112 lines
2.5 KiB
YAML
112 lines
2.5 KiB
YAML
---
|
|
###############################################################
|
|
# Authelia configuration #
|
|
###############################################################
|
|
|
|
theme: dark
|
|
|
|
server:
|
|
address: 'tcp://:9091'
|
|
endpoints:
|
|
authz:
|
|
forward-auth:
|
|
implementation: 'ForwardAuth'
|
|
|
|
log:
|
|
level: 'info'
|
|
|
|
totp:
|
|
issuer: 'authelia.com'
|
|
|
|
identity_validation:
|
|
reset_password:
|
|
jwt_secret: '8dcac0f72efee5b28bf7270fdcb7a1c74f5a3e567366b8ac0346450ef842cacd'
|
|
|
|
authentication_backend:
|
|
file:
|
|
path: '/config/users_database.yml'
|
|
|
|
access_control:
|
|
default_policy: deny
|
|
networks:
|
|
- name: internal
|
|
networks:
|
|
- '10.0.0.0/8'
|
|
- '172.16.0.0/12'
|
|
- '192.168.0.0/16'
|
|
rules:
|
|
## bypass all domains and subdomains from local ips
|
|
- domain:
|
|
- wettsten.com
|
|
- "*.wettsten.com"
|
|
networks:
|
|
- 'internal'
|
|
policy: bypass
|
|
# bypass api for subdomains
|
|
- domain:
|
|
- "*.wettsten.com"
|
|
resources:
|
|
- "^/api([/?].*)?$"
|
|
- "^/add([/?].*)?$"
|
|
- "^/public([/?].*)?$"
|
|
policy: bypass
|
|
# bypass specific subdomains
|
|
- domain:
|
|
- auth.wettsten.com
|
|
- bitwarden.wettsten.com
|
|
- jellyfin.wettsten.com
|
|
policy: bypass
|
|
# bypass filebrowser shares
|
|
- domain:
|
|
- "filebrowser.wettsten.com"
|
|
resources:
|
|
- "^/api([/?].*)?$"
|
|
- "^/share([/?].*)?$"
|
|
- "^/static([/?].*)?$"
|
|
policy: bypass
|
|
# two_factor subdomains
|
|
- domain:
|
|
- wettsten.com
|
|
- "*.wettsten.com"
|
|
policy: two_factor
|
|
|
|
session:
|
|
secret: '8373ba83239ed439f3516389d7f672e513641a5338c6eb3a8e3e6a6c33a138e6'
|
|
|
|
cookies:
|
|
- name: 'authelia_session'
|
|
domain: 'wettsten.com'
|
|
authelia_url: 'https://auth.wettsten.com'
|
|
default_redirection_url: 'https://wettsten.com'
|
|
expiration: '1 hour'
|
|
inactivity: '5 minutes'
|
|
|
|
redis:
|
|
host: 'redis'
|
|
port: 6379
|
|
password: 'e3a873cd11fe1b05e42a4349c6347c066e731e03282e701e8b789109aa3a1335'
|
|
|
|
regulation:
|
|
max_retries: 3
|
|
find_time: '2 minutes'
|
|
ban_time: '5 minutes'
|
|
|
|
storage:
|
|
encryption_key: '0c4da697c14f7173fb99bdc1a7807a394277f57f6f1cf5b138ecc1e48b62f01a'
|
|
local:
|
|
path: '/config/db.sqlite3'
|
|
|
|
notifier:
|
|
smtp:
|
|
username: 'scott.wettstein@gmail.com'
|
|
password: 'bwvvimaufuencerd'
|
|
address: 'smtp://smtp.gmail.com:587'
|
|
sender: 'scott.wettstein@gmail.com'
|
|
|
|
ntp:
|
|
address: 'udp://time.windows.com:123'
|
|
version: 3
|
|
max_desync: '3s'
|
|
disable_startup_check: false
|
|
disable_failure: false
|