############################################################################## # Authelia configuration # ############################################################################## server: host: 0.0.0.0 port: 8080 # if you need this changed make sure it reflects also in the docker-compose.yml log: level: info jwt_secret: # insert secret default_redirection_url: https://auth.jaredtsmith.com totp: issuer: jaredtsmith.com period: 30 skew: 1 authentication_backend: password_reset: disable: false file: path: /config/users_database.yml # Make sure this file exists password: algorithm: argon2id iterations: 1 salt_length: 16 parallelism: 8 memory: 64 access_control: default_policy: deny rules: # Rules applied to everyone - domain: - "auth.jaredtsmith.com" - "wikidata.jaredtsmith.com" policy: bypass - domain: # Proxies only requiring username and password - "wiki.jaredtsmith.com" - "wikidata-admin.jaredtsmith.com" policy: one_factor - domain: # Proxies needing 2 factor below - "budget.jaredtsmith.com" - "budget1.jaredtsmith.com" policy: two_factor session: name: authelia_session secret: # insert secret expiration: 3600 # 1 hour inactivity: 7200 # 2 hours domain: jaredtsmith.com # Needs to be your root domain redis: host: authelia_redis_1 port: 6379 password: # insert secret regulation: max_retries: 5 find_time: 2m ban_time: 10m theme: dark # options: dark, light storage: encryption_key: # insert secret local: path: /config/db.sqlite3 notifier: smtp: username: admin@jaredtsmith.com password: # insert password host: mail.jaredtsmith.com port: 465 # 25 non-ssl, 443 ssl, 587 tls sender: authelia@auth.jaredtsmith.com subject: "[Authelia] {title}" disable_require_tls: true # set to true if your domain uses no tls or ssl only disable_html_emails: false # set to true if you don't want html in your emails identity_providers: oidc: hmac_secret: issuer_private_key: | --- KEY START --- KEY END access_token_lifespan: 1h authorize_code_lifespan: 1m id_token_lifespan: 1h refresh_token_lifespan: 90m enable_client_debug_messages: false clients: - id: outline description: Outline Wiki secret: public: false authorization_policy: one_factor audience: [] scopes: - openid - groups - email - profile redirect_uris: - https://wiki.jaredtsmith.com/auth/oidc.callback grant_types: - refresh_token - authorization_code response_types: - code response_modes: - form_post - query - fragment userinfo_signing_algorithm: none