moved authelia to reverseproxy folder

2025-03-27 19:16:21 -05:00
parent 6366bb7cdd
commit 9515bd3cae
3 changed files with 0 additions and 0 deletions
--- a/reverseproxy/authelia/config/configuration.yml
+++ b/reverseproxy/authelia/config/configuration.yml
@@ -0,0 +1,124 @@
+---
+###############################################################
+#                   Authelia configuration                    #
+###############################################################
+
+theme: dark
+
+server:
+  address: 'tcp://:9091'
+  endpoints:
+    authz:
+      forward-auth:
+        implementation: 'ForwardAuth'
+
+log:
+  level: 'info'
+
+totp:
+  issuer: 'authelia.com'
+
+identity_validation:
+  reset_password:
+    jwt_secret: '2b8a78f3ac1784ef6aab3899c663e1010c60d3a9de694550879da349fe222923'
+
+authentication_backend:
+  file:
+    path: '/config/users_database.yml'
+
+# access_control:
+#   default_policy: 'deny'
+#   rules:
+#     # Rules applied to everyone
+#     - domain: 'public.example.com'
+#       policy: 'bypass'
+#     - domain: 'traefik.example.com'
+#       policy: 'one_factor'
+#     - domain: 'secure.example.com'
+#       policy: 'two_factor'
+
+access_control:
+  default_policy: deny
+  networks:
+    - name: internal
+      networks:
+      - '10.0.0.0/8'
+      - '172.16.0.0/12'
+      - '192.168.0.0/16'
+  rules:
+    ## bypass all domains and subdomains from local ips
+    - domain:
+      - aknlw.com
+      - akanealw.com
+      - "*.akanealw.com"
+      networks:
+      - 'internal'
+      policy: bypass
+    ## bypass api for subdomains
+    - domain: 
+      - "*.akanealw.com"
+      resources:
+      - "^/api([/?].*)?$"
+      - "^/add([/?].*)?$"  
+      - "^/public([/?].*)?$"        
+      policy: bypass
+    # bypass specific subdomains
+    - domain:
+      - aknlw.com
+      - bitwarden.akanealw.com
+      - gitea.akanealw.com
+      - nextcloud.akanealw.com
+      policy: bypass
+    # bypass filebrowser shares
+    - domain:
+        - "filebrowser.akanealw.com"
+      resources:
+        - "^/api([/?].*)?$"
+        - "^/share([/?].*)?$"
+        - "^/static([/?].*)?$"
+      policy: bypass
+    # two_factor subdomains
+    - domain: 
+      - akanealw.com
+      - "*.akanealw.com"
+      policy: two_factor
+
+session:
+  secret: 'ffc343d98b87910edcddb1f0dac4b492b62e29b5eafa92f1c213f37c4669f243'
+
+  cookies:
+    - name: 'authelia_session'
+      domain: 'akanealw.com'
+      authelia_url: 'https://auth.akanealw.com'
+      default_redirection_url: 'https://akanealw.com'
+      expiration: '1 hour'
+      inactivity: '5 minutes'
+
+  redis:
+    host: 'redis'
+    port: 6379
+    password: 'bc4eb8df73776ba7716aeb60c0023ef6136b80680bb8ea1cf6c51a326dea2c43'
+
+regulation:
+  max_retries: 3
+  find_time: '2 minutes'
+  ban_time: '5 minutes'
+
+storage:
+  encryption_key: 'cbd7570c1795cba61f05baf419b7cee23fa144d512bda2ea57ba300afa6b33bf'
+  local:
+    path: '/config/db.sqlite3'
+
+notifier:
+  smtp:
+    username: 'akanealw@gmail.com'
+    password: 'qlvmffuzpscltdgz'
+    address: 'smtp://smtp.gmail.com:587'
+    sender: 'akanealw@gmail.com'
+
+ntp:
+  address: 'udp://time.windows.com:123'
+  version: 3
+  max_desync: '3s'
+  disable_startup_check: false
+  disable_failure: false