From 99defa87e9ba7c678084dfba3dd5eaf9aa71a360 Mon Sep 17 00:00:00 2001
From: James Curtin <jameswcurtin@gmail.com>
Date: Thu, 21 Mar 2024 16:10:37 -0400
Subject: [PATCH] Updates for Authelia 4.38

---
 authelia/configuration.yml | 11 ++++++-----
 bin/create-new-user        |  2 +-
 docker-compose.labels.yml  |  1 +
 docker-compose.yml         |  2 +-
 traefik.yml                |  4 ++++
 5 files changed, 13 insertions(+), 7 deletions(-)

diff --git a/authelia/configuration.yml b/authelia/configuration.yml
index deb10fd..4a4354c 100644
--- a/authelia/configuration.yml
+++ b/authelia/configuration.yml
@@ -1,7 +1,6 @@
 # See https://www.authelia.com/configuration/prologue/introduction/ for options
 server:
-  host: 0.0.0.0
-  port: 9091
+  address: 0.0.0.0:9091
 
 log:
   level: debug
@@ -44,7 +43,10 @@ session:
   name: authelia_session
   expiration: 3600 # 1 hour
   inactivity: 300 # 5 minutes
-  domain: docker.localhost # CHANGEME: domain associated with the login subdomain
+  cookies:
+    - domain: docker.localhost # CHANGEME: domain associated with the login subdomain
+      authelia_url: "https://auth.docker.localhost" # CHANGEME: Set as AUTH_SERVER_HOST
+      default_redirection_url: "https://docker.localhost" # CHANGEME: Set as desired redirection URL
 
   redis:
     host: authelia-redis
@@ -57,8 +59,7 @@ regulation:
 
 storage:
   postgres:
-    host: authelia-postgres
-    port: 5432
+    address: authelia-postgres:5432
     database: authelia
     username: authelia
 
diff --git a/bin/create-new-user b/bin/create-new-user
index 9fdf968..d990a12 100755
--- a/bin/create-new-user
+++ b/bin/create-new-user
@@ -27,7 +27,7 @@ echo
 echo
 echo "Creating user..."
 
-hashed_password=$(docker run --rm -v "${SCRIPT_DIR}"/../authelia:/config authelia/authelia:latest authelia hash-password --config /config/configuration.yml -- "$password" | sed -e "s/^Digest: //")
+hashed_password=$(docker run --rm -v "${SCRIPT_DIR}"/../authelia:/config authelia/authelia:latest authelia crypto hash generate argon2 --config /config/configuration.yml --password "$password" | sed -e "s/^Digest: //")
 
 cat <<EOT >>"${SCRIPT_DIR}"/../authelia/users.yml
   $username:
diff --git a/docker-compose.labels.yml b/docker-compose.labels.yml
index a9ce3ec..0bf18ad 100644
--- a/docker-compose.labels.yml
+++ b/docker-compose.labels.yml
@@ -27,6 +27,7 @@ services:
       - traefik.http.routers.traefik.service=api@internal
       - traefik.http.routers.traefik.tls.certresolver=letsencrypt
       - traefik.http.routers.traefik.tls=true
+      - traefik.http.routers.traefik.tls.domains[0].sans=*.docker.localhost
   whoami:
     labels:
       - traefik.enable=true
diff --git a/docker-compose.yml b/docker-compose.yml
index 57d1a37..ac8e9f3 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -9,7 +9,7 @@ services:
     env_file:
       - .env
     environment:
-      AUTHELIA_JWT_SECRET_FILE: /run/secrets/jwt
+      AUTHELIA_IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET_FILE: /run/secrets/jwt
       # yamllint disable-line rule:line-length
       # CHANGEME: Uncomment the following line if using notifier.smtp in authelia/configuration.yml
       # AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE: /run/secrets/smtp
diff --git a/traefik.yml b/traefik.yml
index 4672300..dc8bae8 100644
--- a/traefik.yml
+++ b/traefik.yml
@@ -18,6 +18,10 @@ certificatesResolvers:
       storage: /etc/acme/acme.json
       httpChallenge:
         entryPoint: web
+      # CHANGEME: If you'd like to use the DNS challenge for a wildcard cert.
+      # See https://doc.traefik.io/traefik/https/acme/#dnschallenge
+      # dnsChallenge:
+      #   provider: TODO
 
 entryPoints:
   web: