mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
ff7f9a50ab
* [FEATURE] Docker simplification and configuration generation The Authelia binary now will attempt to generate configuration based on the latest template assuming that the config location specified on startup does not exist. If a file based backend is selected and the backend cannot be found similarly it will generate a `user_database.yml` based a template. This will allow more seamless bootstrapping of an environment no matter the deployment method. We have also squashed the Docker volume requirement down to just `/config` thus removing the requirement for `/var/lib/authelia` this is primarily in attempts to simplify the Docker deployment. Users with the old volume mappings have two options: 1. Change their mappings to conform to `/config` 2. Change the container entrypoint from `authelia --config /config/configuration.yml` to their old mapping * Adjust paths relative to `/etc/authelia` and simplify to single volume for compose * Add generation for file backend based user database * Refactor Docker volumes and paths to /config * Refactor Docker WORKDIR to /app * Fix integration tests * Update BREAKING.md for v4.20.0 * Run go mod tidy * Fix log_file_path in miscellaneous.md docs * Generate config and userdb with 0600 permissions * Fix log_file_path in config.template.yml
104 lines
2.4 KiB
YAML
104 lines
2.4 KiB
YAML
###############################################################
|
|
# Authelia configuration #
|
|
###############################################################
|
|
|
|
port: 443
|
|
tls_cert: /config/ssl/cert.pem
|
|
tls_key: /config/ssl/key.pem
|
|
|
|
log_level: debug
|
|
|
|
default_redirection_url: https://home.example.com:8080
|
|
|
|
authentication_backend:
|
|
ldap:
|
|
url: ldaps://ldap-service
|
|
skip_verify: true
|
|
base_dn: dc=example,dc=com
|
|
username_attribute: uid
|
|
additional_users_dn: ou=users
|
|
users_filter: (&({username_attribute}={input})(objectClass=person))
|
|
additional_groups_dn: ou=groups
|
|
groups_filter: (&(member={dn})(objectclass=groupOfNames))
|
|
group_name_attribute: cn
|
|
mail_attribute: mail
|
|
user: cn=admin,dc=example,dc=com
|
|
|
|
access_control:
|
|
default_policy: deny
|
|
|
|
rules:
|
|
# Rules applied to everyone
|
|
- domain: public.example.com
|
|
policy: bypass
|
|
- domain: secure.example.com
|
|
policy: two_factor
|
|
- domain: singlefactor.example.com
|
|
policy: one_factor
|
|
|
|
# Rules applied to 'admins' group
|
|
- domain: "mx2.mail.example.com"
|
|
subject: "group:admins"
|
|
policy: deny
|
|
- domain: "*.example.com"
|
|
subject: "group:admins"
|
|
policy: two_factor
|
|
|
|
# Rules applied to 'dev' group
|
|
- domain: dev.example.com
|
|
resources:
|
|
- "^/groups/dev/.*$"
|
|
subject: "group:dev"
|
|
policy: two_factor
|
|
|
|
# Rules applied to user 'john'
|
|
- domain: dev.example.com
|
|
resources:
|
|
- "^/users/john/.*$"
|
|
subject: "user:john"
|
|
policy: two_factor
|
|
|
|
# Rules applied to user 'harry'
|
|
- domain: dev.example.com
|
|
resources:
|
|
- "^/users/harry/.*$"
|
|
subject: "user:harry"
|
|
policy: two_factor
|
|
|
|
# Rules applied to user 'bob'
|
|
- domain: "*.mail.example.com"
|
|
subject: "user:bob"
|
|
policy: two_factor
|
|
- domain: "dev.example.com"
|
|
resources:
|
|
- "^/users/bob/.*$"
|
|
subject: "user:bob"
|
|
policy: two_factor
|
|
|
|
session:
|
|
expiration: 3600 # 1 hour
|
|
inactivity: 300 # 5 minutes
|
|
remember_me_duration: 1y
|
|
domain: example.com
|
|
redis:
|
|
host: redis-service
|
|
port: 6379
|
|
|
|
regulation:
|
|
max_retries: 3
|
|
find_time: 120
|
|
ban_time: 300
|
|
|
|
storage:
|
|
mysql:
|
|
host: mariadb-service
|
|
port: 3306
|
|
database: authelia
|
|
username: admin
|
|
|
|
notifier:
|
|
smtp:
|
|
host: "mailcatcher-service"
|
|
port: 1025
|
|
sender: admin@example.com
|
|
disable_require_tls: true |