poprhythm
0ce030275b
Add OIDC secret placeholders to .env.example files
...
- Add OIDC HMAC and client secrets to authelia/.env.example
- Create ollama/.env.example with OIDC client secret placeholder
2026-02-26 01:42:34 +00:00
poprhythm
645d908ca5
Add Authelia OIDC SSO to Open WebUI
...
- Add open-webui OIDC client to Authelia config
- Configure open-webui with OIDC env vars pointing to Authelia
- Secret managed via AUTHELIA_OIDC_CLIENT_SECRET_OPEN_WEBUI env var in Portainer
2026-02-26 01:37:28 +00:00
poprhythm
c4157023f6
Add token_endpoint_auth_method: client_secret_post to linkding OIDC client
2026-02-23 19:00:11 +00:00
poprhythm
d0037cf4cd
Add Linkding OIDC via Authelia, fix jwks key name in config
...
- linkding: add OIDC env vars pointing to Authelia as identity provider
- authelia/config: fix issuer_private_keys → jwks (correct key for 4.38.x)
and replace non-functional template function with host-managed note
2026-02-23 18:45:33 +00:00
poprhythm
3ec74c1f69
Restrict wildcard rule to admins; jsmith (guests) can only access ultralytics
2026-02-23 14:41:18 +00:00
poprhythm
4293022561
Fix authelia: default_redirection_url must differ from authelia_url
2026-02-22 20:26:00 +00:00
poprhythm
9f98a4081e
Add Authelia SSO, remove authentik, restrict ultralytics port
...
- Add authelia/ stack: Authelia 4.38 + Redis 7-alpine on isolated
authelia-internal bridge; Authelia also on npm-network for NPM
forward-auth. Secrets via env vars (not committed).
- Add authelia/config/configuration.yaml: file-based users, SQLite
storage, one_factor policy for *.kolpacksoftware.com
- Add **/users_database.yaml to .gitignore (host-only secret)
- Remove authentik/ (non-functional leftover)
- ultralytics: bind port 8501 to 127.0.0.1 only (auth enforced via NPM)
2026-02-22 20:21:11 +00:00
poprhythm