mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
29a900226d
* add new directive in the global scope `certificates_directory` which is used to bulk load certs and trust them in Authelia * this is in ADDITION to system certs and are trusted by both LDAP and SMTP * added a shared TLSConfig struct to be used by both SMTP and LDAP, and anything else in the future that requires tuning the TLS * remove usage of deprecated LDAP funcs Dial and DialTLS in favor of DialURL which is also easier to use * use the server name from LDAP URL or SMTP host when validating the certificate unless otherwise defined in the TLS section * added temporary translations from the old names to the new ones for all deprecated options * added docs * updated example configuration * final deprecations to be done in 4.28.0 * doc updates * fix misc linting issues * uniform deprecation notices for ease of final removal * added additional tests covering previously uncovered areas and the new configuration options * add non-fatal to certificate loading when system certs could not be loaded * adjust timeout of Suite ShortTimeouts * add warnings pusher for the StructValidator * make the schema suites uninform * utilize the warnings in the StructValidator * fix test suite usage for skip_verify * extract LDAP filter parsing into it's own function to make it possible to test * test LDAP filter parsing * update ErrorContainer interface * add tests to the StructValidator * add NewTLSConfig test * move baseDN for users/groups into parsed values * add tests to cover many of the outstanding areas in LDAP * add explicit deferred LDAP conn close to UpdatePassword * add some basic testing to SMTP notifier * suggestions from code review
79 lines
3.4 KiB
Markdown
79 lines
3.4 KiB
Markdown
---
|
|
layout: default
|
|
title: Configuration
|
|
nav_order: 4
|
|
has_children: true
|
|
---
|
|
|
|
# Configuration
|
|
|
|
Authelia uses a YAML file as configuration file. A template with all possible
|
|
options can be found [here](https://github.com/authelia/authelia/blob/master/config.template.yml), at the root of the repository.
|
|
|
|
When running **Authelia**, you can specify your configuration by passing
|
|
the file path as shown below.
|
|
|
|
$ authelia --config config.custom.yml
|
|
|
|
|
|
## Validation
|
|
|
|
Authelia validates the configuration when it starts. This process checks multiple factors including configuration keys
|
|
that don't exist, configuration keys that have changed, the values of the keys are valid, and that a configuration
|
|
key isn't supplied at the same time as a secret for the same configuration option.
|
|
|
|
You may also optionally validate your configuration against this validation process manually by using the validate-config
|
|
option with the Authelia binary as shown below. Keep in mind if you're using [secrets](./secrets.md) you will have to
|
|
manually provide these if you don't want to get certain validation errors (specifically requesting you provide one of
|
|
the secret values). You can choose to ignore them if you know what you're doing. This command is useful prior to
|
|
upgrading to prevent configuration changes from impacting downtime in an upgrade. This process does not validate
|
|
integrations, it only checks that your configuration syntax is valid.
|
|
|
|
$ authelia validate-config configuration.yml
|
|
|
|
|
|
## Duration Notation Format
|
|
|
|
We have implemented a string based notation for configuration options that take a duration. This section describes its
|
|
usage. You can use this implementation in: session for expiration, inactivity, and remember_me_duration; and regulation
|
|
for ban_time, and find_time. This notation also supports just providing the number of seconds instead.
|
|
|
|
The notation is comprised of a number which must be positive and not have leading zeros, followed by a letter
|
|
denoting the unit of time measurement. The table below describes the units of time and the associated letter.
|
|
|
|
|Unit |Associated Letter|
|
|
|:-----:|:---------------:|
|
|
|Years |y |
|
|
|Months |M |
|
|
|Weeks |w |
|
|
|Days |d |
|
|
|Hours |h |
|
|
|Minutes|m |
|
|
|Seconds|s |
|
|
|
|
Examples:
|
|
* 1 hour and 30 minutes: 90m
|
|
* 1 day: 1d
|
|
* 10 hours: 10h
|
|
|
|
## TLS Configuration
|
|
|
|
Various sections of the configuration use a uniform configuration section called TLS. Notably LDAP and SMTP.
|
|
This section documents the usage.
|
|
|
|
### Server Name
|
|
|
|
The key `server_name` overrides the name checked against the certificate in the verification process. Useful if you
|
|
require to use a direct IP address for the address of the backend service but want to verify a specific SNI.
|
|
|
|
### Skip Verify
|
|
|
|
The key `skip_verify` completely negates validating the certificate of the backend service. This is not recommended,
|
|
instead you should tweak the `server_name` option, and the global option [certificates_directory](./miscellaneous.md#certificates-directory).
|
|
|
|
### Minimum Version
|
|
|
|
The key `minimum_version` controls the minimum TLS version Authelia will use when opening TLS connections.
|
|
The possible values are `TLS1.3`, `TLS1.2`, `TLS1.1`, `TLS1.0`. Anything other than `TLS1.3` or `TLS1.2`
|
|
are very old and deprecated. You should avoid using these and upgrade your backend service instead of decreasing
|
|
this value. |