mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
d33d6c2f00
This change implements yamllint and adjusts all yaml files to abide by our linting setup. This excludes config.template.yml as this will be done in an alternate commit.
88 lines
1.8 KiB
YAML
88 lines
1.8 KiB
YAML
---
|
|
###############################################################
|
|
# Authelia minimal configuration #
|
|
###############################################################
|
|
|
|
port: 9091
|
|
tls_cert: /config/ssl/cert.pem
|
|
tls_key: /config/ssl/key.pem
|
|
|
|
log_level: debug
|
|
|
|
default_redirection_url: https://home.example.com:8080/
|
|
|
|
jwt_secret: very_important_secret
|
|
|
|
authentication_backend:
|
|
file:
|
|
path: /config/users.yml
|
|
|
|
session:
|
|
secret: unsecure_session_secret
|
|
domain: example.com
|
|
expiration: 3600 # 1 hour
|
|
inactivity: 300 # 5 minutes
|
|
remember_me_duration: 1y
|
|
|
|
storage:
|
|
local:
|
|
path: /config/db.sqlite3
|
|
|
|
totp:
|
|
issuer: example.com
|
|
|
|
access_control:
|
|
default_policy: deny
|
|
|
|
rules:
|
|
- domain: singlefactor.example.com
|
|
policy: one_factor
|
|
|
|
- domain: public.example.com
|
|
policy: bypass
|
|
|
|
- domain: secure.example.com
|
|
policy: two_factor
|
|
|
|
- domain: "*.example.com"
|
|
subject: "group:admins"
|
|
policy: two_factor
|
|
|
|
- domain: dev.example.com
|
|
resources:
|
|
- "^/users/john/.*$"
|
|
subject: "user:john"
|
|
policy: two_factor
|
|
|
|
- domain: dev.example.com
|
|
resources:
|
|
- "^/users/harry/.*$"
|
|
subject: "user:harry"
|
|
policy: two_factor
|
|
|
|
- domain: "*.mail.example.com"
|
|
subject: "user:bob"
|
|
policy: two_factor
|
|
|
|
- domain: dev.example.com
|
|
resources:
|
|
- "^/users/bob/.*$"
|
|
subject: "user:bob"
|
|
policy: two_factor
|
|
|
|
regulation:
|
|
# Set it to 0 to disable max_retries.
|
|
max_retries: 3
|
|
# The user is banned if the authentication failed `max_retries` times in a `find_time` seconds window.
|
|
find_time: 300
|
|
# The length of time before a banned user can login again.
|
|
ban_time: 900
|
|
|
|
notifier:
|
|
smtp:
|
|
host: smtp
|
|
port: 1025
|
|
sender: admin@example.com
|
|
disable_require_tls: true
|
|
...
|