techies/authelia
1
0
Fork 0
mirror of https://github.com/0rangebananaspy/authelia.git synced 2024-09-14 22:47:21 +07:00
Code Issues Projects Releases Wiki Activity

ci: add yamllint (#1895)

Browse Source 
This change implements yamllint and adjusts all yaml files to abide by our linting setup. This excludes config.template.yml as this will be done in an alternate commit.
This commit is contained in:
James Elliott 2021-04-11 06:51:00 +10:00 committed by GitHub
parent ad7808d430
commit d33d6c2f00
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
111 changed files with 697 additions and 430 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
.buildkite/pipeline.yml
View File

@ -1,5 +1,7 @@
---
# This represents the hardcoded pipeline set in Buildkite interface which executes the repo provided dynamic pipeline.
# It is used to ensure that insecure code from external PR cannot be executed before a maintainers approval, to avoid secret leaks.
# It is used to ensure that insecure code from external PR cannot be executed before a maintainers approval, to avoid
# secret leaks.
steps:
# Blocking pipeline for master branch deployments (concurrency_group).
- label: ":pipeline: Setup Pipeline"
@ -13,7 +15,7 @@ steps:
command: ".buildkite/pipeline.sh | buildkite-agent pipeline upload"
if: build.branch != "master"
- wait:
- wait: # yamllint disable-line rule:empty-values
if: build.pull_request.repository.fork != true && build.branch !~ /^(dependabot|renovate)\/.*/
# Manual intervention by team required to deploy for forked PRs (prevent secret leakage).
@ -32,9 +34,10 @@ steps:
- label: ":rocket: Setup Deployment"
command: ".buildkite/deployment.sh | buildkite-agent pipeline upload"
depends_on: ~
if: build.branch != "master" && build.branch !~ /^(dependabot|renovate)\/.*/ && build.pull_request.repository.fork != true
if: build.branch != "master" && build.branch !~ /^(dependabot|renovate)\/.*/ && build.pull_request.repository.fork != true # yamllint disable-line rule:line-length
# Removed dependency optimisation for forked PRs to enforce block step.
- label: ":rocket: Setup Deployment"
command: ".buildkite/deployment.sh | buildkite-agent pipeline upload"
if: build.pull_request.repository.fork == true
if: build.pull_request.repository.fork == true
...

16
.codecov.yml
View File

@ -1,10 +1,11 @@
---
codecov:
require_ci_to_pass: yes
require_ci_to_pass: true
comment:
layout: "reach, diff, flags, files"
behavior: default
require_changes: no
require_changes: false
coverage:
precision: 2
@ -12,7 +13,7 @@ coverage:
range: "70...100"
status:
project:
default: off
default: false
backend:
base: auto
flags:
@ -38,7 +39,8 @@ ignore:
parsers:
gcov:
branch_detection:
conditional: yes
loop: yes
method: no
macro: no
conditional: true
loop: true
method: false
macro: false
...

20
.github/FUNDING.yml vendored
View File

@ -1,12 +1,14 @@
---
# These are supported funding model platforms
github: # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2]
patreon: # Replace with a single Patreon username
# github: # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2]
# patreon: # Replace with a single Patreon username
open_collective: authelia-sponsors
ko_fi: # Replace with a single Ko-fi username
tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel
community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
liberapay: # Replace with a single Liberapay username
issuehunt: # Replace with a single IssueHunt username
otechie: # Replace with a single Otechie username
custom: # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2']
# ko_fi: # Replace with a single Ko-fi username
# tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel
# community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
# liberapay: # Replace with a single Liberapay username
# issuehunt: # Replace with a single IssueHunt username
# otechie: # Replace with a single Otechie username
# custom: # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2']
...

20
.github/ISSUE_TEMPLATE/config.yml vendored
View File

@ -1,11 +1,13 @@
---
blank_issues_enabled: false
contact_links:
- name: Documentation
url: https://www.authelia.com/docs/
about: Read the Documentation
- name: Matrix
url: https://riot.im/app/#/room/#authelia:matrix.org
about: Discuss Authelia with the Developers on Matrix which is the preferred method of contact
- name: Discord
url: https://discord.authelia.com
about: Discuss Authelia with the Developers on Discord which is bridged to Matrix
- name: Documentation
url: https://www.authelia.com/docs/
about: Read the Documentation
- name: Matrix
url: https://riot.im/app/#/room/#authelia:matrix.org
about: Discuss Authelia with the Developers on Matrix which is the preferred method of contact
- name: Discord
url: https://discord.authelia.com
about: Discuss Authelia with the Developers on Discord which is bridged to Matrix
...

6
.golangci.yml
View File

@ -1,3 +1,4 @@
---
run:
timeout: 3m
@ -33,7 +34,7 @@ linters:
issues:
exclude:
- Error return value of .((os\.)?std(out|err)\..*|.*Close|.*Flush|os\.Remove(All)?|.*printf?|os\.(Un)?Setenv). is not checked
- Error return value of .((os\.)?std(out|err)\..*|.*Close|.*Flush|os\.Remove(All)?|.*printf?|os\.(Un)?Setenv). is not checked # yamllint disable-line rule:line-length
- func name will be used as test\.Test.* by other packages, and that stutters; consider calling this
- (possible misuse of unsafe.Pointer|should have signature)
- ineffective break statement. Did you mean to break out of the outer loop
@ -44,4 +45,5 @@ issues:
- Potential file inclusion via variable
exclude-use-default: false
max-issues-per-linter: 0
max-same-issues: 0
max-same-issues: 0
...

9
.reviewdog.yml
View File

@ -1,3 +1,4 @@
---
runner:
golangci:
cmd: golangci-lint run
@ -9,4 +10,10 @@ runner:
eslint:
cmd: cd web && eslint -f rdjson '*/**/*.{js,ts,tsx}'
format: rdjson
level: error
level: error
yamllint:
cmd: yamllint --format parsable .
errorformat:
- '%f:%l:%c: %m'
level: warning
...

22
.yamllint.yml Normal file
View File

@ -0,0 +1,22 @@
---
extends: default
ignore: |
internal/configuration/test_resources/config_bad_quoting.yml
web/node_modules/
compose/
config.template.yml
internal/configuration/config.template.yml
rules:
document-end:
level: warning
empty-values:
level: warning
indentation:
spaces: 2
check-multi-line-strings: true
line-length:
max: 120
octal-values: enable
...

98
api/openapi.yml
View File

@ -2,7 +2,9 @@
openapi: 3.0.0
info:
title: Authelia API
description: Authelia is an open-source authentication and authorization server providing 2-factor authentication and single sign-on (SSO) for your applications via a web portal.
description: >
Authelia is an open-source authentication and authorization server providing 2-factor authentication and single
sign-on (SSO) for your applications via a web portal.
contact:
name: Authelia Support
url: https://github.com/authelia/authelia#contact-options
@ -28,7 +30,9 @@ paths:
tags:
- State
summary: Application Configuration
description: The configuration endpoint provides detailed information including available second factor methods, if any second factor policies exist and the TOTP period configuration.
description: >
The configuration endpoint provides detailed information including available second factor methods, if any
second factor policies exist and the TOTP period configuration.
responses:
"200":
description: Successful Operation
@ -39,7 +43,7 @@ paths:
"403":
description: Forbidden
security:
- authelia_auth: [ ]
- authelia_auth: []
/api/health:
get:
tags:
@ -58,7 +62,9 @@ paths:
tags:
- State
summary: User Application State
description: The state endpoint provides detailed information including the user, current authenticate level and Authelia's configured default redirection URL.
description: >
The state endpoint provides detailed information including the user, current authenticate level and Authelia's
configured default redirection URL.
responses:
"200":
description: Successful Operation
@ -71,7 +77,9 @@ paths:
tags:
- Authentication
summary: Verification
description: The verify endpoint provides the ability to verify if a user has the necessary permissions to access a specified domain.
description: >
The verify endpoint provides the ability to verify if a user has the necessary permissions to access a specified
domain.
parameters:
- $ref: '#/components/parameters/originalURLParam'
- $ref: '#/components/parameters/forwardedMethodParam'
@ -108,7 +116,9 @@ paths:
tags:
- Authentication
summary: Verification
description: The verify endpoint provides the ability to verify if a user has the necessary permissions to access a specified domain.
description: >
The verify endpoint provides the ability to verify if a user has the necessary permissions to access a specified
domain.
parameters:
- $ref: '#/components/parameters/originalURLParam'
- $ref: '#/components/parameters/forwardedMethodParam'
@ -146,7 +156,8 @@ paths:
tags:
- Authentication
summary: Login
description: The firstfactor endpoint allows a user to login and generates an authentication cookie for authorization.
description: >
The firstfactor endpoint allows a user to login and generates an authentication cookie for authorization.
requestBody:
content:
application/json:
@ -184,13 +195,19 @@ paths:
schema:
$ref: '#/components/schemas/middlewares.OkResponse'
security:
- authelia_auth: [ ]
- authelia_auth: []
/api/reset-password/identity/start:
post:
tags:
- Password Reset
summary: Identity Verification Token Creation
description: "This endpoint is step 1 of 3 in the password reset process.\n\nIt validates the user session and sends the user an email with a token and a link to reset their password. This step also generates a session cookie for the rest of the process.\n\nThe same session cookie must be used for all steps in this process."
description: >
This endpoint is step 1 of 3 in the password reset process.
It validates the user session and sends the user an email with a token and a link to reset their password. This
step also generates a session cookie for the rest of the process.
The same session cookie must be used for all steps in this process.
requestBody:
required: true
content:
@ -211,7 +228,12 @@ paths:
tags:
- Password Reset
summary: Identity Verification Token Validation
description: "This endpoint is step 2 of 3 in the password reset process.\n\nIt validates the user session and reset token.\n\nThe same session cookie must be used for all steps in this process."
description: >
This endpoint is step 2 of 3 in the password reset process.
It validates the user session and reset token.
The same session cookie must be used for all steps in this process.
requestBody:
required: true
content:
@ -232,7 +254,12 @@ paths:
tags:
- Password Reset
summary: Password Reset
description: "This endpoint is step 3 of 3 in the password reset process.\n\nIt validates the user session and changes the password.\n\nThe same session cookie must be used for all steps in this process."
description: >
This endpoint is step 3 of 3 in the password reset process.
It validates the user session and changes the password.
The same session cookie must be used for all steps in this process.
requestBody:
required: true
content:
@ -253,7 +280,9 @@ paths:
tags:
- User Information
summary: User Configuration
description: The user info endpoint provides detailed information including a users display name, preferred and registered second factor method(s).
description: >
The user info endpoint provides detailed information including a users display name, preferred and registered
second factor method(s).
responses:
"200":
description: Successful Operation
@ -264,7 +293,7 @@ paths:
"403":
description: Forbidden
security:
- authelia_auth: [ ]
- authelia_auth: []
/api/user/info/2fa_method:
post:
tags:
@ -286,13 +315,17 @@ paths:
"403":
description: Forbidden
security:
- authelia_auth: [ ]
- authelia_auth: []
/api/secondfactor/totp/identity/start:
post:
tags:
- Second Factor
summary: Identity Verification TOTP Token Creation
description: "This endpoint performs identity verification to begin the TOTP device registration process.\n\nThe session generated from this endpoint must be utilised for the subsequent step in the `/api/secondfactor/totp/identity/finish` endpoint."
description: >
This endpoint performs identity verification to begin the TOTP device registration process.
The session generated from this endpoint must be utilised for the subsequent step in the
`/api/secondfactor/totp/identity/finish` endpoint.
responses:
"200":
description: Successful Operation
@ -307,7 +340,12 @@ paths:
tags:
- Second Factor
summary: Identity Verification TOTP Token Validation and Device Creation
description: "This endpoint performs identity and token verification, upon success also generates TOTP device secret and registers said device.\n\nThe session cookie generated from the `/api/secondfactor/totp/identity/start` endpoint must be utilised for the step here"
description: >
This endpoint performs identity and token verification, upon success also generates TOTP device secret and
registers said device.
The session cookie generated from the `/api/secondfactor/totp/identity/start` endpoint must be utilised for the
step here.
requestBody:
required: true
content:
@ -328,7 +366,7 @@ paths:
tags:
- Second Factor
summary: Second Factor Authentication - TOTP
description: "This endpoint performs second factor authentication with a TOTP key."
description: This endpoint performs second factor authentication with a TOTP key.
requestBody:
required: true
content:
@ -355,7 +393,7 @@ paths:
tags:
- Second Factor
summary: Second Factor Authentication - U2F (Request)
description: "This endpoint starts the second factor authentication process with the U2F key."
description: This endpoint starts the second factor authentication process with the U2F key.
responses:
"200":
description: Successful Operation
@ -395,7 +433,11 @@ paths:
tags:
- Second Factor
summary: Identity Verification U2F Token Creation
description: "This endpoint performs identity verification to begin the U2F device registration process.\n\nThe session generated from this endpoint must be utilised for the subsequent steps in the `/api/secondfactor/u2f/identity/finish` and `/api/secondfactor/u2f/register` endpoints."
description: >
This endpoint performs identity verification to begin the U2F device registration process.
The session generated from this endpoint must be utilised for the subsequent steps in the
`/api/secondfactor/u2f/identity/finish` and `/api/secondfactor/u2f/register` endpoints.
responses:
"200":
description: Successful Operation
@ -410,7 +452,12 @@ paths:
tags:
- Second Factor
summary: Identity Verification U2F Token Validation
description: "This endpoint performs identity and token verification, upon success generates a U2F device registration challenge.\n\nThe session cookie generated from the `/api/secondfactor/u2f/identity/start` endpoint must be utilised for the subsequent steps here and in the `/api/secondfactor/u2f/register` endpoint."
description: >
This endpoint performs identity and token verification, upon success generates a U2F device registration
challenge.
The session cookie generated from the `/api/secondfactor/u2f/identity/start` endpoint must be utilised for the
subsequent steps here and in the `/api/secondfactor/u2f/register` endpoint.
requestBody:
required: true
content:
@ -431,7 +478,7 @@ paths:
tags:
- Second Factor
summary: U2F Device Registration
description: "This endpoint performs U2F device registration."
description: This endpoint performs U2F device registration.
requestBody:
required: true
content:
@ -452,7 +499,7 @@ paths:
tags:
- Second Factor
summary: Second Factor Authentication - Duo Mobile Push
description: "This endpoint performs second factor authentication with a Duo Mobile Push."
description: This endpoint performs second factor authentication with a Duo Mobile Push.
requestBody:
required: true
content:
@ -634,7 +681,7 @@ components:
example: 5ZH7Y5CTFWOXN7EOLGBMMXADRNQFHVUDZSYKCN5HMFAIRSLAWY3Q
otpauth_url:
type: string
example: otpauth://totp/auth.example.com:john?algorithm=SHA1&digits=6&issuer=auth.example.com&period=30&secret=5ZH7Y5CTFWOXN7EOLGBMMXADRNQFHVUDZSYKCN5HMFAIRSLAWY3Q
example: otpauth://totp/auth.example.com:john?algorithm=SHA1&digits=6&issuer=auth.example.com&period=30&secret=5ZH7Y5CTFWOXN7EOLGBMMXADRNQFHVUDZSYKCN5HMFAIRSLAWY3Q # yamllint disable-line rule:line-length
handlers.UserInfo:
type: object
properties:
@ -682,7 +729,7 @@ components:
properties:
token:
type: string
example: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE2MDc5MjU1OTYsImlzcyI6IkF1dGhlbGlhIiwiYWN0aW9uIjoiUmVzZXRQYXNzd29yZCIsInVzZXJuYW1lIjoiQW1pciJ9.636yqRrUCGCe4jsMCsonleX5CYWHncYqZum-YYb6VaY
example: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE2MDc5MjU1OTYsImlzcyI6IkF1dGhlbGlhIiwiYWN0aW9uIjoiUmVzZXRQYXNzd29yZCIsInVzZXJuYW1lIjoiQW1pciJ9.636yqRrUCGCe4jsMCsonleX5CYWHncYqZum-YYb6VaY # yamllint disable-line rule:line-length
middlewares.OkResponse:
type: object
properties:
@ -770,4 +817,5 @@ components:
authelia_auth:
type: apiKey
name: "{{.Session}}"
in: cookie
in: cookie
...

6
docs/_config.yml
View File

@ -1,3 +1,4 @@
---
title: Authelia
email: clement.michaud34@gmail.com
description: Authelia is an open source multi-factor single sign-on portal for web applications
@ -6,10 +7,13 @@ baseurl: "/docs/"
# url: "https://www.authelia.com"
repository: https://github.com/authelia/authelia
logo: ./images/authelia-title.png
footer_content: "Copyright &copy; 2020 Authelia. Distributed by an <a href=\"https://github.com/authelia/authelia/blob/master/LICENSE\">Apache 2.0 license.</a>"
footer_content: >
Copyright &copy; 2021 Authelia. Distributed by an
<a href=\"https://github.com/authelia/authelia/blob/master/LICENSE\">Apache 2.0 license.</a>
markdown: kramdown
theme: just-the-docs
keep_files:
- .git
- CNAME
ga_tracking: UA-124926127-1
...

8
internal/authentication/users_database.template.yml
View File

@ -1,3 +1,5 @@
# yamllint disable rule:line-length
---
###############################################################
# Users Database #
###############################################################
@ -7,8 +9,10 @@
users:
authelia:
displayname: "Test User"
password: "$argon2id$v=19$m=32768,t=1,p=8$eUhVT1dQa082YVk2VUhDMQ$E8QI4jHbUBt3EdsU1NFDu4Bq5jObKNx7nBKSn1EYQxk" # Password is 'authelia'
password: "$argon2id$v=19$m=32768,t=1,p=8$eUhVT1dQa082YVk2VUhDMQ$E8QI4jHbUBt3EdsU1NFDu4Bq5jObKNx7nBKSn1EYQxk" # Password is 'authelia'
email: authelia@authelia.com
groups:
- admins
- dev
- dev
...
# yamllint enable rule:line-length

2
internal/configuration/reader_test.go
View File

@ -164,7 +164,7 @@ func TestShouldErrorParseBadConfigFile(t *testing.T) {
require.Len(t, errors, 1)
require.EqualError(t, errors[0], "Error malformed yaml: line 23: did not find expected alphabetic or numeric character")
require.EqualError(t, errors[0], "Error malformed yaml: line 24: did not find expected alphabetic or numeric character")
}
func TestShouldParseConfigFile(t *testing.T) {

12
internal/configuration/test_resources/config.yml
View File

@ -1,7 +1,4 @@
###############################################################
# Authelia configuration #
###############################################################
---
host: 127.0.0.1
port: 9091
@ -95,8 +92,8 @@ access_control:
session:
name: authelia_session
expiration: 3600000 # 1 hour
inactivity: 300000 # 5 minutes
expiration: 3600000 # 1 hour
inactivity: 300000 # 5 minutes
domain: example.com
redis:
host: 127.0.0.1
@ -122,4 +119,5 @@ notifier:
host: 127.0.0.1
port: 1025
sender: admin@example.com
disable_require_tls: true
disable_require_tls: true
...

12
internal/configuration/test_resources/config_alt.yml
View File

@ -1,7 +1,4 @@
###############################################################
# Authelia configuration #
###############################################################
---
host: 127.0.0.1
port: 9091
@ -95,8 +92,8 @@ access_control:
session:
name: authelia_session
expiration: 3600000 # 1 hour
inactivity: 300000 # 5 minutes
expiration: 3600000 # 1 hour
inactivity: 300000 # 5 minutes
domain: example.com
redis:
host: 127.0.0.1
@ -120,4 +117,5 @@ notifier:
host: 127.0.0.1
port: 1025
sender: admin@example.com
disable_require_tls: true
disable_require_tls: true
...

12
internal/configuration/test_resources/config_bad_keys.yml
View File

@ -1,7 +1,4 @@
###############################################################
# Authelia configuration #
###############################################################
---
host: 127.0.0.1
port: 9091
loggy_file: /config/svc.log
@ -96,8 +93,8 @@ access_control:
session:
name: authelia_session
expiration: 3600000 # 1 hour
inactivity: 300000 # 5 minutes
expiration: 3600000 # 1 hour
inactivity: 300000 # 5 minutes
domain: example.com
redis:
host: 127.0.0.1
@ -121,4 +118,5 @@ notifier:
host: 127.0.0.1
port: 1025
sender: admin@example.com
disable_require_tls: true
disable_require_tls: true
...

4
internal/configuration/test_resources/config_bad_quoting.yml
View File

@ -1,3 +1,4 @@
---
host: 0.0.0.0
port: 9091
log_level: debug
@ -49,4 +50,5 @@ notifier:
password: example.com
host: smtp.gmail.com
port: 465
sender: example.com
sender: example.com
...

12
internal/configuration/test_resources/config_with_secret.yml
View File

@ -1,7 +1,4 @@
###############################################################
# Authelia configuration #
###############################################################
---
host: 127.0.0.1
port: 9091
jwt_secret: secret_from_config
@ -96,8 +93,8 @@ access_control:
session:
name: authelia_session
expiration: 3600000 # 1 hour
inactivity: 300000 # 5 minutes
expiration: 3600000 # 1 hour
inactivity: 300000 # 5 minutes
domain: example.com
redis:
host: 127.0.0.1
@ -121,4 +118,5 @@ notifier:
host: 127.0.0.1
port: 1025
sender: admin@example.com
disable_require_tls: true
disable_require_tls: true
...

8
internal/suites/ActiveDirectory/configuration.yml
View File

@ -1,3 +1,4 @@
---
###############################################################
# Authelia minimal configuration #
###############################################################
@ -36,8 +37,8 @@ authentication_backend:
session:
secret: unsecure_session_secret
domain: example.com
expiration: 3600 # 1 hour
inactivity: 300 # 5 minutes
expiration: 3600 # 1 hour
inactivity: 300 # 5 minutes
remember_me_duration: 1y
storage:
@ -69,4 +70,5 @@ notifier:
host: smtp
port: 1025
sender: admin@example.com
disable_require_tls: true
disable_require_tls: true
...

4
internal/suites/ActiveDirectory/docker-compose.yml
View File

@ -1,6 +1,8 @@
---
version: '3'
services:
authelia-backend:
volumes:
- './ActiveDirectory/configuration.yml:/config/configuration.yml:ro'
- './common/ssl:/config/ssl:ro'
- './common/ssl:/config/ssl:ro'
...

8
internal/suites/BypassAll/configuration.yml
View File

@ -1,3 +1,4 @@
---
###############################################################
# Authelia minimal configuration #
###############################################################
@ -17,8 +18,8 @@ authentication_backend:
session:
secret: unsecure_session_secret
domain: example.com
expiration: 3600 # 1 hour
inactivity: 300 # 5 minutes
expiration: 3600 # 1 hour
inactivity: 300 # 5 minutes
remember_me_duration: 1y
storage:
@ -44,4 +45,5 @@ notifier:
host: smtp
port: 1025
sender: admin@example.com
disable_require_tls: true
disable_require_tls: true
...

4
internal/suites/BypassAll/docker-compose.yml
View File

@ -1,7 +1,9 @@
---
version: '3'
services:
authelia-backend:
volumes:
- './BypassAll/configuration.yml:/config/configuration.yml:ro'
- './BypassAll/users.yml:/config/users.yml'
- './common/ssl:/config/ssl:ro'
- './common/ssl:/config/ssl:ro'
...

12
internal/suites/BypassAll/users.yml
View File

@ -1,3 +1,4 @@
---
###############################################################
# Users Database #
###############################################################
@ -8,7 +9,7 @@
users:
john:
displayname: "John Doe"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length
email: john.doe@authelia.com
groups:
- admins
@ -16,18 +17,19 @@ users:
harry:
displayname: "Harry Potter"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length
email: harry.potter@authelia.com
groups: []
bob:
displayname: "Bob Dylan"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length
email: bob.dylan@authelia.com
groups:
- dev
james:
displayname: "James Dean"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"
email: james.dean@authelia.com
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length
email: james.dean@authelia.com
...

8
internal/suites/CLI/configuration.yml
View File

@ -1,3 +1,4 @@
---
###############################################################
# Authelia minimal configuration #
###############################################################
@ -17,8 +18,8 @@ authentication_backend:
session:
secret: unsecure_session_secret
domain: example.com
expiration: 3600 # 1 hour
inactivity: 300 # 5 minutes
expiration: 3600 # 1 hour
inactivity: 300 # 5 minutes
remember_me_duration: 1y
storage:
@ -39,4 +40,5 @@ access_control:
notifier:
filesystem:
filename: /config/notification.txt
filename: /config/notification.txt
...

4
internal/suites/CLI/docker-compose.yml
View File

@ -1,7 +1,9 @@
---
version: '3'
services:
authelia-backend:
volumes:
- './CLI/configuration.yml:/config/configuration.yml:ro'
- './CLI/users.yml:/config/users.yml'
- './common/ssl:/config/ssl:ro'
- './common/ssl:/config/ssl:ro'
...

14
internal/suites/CLI/users.yml
View File

@ -1,4 +1,5 @@
###############################################################
---
##############################################################
# Users Database #
###############################################################
@ -8,7 +9,7 @@
users:
john:
displayname: "John Doe"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length
email: john.doe@authelia.com
groups:
- admins
@ -16,18 +17,19 @@ users:
harry:
displayname: "Harry Potter"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length
email: harry.potter@authelia.com
groups: []
bob:
displayname: "Bob Dylan"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length
email: bob.dylan@authelia.com
groups:
- dev
james:
displayname: "James Dean"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"
email: james.dean@authelia.com
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length
email: james.dean@authelia.com
...

8
internal/suites/Docker/configuration.yml
View File

@ -1,3 +1,4 @@
---
###############################################################
# Authelia minimal configuration #
###############################################################
@ -19,8 +20,8 @@ authentication_backend:
session:
secret: unsecure_session_secret
domain: example.com
expiration: 3600 # 1 hour
inactivity: 300 # 5 minutes
expiration: 3600 # 1 hour
inactivity: 300 # 5 minutes
remember_me_duration: 1y
storage:
@ -82,4 +83,5 @@ notifier:
host: smtp
port: 1025
sender: admin@example.com
disable_require_tls: true
disable_require_tls: true
...

4
internal/suites/Docker/docker-compose.yml
View File

@ -1,7 +1,9 @@
---
version: '3'
services:
authelia-backend:
volumes:
- './Docker/configuration.yml:/config/configuration.yml:ro'
- './Docker/users.yml:/config/users.yml'
- './common/ssl:/config/ssl:ro'
- './common/ssl:/config/ssl:ro'
...

12
internal/suites/Docker/users.yml
View File

@ -1,3 +1,4 @@
---
###############################################################
# Users Database #
###############################################################
@ -8,7 +9,7 @@
users:
john:
displayname: "John Doe"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length
email: john.doe@authelia.com
groups:
- admins
@ -16,18 +17,19 @@ users:
harry:
displayname: "Harry Potter"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length
email: harry.potter@authelia.com
groups: []
bob:
displayname: "Bob Dylan"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length
email: bob.dylan@authelia.com
groups:
- dev
james:
displayname: "James Dean"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"
email: james.dean@authelia.com
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length
email: james.dean@authelia.com
...

8
internal/suites/DuoPush/configuration.yml
View File

@ -1,3 +1,4 @@
---
###############################################################
# Authelia minimal configuration #
###############################################################
@ -19,8 +20,8 @@ authentication_backend:
session:
secret: unsecure_session_secret
domain: example.com
expiration: 3600 # 1 hour
inactivity: 300 # 5 minutes
expiration: 3600 # 1 hour
inactivity: 300 # 5 minutes
remember_me_duration: 1y
# Configuration of the storage backend used to store data and secrets. i.e. totp data
@ -98,4 +99,5 @@ regulation:
notifier:
filesystem:
filename: /tmp/notifier.html
filename: /tmp/notifier.html
...

4
internal/suites/DuoPush/docker-compose.yml
View File

@ -1,7 +1,9 @@
---
version: '3'
services:
authelia-backend:
volumes:
- './DuoPush/configuration.yml:/config/configuration.yml:ro'
- './DuoPush/users.yml:/config/users.yml'
- './common/ssl:/config/ssl:ro'
- './common/ssl:/config/ssl:ro'
...

12
internal/suites/DuoPush/users.yml
View File

@ -1,3 +1,4 @@
---
###############################################################
# Users Database #
###############################################################
@ -8,7 +9,7 @@
users:
john:
displayname: "John Doe"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length
email: john.doe@authelia.com
groups:
- admins
@ -16,18 +17,19 @@ users:
harry:
displayname: "Harry Potter"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length
email: harry.potter@authelia.com
groups: []
bob:
displayname: "Bob Dylan"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length
email: bob.dylan@authelia.com
groups:
- dev
james:
displayname: "James Dean"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"
email: james.dean@authelia.com
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length
email: james.dean@authelia.com
...

6
internal/suites/HAProxy/configuration.yml
View File

@ -1,3 +1,4 @@
---
###############################################################
# Authelia minimal configuration #
###############################################################
@ -17,8 +18,8 @@ authentication_backend:
session:
secret: unsecure_session_secret
domain: example.com
expiration: 3600 # 1 hour
inactivity: 300 # 5 minutes
expiration: 3600 # 1 hour
inactivity: 300 # 5 minutes
remember_me_duration: 1y
storage:
@ -43,3 +44,4 @@ notifier:
port: 1025
sender: admin@example.com
disable_require_tls: true
...

4
internal/suites/HAProxy/docker-compose.yml
View File

@ -1,7 +1,9 @@
---
version: '3'
services:
authelia-backend:
volumes:
- './HAProxy/configuration.yml:/config/configuration.yml:ro'
- './HAProxy/users.yml:/config/users.yml'
- './common/ssl:/config/ssl:ro'
- './common/ssl:/config/ssl:ro'
...

12
internal/suites/HAProxy/users.yml
View File

@ -1,3 +1,4 @@
---
###############################################################
# Users Database #
###############################################################
@ -8,7 +9,7 @@
users:
john:
displayname: "John Doe"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length
email: john.doe@authelia.com
groups:
- admins
@ -16,18 +17,19 @@ users:
harry:
displayname: "Harry Potter"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length
email: harry.potter@authelia.com
groups: []
bob:
displayname: "Bob Dylan"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length
email: bob.dylan@authelia.com
groups:
- dev
james:
displayname: "James Dean"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"
email: james.dean@authelia.com
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length
email: james.dean@authelia.com
...

8
internal/suites/HighAvailability/configuration.yml
View File

@ -1,3 +1,4 @@
---
###############################################################
# Authelia configuration #
###############################################################
@ -81,8 +82,8 @@ access_control:
session:
name: authelia_session
secret: unsecure_session_secret
expiration: 3600 # 1 hour
inactivity: 300 # 5 minutes
expiration: 3600 # 1 hour
inactivity: 300 # 5 minutes
domain: example.com
redis:
username: authelia
@ -118,4 +119,5 @@ notifier:
host: smtp
port: 1025
sender: admin@example.com
disable_require_tls: true
disable_require_tls: true
...

4
internal/suites/HighAvailability/docker-compose.yml
View File

@ -1,6 +1,8 @@
---
version: '3'
services:
authelia-backend:
volumes:
- './HighAvailability/configuration.yml:/config/configuration.yml:ro'
- './common/ssl:/config/ssl:ro'
- './common/ssl:/config/ssl:ro'
...

10
internal/suites/LDAP/configuration.yml
View File

@ -1,3 +1,4 @@
---
###############################################################
# Authelia minimal configuration #
###############################################################
@ -22,7 +23,7 @@ authentication_backend:
base_dn: dc=example,dc=com
username_attribute: uid
additional_users_dn: ou=users
users_filter: (&(|({username_attribute}={input})({mail_attribute}={input}))(objectClass=person)(objectClass=inetOrgPerson))
users_filter: (&(|({username_attribute}={input})({mail_attribute}={input}))(objectClass=person)(objectClass=inetOrgPerson)) # yamllint disable-line rule:line-length
additional_groups_dn: ou=groups
groups_filter: (&(member={dn})(objectclass=groupOfNames))
group_name_attribute: cn
@ -34,8 +35,8 @@ authentication_backend:
session:
secret: unsecure_session_secret
domain: example.com
expiration: 3600 # 1 hour
inactivity: 300 # 5 minutes
expiration: 3600 # 1 hour
inactivity: 300 # 5 minutes
remember_me_duration: 1y
storage:
@ -67,4 +68,5 @@ notifier:
host: smtp
port: 1025
sender: admin@example.com
disable_require_tls: true
disable_require_tls: true
...

4
internal/suites/LDAP/docker-compose.yml
View File

@ -1,6 +1,8 @@
---
version: '3'
services:
authelia-backend:
volumes:
- './LDAP/configuration.yml:/config/configuration.yml:ro'
- './common/ssl:/config/ssl:ro'
- './common/ssl:/config/ssl:ro'
...

8
internal/suites/Mariadb/configuration.yml
View File

@ -1,3 +1,4 @@
---
###############################################################
# Authelia minimal configuration #
###############################################################
@ -19,8 +20,8 @@ authentication_backend:
session:
secret: unsecure_session_secret
domain: example.com
expiration: 3600 # 1 hour
inactivity: 300 # 5 minutes
expiration: 3600 # 1 hour
inactivity: 300 # 5 minutes
remember_me_duration: 1y
# Configuration of the storage backend used to store data and secrets. i.e. totp data
@ -68,4 +69,5 @@ notifier:
host: smtp
port: 1025
sender: admin@example.com
disable_require_tls: true
disable_require_tls: true
...

4
internal/suites/Mariadb/docker-compose.yml
View File

@ -1,7 +1,9 @@
---
version: '3'
services:
authelia-backend:
volumes:
- './Mariadb/configuration.yml:/config/configuration.yml:ro'
- './Mariadb/users.yml:/config/users.yml'
- './common/ssl:/config/ssl:ro'
- './common/ssl:/config/ssl:ro'
...

12
internal/suites/Mariadb/users.yml
View File

@ -1,3 +1,4 @@
---
###############################################################
# Users Database #
###############################################################
@ -8,7 +9,7 @@
users:
john:
displayname: "John Doe"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length
email: john.doe@authelia.com
groups:
- admins
@ -16,18 +17,19 @@ users:
harry:
displayname: "Harry Potter"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length
email: harry.potter@authelia.com
groups: []
bob:
displayname: "Bob Dylan"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length
email: bob.dylan@authelia.com
groups:
- dev
james:
displayname: "James Dean"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"
email: james.dean@authelia.com
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length
email: james.dean@authelia.com
...

8
internal/suites/MySQL/configuration.yml
View File

@ -1,3 +1,4 @@
---
###############################################################
# Authelia minimal configuration #
###############################################################
@ -19,8 +20,8 @@ authentication_backend:
session:
secret: unsecure_session_secret
domain: example.com
expiration: 3600 # 1 hour
inactivity: 300 # 5 minutes
expiration: 3600 # 1 hour
inactivity: 300 # 5 minutes
remember_me_duration: 1y
# Configuration of the storage backend used to store data and secrets. i.e. totp data
@ -68,4 +69,5 @@ notifier:
host: smtp
port: 1025
sender: admin@example.com
disable_require_tls: true
disable_require_tls: true
...

4
internal/suites/MySQL/docker-compose.yml
View File

@ -1,7 +1,9 @@
---
version: '3'
services:
authelia-backend:
volumes:
- './MySQL/configuration.yml:/config/configuration.yml:ro'
- './MySQL/users.yml:/config/users.yml'
- './common/ssl:/config/ssl:ro'
- './common/ssl:/config/ssl:ro'
...

12
internal/suites/MySQL/users.yml
View File

@ -1,3 +1,4 @@
---
###############################################################
# Users Database #
###############################################################
@ -8,7 +9,7 @@
users:
john:
displayname: "John Doe"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length
email: john.doe@authelia.com
groups:
- admins
@ -16,18 +17,19 @@ users:
harry:
displayname: "Harry Potter"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length
email: harry.potter@authelia.com
groups: []
bob:
displayname: "Bob Dylan"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length
email: bob.dylan@authelia.com
groups:
- dev
james:
displayname: "James Dean"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"
email: james.dean@authelia.com
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length
email: james.dean@authelia.com
...

8
internal/suites/NetworkACL/configuration.yml
View File

@ -1,3 +1,4 @@
---
###############################################################
# Authelia minimal configuration #
###############################################################
@ -17,8 +18,8 @@ authentication_backend:
session:
secret: unsecure_session_secret
domain: example.com
expiration: 3600 # 1 hour
inactivity: 300 # 5 minutes
expiration: 3600 # 1 hour
inactivity: 300 # 5 minutes
remember_me_duration: 1y
# Configuration of the storage backend used to store data and secrets. i.e. totp data
@ -66,4 +67,5 @@ notifier:
host: smtp
port: 1025
sender: admin@example.com
disable_require_tls: true
disable_require_tls: true
...

4
internal/suites/NetworkACL/docker-compose.yml
View File

@ -1,7 +1,9 @@
---
version: '3'
services:
authelia-backend:
volumes:
- './NetworkACL/configuration.yml:/config/configuration.yml:ro'
- './NetworkACL/users.yml:/config/users.yml'
- './common/ssl:/config/ssl:ro'
- './common/ssl:/config/ssl:ro'
...

12
internal/suites/NetworkACL/users.yml
View File

@ -1,3 +1,4 @@
---
###############################################################
# Users Database #
###############################################################
@ -8,7 +9,7 @@
users:
john:
displayname: "John Doe"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length
email: john.doe@authelia.com
groups:
- admins
@ -16,18 +17,19 @@ users:
harry:
displayname: "Harry Potter"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length
email: harry.potter@authelia.com
groups: []
bob:
displayname: "Bob Dylan"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length
email: bob.dylan@authelia.com
groups:
- dev
james:
displayname: "James Dean"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"
email: james.dean@authelia.com
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length
email: james.dean@authelia.com
...

8
internal/suites/OneFactorOnly/configuration.yml
View File

@ -1,3 +1,4 @@
---
###############################################################
# Authelia minimal configuration #
###############################################################
@ -19,8 +20,8 @@ authentication_backend:
session:
secret: unsecure_session_secret
domain: example.com
expiration: 3600 # 1 hour
inactivity: 300 # 5 minutes
expiration: 3600 # 1 hour
inactivity: 300 # 5 minutes
remember_me_duration: 1y
storage:
@ -41,4 +42,5 @@ access_control:
notifier:
filesystem:
filename: /tmp/notifier.html
filename: /tmp/notifier.html
...

4
internal/suites/OneFactorOnly/docker-compose.yml
View File

@ -1,7 +1,9 @@
---
version: '3'
services:
authelia-backend:
volumes:
- './OneFactorOnly/configuration.yml:/config/configuration.yml:ro'
- './OneFactorOnly/users.yml:/config/users.yml'
- './common/ssl:/config/ssl:ro'
- './common/ssl:/config/ssl:ro'
...

12
internal/suites/OneFactorOnly/users.yml
View File

@ -1,3 +1,4 @@
---
###############################################################
# Users Database #
###############################################################
@ -8,7 +9,7 @@
users:
john:
displayname: "John Doe"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length
email: john.doe@authelia.com
groups:
- admins
@ -16,18 +17,19 @@ users:
harry:
displayname: "Harry Potter"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length
email: harry.potter@authelia.com
groups: []
bob:
displayname: "Bob Dylan"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length
email: bob.dylan@authelia.com
groups:
- dev
james:
displayname: "James Dean"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"
email: james.dean@authelia.com
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length
email: james.dean@authelia.com
...

8
internal/suites/PathPrefix/configuration.yml
View File

@ -1,3 +1,4 @@
---
###############################################################
# Authelia minimal configuration #
###############################################################
@ -20,8 +21,8 @@ authentication_backend:
session:
secret: unsecure_session_secret
domain: example.com
expiration: 3600 # 1 hour
inactivity: 300 # 5 minutes
expiration: 3600 # 1 hour
inactivity: 300 # 5 minutes
remember_me_duration: 1y
storage:
@ -45,4 +46,5 @@ notifier:
host: smtp
port: 1025
sender: admin@example.com
disable_require_tls: true
disable_require_tls: true
...

4
internal/suites/PathPrefix/docker-compose.yml
View File

@ -1,7 +1,9 @@
---
version: '3'
services:
authelia-backend:
volumes:
- './PathPrefix/configuration.yml:/config/configuration.yml:ro'
- './PathPrefix/users.yml:/config/users.yml'
- './common/ssl:/config/ssl:ro'
- './common/ssl:/config/ssl:ro'
...

12
internal/suites/PathPrefix/users.yml
View File

@ -1,3 +1,4 @@
---
###############################################################
# Users Database #
###############################################################
@ -8,7 +9,7 @@
users:
john:
displayname: "John Doe"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length
email: john.doe@authelia.com
groups:
- admins
@ -16,18 +17,19 @@ users:
harry:
displayname: "Harry Potter"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length
email: harry.potter@authelia.com
groups: []
bob:
displayname: "Bob Dylan"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length
email: bob.dylan@authelia.com
groups:
- dev
james:
displayname: "James Dean"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"
email: james.dean@authelia.com
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length
email: james.dean@authelia.com
...

8
internal/suites/Postgres/configuration.yml
View File

@ -1,3 +1,4 @@
---
###############################################################
# Authelia minimal configuration #
###############################################################
@ -19,8 +20,8 @@ authentication_backend:
session:
secret: unsecure_session_secret
domain: example.com
expiration: 3600 # 1 hour
inactivity: 300 # 5 minutes
expiration: 3600 # 1 hour
inactivity: 300 # 5 minutes
remember_me_duration: 1y
# Configuration of the storage backend used to store data and secrets. i.e. totp data
@ -68,4 +69,5 @@ notifier:
host: smtp
port: 1025
sender: admin@example.com
disable_require_tls: true
disable_require_tls: true
...

4
internal/suites/Postgres/docker-compose.yml
View File

@ -1,7 +1,9 @@
---
version: '3'
services:
authelia-backend:
volumes:
- './Postgres/configuration.yml:/config/configuration.yml:ro'
- './Postgres/users.yml:/config/users.yml'
- './common/ssl:/config/ssl:ro'
- './common/ssl:/config/ssl:ro'
...

12
internal/suites/Postgres/users.yml
View File

@ -1,3 +1,4 @@
---
###############################################################
# Users Database #
###############################################################
@ -8,7 +9,7 @@
users:
john:
displayname: "John Doe"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length
email: john.doe@authelia.com
groups:
- admins
@ -16,18 +17,19 @@ users:
harry:
displayname: "Harry Potter"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length
email: harry.potter@authelia.com
groups: []
bob:
displayname: "Bob Dylan"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length
email: bob.dylan@authelia.com
groups:
- dev
james:
displayname: "James Dean"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"
email: james.dean@authelia.com
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length
email: james.dean@authelia.com
...

4
internal/suites/ShortTimeouts/configuration.yml
View File

@ -1,3 +1,4 @@
---
###############################################################
# Authelia minimal configuration #
###############################################################
@ -73,4 +74,5 @@ notifier:
host: smtp
port: 1025
sender: admin@example.com
disable_require_tls: true
disable_require_tls: true
...

4
internal/suites/ShortTimeouts/docker-compose.yml
View File

@ -1,7 +1,9 @@
---
version: '3'
services:
authelia-backend:
volumes:
- './ShortTimeouts/configuration.yml:/config/configuration.yml:ro'
- './ShortTimeouts/users.yml:/config/users.yml'
- './common/ssl:/config/ssl:ro'
- './common/ssl:/config/ssl:ro'
...

12
internal/suites/ShortTimeouts/users.yml
View File

@ -1,3 +1,4 @@
---
###############################################################
# Users Database #
###############################################################
@ -8,7 +9,7 @@
users:
john:
displayname: "John Doe"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length
email: john.doe@authelia.com
groups:
- admins
@ -16,18 +17,19 @@ users:
harry:
displayname: "Harry Potter"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length
email: harry.potter@authelia.com
groups: []
bob:
displayname: "Bob Dylan"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length
email: bob.dylan@authelia.com
groups:
- dev
james:
displayname: "James Dean"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"
email: james.dean@authelia.com
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length
email: james.dean@authelia.com
...

8
internal/suites/Standalone/configuration.yml
View File

@ -1,3 +1,4 @@
---
###############################################################
# Authelia minimal configuration #
###############################################################
@ -14,8 +15,8 @@ authentication_backend:
session:
domain: example.com
expiration: 3600 # 1 hour
inactivity: 300 # 5 minutes
expiration: 3600 # 1 hour
inactivity: 300 # 5 minutes
remember_me_duration: 1y
storage:
@ -82,4 +83,5 @@ notifier:
host: smtp
port: 1025
sender: admin@example.com
disable_require_tls: true
disable_require_tls: true
...

4
internal/suites/Standalone/docker-compose.yml
View File

@ -1,3 +1,4 @@
---
version: '3'
services:
authelia-backend:
@ -9,4 +10,5 @@ services:
- './Standalone/users.yml:/config/users.yml'
- './common/ssl:/config/ssl:ro'
- '/tmp:/tmp'
user: ${USER_ID}:${GROUP_ID}
user: ${USER_ID}:${GROUP_ID}
...

12
internal/suites/Standalone/users.yml
View File

@ -1,3 +1,4 @@
---
###############################################################
# Users Database #
###############################################################
@ -8,7 +9,7 @@
users:
john:
displayname: "John Doe"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length
email: john.doe@authelia.com
groups:
- admins
@ -16,18 +17,19 @@ users:
harry:
displayname: "Harry Potter"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length
email: harry.potter@authelia.com
groups: []
bob:
displayname: "Bob Dylan"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length
email: bob.dylan@authelia.com
groups:
- dev
james:
displayname: "James Dean"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"
email: james.dean@authelia.com
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length
email: james.dean@authelia.com
...

8
internal/suites/Traefik/configuration.yml
View File

@ -1,3 +1,4 @@
---
###############################################################
# Authelia minimal configuration #
###############################################################
@ -17,8 +18,8 @@ authentication_backend:
session:
secret: unsecure_session_secret
domain: example.com
expiration: 3600 # 1 hour
inactivity: 300 # 5 minutes
expiration: 3600 # 1 hour
inactivity: 300 # 5 minutes
remember_me_duration: 1y
storage:
@ -42,4 +43,5 @@ notifier:
host: smtp
port: 1025
sender: admin@example.com
disable_require_tls: true
disable_require_tls: true
...

4
internal/suites/Traefik/docker-compose.yml
View File

@ -1,7 +1,9 @@
---
version: '3'
services:
authelia-backend:
volumes:
- './Traefik/configuration.yml:/config/configuration.yml:ro'
- './Traefik/users.yml:/config/users.yml'
- './common/ssl:/config/ssl:ro'
- './common/ssl:/config/ssl:ro'
...

12
internal/suites/Traefik/users.yml
View File

@ -1,3 +1,4 @@
---
###############################################################
# Users Database #
###############################################################
@ -8,7 +9,7 @@
users:
john:
displayname: "John Doe"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length
email: john.doe@authelia.com
groups:
- admins
@ -16,18 +17,19 @@ users:
harry:
displayname: "Harry Potter"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length
email: harry.potter@authelia.com
groups: []
bob:
displayname: "Bob Dylan"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length
email: bob.dylan@authelia.com
groups:
- dev
james:
displayname: "James Dean"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"
email: james.dean@authelia.com
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length
email: james.dean@authelia.com
...

8
internal/suites/Traefik2/configuration.yml
View File

@ -1,3 +1,4 @@
---
###############################################################
# Authelia minimal configuration #
###############################################################
@ -17,8 +18,8 @@ authentication_backend:
session:
secret: unsecure_session_secret
domain: example.com
expiration: 3600 # 1 hour
inactivity: 300 # 5 minutes
expiration: 3600 # 1 hour
inactivity: 300 # 5 minutes
remember_me_duration: 1y
redis:
host: redis
@ -47,4 +48,5 @@ notifier:
host: smtp
port: 1025
sender: admin@example.com
disable_require_tls: true
disable_require_tls: true
...

4
internal/suites/Traefik2/docker-compose.yml
View File

@ -1,7 +1,9 @@
---
version: '3'
services:
authelia-backend:
volumes:
- './Traefik2/configuration.yml:/config/configuration.yml:ro'
- './Traefik2/users.yml:/config/users.yml'
- './common/ssl:/config/ssl:ro'
- './common/ssl:/config/ssl:ro'
...

12
internal/suites/Traefik2/users.yml
View File

@ -1,3 +1,4 @@
---
###############################################################
# Users Database #
###############################################################
@ -8,7 +9,7 @@
users:
john:
displayname: "John Doe"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length
email: john.doe@authelia.com
groups:
- admins
@ -16,18 +17,19 @@ users:
harry:
displayname: "Harry Potter"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length
email: harry.potter@authelia.com
groups: []
bob:
displayname: "Bob Dylan"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length
email: bob.dylan@authelia.com
groups:
- dev
james:
displayname: "James Dean"
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"
email: james.dean@authelia.com
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length
email: james.dean@authelia.com
...

4
internal/suites/docker-compose.yml
View File

@ -1,7 +1,9 @@
---
version: '3'
networks:
authelianet:
driver: bridge
ipam:
config:
- subnet: 192.168.240.0/24
- subnet: 192.168.240.0/24
...

4
internal/suites/example/compose/authelia/docker-compose.backend.dev.yml
View File

@ -1,3 +1,4 @@
---
version: '3'
services:
authelia-backend:
@ -23,7 +24,7 @@ services:
- 'traefik.frontend.rule=Host:login.example.com;PathPrefix:/api'
- 'traefik.protocol=https'
# Traefik 2.x
- 'traefik.http.routers.authelia_backend.rule=Host(`login.example.com`) && PathPrefix(`/api`) || Host(`login.example.com`) && PathPrefix(`${PathPrefix}/api/`)'
- 'traefik.http.routers.authelia_backend.rule=Host(`login.example.com`) && PathPrefix(`/api`) || Host(`login.example.com`) && PathPrefix(`${PathPrefix}/api/`)' # yamllint disable-line rule:line-length
- 'traefik.http.routers.authelia_backend.entrypoints=https'
- 'traefik.http.routers.authelia_backend.tls=true'
- 'traefik.http.services.authelia_backend.loadbalancer.server.scheme=https'
@ -32,3 +33,4 @@ services:
networks:
authelianet:
ipv4_address: 192.168.240.50
...

4
internal/suites/example/compose/authelia/docker-compose.backend.dist.yml
View File

@ -1,3 +1,4 @@
---
version: '3'
services:
authelia-backend:
@ -7,7 +8,7 @@ services:
- 'traefik.frontend.rule=Host:login.example.com;PathPrefix:/api'
- 'traefik.protocol=https'
# Traefik 2.x
- 'traefik.http.routers.authelia_backend.rule=Host(`login.example.com`) && PathPrefix(`/api`) || Host(`login.example.com`) && PathPrefix(`${PathPrefix}/api/`)'
- 'traefik.http.routers.authelia_backend.rule=Host(`login.example.com`) && PathPrefix(`/api`) || Host(`login.example.com`) && PathPrefix(`${PathPrefix}/api/`)' # yamllint disable-line rule:line-length
- 'traefik.http.routers.authelia_backend.entrypoints=https'
- 'traefik.http.routers.authelia_backend.tls=true'
- 'traefik.http.services.authelia_backend.loadbalancer.server.scheme=https'
@ -19,3 +20,4 @@ services:
networks:
authelianet:
ipv4_address: 192.168.240.50
...

4
internal/suites/example/compose/authelia/docker-compose.frontend.dev.yml
View File

@ -1,3 +1,4 @@
---
version: '3'
services:
authelia-frontend:
@ -17,10 +18,11 @@ services:
# Traefik 1.x
- 'traefik.frontend.rule=Host:login.example.com'
# Traefik 2.x
- 'traefik.http.routers.authelia_frontend.rule=Host(`login.example.com`) || Host(`login.example.com`) && PathPrefix(`${PathPrefix}/`)'
- 'traefik.http.routers.authelia_frontend.rule=Host(`login.example.com`) || Host(`login.example.com`) && PathPrefix(`${PathPrefix}/`)' # yamllint disable-line rule:line-length
- 'traefik.http.routers.authelia_frontend.entrypoints=https'
- 'traefik.http.routers.authelia_frontend.tls=true'
environment:
- PUBLIC_URL=${PathPrefix}
networks:
- authelianet
...

4
internal/suites/example/compose/authelia/docker-compose.frontend.dist.yml
View File

@ -1,3 +1,4 @@
---
version: '3'
services:
authelia-frontend:
@ -8,7 +9,7 @@ services:
# Traefik 1.x
- 'traefik.frontend.rule=Host:login.example.com'
# Traefik 2.x
- 'traefik.http.routers.authelia_frontend.rule=Host(`login.example.com`) || Host(`login.example.com`) && PathPrefix(`${PathPrefix}/`)'
- 'traefik.http.routers.authelia_frontend.rule=Host(`login.example.com`) || Host(`login.example.com`) && PathPrefix(`${PathPrefix}/`)' # yamllint disable-line rule:line-length
- 'traefik.http.routers.authelia_frontend.entrypoints=https'
- 'traefik.http.routers.authelia_frontend.tls=true'
- 'traefik.http.services.authelia_frontend.loadbalancer.server.port=3000'
@ -16,3 +17,4 @@ services:
- authelianet
expose:
- 3000
...

4
internal/suites/example/compose/duo-api/docker-compose.yml
View File

@ -1,7 +1,9 @@
---
version: '3'
services:
duo-api:
build:
context: ./example/compose/duo-api
networks:
- authelianet
- authelianet
...

4
internal/suites/example/compose/haproxy/docker-compose.yml
View File

@ -1,3 +1,4 @@
---
version: '3'
services:
haproxy:
@ -9,4 +10,5 @@ services:
networks:
authelianet:
# Set the IP to be able to query on port 8080
ipv4_address: 192.168.240.100
ipv4_address: 192.168.240.100
...

2
internal/suites/example/compose/httpbin/docker-compose.yml
View File

@ -1,3 +1,4 @@
---
version: '3'
services:
httpbin:
@ -17,3 +18,4 @@ services:
- 'traefik.http.routers.httpbin.priority=150'
- 'traefik.http.routers.httpbin.tls=true'
- 'traefik.http.routers.httpbin.middlewares=authelia@docker'
...

5
internal/suites/example/compose/kind/config.yml
View File

@ -1,6 +1,9 @@
---
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
containerdConfigPatches:
# yamllint disable-line rule:indentation
- |-
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."registrycache.internal:5000"]
endpoint = ["http://registrycache.internal:5000"]
endpoint = ["http://registrycache.internal:5000"]
...

4
internal/suites/example/compose/kind/docker-compose.yml
View File

@ -1,3 +1,4 @@
---
version: '3'
services:
authelia-kind-proxy:
@ -39,4 +40,5 @@ services:
ipv4_address: 192.168.240.110
volumes:
kind-volume:
kind-volume: # yamllint disable-line rule:empty-values
...

2
internal/suites/example/compose/ldap/docker-compose.admin.yml
View File

@ -1,3 +1,4 @@
---
version: '3'
services:
openldap-admin:
@ -9,3 +10,4 @@ services:
- PHPLDAPADMIN_HTTPS=false
networks:
- authelianet
...

4
internal/suites/example/compose/ldap/docker-compose.yml
View File

@ -1,3 +1,4 @@
---
version: '3'
services:
openldap:
@ -19,4 +20,5 @@ services:
- '--loglevel'
- 'debug'
networks:
- authelianet
- authelianet
...

4
internal/suites/example/compose/mariadb/docker-compose.yml
View File

@ -1,3 +1,4 @@
---
version: '3'
services:
mariadb:
@ -8,4 +9,5 @@ services:
- MYSQL_PASSWORD=password
- MYSQL_DATABASE=authelia
networks:
- authelianet
- authelianet
...

4
internal/suites/example/compose/mysql/docker-compose.yml
View File

@ -1,3 +1,4 @@
---
version: '3'
services:
mysql:
@ -8,4 +9,5 @@ services:
- MYSQL_PASSWORD=password
- MYSQL_DATABASE=authelia
networks:
- authelianet
- authelianet
...

24
internal/suites/example/compose/nginx/backend/docker-compose.yml
View File

@ -1,19 +1,23 @@
---
version: '3'
services:
nginx-backend:
image: nginx:alpine
labels:
- 'traefik.frontend.rule=Host:home.example.com,public.example.com,secure.example.com,admin.example.com,singlefactor.example.com' # Traefik 1.x
- 'traefik.frontend.auth.forward.address=https://authelia-backend:9091/api/verify?rd=https://login.example.com:8080' # Traefik 1.x
- 'traefik.frontend.auth.forward.tls.insecureSkipVerify=true' # Traefik 1.x
- 'traefik.frontend.auth.forward.trustForwardHeader=true' # Traefik 1.x
- 'traefik.frontend.auth.forward.authResponseHeaders=Remote-User, Remote-Groups, Remote-Name, Remote-Email' # Traefik 1.x
- 'traefik.http.routers.protectedapps.rule=Host(`home.example.com`, `public.example.com`, `secure.example.com`, `admin.example.com`, `singlefactor.example.com`)' # Traefik 2.x
- 'traefik.http.routers.protectedapps.entrypoints=https' # Traefik 2.x
- 'traefik.http.routers.protectedapps.tls=true' # Traefik 2.x
- 'traefik.http.routers.protectedapps.middlewares=authelia@docker' # Traefik 2.x
# Traefik 1.x
- 'traefik.frontend.rule=Host:home.example.com,public.example.com,secure.example.com,admin.example.com,singlefactor.example.com' # yamllint disable-line rule:line-length
- 'traefik.frontend.auth.forward.address=https://authelia-backend:9091/api/verify?rd=https://login.example.com:8080' # yamllint disable-line rule:line-length
- 'traefik.frontend.auth.forward.tls.insecureSkipVerify=true'
- 'traefik.frontend.auth.forward.trustForwardHeader=true'
- 'traefik.frontend.auth.forward.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email'
# Traefik 2.x
- 'traefik.http.routers.protectedapps.rule=Host(`home.example.com`,`public.example.com`,`secure.example.com`,`admin.example.com`,`singlefactor.example.com`)' # yamllint disable-line rule:line-length
- 'traefik.http.routers.protectedapps.entrypoints=https'
- 'traefik.http.routers.protectedapps.tls=true'
- 'traefik.http.routers.protectedapps.middlewares=authelia@docker'
volumes:
- ./example/compose/nginx/backend/html:/usr/share/nginx/html
- ./example/compose/nginx/backend/nginx.conf:/etc/nginx/nginx.conf
networks:
- authelianet
- authelianet
...

2
internal/suites/example/compose/nginx/portal/docker-compose.yml
View File

@ -1,3 +1,4 @@
---
version: '3'
services:
nginx-portal:
@ -14,3 +15,4 @@ services:
- duo.example.com
# Set the IP to be able to query on port 443
ipv4_address: 192.168.240.100
...

4
internal/suites/example/compose/postgres/docker-compose.yml
View File

@ -1,3 +1,4 @@
---
version: "3"
services:
postgres:
@ -7,4 +8,5 @@ services:
- POSTGRES_USER=admin
- POSTGRES_DB=authelia
networks:
- authelianet
- authelianet
...

4
internal/suites/example/compose/redis-sentinel/docker-compose.yml
View File

@ -1,3 +1,4 @@
---
version: '3'
services:
redis-node-0:
@ -93,4 +94,5 @@ services:
authelianet:
aliases:
- redis-sentinel-2.example.com
ipv4_address: 192.168.240.122
ipv4_address: 192.168.240.122
...

4
internal/suites/example/compose/redis/docker-compose.yml
View File

@ -1,3 +1,4 @@
---
version: '3'
services:
redis:
@ -10,4 +11,5 @@ services:
- ./example/compose/redis/users.acl:/data/users.acl
- ./example/compose/redis/entrypoint.sh:/entrypoint.sh
networks:
- authelianet
- authelianet
...

4
internal/suites/example/compose/samba/docker-compose.yml
View File

@ -1,3 +1,4 @@
---
version: '3'
services:
sambaldap:
@ -11,4 +12,5 @@ services:
- DOMAINPASS=Password1
- NOCOMPLEXITY=true
networks:
- authelianet
- authelianet
...

4
internal/suites/example/compose/smtp/docker-compose.yml
View File

@ -1,3 +1,4 @@
---
version: '3'
services:
smtp:
@ -12,4 +13,5 @@ services:
- 'traefik.http.routers.mail.tls=true'
- 'traefik.http.services.mail.loadbalancer.server.port=1080'
networks:
- authelianet
- authelianet
...

4
internal/suites/example/compose/squid/docker-compose.yml
View File

@ -1,3 +1,4 @@
---
version: '3'
services:
# Simulates client 1.
@ -16,4 +17,5 @@ services:
networks:
authelianet:
# Set the IP to be able to query on port 443
ipv4_address: 192.168.240.202
ipv4_address: 192.168.240.202
...

4
internal/suites/example/compose/traefik/docker-compose.yml
View File

@ -1,3 +1,4 @@
---
version: '3'
services:
traefik:
@ -21,4 +22,5 @@ services:
networks:
authelianet:
# Set the IP to be able to query on port 8080
ipv4_address: 192.168.240.100
ipv4_address: 192.168.240.100
...

13
internal/suites/example/compose/traefik2/docker-compose.yml
View File

@ -1,3 +1,4 @@
---
version: '3'
services:
traefik:
@ -9,10 +10,11 @@ services:
- 'traefik.http.routers.api.entrypoints=https'
- 'traefik.http.routers.api.service=api@internal'
- 'traefik.http.routers.api.tls=true'
- 'traefik.http.middlewares.authelia.forwardauth.address=https://authelia-backend:9091${PathPrefix}/api/verify?rd=https://login.example.com:8080${PathPrefix}' # Traefik 2.x
- 'traefik.http.middlewares.authelia.forwardauth.tls.insecureSkipVerify=true' # Traefik 2.x
- 'traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true' # Traefik 2.x
- 'traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User, Remote-Groups, Remote-Name, Remote-Email' # Traefik 2.x
# Traefik 2.x
- 'traefik.http.middlewares.authelia.forwardauth.address=https://authelia-backend:9091${PathPrefix}/api/verify?rd=https://login.example.com:8080${PathPrefix}' # yamllint disable-line rule:line-length
- 'traefik.http.middlewares.authelia.forwardauth.tls.insecureSkipVerify=true'
- 'traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true'
- 'traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User, Remote-Groups, Remote-Name, Remote-Email' # yamllint disable-line rule:line-length
command:
- '--api'
- '--providers.docker=true'
@ -25,4 +27,5 @@ services:
networks:
authelianet:
# Set the IP to be able to query on port 8080
ipv4_address: 192.168.240.100
ipv4_address: 192.168.240.100
...

59
internal/suites/example/kube/apps/apps.yml
View File

@ -17,34 +17,34 @@ spec:
app: test-app
spec:
containers:
- name: test-app
image: nginx:alpine
command: ["/entrypoint.sh"]
ports:
- containerPort: 80
volumeMounts:
- name: config-volume
mountPath: /entrypoint.sh
subPath: entrypoint.sh
- name: config-volume
mountPath: /etc/nginx/nginx.conf
subPath: nginx.conf
- name: config-volume
mountPath: /tmp/html.tar.gz
subPath: html.tar.gz
- name: test-app
image: nginx:alpine
command: ["/entrypoint.sh"]
ports:
- containerPort: 80
volumeMounts:
- name: config-volume
mountPath: /entrypoint.sh
subPath: entrypoint.sh
- name: config-volume
mountPath: /etc/nginx/nginx.conf
subPath: nginx.conf
- name: config-volume
mountPath: /tmp/html.tar.gz
subPath: html.tar.gz
volumes:
- name: config-volume
configMap:
name: nginx-config
items:
- key: entrypoint.sh
path: entrypoint.sh
mode: 0755
- key: nginx.conf
path: nginx.conf
- key: html.tar.gz
path: html.tar.gz
- name: config-volume
configMap:
name: nginx-config
items:
- key: entrypoint.sh
path: entrypoint.sh
mode: 0755 # yamllint disable-line rule:octal-values
- key: nginx.conf
path: nginx.conf
- key: html.tar.gz
path: html.tar.gz
...
---
apiVersion: v1
kind: Service
@ -61,7 +61,7 @@ spec:
name: http
- port: 443
name: https
...
---
apiVersion: extensions/v1beta1
kind: Ingress
@ -85,7 +85,7 @@ spec:
backend:
serviceName: test-app-service
servicePort: 80
...
---
apiVersion: extensions/v1beta1
kind: Ingress
@ -151,3 +151,4 @@ spec:
backend:
serviceName: test-app-service
servicePort: 80
...

8
internal/suites/example/kube/authelia/configs/configuration.yml
View File

@ -1,3 +1,4 @@
---
###############################################################
# Authelia configuration #
###############################################################
@ -78,8 +79,8 @@ access_control:
policy: two_factor
session:
expiration: 3600 # 1 hour
inactivity: 300 # 5 minutes
expiration: 3600 # 1 hour
inactivity: 300 # 5 minutes
remember_me_duration: 1y
domain: example.com
redis:
@ -103,4 +104,5 @@ notifier:
host: "mailcatcher-service"
port: 1025
sender: admin@example.com
disable_require_tls: true
disable_require_tls: true
...

3
internal/suites/example/kube/authelia/deployment.yml
View File

@ -68,4 +68,5 @@ spec:
- key: sql_password
path: sql_password
- key: ldap_password
path: ldap_password
path: ldap_password
...

21
internal/suites/example/kube/authelia/ingress.yml
View File

@ -9,14 +9,15 @@ metadata:
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
spec:
tls:
- secretName: authelia-tls
hosts:
- login.example.com
- secretName: authelia-tls
hosts:
- login.example.com
rules:
- host: login.example.com
http:
paths:
- path: /
backend:
serviceName: authelia-service
servicePort: 443
- host: login.example.com
http:
paths:
- path: /
backend:
serviceName: authelia-service
servicePort: 443
...

9
internal/suites/example/kube/authelia/secret.yml
View File

@ -8,7 +8,8 @@ metadata:
labels:
app: authelia
data:
jwt_secret: YW5fdW5zZWN1cmVfc2VjcmV0 #an_unsecure_secret
ldap_password: cGFzc3dvcmQ= #password
session: dW5zZWN1cmVfcGFzc3dvcmQ= #unsecure_password
sql_password: cGFzc3dvcmQ= #password
jwt_secret: YW5fdW5zZWN1cmVfc2VjcmV0 # an_unsecure_secret
ldap_password: cGFzc3dvcmQ= # password
session: dW5zZWN1cmVfcGFzc3dvcmQ= # unsecure_password
sql_password: cGFzc3dvcmQ= # password
...

7
internal/suites/example/kube/authelia/service.yml
View File

@ -8,6 +8,7 @@ spec:
selector:
app: authelia
ports:
- protocol: TCP
port: 443
targetPort: 443
- protocol: TCP
port: 443
targetPort: 443
...

9
internal/suites/example/kube/dashboard.yml
View File

@ -4,7 +4,7 @@ kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard
...
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
@ -15,6 +15,7 @@ roleRef:
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard
...

39
internal/suites/example/kube/ingress-controller/deployment.yml
View File

@ -23,22 +23,23 @@ spec:
terminationGracePeriodSeconds: 60
serviceAccountName: nginx-ingress-controller-serviceaccount
containers:
- image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.23.0
name: nginx-ingress-controller
imagePullPolicy: Always
ports:
- containerPort: 80
- containerPort: 443
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
args:
- /nginx-ingress-controller
- --ingress-class=nginx
- --election-id=ingress-controller-leader
- image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.23.0
name: nginx-ingress-controller
imagePullPolicy: Always
ports:
- containerPort: 80
- containerPort: 443
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
args:
- /nginx-ingress-controller
- --ingress-class=nginx
- --election-id=ingress-controller-leader
...

12
internal/suites/example/kube/ingress-controller/rbac.yml
View File

@ -1,3 +1,4 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:
@ -5,7 +6,7 @@ metadata:
namespace: authelia
labels:
app: nginx-ingress-controller
...
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
@ -60,7 +61,7 @@ rules:
- ingresses/status
verbs:
- update
...
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
@ -104,7 +105,7 @@ rules:
- endpoints
verbs:
- get
...
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
@ -121,7 +122,7 @@ subjects:
- kind: ServiceAccount
name: nginx-ingress-controller-serviceaccount
namespace: authelia
...
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
@ -137,5 +138,4 @@ subjects:
- kind: ServiceAccount
name: nginx-ingress-controller-serviceaccount
namespace: authelia
---
...

Some files were not shown because too many files have changed in this diff Show More