2021-05-05 05:06:05 +07:00
|
|
|
---
|
|
|
|
port: 9091
|
|
|
|
tls_cert: /config/ssl/cert.pem
|
|
|
|
tls_key: /config/ssl/key.pem
|
|
|
|
|
2021-06-01 11:09:50 +07:00
|
|
|
logging:
|
|
|
|
level: debug
|
2021-05-05 05:06:05 +07:00
|
|
|
|
|
|
|
jwt_secret: unsecure_secret
|
|
|
|
|
|
|
|
authentication_backend:
|
|
|
|
file:
|
|
|
|
path: /config/users.yml
|
|
|
|
|
|
|
|
session:
|
|
|
|
secret: unsecure_session_secret
|
|
|
|
domain: example.com
|
|
|
|
expiration: 3600 # 1 hour
|
|
|
|
inactivity: 300 # 5 minutes
|
|
|
|
remember_me_duration: 1y
|
|
|
|
# We use redis here to keep the users authenticated when Authelia restarts
|
|
|
|
# It eases development.
|
|
|
|
redis:
|
|
|
|
host: redis
|
|
|
|
port: 6379
|
|
|
|
|
|
|
|
storage:
|
|
|
|
local:
|
|
|
|
path: /config/db.sqlite
|
|
|
|
|
|
|
|
access_control:
|
|
|
|
default_policy: deny
|
|
|
|
rules:
|
|
|
|
- domain: "home.example.com"
|
|
|
|
policy: bypass
|
|
|
|
- domain: "public.example.com"
|
|
|
|
policy: bypass
|
|
|
|
- domain: "admin.example.com"
|
|
|
|
policy: two_factor
|
|
|
|
- domain: "secure.example.com"
|
|
|
|
policy: two_factor
|
|
|
|
- domain: "singlefactor.example.com"
|
|
|
|
policy: one_factor
|
|
|
|
- domain: "oidc.example.com"
|
|
|
|
policy: two_factor
|
|
|
|
- domain: "oidc-public.example.com"
|
|
|
|
policy: bypass
|
|
|
|
- domain: "traefik.example.com"
|
|
|
|
policy: bypass
|
|
|
|
|
|
|
|
notifier:
|
|
|
|
smtp:
|
|
|
|
host: smtp
|
|
|
|
port: 1025
|
|
|
|
sender: admin@example.com
|
|
|
|
disable_require_tls: true
|
|
|
|
|
|
|
|
identity_providers:
|
|
|
|
oidc:
|
|
|
|
hmac_secret: IVPWBkAdJHje3uz7LtFTDU2pFUfh39Xm
|
|
|
|
issuer_private_key: |
|
|
|
|
-----BEGIN RSA PRIVATE KEY-----
|
|
|
|
MIIEogIBAAKCAQEAvOFmoEJFt1JkfdlwM3vJFg5rrY9d6LyyqezjZkBZDQ4qdEEU
|
|
|
|
dCrbW8ISFTtg9sfbrS3qingUzVP9VOfYPMC3r0ugjJXjhvJdBSaoLlzL3saeyrXk
|
|
|
|
frOOvkcWKzeOynqUNPhKy9dchmuLALFfd/Jy7Wzq0y7XxGeNidEmFjMAf9dwf6/+
|
|
|
|
PjQjbG7zBFu/XSajITPHlDXPVDd0j2qw2wu5Z9iqn4LRXnAFnC438hZZKZU/+JxU
|
|
|
|
2ezr6Sefiy8XTC2kDiq3cgLeEjSywlJOs+4TLjVS/3h75sh2Wk0xVaSwjPEjCOgm
|
|
|
|
a+2E3GJrGdQBiAjMSu101VBVwHUHaLDCn1T4NwIDAQABAoIBADWkupXnXI99Ogc4
|
|
|
|
GxK0JF88Rz6qyhwQg5mZKthejCwWCt6roRiBF33O933KOHa+OljMAqHDCv1pzjgw
|
|
|
|
BIz0mvaRPw7OfylTajHNUdShDFHADVc7I6MMcgz+eYBarhY5jCAjKHMOPjv7DSZs
|
|
|
|
OdYCKLvfxC2oTyV714n9uZhyccDcvQpkgZuBDL0oxPom1GOI8TGhPjxvFOovEHWA
|
|
|
|
Q8q9XY4cUVNDikZmvpgeUkJHWYHYb+11vKeSupnYD03yJ3sDy+F6+m+3/XmzFbXb
|
|
|
|
1p43ermHQsMfDlxPyulUUI0viSo2UhlMC/moAb9FusOv+dTl2lt0gGqzDJ9gg1z1
|
|
|
|
XpHRnwkCgYEA5x48dyxd4lydtVYef9sBmbLJEYozsYyOwLcnrLSNaZxeCza1exyR
|
|
|
|
QIRogswoLDacxrYvO8FY6LtAEMkisv732M29zthBPm5wyoSZiM1X2YfQXKsmyh2h
|
|
|
|
x1/yCWv/BQjj68A8IAxToaXxSG4WAr/X00RGUkXgkgw122FxcmGuFyUCgYEA0TcR
|
|
|
|
dnt/oRMK4aCZHcBgTknzDfxKlJh4S0C9WjxKgr8IlW4LTeVSBuuqOObOQYImEhtw
|
|
|
|
TRTKZIViL0roDF79cioQSp1Tk5h6uy8wr6VyhWRnWfTz2/azoTHnmQ780rtAuEI/
|
|
|
|
NvE6FiqwikJLjma1YJoRfr/bfmgMdxcYbJI1MSsCgYAEZ5Yda1IKu1siFpcUNrdM
|
|
|
|
F5UvaWPc0WHzGEqARxye06UTL6K7yuqVwTBAteVaGlxYiSZTTDcGkHMDHuIzaRqO
|
|
|
|
HjWs2IA90VsC8Q4ABnHTKnx1F6nwlin8I774IP/GN8ooNwyuS63YWdJEYBy5RrC1
|
|
|
|
TQrODJjgD62DFdNUq7nmpQKBgFMJEzI+Q+KPJ0NztTG8t7x61y/W0Vb2yM+9Syn0
|
|
|
|
QfJwlZyRR4VMHelHQZFB8dzIJgoLv9+n/8gztEtm5IB8dwUHst2aYaBz5UpDqYQd
|
|
|
|
Gz3cIrTuZpcH7DVvFCeIbknJLh+zk1lgFpjTqqvFMi27kANeQtFWnmwmKcRec0As
|
|
|
|
K1ZvAoGAV/3YB44/zIoB590+yhpx2HTmDPVHH+J+5O71Pi1D9W13ClBFLrE69wo+
|
|
|
|
IQLIstBI5tGOGeuQNjXhDKJ1U30xppZXcnebrkA+oOo+6dy20zghFR2maAGXfWFU
|
|
|
|
pM4GsSnSTm0bXPebVouQFqhj7LqcQQzCqRDThmw/Lp1tJUmu40g=
|
|
|
|
-----END RSA PRIVATE KEY-----
|
|
|
|
clients:
|
|
|
|
- id: oidc-tester-app
|
|
|
|
secret: foobar
|
|
|
|
policy: two_factor
|
|
|
|
redirect_uris:
|
|
|
|
- https://oidc.example.com:8080/oauth2/callback
|
|
|
|
# This client is used for testing purpose. As of now, the app must be protected by ACLs
|
|
|
|
# otherwise it won't work properly.
|
|
|
|
- id: oidc-tester-app-public
|
|
|
|
secret: foobar
|
|
|
|
authorization_policy: one_factor
|
|
|
|
redirect_uris:
|
|
|
|
- https://oidc-public.example.com:8080/oauth2/callback
|
|
|
|
...
|