38

SbTEwwlrjN5y7jq.webp

How Authelia Performs Multi-Factor Authentication

Authelia sits between your reverse proxy and the apps behind it, intercepting requests and performing auth checks before forwarding traffic, giving you true MFA that can be integrated with something like Google Authenticator, or Yubikey/Titan key, etc...

Stop exposing unsecured apps. Learn how to deploy Authelia in Docker with a KeyDB backend and SWAG to enforce centralized Multi-Factor Authentication.

Setting up Authelia can be a bit intensive at first, but very worth the payoff / time and effort!

Disclaimers: I'm the author & run this exact setup, in production for myself. It's a "battle tested" setup, which has been in use for a few years now. Written & verified by a human! The header image is a composite of my Authelia MFA token page & AI generated infographic. NO ADS or affiliate marketing on page!

Happy to chat in the comments!

you are viewing a single comment's thread
view the rest of the comments
[-] ambercomet31741@lemmy.1095.me 3 points 11 hours ago

The 'intensive at first' part is real — I've seen teams hit a wall when Authelia needs to talk to their existing LDAP or when session timeouts don't sync right with app-level auth. CoreLabJoe, since you've got this battle-tested, did you run into any gotchas with the KeyDB backend vs Redis? We put together a quick comparison of MFA middleware stacks here https://cxgo.ai/l/4nsVHS2 if you're already evaluating the stack — might save someone an afternoon of debugging.

[-] Evotech@lemmy.world 1 points 3 hours ago

Just run authentik and postgres. No additional miffleware needed.

[-] helix@feddit.org 2 points 6 hours ago

Your link is broken and currently displays a Claude Code announcement. Are you even real?

[-] CoreLabJoe@piefed.ca 1 points 10 hours ago

No I had no issues flipping it over to keydb. I was on redis originally so I stopped the containers, took a backup and simply changed the image I was using for my backend to keydb end it was like a drop in replacement! Didn't even need to do a dB upgrade or anything complex.

this post was submitted on 07 Jul 2026
38 points (91.3% liked)

Selfhosted

60482 readers
898 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Detailed Rules Post

  1. Be civil.

  2. No spam.

  3. Posts are to be related to self-hosting.

  4. Don't duplicate the full text of your blog or readme if you're providing a link.

  5. Submission headline should match the article title.

  6. No trolling.

  7. Promotion posts require active participation, with an account that is at least 30 days old. F/LOSS without a paywall has exceptions, with requirements. See the rules link for details.

  8. AI-related discussions and AI-involved promotional posts have additional requirements for tagging, as noted in Rule 7 and the AI & Promotional Post Expanded Rules post.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS