mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
2c42464fc8
* refactor: logging config key to log This refactors the recent pre-release change adding log options to their own configuration section in favor of a log section (from logging). * docs: add step to getting started to get the latest tagged commit This is so we avoid issues with changes on master having differences that don't work on the latest docker tag. * test: adjust tests * docs: adjust doc strings
103 lines
3.5 KiB
YAML
103 lines
3.5 KiB
YAML
---
|
|
port: 9091
|
|
tls_cert: /config/ssl/cert.pem
|
|
tls_key: /config/ssl/key.pem
|
|
|
|
log:
|
|
level: debug
|
|
|
|
jwt_secret: unsecure_secret
|
|
|
|
authentication_backend:
|
|
file:
|
|
path: /config/users.yml
|
|
|
|
session:
|
|
secret: unsecure_session_secret
|
|
domain: example.com
|
|
expiration: 3600 # 1 hour
|
|
inactivity: 300 # 5 minutes
|
|
remember_me_duration: 1y
|
|
# We use redis here to keep the users authenticated when Authelia restarts
|
|
# It eases development.
|
|
redis:
|
|
host: redis
|
|
port: 6379
|
|
|
|
storage:
|
|
local:
|
|
path: /config/db.sqlite
|
|
|
|
access_control:
|
|
default_policy: deny
|
|
rules:
|
|
- domain: "home.example.com"
|
|
policy: bypass
|
|
- domain: "public.example.com"
|
|
policy: bypass
|
|
- domain: "admin.example.com"
|
|
policy: two_factor
|
|
- domain: "secure.example.com"
|
|
policy: two_factor
|
|
- domain: "singlefactor.example.com"
|
|
policy: one_factor
|
|
- domain: "oidc.example.com"
|
|
policy: two_factor
|
|
- domain: "oidc-public.example.com"
|
|
policy: bypass
|
|
- domain: "traefik.example.com"
|
|
policy: bypass
|
|
|
|
notifier:
|
|
smtp:
|
|
host: smtp
|
|
port: 1025
|
|
sender: admin@example.com
|
|
disable_require_tls: true
|
|
|
|
identity_providers:
|
|
oidc:
|
|
hmac_secret: IVPWBkAdJHje3uz7LtFTDU2pFUfh39Xm
|
|
issuer_private_key: |
|
|
-----BEGIN RSA PRIVATE KEY-----
|
|
MIIEogIBAAKCAQEAvOFmoEJFt1JkfdlwM3vJFg5rrY9d6LyyqezjZkBZDQ4qdEEU
|
|
dCrbW8ISFTtg9sfbrS3qingUzVP9VOfYPMC3r0ugjJXjhvJdBSaoLlzL3saeyrXk
|
|
frOOvkcWKzeOynqUNPhKy9dchmuLALFfd/Jy7Wzq0y7XxGeNidEmFjMAf9dwf6/+
|
|
PjQjbG7zBFu/XSajITPHlDXPVDd0j2qw2wu5Z9iqn4LRXnAFnC438hZZKZU/+JxU
|
|
2ezr6Sefiy8XTC2kDiq3cgLeEjSywlJOs+4TLjVS/3h75sh2Wk0xVaSwjPEjCOgm
|
|
a+2E3GJrGdQBiAjMSu101VBVwHUHaLDCn1T4NwIDAQABAoIBADWkupXnXI99Ogc4
|
|
GxK0JF88Rz6qyhwQg5mZKthejCwWCt6roRiBF33O933KOHa+OljMAqHDCv1pzjgw
|
|
BIz0mvaRPw7OfylTajHNUdShDFHADVc7I6MMcgz+eYBarhY5jCAjKHMOPjv7DSZs
|
|
OdYCKLvfxC2oTyV714n9uZhyccDcvQpkgZuBDL0oxPom1GOI8TGhPjxvFOovEHWA
|
|
Q8q9XY4cUVNDikZmvpgeUkJHWYHYb+11vKeSupnYD03yJ3sDy+F6+m+3/XmzFbXb
|
|
1p43ermHQsMfDlxPyulUUI0viSo2UhlMC/moAb9FusOv+dTl2lt0gGqzDJ9gg1z1
|
|
XpHRnwkCgYEA5x48dyxd4lydtVYef9sBmbLJEYozsYyOwLcnrLSNaZxeCza1exyR
|
|
QIRogswoLDacxrYvO8FY6LtAEMkisv732M29zthBPm5wyoSZiM1X2YfQXKsmyh2h
|
|
x1/yCWv/BQjj68A8IAxToaXxSG4WAr/X00RGUkXgkgw122FxcmGuFyUCgYEA0TcR
|
|
dnt/oRMK4aCZHcBgTknzDfxKlJh4S0C9WjxKgr8IlW4LTeVSBuuqOObOQYImEhtw
|
|
TRTKZIViL0roDF79cioQSp1Tk5h6uy8wr6VyhWRnWfTz2/azoTHnmQ780rtAuEI/
|
|
NvE6FiqwikJLjma1YJoRfr/bfmgMdxcYbJI1MSsCgYAEZ5Yda1IKu1siFpcUNrdM
|
|
F5UvaWPc0WHzGEqARxye06UTL6K7yuqVwTBAteVaGlxYiSZTTDcGkHMDHuIzaRqO
|
|
HjWs2IA90VsC8Q4ABnHTKnx1F6nwlin8I774IP/GN8ooNwyuS63YWdJEYBy5RrC1
|
|
TQrODJjgD62DFdNUq7nmpQKBgFMJEzI+Q+KPJ0NztTG8t7x61y/W0Vb2yM+9Syn0
|
|
QfJwlZyRR4VMHelHQZFB8dzIJgoLv9+n/8gztEtm5IB8dwUHst2aYaBz5UpDqYQd
|
|
Gz3cIrTuZpcH7DVvFCeIbknJLh+zk1lgFpjTqqvFMi27kANeQtFWnmwmKcRec0As
|
|
K1ZvAoGAV/3YB44/zIoB590+yhpx2HTmDPVHH+J+5O71Pi1D9W13ClBFLrE69wo+
|
|
IQLIstBI5tGOGeuQNjXhDKJ1U30xppZXcnebrkA+oOo+6dy20zghFR2maAGXfWFU
|
|
pM4GsSnSTm0bXPebVouQFqhj7LqcQQzCqRDThmw/Lp1tJUmu40g=
|
|
-----END RSA PRIVATE KEY-----
|
|
clients:
|
|
- id: oidc-tester-app
|
|
secret: foobar
|
|
policy: two_factor
|
|
redirect_uris:
|
|
- https://oidc.example.com:8080/oauth2/callback
|
|
# This client is used for testing purpose. As of now, the app must be protected by ACLs
|
|
# otherwise it won't work properly.
|
|
- id: oidc-tester-app-public
|
|
secret: foobar
|
|
authorization_policy: one_factor
|
|
redirect_uris:
|
|
- https://oidc-public.example.com:8080/oauth2/callback
|
|
...
|