Sold by: cloudimg
Deployed on AWS
Free Trial
AWS Free Tier
This product has charges associated with it for seller support. Authelia, the open source single sign-on and multi-factor authentication server, preinstalled as a system service with an nginx reverse proxy and a demo protected application. Visiting the protected app redirects to the Authelia login portal. A unique admin password and fresh cryptographic secrets are generated on first boot. Backed by 24/7 cloudimg support.
Overview
Image
Authelia login portal
Image
Signing in to the portal
Image
Protected page after login
This is a repackaged open source software product wherein additional charges apply for cloudimg support services.
Overview Authelia is an open source authentication and authorization server providing single sign-on and multi-factor authentication for your web applications. It acts as a companion to a reverse proxy: instead of every application implementing its own login, the proxy forwards each request to Authelia, which enforces a per-resource access policy and presents a single, branded login portal with optional two-factor authentication. This image delivers Authelia fully installed and wired into an nginx reverse proxy with a working demo protected application, so a complete forward-authentication gateway is running within minutes of launch.
Application Stack The Authelia server binary installed under /usr/local/bin and run by a dedicated unprivileged service account, bound to loopback so it is never exposed without the proxy. A local SQLite storage database and the file based user database on a dedicated data disk so identity state is independently resizable. An nginx reverse proxy that publishes the Authelia login portal over HTTPS and runs the standard forward-authentication integration. A demo protected location that is guarded by Authelia, so you can see the full redirect-to-portal, log-in, return-to-application flow end to end out of the box.
Forward Authentication The nginx proxy asks Authelia to authorize every request to a protected resource. Unauthenticated requests are redirected to the Authelia portal, the user signs in once, and is returned to the application. The same single sign-on session then satisfies every other application behind the same proxy. Access is governed by a clear per-resource policy: bypass, one factor or two factor.
Secure First Boot On the first boot of your instance a one shot service generates a fresh administrator password, unique to that instance, and fresh cryptographic secrets for the session, the storage encryption key and the identity validation tokens. The password is argon2id hashed into the user database and written to a root only file. No shared or default credentials and no shared secrets ship in the image.
Ready To Use The Authelia portal is served over HTTPS through nginx, and a demo protected page demonstrates the full forward-authentication flow. Sign in with the generated administrator credentials to reach the protected page. Point your own applications at the proxy and add an access control rule to bring them under single sign-on. A simple one line change swaps the bundled demo domain for your own.
cloudimg Support 24/7 technical support by email and chat. Help with deployment, reverse proxy and forward authentication configuration, access control rules, two factor enrolment, LDAP or file user backends, SMTP notifications, TLS and bringing your own applications under single sign-on.
Use Cases A single sign-on and two factor gateway in front of internal web applications. Protecting dashboards, admin panels and home lab services that have no authentication of their own. A self hosted alternative to commercial identity aware proxies. A reference forward-authentication deployment to build your own access controlled stack on.
All product and company names are trademarks or registered trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.
Highlights
- Authelia single sign-on and multi-factor authentication server preinstalled as a systemd service behind an nginx reverse proxy, with a working demo protected application that redirects to the Authelia login portal, no manual setup required
- Standard forward-authentication integration: nginx asks Authelia to authorize every request, unauthenticated users are redirected to the portal, and a per-resource access control policy of bypass, one factor or two factor governs each application, with identity state on a dedicated resizable data disk
- Hardened first boot generates a fresh admin password and fresh session, storage encryption and identity validation secrets for every instance, argon2id hashed and stored where only root can read them, with 24/7 technical support from cloudimg
Details
Sold by
Categories
Delivery method
Delivery option
64-bit (x86) Amazon Machine Image (AMI)
Latest version
Operating system
Ubuntu 24.04
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Free trial
Try this product free for 7 days according to the free trial terms set by the vendor. Usage-based pricing is in effect for usage beyond the free trial terms. Your free trial gets automatically converted to a paid subscription when the trial ends, but may be canceled any time before that.
Pricing is based on actual usage, with charges varying according to how much you consume. Subscriptions have no end date and may be canceled any time. Alternatively, you can pay upfront for a contract, which typically covers your anticipated usage for the contract duration. Any usage beyond contract will incur additional usage-based costs.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
If you are an AWS Free Tier customer with a free plan, you are eligible to subscribe to this offer. You can use free credits to cover the cost of eligible AWS infrastructure. See AWS Free Tier for more details. If you created an AWS account before July 15th, 2025, and qualify for the Legacy AWS Free Tier, Amazon EC2 charges for Micro instances are free for up to 750 hours per month. See Legacy AWS Free Tier for more details.
Dimension | Description | Cost/hour |
|---|---|---|
t3.small Recommended | t3.small | $0.04 |
t3.micro | t3.micro instance type | $0.04 |
t2.micro | t2.micro instance type | $0.04 |
m8i.8xlarge | m8i.8xlarge instance type | $0.24 |
m5dn.metal | m5dn.metal instance type | $0.24 |
i4i.large | i4i.large instance type | $0.08 |
i4i.8xlarge | i4i.8xlarge instance type | $0.24 |
r5ad.xlarge | r5ad.xlarge instance type | $0.12 |
m5ad.16xlarge | m5ad.16xlarge instance type | $0.24 |
r5n.16xlarge | r5n.16xlarge instance type | $0.24 |
Vendor refund policy
Refunds available on request.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
64-bit (x86) Amazon Machine Image (AMI)
Amazon Machine Image (AMI)
An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.
Version release notes
Initial release of Authelia 4.39.20 single sign-on and multi-factor authentication server with an nginx forward-authentication reverse proxy and a demo protected application.
Additional details
Usage instructions
Connect via SSH on port 22 as the default login user for your operating system variant (the user guide lists it per variant). Retrieve the generated credentials with: sudo cat /root/authelia-credentials.txt. The Authelia login portal and a demo protected page are served over HTTPS (port 443) through nginx; port 80 redirects to HTTPS. Because Authelia requires a real domain for its session cookies (an IP address cannot be used) and a secure https scheme for its session URLs, the image ships a self-contained demo domain authelia.local served with a self-signed certificate. To try the demo flow from your workstation, add a line mapping authelia.local and secure.authelia.local to the instance public IP in your workstation hosts file, then browse to https://secure.authelia.local/secure and accept the self-signed certificate warning: you are redirected to the Authelia portal, sign in with user admin and the generated password, and are returned to the protected page. For production, edit /etc/authelia/configuration.yml to set your own domain (https) under session.cookies and access_control, replace the self-signed certificate in /etc/nginx/tls/ with a real certificate for your domain, point your applications at the nginx proxy and add an access control rule per application; the user guide walks through it plus two factor authentication. Authelia data (the SQLite database, secrets and notifications) lives on a dedicated data disk mounted at /var/lib/authelia.
Resources
Vendor resources
Support
Vendor support
cloudimg provides 24/7 technical support for this product by email and live chat. Our engineers help with deployment, configuration, updates, performance tuning and troubleshooting; critical issues receive a one hour average response. Contact support@cloudimg.co.uk .
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
This product has charges associated with it for deployment, configuration, and ongoing support. Deploy a self-hosted SSO/SAML/OIDC authentication portal with 2FA and LDAP-backed access control on EC2.
Customer reviews
No customer reviews yet
Be the first to review this product . We've partnered with PeerSpot to gather customer feedback. You can share your experience by writing or recording a review, or scheduling a call with a PeerSpot analyst.