt.imranr.cloud`)" + - "traefik.http.routers.ollama-webui.entrypoints=websecure" + - "traefik.http.routers.ollama-webui.tls.certresolver=le" + - "traefik.http.routers.ollama-webui.tls=true" + - "traefik.http.routers.ollama-webui.middlewares=authelia@docker,geoblock@file" + - "traefik.http.services.ollama-webui.loadbalancer.server.port=8080" + volumes: filebrowser_db: traefik_acme: authelia_db: crowdsec_db: traefik_access_logs: + ollama: + ollama_webui: networks: traefik: