99 lines
2.8 KiB
YAML
99 lines
2.8 KiB
YAML
# yamllint disable rule:comments-indentation
|
|
---
|
|
###############################################################################
|
|
# Authelia Configuration #
|
|
###############################################################################
|
|
|
|
theme: dark #light/dark
|
|
jwt_secret: 9DGPzQy8SZQ7rV57V3DJnw
|
|
|
|
#default_redirection_url: https://www.google.com/
|
|
|
|
server:
|
|
host: 0.0.0.0
|
|
port: 9091
|
|
path: ""
|
|
read_buffer_size: 4096
|
|
write_buffer_size: 4096
|
|
enable_pprof: false
|
|
enable_expvars: false
|
|
disable_healthcheck: false
|
|
tls:
|
|
key: ""
|
|
certificate: ""
|
|
|
|
log:
|
|
level: debug
|
|
|
|
totp:
|
|
issuer: akanealw.com #your authelia top-level domain
|
|
period: 30
|
|
skew: 0
|
|
|
|
authentication_backend:
|
|
disable_reset_password: true
|
|
refresh_interval: 5m
|
|
file:
|
|
path: /config/users_database.yml #this is where your authorized users are stored
|
|
password:
|
|
algorithm: argon2id
|
|
iterations: 1
|
|
salt_length: 16
|
|
parallelism: 8
|
|
memory: 64
|
|
|
|
|
|
access_control:
|
|
default_policy: deny
|
|
rules:
|
|
## bypass rule
|
|
- domain: "auth.akanealw.com" #This should be your authentication URL
|
|
policy: bypass
|
|
- domain: "bitwarden.akanealw.com" #example domain to protect
|
|
policy: bypass
|
|
- domain: "webdav.akanealw.com" #example subdomain to protect
|
|
policy: bypass
|
|
- domain: "meshcentral.akanealw.com" #example subdomain to protect
|
|
policy: bypass
|
|
|
|
## one_factor rule
|
|
- domain: "codeserver.akanealw.com"
|
|
policy: one_factor
|
|
|
|
#add or remove additional subdomains as necessary. currenlty only supports ONE top-level domain
|
|
#any time you add a new subdomain, you will need to restart the Authelia container to recognize the new settings/rules
|
|
|
|
session:
|
|
name: authelia_session
|
|
secret: 9DGPzQy8SZQ7rV57V3DJnw #any text or number you want to add here to create jwt Token
|
|
expiration: 3600 # 1 hour
|
|
inactivity: 300 # 5 minutes
|
|
domain: akanealw.com # Should match whatever your root protected domain is
|
|
|
|
regulation:
|
|
max_retries: 3
|
|
find_time: 10m
|
|
ban_time: 12h
|
|
|
|
storage:
|
|
local:
|
|
path: /config/db.sqlite3 #this is your databse. You could use a mysql database if you wanted, but we're going to use this one.
|
|
encryption_key: iiB7C8Bn4A2gAhzs2fWaggUug76PZ4LU #added Dec 5 2021
|
|
|
|
notifier:
|
|
disable_startup_check: true #true/false
|
|
smtp:
|
|
username: akanealw@gmail.com #your email address
|
|
password: qlvmffuzpscltdgz #your email password
|
|
host: smtp.gmail.com #email smtp server
|
|
port: 587 #email smtp port
|
|
sender: akanealw@gmail.com
|
|
identifier: proxyserver
|
|
subject: "[Authelia] {title}" #email subject
|
|
startup_check_address: akanealw@gmail.com
|
|
disable_require_tls: false
|
|
disable_html_emails: false
|
|
tls:
|
|
skip_verify: false
|
|
minimum_version: TLS1.2
|