mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
d33d6c2f00
This change implements yamllint and adjusts all yaml files to abide by our linting setup. This excludes config.template.yml as this will be done in an alternate commit.
124 lines
2.7 KiB
YAML
124 lines
2.7 KiB
YAML
---
|
|
host: 127.0.0.1
|
|
port: 9091
|
|
|
|
log_level: debug
|
|
default_redirection_url: https://home.example.com:8080/
|
|
|
|
totp:
|
|
issuer: authelia.com
|
|
|
|
duo_api:
|
|
hostname: api-123456789.example.com
|
|
integration_key: ABCDEF
|
|
|
|
authentication_backend:
|
|
ldap:
|
|
url: ldap://127.0.0.1
|
|
base_dn: dc=example,dc=com
|
|
username_attribute: uid
|
|
additional_users_dn: ou=users
|
|
users_filter: (&({username_attribute}={input})(objectCategory=person)(objectClass=user))
|
|
additional_groups_dn: ou=groups
|
|
groups_filter: (&(member={dn})(objectclass=groupOfNames))
|
|
group_name_attribute: cn
|
|
mail_attribute: mail
|
|
user: cn=admin,dc=example,dc=com
|
|
|
|
access_control:
|
|
default_policy: deny
|
|
|
|
rules:
|
|
# Rules applied to everyone
|
|
- domain: public.example.com
|
|
policy: bypass
|
|
|
|
- domain: secure.example.com
|
|
policy: one_factor
|
|
# Network based rule, if not provided any network matches.
|
|
networks:
|
|
- 192.168.1.0/24
|
|
- domain: secure.example.com
|
|
policy: two_factor
|
|
|
|
- domain: [singlefactor.example.com, onefactor.example.com]
|
|
policy: one_factor
|
|
|
|
# Rules applied to 'admins' group
|
|
- domain: "mx2.mail.example.com"
|
|
subject: "group:admins"
|
|
policy: deny
|
|
- domain: "*.example.com"
|
|
subject: "group:admins"
|
|
policy: two_factor
|
|
|
|
# Rules applied to 'dev' group
|
|
- domain: dev.example.com
|
|
resources:
|
|
- "^/groups/dev/.*$"
|
|
subject: "group:dev"
|
|
policy: two_factor
|
|
|
|
# Rules applied to user 'john'
|
|
- domain: dev.example.com
|
|
resources:
|
|
- "^/users/john/.*$"
|
|
subject: "user:john"
|
|
policy: two_factor
|
|
|
|
# Rules applied to 'dev' group and user 'john'
|
|
- domain: dev.example.com
|
|
resources:
|
|
- "^/deny-all.*$"
|
|
subject: ["group:dev", "user:john"]
|
|
policy: deny
|
|
|
|
# Rules applied to user 'harry'
|
|
- domain: dev.example.com
|
|
resources:
|
|
- "^/users/harry/.*$"
|
|
subject: "user:harry"
|
|
policy: two_factor
|
|
|
|
# Rules applied to user 'bob'
|
|
- domain: "*.mail.example.com"
|
|
subject: "user:bob"
|
|
policy: two_factor
|
|
- domain: "dev.example.com"
|
|
resources:
|
|
- "^/users/bob/.*$"
|
|
subject: "user:bob"
|
|
policy: two_factor
|
|
|
|
session:
|
|
name: authelia_session
|
|
expiration: 3600000 # 1 hour
|
|
inactivity: 300000 # 5 minutes
|
|
domain: example.com
|
|
redis:
|
|
host: 127.0.0.1
|
|
port: 6379
|
|
high_availability:
|
|
sentinel_name: test
|
|
|
|
regulation:
|
|
max_retries: 3
|
|
find_time: 120
|
|
ban_time: 300
|
|
|
|
storage:
|
|
mysql:
|
|
host: 127.0.0.1
|
|
port: 3306
|
|
database: authelia
|
|
username: authelia
|
|
|
|
notifier:
|
|
smtp:
|
|
username: test
|
|
host: 127.0.0.1
|
|
port: 1025
|
|
sender: admin@example.com
|
|
disable_require_tls: true
|
|
...
|