mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
ff7f9a50ab
* [FEATURE] Docker simplification and configuration generation The Authelia binary now will attempt to generate configuration based on the latest template assuming that the config location specified on startup does not exist. If a file based backend is selected and the backend cannot be found similarly it will generate a `user_database.yml` based a template. This will allow more seamless bootstrapping of an environment no matter the deployment method. We have also squashed the Docker volume requirement down to just `/config` thus removing the requirement for `/var/lib/authelia` this is primarily in attempts to simplify the Docker deployment. Users with the old volume mappings have two options: 1. Change their mappings to conform to `/config` 2. Change the container entrypoint from `authelia --config /config/configuration.yml` to their old mapping * Adjust paths relative to `/etc/authelia` and simplify to single volume for compose * Add generation for file backend based user database * Refactor Docker volumes and paths to /config * Refactor Docker WORKDIR to /app * Fix integration tests * Update BREAKING.md for v4.20.0 * Run go mod tidy * Fix log_file_path in miscellaneous.md docs * Generate config and userdb with 0600 permissions * Fix log_file_path in config.template.yml
65 lines
1.7 KiB
YAML
65 lines
1.7 KiB
YAML
###############################################################
|
|
# Authelia configuration #
|
|
###############################################################
|
|
|
|
host: 0.0.0.0
|
|
port: 9091
|
|
log_level: debug
|
|
# This secret can also be set using the env variables AUTHELIA_JWT_SECRET_FILE
|
|
jwt_secret: a_very_important_secret
|
|
default_redirection_url: https://public.example.com
|
|
totp:
|
|
issuer: authelia.com
|
|
|
|
#duo_api:
|
|
# hostname: api-123456789.example.com
|
|
# integration_key: ABCDEF
|
|
# # This secret can also be set using the env variables AUTHELIA_DUO_API_SECRET_KEY_FILE
|
|
# secret_key: 1234567890abcdefghifjkl
|
|
|
|
authentication_backend:
|
|
file:
|
|
path: /config/users_database.yml
|
|
|
|
access_control:
|
|
default_policy: deny
|
|
rules:
|
|
# Rules applied to everyone
|
|
- domain: public.example.com
|
|
policy: bypass
|
|
- domain: traefik.example.com
|
|
policy: one_factor
|
|
- domain: secure.example.com
|
|
policy: two_factor
|
|
|
|
session:
|
|
name: authelia_session
|
|
# This secret can also be set using the env variables AUTHELIA_SESSION_SECRET_FILE
|
|
secret: unsecure_session_secret
|
|
expiration: 3600 # 1 hour
|
|
inactivity: 300 # 5 minutes
|
|
domain: example.com # Should match whatever your root protected domain is
|
|
|
|
redis:
|
|
host: redis
|
|
port: 6379
|
|
# This secret can also be set using the env variables AUTHELIA_SESSION_REDIS_PASSWORD_FILE
|
|
# password: authelia
|
|
|
|
regulation:
|
|
max_retries: 3
|
|
find_time: 120
|
|
ban_time: 300
|
|
|
|
storage:
|
|
local:
|
|
path: /config/db.sqlite3
|
|
|
|
notifier:
|
|
smtp:
|
|
username: test
|
|
# This secret can also be set using the env variables AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE
|
|
password: password
|
|
host: mail.example.com
|
|
port: 25
|
|
sender: admin@example.com |