mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
a991379a74
Some tests are not fully rewritten in Go, a typescript wrapper is called instead until we remove the remaining TS tests and dependencies. Also, dockerize every components (mainly Authelia backend, frontend and kind) so that the project does not interfere with user host anymore (open ports for instance). The only remaining intrusive change is the one done during bootstrap to add entries in /etc/hosts. It will soon be avoided using authelia.com domain that I own.
98 lines
2.2 KiB
YAML
98 lines
2.2 KiB
YAML
###############################################################
|
|
# Authelia minimal configuration #
|
|
###############################################################
|
|
|
|
port: 9091
|
|
|
|
logs_level: debug
|
|
|
|
default_redirection_url: https://home.example.com:8080/
|
|
|
|
jwt_secret: very_important_secret
|
|
|
|
authentication_backend:
|
|
file:
|
|
path: users.yml
|
|
|
|
session:
|
|
secret: unsecure_session_secret
|
|
domain: example.com
|
|
expiration: 3600 # 1 hour
|
|
inactivity: 300 # 5 minutes
|
|
|
|
# Configuration of the storage backend used to store data and secrets. i.e. totp data
|
|
storage:
|
|
local:
|
|
path: /tmp/authelia/db.sqlite3
|
|
|
|
# TOTP Issuer Name
|
|
#
|
|
# This will be the issuer name displayed in Google Authenticator
|
|
# See: https://github.com/google/google-authenticator/wiki/Key-Uri-Format for more info on issuer names
|
|
totp:
|
|
issuer: example.com
|
|
|
|
# Access Control
|
|
#
|
|
# Access control is a set of rules you can use to restrict user access to certain
|
|
# resources.
|
|
access_control:
|
|
# Default policy can either be `bypass`, `one_factor`, `two_factor` or `deny`.
|
|
default_policy: deny
|
|
|
|
rules:
|
|
- domain: singlefactor.example.com
|
|
policy: one_factor
|
|
|
|
- domain: public.example.com
|
|
policy: bypass
|
|
|
|
- domain: secure.example.com
|
|
policy: two_factor
|
|
|
|
- domain: '*.example.com'
|
|
subject: "group:admins"
|
|
policy: two_factor
|
|
|
|
- domain: dev.example.com
|
|
resources:
|
|
- '^/users/john/.*$'
|
|
subject: "user:john"
|
|
policy: two_factor
|
|
|
|
- domain: dev.example.com
|
|
resources:
|
|
- '^/users/harry/.*$'
|
|
subject: "user:harry"
|
|
policy: two_factor
|
|
|
|
- domain: '*.mail.example.com'
|
|
subject: "user:bob"
|
|
policy: two_factor
|
|
|
|
- domain: dev.example.com
|
|
resources:
|
|
- '^/users/bob/.*$'
|
|
subject: "user:bob"
|
|
policy: two_factor
|
|
|
|
|
|
# Configuration of the authentication regulation mechanism.
|
|
regulation:
|
|
# Set it to 0 to disable max_retries.
|
|
max_retries: 3
|
|
|
|
# The user is banned if the authenticaction failed `max_retries` times in a `find_time` seconds window.
|
|
find_time: 300
|
|
|
|
# The length of time before a banned user can login again.
|
|
ban_time: 900
|
|
|
|
notifier:
|
|
# Use a SMTP server for sending notifications
|
|
smtp:
|
|
host: smtp
|
|
port: 1025
|
|
sender: admin@example.com
|
|
|