mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
a991379a74
Some tests are not fully rewritten in Go, a typescript wrapper is called instead until we remove the remaining TS tests and dependencies. Also, dockerize every components (mainly Authelia backend, frontend and kind) so that the project does not interfere with user host anymore (open ports for instance). The only remaining intrusive change is the one done during bootstrap to add entries in /etc/hosts. It will soon be avoided using authelia.com domain that I own.
95 lines
2.5 KiB
YAML
95 lines
2.5 KiB
YAML
###############################################################
|
|
# Authelia minimal configuration #
|
|
###############################################################
|
|
|
|
port: 9091
|
|
|
|
logs_level: debug
|
|
|
|
default_redirection_url: https://home.example.com:8080/
|
|
|
|
jwt_secret: very_important_secret
|
|
|
|
authentication_backend:
|
|
ldap:
|
|
# The url of the ldap server
|
|
url: ldap://openldap
|
|
|
|
# The base dn for every entries
|
|
base_dn: dc=example,dc=com
|
|
|
|
# An additional dn to define the scope to all users
|
|
additional_users_dn: ou=users
|
|
|
|
# The users filter used to find the user DN
|
|
# {0} is a matcher replaced by username.
|
|
# 'cn={0}' by default.
|
|
users_filter: (cn={0})
|
|
|
|
# An additional dn to define the scope of groups
|
|
additional_groups_dn: ou=groups
|
|
|
|
# The groups filter used for retrieving groups of a given user.
|
|
# {0} is a matcher replaced by username.
|
|
# {dn} is a matcher replaced by user DN.
|
|
# 'member={dn}' by default.
|
|
groups_filter: (&(member={dn})(objectclass=groupOfNames))
|
|
|
|
# The attribute holding the name of the group
|
|
group_name_attribute: cn
|
|
|
|
# The attribute holding the mail address of the user
|
|
mail_attribute: mail
|
|
|
|
# The username and password of the admin user.
|
|
user: cn=admin,dc=example,dc=com
|
|
password: password
|
|
|
|
session:
|
|
secret: unsecure_session_secret
|
|
domain: example.com
|
|
expiration: 3600 # 1 hour
|
|
inactivity: 300 # 5 minutes
|
|
|
|
# Configuration of the storage backend used to store data and secrets. i.e. totp data
|
|
storage:
|
|
local:
|
|
path: /tmp/authelia/db.sqlite3
|
|
|
|
# TOTP Issuer Name
|
|
#
|
|
# This will be the issuer name displayed in Google Authenticator
|
|
# See: https://github.com/google/google-authenticator/wiki/Key-Uri-Format for more info on issuer names
|
|
totp:
|
|
issuer: example.com
|
|
|
|
access_control:
|
|
default_policy: deny
|
|
rules:
|
|
- domain: "public.example.com"
|
|
policy: bypass
|
|
- domain: "admin.example.com"
|
|
policy: two_factor
|
|
- domain: "secure.example.com"
|
|
policy: two_factor
|
|
- domain: "singlefactor.example.com"
|
|
policy: one_factor
|
|
|
|
# Configuration of the authentication regulation mechanism.
|
|
regulation:
|
|
# Set it to 0 to disable max_retries.
|
|
max_retries: 3
|
|
|
|
# The user is banned if the authenticaction failed `max_retries` times in a `find_time` seconds window.
|
|
find_time: 300
|
|
|
|
# The length of time before a banned user can login again.
|
|
ban_time: 900
|
|
|
|
notifier:
|
|
# Use a SMTP server for sending notifications
|
|
smtp:
|
|
host: smtp
|
|
port: 1025
|
|
sender: admin@example.com
|