techies/authelia
1
0
Fork 0
mirror of https://github.com/0rangebananaspy/authelia.git synced 2024-09-14 22:47:21 +07:00
Code Issues Projects Releases Wiki Activity

[DOCS] Adjust yaml snippets and misc adjustments (#855)

Browse Source 
* [DOCS] Adjust yaml snippets

* use two spaces
* use yaml syntax highlighting
* other misc uniformity changes
* fix misc grammar
* add responsible disclosure link

Co-Authored-By: Amir Zarrinkafsh <nightah@me.com>
This commit is contained in:
James Elliott 2020-04-11 14:46:07 +10:00 committed by GitHub
parent b3ce7fc379
commit b0b3d61954
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
18 changed files with 220 additions and 196 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
docs/configuration/access-control.md
View File

@ -92,9 +92,9 @@ configure Authelia accordingly.
Here is a complete example of complex access control list that can be defined in Authelia. Here is a complete example of complex access control list that can be defined in Authelia.
```yaml
access_control: access_control:
default_policy: deny default_policy: deny
rules: rules:
- domain: public.example.com - domain: public.example.com
policy: bypass policy: bypass
@ -129,3 +129,4 @@ Here is a complete example of complex access control list that can be defined in
- "^/users/john/.*$" - "^/users/john/.*$"
subject: "user:john" subject: "user:john"
policy: two_factor policy: two_factor
```

16
docs/configuration/authentication/file.md
View File

@ -15,6 +15,7 @@ nav_order: 1
Configuring Authelia to use a file is done by specifying the path to the Configuring Authelia to use a file is done by specifying the path to the
file in the configuration file. file in the configuration file.
```yaml
authentication_backend: authentication_backend:
disable_reset_password: false disable_reset_password: false
file: file:
@ -25,12 +26,15 @@ file in the configuration file.
salt_length: 16 salt_length: 16
parallelism: 8 parallelism: 8
memory: 1024 memory: 1024
```
## Format ## Format
The format of the users file is as follows. The format of the users file is as follows.
```yaml
users: users:
john: john:
password: "$argon2id$v=19$m=65536,t=3,p=2$BpLnfgDsc2WD8F2q$o/vzA4myCqZZ36bUGsDY//8mKUYNZZaR0t4MFFSs+iM" password: "$argon2id$v=19$m=65536,t=3,p=2$BpLnfgDsc2WD8F2q$o/vzA4myCqZZ36bUGsDY//8mKUYNZZaR0t4MFFSs+iM"
@ -38,21 +42,19 @@ The format of the users file is as follows.
groups: groups:
- admins - admins
- dev - dev
harry: harry:
password: "$argon2id$v=19$m=65536,t=3,p=2$BpLnfgDsc2WD8F2q$o/vzA4myCqZZ36bUGsDY//8mKUYNZZaR0t4MFFSs+iM" password: "$argon2id$v=19$m=65536,t=3,p=2$BpLnfgDsc2WD8F2q$o/vzA4myCqZZ36bUGsDY//8mKUYNZZaR0t4MFFSs+iM"
email: harry.potter@authelia.com email: harry.potter@authelia.com
groups: [] groups: []
bob: bob:
password: "$argon2id$v=19$m=65536,t=3,p=2$BpLnfgDsc2WD8F2q$o/vzA4myCqZZ36bUGsDY//8mKUYNZZaR0t4MFFSs+iM" password: "$argon2id$v=19$m=65536,t=3,p=2$BpLnfgDsc2WD8F2q$o/vzA4myCqZZ36bUGsDY//8mKUYNZZaR0t4MFFSs+iM"
email: bob.dylan@authelia.com email: bob.dylan@authelia.com
groups: groups:
- dev - dev
james: james:
password: "$argon2id$v=19$m=65536,t=3,p=2$BpLnfgDsc2WD8F2q$o/vzA4myCqZZ36bUGsDY//8mKUYNZZaR0t4MFFSs+iM" password: "$argon2id$v=19$m=65536,t=3,p=2$BpLnfgDsc2WD8F2q$o/vzA4myCqZZ36bUGsDY//8mKUYNZZaR0t4MFFSs+iM"
email: james.dean@authelia.com email: james.dean@authelia.com
```
This file should be set with read/write permissions as it could be updated by users This file should be set with read/write permissions as it could be updated by users
@ -73,7 +75,7 @@ always be valid for base64 decoding (characters a through z, A through Z, 0 thro
For instance to generate a hash with the docker image just run: For instance to generate a hash with the docker image just run:
$ docker run authelia/authelia:latest authelia hash-password yourpassword $ docker run authelia/authelia:latest authelia hash-password yourpassword
$ Password hash: $argon2id$v=19$m=65536$3oc26byQuSkQqksq$zM1QiTvVPrMfV6BVLs2t4gM+af5IN7euO0VB6+Q8ZFs Password hash: $argon2id$v=19$m=65536$3oc26byQuSkQqksq$zM1QiTvVPrMfV6BVLs2t4gM+af5IN7euO0VB6+Q8ZFs
Full CLI Help Documentation: Full CLI Help Documentation:
@ -116,8 +118,10 @@ to creating the hash. This is due to how [Go](https://golang.org/) allocates mem
generating an argon2id hash. Go periodically garbage collects the heap, however this doesn't remove generating an argon2id hash. Go periodically garbage collects the heap, however this doesn't remove
the memory allocation, it keeps it allocated even though it's technically unused. Under memory the memory allocation, it keeps it allocated even though it's technically unused. Under memory
pressure the unused allocated memory will be reclaimed by the operating system, you can test pressure the unused allocated memory will be reclaimed by the operating system, you can test
this on linux with this on linux with:
`stress-ng --vm-bytes $(awk '/MemFree/{printf "%d\n", $2 * 0.9;}' < /proc/meminfo)k --vm-keep -m 1`.
$ stress-ng --vm-bytes $(awk '/MemFree/{printf "%d\n", $2 * 0.9;}' < /proc/meminfo)k --vm-keep -m 1
If this is not desirable we recommend investigating the following options in order of most to least secure: If this is not desirable we recommend investigating the following options in order of most to least secure:
1. using the [LDAP authentication provider](./ldap.md) 1. using the [LDAP authentication provider](./ldap.md)
2. adjusting the [memory](#memory) parameter 2. adjusting the [memory](#memory) parameter

4
docs/configuration/duo-push-notifications.md
View File

@ -15,11 +15,13 @@ to know how to set up push notifications in Authelia.
## Configuration ## Configuration
The configuration is as follows: The configuration is as follows:
```yaml
duo_api: duo_api:
hostname: api-123456789.example.com hostname: api-123456789.example.com
integration_key: ABCDEF integration_key: ABCDEF
secret_key: 1234567890abcdefghifjkl secret_key: 1234567890abcdefghifjkl
```
The secret key is shown as an example, you also have the option to set it using an environment The secret key is shown as an example, you also have the option to set it using an environment
variable as described [here](./secrets.md). variable as described [here](./secrets.md).

2
docs/configuration/google-analytics.md
View File

@ -10,4 +10,6 @@ nav_order: 4
It is possible to provide a Google Analytics ID to Authelia in order It is possible to provide a Google Analytics ID to Authelia in order
to monitor the usage of the Sign-In portal. to monitor the usage of the Sign-In portal.
```yaml
google_analytics: UA-00000-01 google_analytics: UA-00000-01
```

11
docs/configuration/miscellaneous.md
View File

@ -15,8 +15,10 @@ Here are the main customizable options in Authelia.
Defines the address and port to listen on. Defines the address and port to listen on.
```yaml
host: 0.0.0.0 host: 0.0.0.0
port: 9091 port: 9091
```
## TLS ## TLS
@ -25,9 +27,10 @@ Defines the address and port to listen on.
Authelia can use TLS. Provide the certificate and the key with the Authelia can use TLS. Provide the certificate and the key with the
following configuration options: following configuration options:
```yaml
tls_key: /var/lib/authelia/ssl/key.pem tls_key: /var/lib/authelia/ssl/key.pem
tls_cert: /var/lib/authelia/ssl/cert.pem tls_cert: /var/lib/authelia/ssl/cert.pem
```
## Log ## Log
@ -38,7 +41,9 @@ following configuration options:
Defines the level of logs used by Authelia. This level can be set to Defines the level of logs used by Authelia. This level can be set to
`trace`, `debug` or `info`. `trace`, `debug` or `info`.
```yaml
log_level: debug log_level: debug
```
### Log file path ### Log file path
@ -47,7 +52,9 @@ Defines the level of logs used by Authelia. This level can be set to
Logs can be stored in a file when file path is provided. Otherwise logs Logs can be stored in a file when file path is provided. Otherwise logs
are written to standard output. are written to standard output.
```yaml
log_file_path: /var/log/authelia.log log_file_path: /var/log/authelia.log
```
## JWT Secret ## JWT Secret
@ -57,7 +64,9 @@ are written to standard output.
Defines the secret used to craft JWT tokens leveraged by the identity Defines the secret used to craft JWT tokens leveraged by the identity
verification process verification process
```yaml
jwt_secret: v3ry_important_s3cr3t jwt_secret: v3ry_important_s3cr3t
```
## Default redirection URL ## Default redirection URL

3
docs/configuration/one-time-password.md
View File

@ -11,10 +11,13 @@ Authelia uses time based one-time passwords as the OTP method. You have
the option to tune the settings of the TOTP generation and you can see a the option to tune the settings of the TOTP generation and you can see a
full example of TOTP configuration below, as well as sections describing them. full example of TOTP configuration below, as well as sections describing them.
```yaml
totp: totp:
issuer: authelia.com issuer: authelia.com
period: 30 period: 30
skew: 1 skew: 1
```
## Issuer ## Issuer

10
docs/contributing/authelia-scripts.md
View File

@ -12,22 +12,22 @@ testing the code, etc...
Those scripts becomes available after sourcing the bootstrap.sh script with Those scripts becomes available after sourcing the bootstrap.sh script with
source bootstrap.sh $ source bootstrap.sh
Then, you can access the scripts usage by running the following command: Then, you can access the scripts usage by running the following command:
authelia-scripts --help $ authelia-scripts --help
For instance, you can build Authelia (Go binary and frontend) with: For instance, you can build Authelia (Go binary and frontend) with:
authelia-scripts build $ authelia-scripts build
Or build the official Docker image with: Or build the official Docker image with:
authelia-scripts docker build $ authelia-scripts docker build
Or start the *Standalone* suite with: Or start the *Standalone* suite with:
authelia-scripts suites setup Standalone $ authelia-scripts suites setup Standalone
You will find more information in the scripts usage helpers. You will find more information in the scripts usage helpers.

2
docs/contributing/suites.md
View File

@ -46,7 +46,7 @@ specific suite like *HighAvailability*, you can do so with the next command:
Running all tests is easy. Make sure that no suite is already running and run: Running all tests is easy. Make sure that no suite is already running and run:
authelia-scripts suites test $ authelia-scripts suites test
### Run tests in headless mode ### Run tests in headless mode

7
docs/features/password-reset.md
View File

@ -7,9 +7,10 @@ nav_order: 4
# Password Reset # Password Reset
**Authelia** provides workflow to let users reset their password when they lose it. **Authelia** provides a workflow to let users reset their password when they lose it.
To disable reset password functionality please see the [configuration docs](../configuration/authentication/index.md#disabling-reset-password).
A simple click on `Forgot password?` for starting the process. Note that resetting a A simple click on `Reset password?` for starting the process. Note that resetting a
password requires a new identity verification using the e-mail of the user. password requires a new identity verification using the e-mail of the user.
<p align="center"> <p align="center">
@ -22,7 +23,7 @@ Give your username and receive an e-mail to verify your identity.
<img src="../images/RESET-PASSWORD-STEP1.png" width="400"> <img src="../images/RESET-PASSWORD-STEP1.png" width="400">
</p> </p>
Once your identity is verified, fill in the form to reset your password. Once your identity has been verified, fill in the form to reset your password.
<p align="center"> <p align="center">
<img src="../images/RESET-PASSWORD-STEP2.png" width="400"> <img src="../images/RESET-PASSWORD-STEP2.png" width="400">

12
docs/security/index.md
View File

@ -7,9 +7,11 @@ has_children: true
# Security # Security
Security is taken very seriously here, therefore we follow the rule of Authelia takes security very seriously. We follow the rule of
responsible disclosure and we encourage you to do so. [responsible disclosure](https://en.wikipedia.org/wiki/Responsible_disclosure), and we
encourage the community to as well.
Would you like to report any vulnerability discovered in Authelia, please
first contact **clems4ever** on [Matrix](https://riot.im/app/#/room/#authelia:matrix.org) If you discover a vulnerability in Authelia, please first contact **clems4ever** on
or by [email](mailto:clement.michaud34@gmail.com). [Matrix](https://riot.im/app/#/room/#authelia:matrix.org) or by
[email](mailto:clement.michaud34@gmail.com).