hello all,
Apologies if not allowed here … been struggling to get some kind of 2FA on a self hosted server. i would like nginx proxy manager behind 2FA have tried many many docker compose files from google searches none seem to work
does anyone happen to have this kind of config ?
background: ubuntu vm is running on promox and network traffic can reach the vm from outside.
cheers
Do followingg: (A better formatted VERSION on Pastebin: https://pastebin.com/hHuDnPn7)
sudo mkdir -p /opt/docker/npm && sudo chown -R $USER:$USER /opt/docker/npm
That would be for your Nguni Proxy Manager
Then:
cd /opt/docker/npm
nano docker-compose.yml Paste the following:
version: ‘3.8’ services: app: image: ‘jc21/nginx-proxy-manager:latest’ restart: unless-stopped ports: - ‘80:80’ - ‘443:443’ - ‘81:81’ environment: DB_MYSQL_HOST: “db” DB_MYSQL_PORT: 3306 DB_MYSQL_USER: “npm” DB_MYSQL_PASSWORD: “CHANGEME” DB_MYSQL_NAME: “npm” volumes: - ./data:/data - ./letsencrypt:/etc/letsencrypt depends_on: - db networks: - npm-proxy
db: image: ‘jc21/mariadb-aria:latest’ restart: unless-stopped environment: MYSQL_ROOT_PASSWORD: ‘SAME AS CHANGEME’ MYSQL_DATABASE: ‘npm’ MYSQL_USER: ‘npm’ MYSQL_PASSWORD: ‘SAME AS CHANGEME’ volumes: - ./mysql:/var/lib/mysql networks: - npm-proxy # Add the network here
networks: npm-proxy: # Define the network external: true
THEN: docker-compose up -d
GO THROUGH NPM setup by GOING to http://YourIP:81
NOW FOR AUTHENTIK
sudo mkdir -p /opt/docker/npm && sudo chown -R $USER:$USER /opt/docker/npm
cd /opt/docker/npm
nano docker-compose.yml
version: “3.4”
services: postgresql: image: docker.io/library/postgres:12-alpine restart: unless-stopped healthcheck: test: [“CMD-SHELL”, "pg_isready -d $$POSTGRES_DB} -U $${POSTGRES_USER}"] start_period: 20s interval: 30s retries: 5 timeout: 5s volumes: - database:/var/lib/postgresql/data environment: POSTGRES_PASSWORD: ${PG_PASS:?database password required} POSTGRES_USER: ${PG_USER:-authentik} POSTGRES_DB: ${PG_DB:-authentik} env_file: - .env networks: - npm-proxy redis: image: docker.io/library/redis:alpine command: --save 60 1 --loglevel warning restart: unless-stopped healthcheck: test: [“CMD-SHELL”, "redis-cli ping :${AUTHENTIK_TAG:-2023.8.3} container_name: authentik restart: unless-stopped command: server environment: AUTHENTIK_REDIS__HOST: redis AUTHENTIK_POSTGRESQL__HOST: postgresql AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik} AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik} AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS} volumes: - ./media:/media - ./custom-templates:/templates env_file: - .env depends_on: - postgresql - redis networks: - npm-proxy worker: image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2023.8.3} restart: unless-stopped command: worker environment: AUTHENTIK_REDIS__HOST: redis AUTHENTIK_POSTGRESQL__HOST: postgresql AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik} AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik} AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS} user: root volumes: - /var/run/docker.sock:/var/run/docker.sock - ./media:/media - ./certs:/certs - ./custom-templates:/templates env_file: - .env depends_on: - postgresql - redis networks: - npm-proxy
volumes: database: driver: local redis: driver: local
networks: proxy: npm-proxy: external: true
sudo apt-get install -y pwgen
echo “PG_PASS=$(pwgen -s 40 1)” >> .env echo “AUTHENTIK_SECRET_KEY=$(pwgen -s 50 1)” >> .env ———————
nano .env (you can configure other parameters here)
Now go to NPM and forward your domain to: (authentik as IP and 9443 in port) https://authentik:9443 (remember to select https and NOT http on NPM)