Home›Catalog›🔒 Security & Privacy›Authelia

SECURITY & PRIVACY · PRO TIER

Autheliapro

Authelia is an authentication and authorization server providing SSO and 2FA for self-hosted apps. Acts as a forward-auth provider in front of reverse proxies (nginx, Traefik, Caddy) — protect any app with SSO without modifying the app itself.

Install via WHMCS → Visit authelia.com ↗

🔒 Security & Privacy Min 256 MB RAM Port 9091 (http) Tier pro

// What it is

A closer look.

For self-hosters with 10+ apps who want one login covering everything (Authelia + reverse proxy = OAuth-style SSO for non-OAuth apps), Authelia is the lightweight answer.

// Use cases

What it's for.

Concrete scenarios where teams pick Authelia over the SaaS alternative.

◆

Single sign-on

one login covering all your self-hosted apps

◈

Two-factor authentication

TOTP, WebAuthn, mobile push

◇

Authorization rules

per-app access control

▣

OAuth provider

provide OIDC for apps that support it

▦

Brute-force protection

failed-login throttling

// Who it's for

Built for these teams.

If your team profile matches one of these, Authelia is a strong fit out of the box.

Profile A

Self-hosters

with 10+ apps wanting unified auth

Profile B

Privacy-bound orgs

requiring central auth control

Profile C

Internal IT teams

running employee self-service

Profile D

Tech enthusiasts

building secure home infrastructure

Profile E

Compliance-focused orgs

needing audit-able auth

// Differentiators

Why teams pick Authelia.

When evaluating self-hosted options for this category, here are the dimensions on which Authelia consistently lands above the alternatives.

✓Apache 2.0 — fully open
✓Forward-auth model — works with any app behind reverse proxy
✓Lightweight — runs on minimal hardware
✓2FA support — TOTP, WebAuthn, mobile push, Duo
✓OIDC provider — issue tokens for apps supporting OAuth
✓Active development — strong community

// Integrations

Connects to.

The stack you'll plug Authelia into — services, protocols, and adjacent apps in the BluixApps catalog.

◇

Reverse proxies

Traefik, nginx, Caddy, HAProxy

◈

Identity backends

LDAP, file-based, OpenID Connect

◆

2FA methods

TOTP, WebAuthn (FIDO2), Duo, mobile push

▣

Notification channels

email, SMTP

▦

Storage

SQLite, MySQL, Postgres

▩

Session backend

Redis for shared sessions

▼

OIDC clients

provide SSO to apps supporting OIDC

// Adoption & deployment

Notable users & community

23k+ GitHub stars
Active community on Matrix + GitHub
Long-running OSS project
Featured in homelab SSO guides
Frequent releases

What we ship

Docker compose: Authelia + Redis + Postgres
Pinned authelia/authelia:4.38 (release-tagged)
HTTPS via Let's Encrypt
Admin user via env config
Persistent volumes for Postgres + Redis
Reverse proxy integration documented for Traefik / nginx
Backup hook covers Postgres (users + sessions)

// Tips & operations

Run it properly.

Operational guidance from running this in production — what to do before you scale, what to lock down, what surprises people.

// PERFORMANCE

Forward-auth setup is per-proxy

Traefik vs nginx config differs significantly

// SECURITY

Backup user DB

your auth state is critical

// OPERATIONS

Use LDAP for many users

file-based fine for small; LDAP scales

// RELIABILITY

Postgres + Redis for multi-instance

HA setup needs both

// DEPLOYMENT

2FA enforcement

require 2FA for admin / sensitive apps

// SCALING

Audit log review

failed logins indicate attack attempts

256

// min ram (MB)

// min disk (GB)

9091

// access port

http

// protocol

pro

// bluixapps tier

9091:9091 · authelia/authelia:latest

// docker image

Project resources

Official siteauthelia.com ↗

// Alternatives in Security & Privacy

Compare with