mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
2c42464fc8
* refactor: logging config key to log This refactors the recent pre-release change adding log options to their own configuration section in favor of a log section (from logging). * docs: add step to getting started to get the latest tagged commit This is so we avoid issues with changes on master having differences that don't work on the latest docker tag. * test: adjust tests * docs: adjust doc strings
125 lines
2.7 KiB
YAML
125 lines
2.7 KiB
YAML
---
|
|
###############################################################
|
|
# Authelia configuration #
|
|
###############################################################
|
|
|
|
port: 9091
|
|
tls_cert: /config/ssl/cert.pem
|
|
tls_key: /config/ssl/key.pem
|
|
|
|
log:
|
|
level: debug
|
|
|
|
jwt_secret: unsecure_secret
|
|
|
|
totp:
|
|
issuer: authelia.com
|
|
|
|
authentication_backend:
|
|
ldap:
|
|
url: ldap://openldap
|
|
base_dn: dc=example,dc=com
|
|
username_attribute: uid
|
|
additional_users_dn: ou=users
|
|
users_filter: (&({username_attribute}={input})(objectClass=person))
|
|
additional_groups_dn: ou=groups
|
|
groups_filter: (&(member={dn})(objectclass=groupOfNames))
|
|
group_name_attribute: cn
|
|
mail_attribute: mail
|
|
display_name_attribute: displayName
|
|
user: cn=admin,dc=example,dc=com
|
|
password: password
|
|
|
|
access_control:
|
|
default_policy: deny
|
|
|
|
rules:
|
|
# Rules applied to everyone
|
|
- domain: public.example.com
|
|
policy: bypass
|
|
- domain: secure.example.com
|
|
policy: two_factor
|
|
- domain: singlefactor.example.com
|
|
policy: one_factor
|
|
|
|
# Rules applied to 'admins' group
|
|
- domain: mx2.mail.example.com
|
|
subject: "group:admins"
|
|
policy: deny
|
|
|
|
# Rules applied to user 'john'
|
|
- domain: "*.example.com"
|
|
subject: "user:john"
|
|
policy: two_factor
|
|
|
|
- domain: "*.example.com"
|
|
subject: "group:admins"
|
|
policy: two_factor
|
|
|
|
# Rules applied to 'dev' group
|
|
- domain: dev.example.com
|
|
resources:
|
|
- "^/groups/dev/.*$"
|
|
subject: "group:dev"
|
|
policy: two_factor
|
|
|
|
# Rules applied to user 'harry'
|
|
- domain: dev.example.com
|
|
resources:
|
|
- "^/users/harry/.*$"
|
|
subject: "user:harry"
|
|
policy: two_factor
|
|
|
|
# Rules applied to user 'bob'
|
|
- domain: "*.mail.example.com"
|
|
subject: "user:bob"
|
|
policy: two_factor
|
|
- domain: "dev.example.com"
|
|
resources:
|
|
- "^/users/bob/.*$"
|
|
subject: "user:bob"
|
|
policy: two_factor
|
|
|
|
session:
|
|
name: authelia_session
|
|
secret: unsecure_session_secret
|
|
expiration: 3600 # 1 hour
|
|
inactivity: 300 # 5 minutes
|
|
domain: example.com
|
|
redis:
|
|
username: authelia
|
|
password: redis-user-password
|
|
high_availability:
|
|
sentinel_name: authelia
|
|
sentinel_password: sentinel-server-password
|
|
nodes:
|
|
- host: redis-sentinel-0
|
|
port: 26379
|
|
- host: redis-sentinel-1
|
|
port: 26379
|
|
- host: redis-sentinel-2
|
|
port: 26379
|
|
|
|
remember_me_duration: 1y
|
|
|
|
regulation:
|
|
max_retries: 3
|
|
find_time: 8
|
|
ban_time: 10
|
|
|
|
storage:
|
|
mysql:
|
|
host: mariadb
|
|
port: 3306
|
|
database: authelia
|
|
username: admin
|
|
password: password
|
|
|
|
notifier:
|
|
smtp:
|
|
host: smtp
|
|
port: 1025
|
|
sender: admin@example.com
|
|
disable_require_tls: true
|
|
...
|