traveler/Netgrimoire
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

audit(gremlin): authelia FAIL 2026-04-03

Browse source
This commit is contained in:
traveler 2026-04-02 20:46:30 -05:00
parent 94bac36624
commit f96b461826
1 changed files with 23 additions and 30 deletions
Download patch file Download diff file Expand all files Collapse all files

53
Netgrimoire/Audits/authelia-2026-04-03.md
View file

@ -2,10 +2,10 @@
title: Audit - authelia.yaml title: Audit - authelia.yaml
description: Gremlin audit report 2026-04-03 description: Gremlin audit report 2026-04-03
published: true published: true
date: 2026-04-03T01:36:30.489Z date: 2026-04-03T01:46:30.038Z
tags: gremlin,audit tags: gremlin,audit
editor: markdown editor: markdown
dateCreated: 2026-04-03T01:36:30.489Z dateCreated: 2026-04-03T01:46:30.038Z
--- ---
# Audit Report — authelia.yaml # Audit Report — authelia.yaml
@ -17,39 +17,32 @@ dateCreated: 2026-04-03T01:36:30.489Z
--- ---
### SWARM AUDIT REPORT: ### Audit Results:
#### Homepage Labels 1. **Homepage labels**:
**PASS**: homepage.group=Management - **PASS**: `homepage.group=Management`
**PASS**: homepage.name=Authelia - **PASS**: `homepage.name=Authelia`
**PASS**: homepage.icon=authelia.png - **PASS**: `homepage.icon=authelia.png`
**PASS**: homepage.href=https://login.wasted-bandwidth.net - **PASS**: `homepage.href=https://login.wasted-bandwidth.net`
**PASS**: homepage.description=SSO / Forward-Auth - **PASS**: `homepage.description=SSO / Forward-Auth`
#### Uptime Kuma Labels 2. **Uptime Kuma labels**:
**PASS**: kuma.authelia.http.name="Authelia" - **PASS**: `kuma.authelia.http.name="Authelia"`
**PASS**: kuma.authelia.http.url=http://authelia:9091 - **PASS**: `kuma.authelia.http.url=http://authelia:9091`
#### Caddy Labels on Exposed Services 3. **Caddy labels on exposed services**:
**FAIL**: Missing `caddy=<domain>` and `caddy.reverse_proxy` labels. - **FAIL**: The service is exposing port 9091, but there's no Caddy label to reverse proxy it.
- **Fix**: Add a Caddy label to handle the reverse proxy for port 9091.
- **Issue**: The service is exposed but lacks necessary labels to enable automatic reverse proxying. 4. **Placement constraints**:
- **Fix**: Add the following labels to the `authelia` service: - **PASS**: `node.hostname == nas`
```yaml
labels:
caddy=login.wasted-bandwidth.net
caddy.reverse_proxy={{upstreams 9091}}
```
#### Placement Constraints 5. **Volumes use /DockerVol/<service> path convention**:
**PASS**: node.hostname == nas - **PASS**: `/DockerVol/authelia/config:/config`
- **PASS**: `/DockerVol/authelia/secrets:/secrets`
- **PASS**: `/DockerVol/authelia/redis:/data`
#### Volumes Use /DockerVol/<service> Path Convention 6. **Network references external netgrimoire overlay**:
**PASS**: /DockerVol/authelia/config - **PASS**: `netgrimoire` network is defined as external.
**PASS**: /DockerVol/authelia/secrets
**PASS**: /DockerVol/authelia/redis
#### Network References External netgrimoire Overlay
**PASS**: references external netgrimoire overlay
### VERDICT: FAIL ### VERDICT: FAIL