|
|
|
##############################################################################
|
|
|
|
# Authelia configuration #
|
|
|
|
##############################################################################
|
|
|
|
|
|
|
|
server:
|
|
|
|
host: 0.0.0.0
|
|
|
|
port: 8080 # if you need this changed make sure it reflects also in the docker-compose.yml
|
|
|
|
log:
|
|
|
|
level: info
|
|
|
|
jwt_secret: # insert secret
|
|
|
|
default_redirection_url: https://auth.jaredtsmith.com
|
|
|
|
totp:
|
|
|
|
issuer: jaredtsmith.com
|
|
|
|
period: 30
|
|
|
|
skew: 1
|
|
|
|
|
|
|
|
authentication_backend:
|
|
|
|
password_reset:
|
|
|
|
disable: false
|
|
|
|
file:
|
|
|
|
path: /config/users_database.yml # Make sure this file exists
|
|
|
|
password:
|
|
|
|
algorithm: argon2id
|
|
|
|
iterations: 1
|
|
|
|
salt_length: 16
|
|
|
|
parallelism: 8
|
|
|
|
memory: 64
|
|
|
|
|
|
|
|
access_control:
|
|
|
|
default_policy: deny
|
|
|
|
rules:
|
|
|
|
# Rules applied to everyone
|
|
|
|
- domain:
|
|
|
|
- "auth.jaredtsmith.com"
|
|
|
|
- "wikidata.jaredtsmith.com"
|
|
|
|
policy: bypass
|
|
|
|
- domain: # Proxies only requiring username and password
|
|
|
|
- "wiki.jaredtsmith.com"
|
|
|
|
- "wikidata-admin.jaredtsmith.com"
|
|
|
|
policy: one_factor
|
|
|
|
- domain: # Proxies needing 2 factor below
|
|
|
|
- "budget.jaredtsmith.com"
|
|
|
|
- "budget1.jaredtsmith.com"
|
|
|
|
policy: two_factor
|
|
|
|
|
|
|
|
|
|
|
|
session:
|
|
|
|
name: authelia_session
|
|
|
|
secret: # insert secret
|
|
|
|
expiration: 3600 # 1 hour
|
|
|
|
inactivity: 7200 # 2 hours
|
|
|
|
domain: jaredtsmith.com # Needs to be your root domain
|
|
|
|
|
|
|
|
redis:
|
|
|
|
host: authelia_redis_1
|
|
|
|
port: 6379
|
|
|
|
password: # insert secret
|
|
|
|
|
|
|
|
regulation:
|
|
|
|
max_retries: 5
|
|
|
|
find_time: 2m
|
|
|
|
ban_time: 10m
|
|
|
|
|
|
|
|
theme: dark # options: dark, light
|
|
|
|
|
|
|
|
storage:
|
|
|
|
encryption_key: # insert secret
|
|
|
|
local:
|
|
|
|
path: /config/db.sqlite3
|
|
|
|
|
|
|
|
notifier:
|
|
|
|
smtp:
|
|
|
|
username: admin@jaredtsmith.com
|
|
|
|
password: # insert password
|
|
|
|
host: mail.jaredtsmith.com
|
|
|
|
port: 465 # 25 non-ssl, 443 ssl, 587 tls
|
|
|
|
sender: authelia@auth.jaredtsmith.com
|
|
|
|
subject: "[Authelia] {title}"
|
|
|
|
disable_require_tls: true # set to true if your domain uses no tls or ssl only
|
|
|
|
disable_html_emails: false # set to true if you don't want html in your emails
|
|
|
|
|
|
|
|
identity_providers:
|
|
|
|
oidc:
|
|
|
|
hmac_secret:
|
|
|
|
issuer_private_key: |
|
|
|
|
--- KEY START
|
|
|
|
--- KEY END
|
|
|
|
access_token_lifespan: 1h
|
|
|
|
authorize_code_lifespan: 1m
|
|
|
|
id_token_lifespan: 1h
|
|
|
|
refresh_token_lifespan: 90m
|
|
|
|
enable_client_debug_messages: false
|
|
|
|
clients:
|
|
|
|
- id: outline
|
|
|
|
description: Outline Wiki
|
|
|
|
secret:
|
|
|
|
public: false
|
|
|
|
authorization_policy: one_factor
|
|
|
|
audience: []
|
|
|
|
scopes:
|
|
|
|
- openid
|
|
|
|
- groups
|
|
|
|
- email
|
|
|
|
- profile
|
|
|
|
redirect_uris:
|
|
|
|
- https://wiki.jaredtsmith.com/auth/oidc.callback
|
|
|
|
grant_types:
|
|
|
|
- refresh_token
|
|
|
|
- authorization_code
|
|
|
|
response_types:
|
|
|
|
- code
|
|
|
|
response_modes:
|
|
|
|
- form_post
|
|
|
|
- query
|
|
|
|
- fragment
|
|
|
|
userinfo_signing_algorithm: none
|