techies/authelia
1
0
Fork 0
mirror of https://github.com/0rangebananaspy/authelia.git synced 2024-09-14 22:47:21 +07:00
Code Issues Projects Releases Wiki Activity
36c2730e3a
authelia/internal/suites/HighAvailability/configuration.yml
James Elliott a3b14871ba
perf(authentication): improve ldap dynamic replacement performance (#2239) 
This change means we only check the filters for the existence of placeholders that cannot be replaced at startup. We then utilized cached results of that lookup for subsequent replacements.
2021-08-05 14:17:07 +10:00

127 lines
2.8 KiB
YAML
Raw Blame History

---
###############################################################
# Authelia configuration #
###############################################################
jwt_secret: unsecure_secret
server:
port: 9091
tls:
certificate: /config/ssl/cert.pem
key: /config/ssl/key.pem
log:
level: debug
totp:
issuer: authelia.com
authentication_backend:
ldap:
url: ldap://openldap
base_dn: dc=example,dc=com
username_attribute: uid
additional_users_dn: ou=users
users_filter: (&({username_attribute}={input})(objectClass=person))
additional_groups_dn: ou=groups
groups_filter: (&(member={dn})(objectClass=groupOfNames))
group_name_attribute: cn
mail_attribute: mail
display_name_attribute: displayName
user: cn=admin,dc=example,dc=com
password: password
access_control:
default_policy: deny
rules:
# Rules applied to everyone
- domain: public.example.com
policy: bypass
- domain: secure.example.com
policy: two_factor
- domain: singlefactor.example.com
policy: one_factor
# Rules applied to 'admins' group
- domain: mx2.mail.example.com
subject: "group:admins"
policy: deny
# Rules applied to user 'john'
- domain: "*.example.com"
subject: "user:john"
policy: two_factor
- domain: "*.example.com"
subject: "group:admins"
policy: two_factor
# Rules applied to 'dev' group
- domain: dev.example.com
resources:
- "^/groups/dev/.*$"
subject: "group:dev"
policy: two_factor
# Rules applied to user 'harry'
- domain: dev.example.com
resources:
- "^/users/harry/.*$"
subject: "user:harry"
policy: two_factor
# Rules applied to user 'bob'
- domain: "*.mail.example.com"
subject: "user:bob"
policy: two_factor
- domain: "dev.example.com"
resources:
- "^/users/bob/.*$"
subject: "user:bob"
policy: two_factor
session:
name: authelia_session
secret: unsecure_session_secret
expiration: 3600 # 1 hour
inactivity: 300 # 5 minutes
domain: example.com
redis:
username: authelia
password: redis-user-password
high_availability:
sentinel_name: authelia
sentinel_password: sentinel-server-password
nodes:
- host: redis-sentinel-0
port: 26379
- host: redis-sentinel-1
port: 26379
- host: redis-sentinel-2
port: 26379
remember_me_duration: 1y
regulation:
max_retries: 3
find_time: 8
ban_time: 10
storage:
mysql:
host: mariadb
port: 3306
database: authelia
username: admin
password: password
notifier:
smtp:
host: smtp
port: 1025
sender: admin@example.com
disable_require_tls: true
...
Reference in New Issue View Git Blame Copy Permalink