[Superseded] Authelia - Authentication & SSO

Authelia has been replaced by Authentik for use in the kasad.com web apps. Authentik provides more customization, as well as a web-based user interface for managing users, which was my main gripe when using Authelia.


Authelia is an open-source authentication and authorization server and portal. It is used in the SWAG stack as an authentication agent and an SSO portal.

Service info

The Authelia container uses the ghcr.io/authelia/authelia Docker image, version 4.36.2.


To-do: document Authelia's configuration.

Authelia is configured to use a YAML file to store users, since there are not enough users that switching to an SQL database is justified.


Authelia is published at auth.kasad.com.

Because Authelia is used as the authentication backend for Cloudflare Access, it bypasses Access auth. Otherwise an infinite loop would occur, where Cloudflare tries to access Authelia as the auth backend and Authelia tries to redirect back to Cloudflare for pre-auth.


Authelia runs in a single container. It's currently part of the SWAG stack. It can (and probably should) be separated into its own stack. The Docker Compose service configuration for it is:

  # ...
    image: ghcr.io/authelia/authelia:4.36.4
    container_name: authelia
    user: '938:941' # swag:servlets
      - TZ=America/Los_Angeles
      - /srv/swag/authelia_config:/config
    restart: unless-stopped


Authelia (auth.kasad.com) is used as an authentication backend for Cloudflare Zero Trust. It is also used as the authentication provider for the following web apps using the OpenID Connect specification:

Currently, it does not appear to be possible to use Authelia for Paperless-NGX or Bitwarden.

Revision #13
Created 17 August 2022 00:52:21 by Kian Kasad
Updated 21 March 2023 18:12:55 by Kian Kasad