# Authelia •

[Authelia](https://www.authelia.com/) is an open-source single-sign on (SSO) and identity management for a small server.

# Overview

[![Screen Shot 2025-03-09 at 19.32.54.png](https://hub.subspace.services/uploads/images/gallery/2025-03/scaled-1680-/screen-shot-2025-03-09-at-19-32-54.png)](https://hub.subspace.services/uploads/images/gallery/2025-03/screen-shot-2025-03-09-at-19-32-54.png)

[Authelia](https://www.authelia.com/) is an open-source single-sign on (SSO) and identity management for a small server.

- Use single-factor or two-factor authentication through [VaultWarden](https://hub.subspace.services/books/vaultwarden "VaultWarden").
- Create user accounts to share access to your services without multi-user support.
- Sign into your services once and stay signed into them on that device.

# Media

## Screenshots

<p class="callout info">Authelia v4.38.19</p>

<table border="1" id="bkmrk-" style="border-collapse: collapse; width: 100%; border-width: 1px; height: 59.6px; border-color: rgb(88, 110, 117);"><colgroup><col style="width: 33.3333%;"></col><col style="width: 33.3333%;"></col><col style="width: 33.3333%;"></col></colgroup><tbody><tr style="height: 29.8px;"><td style="border-width: 1px; height: 29.8px; border-color: rgb(88, 110, 117);">[![Screen Shot 2025-03-09 at 19.32.54.png](https://hub.subspace.services/uploads/images/gallery/2025-03/scaled-1680-/screen-shot-2025-03-09-at-19-32-54.png)](https://hub.subspace.services/uploads/images/gallery/2025-03/screen-shot-2025-03-09-at-19-32-54.png)</td><td style="border-width: 1px; height: 29.8px; border-color: rgb(88, 110, 117);">[![Screen Shot 2025-03-09 at 19.32.46.png](https://hub.subspace.services/uploads/images/gallery/2025-03/scaled-1680-/screen-shot-2025-03-09-at-19-32-46.png)](https://hub.subspace.services/uploads/images/gallery/2025-03/screen-shot-2025-03-09-at-19-32-46.png)</td><td style="border-width: 1px; height: 29.8px; border-color: rgb(88, 110, 117);">[![Screen Shot 2025-03-09 at 19.33.04.png](https://hub.subspace.services/uploads/images/gallery/2025-03/scaled-1680-/screen-shot-2025-03-09-at-19-33-04.png)](https://hub.subspace.services/uploads/images/gallery/2025-03/screen-shot-2025-03-09-at-19-33-04.png)</td></tr><tr style="height: 29.8px;"><td style="border-width: 1px; height: 29.8px; border-color: rgb(88, 110, 117);">[![Screen Shot 2025-03-09 at 19.32.09.png](https://hub.subspace.services/uploads/images/gallery/2025-03/scaled-1680-/screen-shot-2025-03-09-at-19-32-09.png)](https://hub.subspace.services/uploads/images/gallery/2025-03/screen-shot-2025-03-09-at-19-32-09.png)</td><td style="border-width: 1px; height: 29.8px; border-color: rgb(88, 110, 117);">  
</td><td style="border-width: 1px; height: 29.8px; border-color: rgb(88, 110, 117);">  
</td></tr></tbody></table>

# Setup & Configuration

We need to install the service through Portainer and configure any necessary settings.

# Preparation

There are some things we need to do in preparation to install this service.

## Volumes

<details id="bkmrk-media-folders-radarr"><summary>Persistent Data</summary>

This is where the service will store its own application data and ensures we can quickly update the service image.

<p class="callout warning">Ensure your user has permissions to access the folder.</p>

</details><details id="bkmrk-media-folders-this-s"><summary>Media Folders</summary>

This service will need access to the folders where you store your media files.

<p class="callout warning">Ensure your user has permissions to access the folder.</p>

</details><details id="bkmrk-download-folder-rada"><summary>Download Folders</summary>

This service will need access to the folder where you torrent or usenet folder store their completed downloads.

<p class="callout warning">Ensure your user has permissions to access the folder.</p>

</details>## Environment

<details id="bkmrk-tz-this-is-the-curre"><summary>TZ</summary>

This is the current time zone formatted using the [tz database.](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones)

<p class="callout info">*For example:* America/Vancouver</p>

</details><details id="bkmrk-gid-%C2%A0"><summary>PUID</summary>

This is the numeric ID of the user account on Debian. If you are unsure, open a terminal and run:

```bash
id -u
```

</details><details id="bkmrk-pgid-this-is-the-num"><summary>PGID</summary>

This is the numeric ID of the user account's group on Debian. If you are unsure, open a terminal and run:

```bash
id -g
```

</details>### Passwords

<p class="callout danger">Keep these securely stored in a password manager, such as [VaultWarden](https://hub.subspace.services/books/vaultwarden "VaultWarden").</p>

<details id="bkmrk-db_root_pass-this-is"><summary>DB\_ROOT\_PASS</summary>

This is the password that will be used for root access to the database.

<p class="callout warning">It is important to use secure, randomly generated password.</p>

You can use a random alphanumeric string from a password manager, or open the terminal and run the command:

```
tr -dc 'A-Za-z0-9!"#$%&'\''()*+,-./:;<=>?@[\]^_`{|}~' </dev/urandom | head -c 32; echo
```

This pulls a random string from the '[urandom](https://en.wikipedia.org/wiki//dev/random)' device, removes unwanted characters and trim it to an appropriate length.

</details><details id="bkmrk-owncloud_admin_passw"><summary>OWNCLOUD\_ADMIN\_PASSWORD</summary>

This is the password for the administrator account that will be used within the web interface.

<p class="callout warning">It is important to use secure passphrase that is easy-to-remember.</p>

</details>

# Installation

The service can be installed through the Portainer web interface.

<p class="callout info">Learn about [creating a new stack](https://hub.subspace.services/books/portainer/page/creating-a-new-stack "Creating a New Stack").</p>

## Docker Compose

Use the following code to install the service:

```yaml
---
services:
  authelia:
    container_name: 'authelia'
    image: 'authelia/authelia'
    restart: 'unless-stopped'
    ports:
      - "9091:9091"
    volumes:
      # Persistent Data
      - '/srv/authelia/data:/config'
      - '/srv/authelia/secrets:/secrets'
    environment:
      - TZ='Americas/Vancouver'
```

# Updating

<p class="callout success">Re-Deploy the Stack</p>

This service has been optimized for running in Docker.

This allows you to [re-deploy the stack through Portainer](https://hub.subspace.services/books/portainer/page/updating-a-stack "Updating a Stack") to download the latest updates.

# User Manual

# Development

<p class="callout info">This software is released under the [Apache 2.0 license](https://opensource.org/license/apache-2-0). </p>

You can learn more about how to contribute to Authelia through their [GitHub](https://github.com/authelia/authelia/blob/master/CONTRIBUTING.md).

The development team also accepts [sponsorships](https://opencollective.com/authelia-sponsors).

# Resources

## Official

- [Official Documentation](https://www.authelia.com/overview/prologue/introduction/)
- [Official Discord](https://discord.authelia.com/)
- [Official Matrix](https://matrix.to/#/#support:authelia.com)
- [Official GitHub Repository](https://github.com/authelia/authelia)
- [Official Website](https://www.authelia.com/)
- [Installation Guide](https://www.authelia.com/integration/deployment/docker/#docker-compose)
- [General Troubleshooting](https://www.authelia.com/reference/guides/troubleshooting/)