Cut Doris over to Authentik ingress
This commit is contained in:
@@ -25,8 +25,8 @@ All homelab services, their hosts, ports, and current status.
|
||||
| Shlink | 8087 | http://pd:8087 | ✅ Active |
|
||||
| Shlink Web Client | 8088 | http://pd:8088 | ✅ Active |
|
||||
| RackPeek | 8283 | http://pd:8283 | ✅ Active |
|
||||
| Authelia | 9091 | http://pd:9091 / https://auth.paccoco.com | ✅ Active internally on PD; currently fronts the Traefik-protected app layer |
|
||||
| Authentik | 9000 | http://pd:9000 / https://authentik.paccoco.com | ✅ Active; public Pangolin hostname live for OIDC/SAML migration work |
|
||||
| Authelia | 9091 | http://pd:9091 | ✅ Active internally on PD as legacy migration-only auth plumbing; public `auth.paccoco.com` now redirects to Authentik |
|
||||
| Authentik | 9000 | http://pd:9000 / https://authentik.paccoco.com | ✅ Active; public identity front door for OIDC/SAML and forward-auth flows |
|
||||
|
||||
## AI Stack
|
||||
|
||||
@@ -62,6 +62,7 @@ OpenClaw is no longer treated as an active PD service in the operator inventory.
|
||||
| Paperless-NGX | 8083 | ✅ Active; DOCX/Office ingestion via internal Tika + Gotenberg sidecars |
|
||||
| Karakeep | 3100 | ✅ Active |
|
||||
| n8n | 5678 | ✅ Active |
|
||||
| Doris Dashboard | 8787 | ✅ Active on N.O.M.A.D. behind Pangolin -> Traefik -> Authentik at `https://doris.paccoco.com` |
|
||||
| KitchenOwl | 8086 | ✅ Active |
|
||||
| DoneTick | 2021 | ✅ Active |
|
||||
| Dakboard Bridge | 5087 | ✅ Active |
|
||||
|
||||
@@ -1,8 +1,9 @@
|
||||
# Identity and SSO
|
||||
|
||||
Authelia is the staged identity provider for the homelab.
|
||||
Authentik is the public identity provider for the homelab.
|
||||
Authelia remains available internally on PD as legacy migration-only plumbing while older routes are retired.
|
||||
|
||||
## Why Authelia
|
||||
## Why Authentik
|
||||
|
||||
- centralizes auth for the growing pile of web apps
|
||||
- works with shared Postgres/Redis already in the lab
|
||||
@@ -13,14 +14,15 @@ Authelia is the staged identity provider for the homelab.
|
||||
|
||||
- stack path: identity/
|
||||
- host target: PlausibleDeniability
|
||||
- public entrypoint: auth.paccoco.com
|
||||
- status: Authelia is live on PD; Traefik-based protected app routing is the next cutover layer
|
||||
- public entrypoint: `https://authentik.paccoco.com` (`https://auth.paccoco.com` is now just a compatibility redirect)
|
||||
- status: Authentik is the public login front door; Traefik now protects `doris.paccoco.com` through the embedded outpost and Authelia is no longer intended for direct public use
|
||||
|
||||
## Access-control direction
|
||||
|
||||
Traefik is the internal router and Authelia is the policy engine.
|
||||
Traefik is the internal router. Authentik is now the preferred public auth layer via native OIDC or embedded outpost forward-auth; Authelia is retained only for legacy/internal migration cases still being retired.
|
||||
|
||||
Current intended protected domains:
|
||||
- `doris.paccoco.com`
|
||||
- `gitea.paccoco.com`
|
||||
- `grafana.paccoco.com`
|
||||
- `traefik.paccoco.com`
|
||||
|
||||
Reference in New Issue
Block a user