mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
08e674b62f
Updated all links to use https://www.authelia.com/docs/. Removed all comment sections from documented configuration on the documentation site and replaced them with their own sections. Made all documentation inside config.template.yml double hashes, and made all commented configuration sections single quoted. Added .yamllint.yaml to express our desired YAML styles. Added a style guide. Refactored many documentation areas to be 120 char widths where possible. It's by no means exhaustive but is a large start. Added a statelessness guide for the pending Kubernetes chart introduction. Added labels to configuration documentation and made many areas uniform.
200 lines
5.6 KiB
Markdown
200 lines
5.6 KiB
Markdown
---
|
|
layout: default
|
|
title: Miscellaneous
|
|
parent: Configuration
|
|
nav_order: 3
|
|
---
|
|
|
|
# Miscellaneous
|
|
|
|
Here are the main customizable options in Authelia.
|
|
|
|
## Host & Port
|
|
|
|
```yaml
|
|
host: 0.0.0.0
|
|
port: 9091
|
|
```
|
|
|
|
### host
|
|
<div markdown="1">
|
|
type: string
|
|
{: .label .label-config .label-purple }
|
|
default: 0.0.0.0
|
|
{: .label .label-config .label-blue }
|
|
required: no
|
|
{: .label .label-config .label-green }
|
|
</div>
|
|
|
|
Defines the address to listen on. See also [port](#port). Should typically be `0.0.0.0` or `127.0.0.1`, the former for
|
|
containerized environments and the later for daemonized environments like init.d and systemd.
|
|
|
|
Note: If utilising an IPv6 literal address it must be enclosed by square brackets and quoted:
|
|
|
|
```yaml
|
|
host: "[fd00:1111:2222:3333::1]"
|
|
```
|
|
|
|
### port
|
|
<div markdown="1">
|
|
type: integer
|
|
{: .label .label-config .label-purple }
|
|
default: 9091
|
|
{: .label .label-config .label-blue }
|
|
required: no
|
|
{: .label .label-config .label-green }
|
|
</div>
|
|
|
|
Defines the port to listen on. See also [host](#host).
|
|
|
|
## TLS
|
|
|
|
Authelia's port typically listens for plain unencrypted connections. This is by design as most environments allow to
|
|
security on lower areas of the OSI model. However it required, if you specify both of the tls options the port will
|
|
listen for TLS connections.
|
|
|
|
```yaml
|
|
tls_key: /config/ssl/key.pem
|
|
tls_cert: /config/ssl/cert.pem
|
|
```
|
|
|
|
### tls_key
|
|
<div markdown="1">
|
|
type: string (path)
|
|
{: .label .label-config .label-purple }
|
|
default: ""
|
|
{: .label .label-config .label-blue }
|
|
required: situational
|
|
{: .label .label-config .label-yellow }
|
|
</div>
|
|
|
|
The path to the private key for TLS connections. Must be in DER base64/PEM format.
|
|
|
|
### tls_cert
|
|
<div markdown="1">
|
|
type: string (path)
|
|
{: .label .label-config .label-purple }
|
|
default: ""
|
|
{: .label .label-config .label-blue }
|
|
required: situational
|
|
{: .label .label-config .label-yellow }
|
|
</div>
|
|
|
|
The path to the public certificate for TLS connections. Must be in DER base64/PEM format.
|
|
|
|
## certificates_directory
|
|
|
|
This option defines the location of additional certificates to load into the trust chain specifically for Authelia.
|
|
This currently affects both the SMTP notifier and the LDAP authentication backend. The certificates should all be in the
|
|
PEM format and end with the extension `.pem`, `.crt`, or `.cer`. You can either add the individual certificates public
|
|
key or the CA public key which signed them (don't add the private key).
|
|
|
|
```yaml
|
|
certificates_directory: /config/certs/
|
|
```
|
|
|
|
## Logging
|
|
|
|
### log_level
|
|
<div markdown="1">
|
|
type: string
|
|
{: .label .label-config .label-purple }
|
|
default: info
|
|
{: .label .label-config .label-blue }
|
|
required: no
|
|
{: .label .label-config .label-green }
|
|
</div>
|
|
|
|
Defines the level of logs used by Authelia. This level can be set to `trace`, `debug` or `info`. When setting log_level
|
|
to `trace`, you will generate a large amount of log entries and expose the `/debug/vars` and `/debug/pprof/` endpoints
|
|
which should not be enabled in production.
|
|
|
|
```yaml
|
|
log_level: debug
|
|
```
|
|
|
|
### log_format
|
|
<div markdown="1">
|
|
type: string
|
|
{: .label .label-config .label-purple }
|
|
default: ""
|
|
{: .label .label-config .label-blue }
|
|
required: no
|
|
{: .label .label-config .label-green }
|
|
</div>
|
|
|
|
Defines the format of the logs written by Authelia. This format can be set to `json` or `text`.
|
|
|
|
```yaml
|
|
log_format: json
|
|
```
|
|
|
|
#### JSON format
|
|
```
|
|
{"level":"info","msg":"Logging severity set to info","time":"2020-01-01T00:00:00+11:00"}
|
|
{"level":"info","msg":"Authelia is listening for non-TLS connections on 0.0.0.0:9091","time":"2020-01-01T00:00:00+11:00"}
|
|
```
|
|
#### Text format
|
|
```
|
|
time="2020-01-01T00:00:00+11:00" level=info msg="Logging severity set to info"
|
|
time="2020-01-01T00:00:00+11:00" level=info msg="Authelia is listening for non-TLS connections on 0.0.0.0:9091"
|
|
```
|
|
|
|
### log_file_path
|
|
<div markdown="1">
|
|
type: string (path)
|
|
{: .label .label-config .label-purple }
|
|
default: ""
|
|
{: .label .label-config .label-blue }
|
|
required: no
|
|
{: .label .label-config .label-green }
|
|
</div>
|
|
|
|
Logs can be stored in a file when file path is provided. Otherwise logs are written to standard output. When setting the
|
|
log_level to `debug` or `trace` this will generate large amount of log entries. Administrators will need to ensure that
|
|
they rotate and/or truncate the logs over time to prevent significant long-term disk usage.
|
|
|
|
```yaml
|
|
log_file_path: /config/authelia.log
|
|
```
|
|
|
|
## jwt_secret
|
|
<div markdown="1">
|
|
type: string
|
|
{: .label .label-config .label-purple }
|
|
default: ""
|
|
{: .label .label-config .label-blue }
|
|
required: yes
|
|
{: .label .label-config .label-red }
|
|
</div>
|
|
|
|
Defines the secret used to craft JWT tokens leveraged by the identity
|
|
verification process. This can also be defined using a [secret](./secrets.md).
|
|
|
|
```yaml
|
|
jwt_secret: v3ry_important_s3cr3t
|
|
```
|
|
|
|
## default_redirection_url
|
|
<div markdown="1">
|
|
type: string
|
|
{: .label .label-config .label-purple }
|
|
default: ""
|
|
{: .label .label-config .label-blue }
|
|
required: no
|
|
{: .label .label-config .label-green }
|
|
</div>
|
|
|
|
The default redirection URL is the URL where users are redirected when Authelia cannot detect the target URL where the
|
|
user was heading.
|
|
|
|
In a normal authentication workflow, a user tries to access a website and she gets redirected to the sign-in portal in
|
|
order to authenticate. Since the user initially targeted a website, the portal knows where the user was heading and
|
|
can redirect her after the authentication process. However, when a user visits the sign in portal directly, the portal
|
|
considers the targeted website is the portal. In that case and if the default redirection URL is configured, the user is
|
|
redirected to that URL. If not defined, the user is not redirected after authentication.
|
|
|
|
```yaml
|
|
default_redirection_url: https://home.example.com:8080/
|
|
```
|