authelia VS watchtower

It's me and two others though I'm definitely the most active. We put a lot of effort into security best practices and one of my co-developers is currently reviewing the 4.38.0 release. It's a fairly major release with a lot of important code paths that have been improved for the future.

Our official docs can be found at https://www.authelia.com and you can find docs for a particular PR in the relevant PR. We've also linked the pre-release docs in the pre-release discussions which can be found here: https://github.com/authelia/authelia/discussions/categories/...

I use NGINX proxy with Authelia in between. Authelia blocks and blacklists faulty logins.

https://github.com/saltstack/salt https://github.com/chocolatey/choco https://github.com/nextcloud https://github.com/authelia/authelia https://github.com/grafana/grafana

If you are using HAProxy on PfSense/OPNSense, see my issue https://github.com/authelia/authelia/issues/2696

https://github.com/lldap/lldap is a very simple and lightweight LDAP solution. Works flawless with https://www.authelia.com/

Ah yeah, so I guess it's been a while since I tried and I forgot where I got stuck last time. Authelia's config.yml is absolutely massive and I'm not sure which section of their guide I should be following. In The Docker Compose section, there's "Unbundled", "Lite", and "Local". I think I want to be running the "lite" bundle, but their example compose file has a ton of Traefik stuff in it. I know I wouldn't keep the Traefik services, but do I need either secure or public?

Authelia supports SSO. If you are behind a reverse proxy it’s quite straightforward to integrate.

This should probably also be mentioned in the documentation so maybe consider mentioning this on their discussion page.

Related: https://github.com/containrrr/watchtower

> if you're using the docker image, upgrades are a breeze. Just bump the tag on the image, redeploy, and you're done.

Or you could just run Watchtower beside it and it will automatically update your docker containers. https://github.com/containrrr/watchtower If you are OK with automated updates.

So i primarily use containers on my local machine walled off from the internet, so it's not a big concern for me. Watchtower [1] is popular among home server users too which automatically updates containers to the latest image.

For production uses I think companies generally build their own containers. They would have a common base linux container and build the other containers based off that with a typical CI/CD pipeline. So if glibc is patched, it's probably patched in the base container and the others are then rebuilt. You don't have to patch each container individually, just the base. Production also minimizes the scope of containers with nothing installed except what's necessary so they have few dependencies.

[1] https://github.com/containrrr/watchtower

You can use Watchtower (https://containrrr.dev/watchtower/) that solves problem of manual pulling on VPS.

I checked https://containrrr.dev/watchtower/ and Arguments, but I don't understand where to attach that using portainer.

Again, there are options to automate some of the burden here by using tools such as Watchtower.

Have you ever deployed a Docker app on a server, but everytime you push a new version of your image to a Docker registry you need to manually restart your app? If you want to automate this restarting, this blog post is for you! I am now going to show you how you can do this with literally 1 simple command using Watchtower!