This change adjusts several global options moving them into the server block. It additionally notes other breaking changes in the configuration. BREAKING CHANGE: Several configuration options have been changed and moved into other sections. Migration instructions are documented here: https://authelia.com/docs/configuration/migration.html#4.30.0
4.2 KiB
layout | title | parent | nav_order |
---|---|---|---|
default | Server | Configuration | 11 |
Server
The server section configures and tunes the http server module Authelia uses.
Configuration
server:
host: 0.0.0.0
port: 9091
read_buffer_size: 4096
write_buffer_size: 4096
path: ""
enable_pprof: false
enable_expvars: false
tls:
key: ""
certificate: ""
Options
host
Defines the address to listen on. See also port. Should typically be 0.0.0.0
or 127.0.0.1
, the former for
containerized environments and the later for daemonized environments like init.d and systemd.
Note: If utilising an IPv6 literal address it must be enclosed by square brackets and quoted:
host: "[fd00:1111:2222:3333::1]"
port
Defines the port to listen on. See also host.
read_buffer_size
Configures the maximum request size. The default of 4096 is generally sufficient for most use cases.
write_buffer_size
Configures the maximum response size. The default of 4096 is generally sufficient for most use cases.
path
Authelia by default is served from the root /
location, either via its own domain or subdomain.
Modifying this setting will allow you to serve Authelia out from a specified base path. Please note that currently only a single level path is supported meaning slashes are not allowed, and only alphanumeric characters are supported.
Example: https://auth.example.com/, https://example.com/
server:
path: ""
Example: https://auth.example.com/authelia/, https://example.com/authelia/
server:
path: authelia
enable_pprof
Enables the go pprof endpoints.
enable_expvars
Enables the go expvars endpoints.
tls
Authelia typically listens for plain unencrypted connections. This is by design as most environments allow to security on lower areas of the OSI model. However it required, if you specify both the tls key and tls certificate options, Authelia will listen for TLS connections.
key
The path to the private key for TLS connections. Must be in DER base64/PEM format.
certificate
The path to the public certificate for TLS connections. Must be in DER base64/PEM format.
Additional Notes
Buffer Sizes
The read and write buffer sizes generally should be the same. This is because when Authelia verifies if the user is authorized to visit a URL, it also sends back nearly the same size response as the request. However you're able to tune these individually depending on your needs.