diff --git a/configuration.yml b/configuration.yml
new file mode 100644
index 0000000..8bcc07d
--- /dev/null
+++ b/configuration.yml
@@ -0,0 +1,116 @@
+theme: dark
+jwt_secret: 9DGPzQy8SZQ7rV57V3DJnw
+
+#default_redirection_url: https://www.wettsten.duckdns.org
+
+server:
+  host: 0.0.0.0
+  port: 9091
+  path: ""
+  read_buffer_size: 4096
+  write_buffer_size: 4096
+  enable_pprof: false
+  enable_expvars: false
+  disable_healthcheck: false
+  tls:
+    key: ""
+    certificate: ""
+
+ntp:
+  address: "0.debian.pool.ntp.org:123"
+  version: 3
+  max_desync: 3s
+  disable_startup_check: true
+  disable_failure: true
+
+log:
+  level: info
+
+totp:
+  disable: true
+  issuer: wettsten.duckdns.org
+  algorithm: sha1
+  digits: 6
+  period: 30
+  skew: 1
+  secret_size: 32
+
+authentication_backend:
+  disable_reset_password: true
+  refresh_interval: 5m
+  file:
+    path: /config/users_database.yml
+    password:
+      algorithm: argon2id
+      iterations: 1
+      salt_length: 16
+      parallelism: 8
+      memory: 64
+
+access_control:
+  default_policy: deny
+  rules:
+    ## bypass api for subdomains
+    - domain: "*.wettsten.duckdns.org"
+      resources:
+        - "^/api([/?].*)?$"
+      policy: bypass
+    # bypass subdomains
+    - domain: 
+      - auth.wettsten.duckdns.org
+      - bitwarden.wettsten.duckdns.org
+      policy: bypass
+    # two_factor subdomains
+    - domain: 
+      - wettsten.duckdns.org
+      - bazarr.wettsten.duckdns.org
+      - jackett.wettsten.duckdns.org
+      - jdownloader.wettsten.duckdns.org
+      - lidarr.wettsten.duckdns.org
+      - metube.wettsten.duckdns.org
+      - mstream.wettsten.duckdns.org
+      - nzbhydra.wettsten.duckdns.org
+      - portainer.wettsten.duckdns.org
+      - prowlarr.wettsten.duckdns.org
+      - qbittorrent.wettsten.duckdns.org
+      - radarr.wettsten.duckdns.org
+      - sabnzbd.wettsten.duckdns.org
+      - sonarr.wettsten.duckdns.org
+      - www.wettsten.duckdns.org
+      policy: two_factor
+
+session:
+  name: authelia_session
+  domain: wettsten.duckdns.org
+  same_site: lax
+  secret: 8r9y4d8mY7NfQtpCe2oU
+  expiration: 6h
+  inactivity: 5m
+  remember_me_duration: 1w
+
+regulation:
+  max_retries: 3
+  find_time: 10m
+  ban_time: 12h
+
+storage:
+  local:
+    path: /config/db.sqlite3
+  encryption_key: iiB7C8Bn4A2gAhzs2fWaggUug76PZ4LU
+  
+notifier:
+  disable_startup_check: true
+  smtp:
+    username: akanealw@gmail.com
+    password: qlvmffuzpscltdgz
+    host: smtp.gmail.com
+    port: 587
+    sender: akanealw@gmail.com
+    identifier: dockerserver
+    subject: "[Authelia] {title}"
+    startup_check_address: akanealw@gmail.com
+    disable_require_tls: false
+    disable_html_emails: false
+    tls:
+      skip_verify: false
+      minimum_version: TLS1.2
diff --git a/protected_domain.conf b/protected_domain.conf
new file mode 100644
index 0000000..688385c
--- /dev/null
+++ b/protected_domain.conf
@@ -0,0 +1,75 @@
+location /authelia {
+internal;
+set $upstream_authelia http://192.168.1.30:9091/api/verify;
+proxy_pass_request_body off;
+proxy_pass $upstream_authelia;    
+proxy_set_header Content-Length "";
+
+# Timeout if the real server is dead
+proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
+client_body_buffer_size 128k;
+proxy_set_header Host $host;
+proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
+proxy_set_header X-Real-IP $remote_addr;
+proxy_set_header X-Forwarded-For $remote_addr; 
+proxy_set_header X-Forwarded-Proto $scheme;
+proxy_set_header X-Forwarded-Host $http_host;
+proxy_set_header X-Forwarded-Uri $request_uri;
+proxy_set_header X-Forwarded-Ssl on;
+proxy_redirect  http://  $scheme://;
+proxy_http_version 1.1;
+proxy_set_header Connection "";
+proxy_cache_bypass $cookie_session;
+proxy_no_cache $cookie_session;
+proxy_buffers 4 32k;
+
+send_timeout 5m;
+proxy_read_timeout 240;
+proxy_send_timeout 240;
+proxy_connect_timeout 240;
+}
+
+location / {
+set $upstream_kavita $forward_scheme://$server:$port;
+proxy_pass $upstream_kavita;
+
+auth_request /authelia;
+auth_request_set $target_url https://$http_host$request_uri;
+auth_request_set $user $upstream_http_remote_user;
+auth_request_set $email $upstream_http_remote_email;
+auth_request_set $groups $upstream_http_remote_groups;
+proxy_set_header Remote-User $user;
+proxy_set_header Remote-Email $email;
+proxy_set_header Remote-Groups $groups;
+
+error_page 401 =302 https://auth.akanealw.com/?rd=$target_url;
+
+client_body_buffer_size 128k;
+
+proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
+
+send_timeout 5m;
+proxy_read_timeout 360;
+proxy_send_timeout 360;
+proxy_connect_timeout 360;
+
+proxy_set_header Host $host;
+proxy_set_header Upgrade $http_upgrade;
+proxy_set_header Connection upgrade;
+proxy_set_header Accept-Encoding gzip;
+proxy_set_header X-Real-IP $remote_addr;
+proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+proxy_set_header X-Forwarded-Proto $scheme;
+proxy_set_header X-Forwarded-Host $http_host;
+proxy_set_header X-Forwarded-Uri $request_uri;
+proxy_set_header X-Forwarded-Ssl on;
+proxy_redirect  http://  $scheme://;
+proxy_http_version 1.1;
+proxy_set_header Connection "";
+proxy_cache_bypass $cookie_session;
+proxy_no_cache $cookie_session;
+proxy_buffers 64 256k;
+
+set_real_ip_from 192.168.1.0/24;
+real_ip_recursive on;
+}
\ No newline at end of file
diff --git a/users_database.yml b/users_database.yml
new file mode 100644
index 0000000..35ed2b2
--- /dev/null
+++ b/users_database.yml
@@ -0,0 +1,8 @@
+users:
+  akanealw:
+    displayname: "akanealw"
+    password: "$argon2id$v=19$m=65536,t=1,p=8$ZWJ2UGVPUDE2SnU0YXNvNg$Q3LQfN90kPI5/3Yr06WmTUjFbvIBBZPJP44YLhysT0M"
+    email: akanealw@gmail.com
+    groups:
+      - admins
+      
\ No newline at end of file