akanealw/reverseproxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f8c91ece23b25fdf29e3deb8acbd8e174eb9fc13
reverseproxy/authelia/config/configuration.yml

214 lines
6.5 KiB
YAML
Raw Blame History

---
###############################################################
# Authelia configuration #
###############################################################
theme: 'dark'
server:
address: 'tcp://:9091'
log:
level: 'info'
telemetry:
metrics:
enabled: false
totp:
disable: false
issuer: 'akanealw.com'
algorithm: 'sha1'
digits: 6
period: 30
skew: 1
secret_size: 32
allowed_algorithms:
- 'SHA1'
allowed_digits:
- 6
allowed_periods:
- 30
disable_reuse_security_policy: false
identity_validation:
reset_password:
jwt_secret: 'qVwp0m2FE/zrXvSxxehRJXg2Nl0Y7FW9XuxYPpzEQEM='
webauthn:
disable: false
enable_passkey_login: false
display_name: 'Authelia'
attestation_conveyance_preference: 'indirect'
timeout: '60 seconds'
filtering:
permitted_aaguids: []
prohibited_aaguids: []
prohibit_backup_eligibility: false
selection_criteria:
attachment: ''
discoverability: 'preferred'
user_verification: 'preferred'
metadata:
enabled: false
cache_policy: strict
validate_trust_anchor: true
validate_entry: true
validate_entry_permit_zero_aaguid: false
validate_status: true
validate_status_permitted: []
validate_status_prohibited:
- 'REVOKED'
- 'USER_KEY_PHYSICAL_COMPROMISE'
- 'USER_KEY_REMOTE_COMPROMISE'
- 'USER_VERIFICATION_BYPASS'
- 'ATTESTATION_KEY_COMPROMISE'
identity_providers:
oidc:
## The other portions of the mandatory OpenID Connect 1.0 configuration go here.
## See: https://www.authelia.com/c/oidc
jwks:
- key_id: 'authelia'
algorithm: 'RS256'
use: 'sig'
key: |
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDJynH/TZjqPtTy
wDSieMFtFvfnnMO0ZSQ7tdwRN2362iDJQvmtv4iIAkplUz6wWXpPZhI5lcI0BeQ5
WB+aX3SLAVNnENTZPuBkMUH1F+fhxA+VbunC3gvC1sBVjMGo6HkviKXt8qCEHPlK
62wUrxYw6Nir7qqTWp6gXVwzbzuuyvw1zRL42jcU4j7XnVZAx5wUnLXM9mxHB9O8
Fn0o9DqusN7uSAzcB6dLRBHfcR2p4e+Z1cR0tPhbkNpSuQHbaiet7IrTlI5ejN2/
tPeaCoJ6WaLof2lx8zbNfD3YKcthYGYslGowl2aoz3i9ozKAUoy0FttOhCNiMmqb
+j0WNaFzAgMBAAECggEAOiPQrZjrdo5s55ZWc/tr66UC/2ItBvRfOK8AvZslXnHr
oWFhM9zsFxfl3ITcGo5lTawgkyPhhQCvjZAk5uMa3pQetiLk2MUjfOquUNI29tb5
EHqY8pLse5JJbzyzbZmxlO7/s+vEsNvyPdJP3TPHJodoKj2FOxiQfK75ij5ByW3i
rXu4mT2hQsyl6r3NGjhP2SW8XwSQopMYY5G1CefPyWXJnm53v9a/8Rc66Brnw1LT
mJWeUcF44TSgAksWBnNFKbmn1nAKdqHZ3N39Zzm+HlB8Jm26nkBoqil8HL0keYUB
7iC8j16hfzn8ccTxXMa2eWwtZT6BtFnMibRXZqglPQKBgQDqVJ/bMdBwqosFFLeZ
pygI2e+znTAeNfYT5EIYq0G2t3ruRgLMUulQGV5HaT3v7Z3dZakDOkxP3cqKBIhu
wld+skKxb2UrySPxXYrgXDSCEaLm6ASRMz4UtwW29xjEL4rKyH1oheVXFHUUDjyV
mh82gNC5R/nUXKGFJeS3ZFwP9wKBgQDcc39jkZ5Rba8TUgjp8WVbsPwDyHCle9Ts
jbdUnRXEfWisD14YA8l68QXELhcI9tw969euwD6pcdgOvgm91K2NpPVx8jckLsnm
gpUcOJSWsYXqCaIBRu4JBNfMZHE4/vy1JEP7JqSEyUgrb17C5Cb++CXES/FMk5g4
CkT8V+wTZQKBgE7fewsBgmJZ1P850O6kB+Kq0HbJgse4bAKYAvNguXax3WvUHt79
TVDLqSMqNlHKzicWL8RJXCRJyAGasv1s5pxbjf1BPHF3e2Sjkrof7wCUxRspn1fs
QoogbIkANNLcGcBVqXiEEQS1ew7sF9JXFQh4ZUjoBBxJrYgukAR2gFJTAoGAcILh
+UdQre509D9iHUP+nxVtCeE63LqeqTyK3LxvZ6E50tblBwynv/9TGhUL3J9hOJkt
sxqa4JAh3SRQhHoPOcN/IXClg+n9UZBD2etmqqJf3lqcPFqfEitOmBqLTrOU9j5U
E9JdFQhFtSVaD82xuV+cptq7hIGvpqpXGxMkgaECgYEAtQLHG7vONJTkhVmBlF0q
+Be21fKTyy+dAN57EIIqIVcLQZXzqZcWr3bqkwbBUYUXmHPCEdW58NamCI1u3aIr
Pm4BbOL6vuiKcvspuD8htfYXlHj3Z2Ouho8kAcq7+JT4j2uOAb9+k17BFm3bFZJ1
aWGVCmzxlb2sDvRVwGD4G10=
-----END PRIVATE KEY-----
cors:
allowed_origins_from_client_redirect_uris: true
endpoints:
- 'userinfo'
- 'authorization'
- 'token'
- 'revocation'
- 'introspection'
clients:
- client_id: 'wWXrRkVCMDkwNHTm2.d-A4yWyXjxwmvYv~jb9XxlVx5Cb_SfEb.ma3x1.KFZyDbxuE2aS3Iy'
client_name: 'NetBird'
client_secret: '$pbkdf2-sha512$310000$HcYlWJDCNyqCkcW8Zc9.yQ$4EGMr6nOkEeuFLLbCNVKLjbfVquMvA0eP9vQAI6lS9Uzq2CVG0qezS3liaquhaE0wSUcBCix/LlI5LbCR5EJsg' # The digest of 'insecure_secret'.
public: false
authorization_policy: 'two_factor'
require_pkce: false
pkce_challenge_method: ''
redirect_uris:
- 'https://netbird.akanealw.com/peers'
- 'https://netbird.akanealw.com/add-peers'
- 'https://netbird.akanealw.com/oauth2/callback'
scopes:
- 'openid'
- 'email'
- 'profile'
response_types:
- 'code'
grant_types:
- 'authorization_code'
access_token_signed_response_alg: 'none'
userinfo_signed_response_alg: 'none'
token_endpoint_auth_method: 'client_secret_post'
authentication_backend:
file:
path: '/config/users_database.yml'
access_control:
default_policy: 'deny'
networks:
- name: internal
networks:
- '10.0.0.0/8'
- '192.168.0.0/16'
- '172.16.0.0/12'
rules:
## bypass all domains and subdomains from local ips
- domain:
- aknlw.com
- '*.aknlw.com'
- akanealw.com
- '*.akanealw.com'
networks:
- 'internal'
policy: 'bypass'
## bypass api paths
- domain:
- '*.akanealw.com'
resources:
- "^/api([/?].*)?$"
- "^/add([/?].*)?$"
- "^/public([/?].*)?$"
policy: 'bypass'
## bypass domains with own 2fa
- domain:
- aknlw.com
- bitwarden.akanealw.com
- gitea.akanealw.com
- gitea-docker.akanealw.com
- jellyfin.akanealw.com
- nextcloud.akanealw.com
policy: 'bypass'
## all other domains
- domain:
- akanealw.com
- '*.akanealw.com'
policy: 'two_factor'
session:
# This secret can also be set using the env variables AUTHELIA_SESSION_SECRET_FILE
secret: 'm4fHZHAtR3KTmnwvY9NnI2uu8OjnxYkuQjNHtcaozCI='
cookies:
- name: 'authelia_session'
domain: 'akanealw.com' # Should match whatever your root protected domain is
authelia_url: 'https://auth.akanealw.com'
expiration: '1 hour'
inactivity: '5 minutes'
redis:
host: 'redis'
port: 6379
password: 'IKjU1KidPjRmUrT5yp2G9ud+6'
regulation:
max_retries: 3
find_time: '2 minutes'
ban_time: '5 minutes'
storage:
encryption_key: 'cF/hDHPpp3ab7vOGgniKsQ9zYPl9n5zIihL/DzLaMAk='
local:
path: '/config/db.sqlite3'
notifier:
smtp:
username: 'notify.akanealw@gmail.com'
password: 'xlgektpntvirzavi'
address: 'smtp://smtp.gmail.com:587'
sender: 'notify.akanealw@gmail.com'
Reference in New Issue View Git Blame Copy Permalink