You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
116 lines
2.9 KiB
116 lines
2.9 KiB
############################################################################## |
|
# Authelia configuration # |
|
############################################################################## |
|
|
|
server: |
|
host: 0.0.0.0 |
|
port: 8080 # if you need this changed make sure it reflects also in the docker-compose.yml |
|
log: |
|
level: info |
|
jwt_secret: # insert secret |
|
default_redirection_url: https://auth.jaredtsmith.com |
|
totp: |
|
issuer: jaredtsmith.com |
|
period: 30 |
|
skew: 1 |
|
|
|
authentication_backend: |
|
password_reset: |
|
disable: false |
|
file: |
|
path: /config/users_database.yml # Make sure this file exists |
|
password: |
|
algorithm: argon2id |
|
iterations: 1 |
|
salt_length: 16 |
|
parallelism: 8 |
|
memory: 64 |
|
|
|
access_control: |
|
default_policy: deny |
|
rules: |
|
# Rules applied to everyone |
|
- domain: |
|
- "auth.jaredtsmith.com" |
|
- "wikidata.jaredtsmith.com" |
|
policy: bypass |
|
- domain: # Proxies only requiring username and password |
|
- "wiki.jaredtsmith.com" |
|
- "wikidata-admin.jaredtsmith.com" |
|
policy: one_factor |
|
- domain: # Proxies needing 2 factor below |
|
- "budget.jaredtsmith.com" |
|
- "budget1.jaredtsmith.com" |
|
policy: two_factor |
|
|
|
|
|
session: |
|
name: authelia_session |
|
secret: # insert secret |
|
expiration: 3600 # 1 hour |
|
inactivity: 7200 # 2 hours |
|
domain: jaredtsmith.com # Needs to be your root domain |
|
|
|
redis: |
|
host: authelia-redis-1 |
|
port: 6379 |
|
password: # insert secret |
|
|
|
regulation: |
|
max_retries: 5 |
|
find_time: 2m |
|
ban_time: 10m |
|
|
|
theme: dark # options: dark, light |
|
|
|
storage: |
|
encryption_key: # insert secret |
|
local: |
|
path: /config/db.sqlite3 |
|
|
|
notifier: |
|
smtp: |
|
username: admin@jaredtsmith.com |
|
password: # insert password |
|
host: mail.jaredtsmith.com |
|
port: 465 # 25 non-ssl, 443 ssl, 587 tls |
|
sender: authelia@auth.jaredtsmith.com |
|
subject: "[Authelia] {title}" |
|
disable_require_tls: true # set to true if your domain uses no tls or ssl only |
|
disable_html_emails: false # set to true if you don't want html in your emails |
|
|
|
identity_providers: |
|
oidc: |
|
hmac_secret: |
|
issuer_private_key: | |
|
--- KEY START |
|
--- KEY END |
|
access_token_lifespan: 1h |
|
authorize_code_lifespan: 1m |
|
id_token_lifespan: 1h |
|
refresh_token_lifespan: 90m |
|
enable_client_debug_messages: false |
|
clients: |
|
- id: outline |
|
description: Outline Wiki |
|
secret: |
|
public: false |
|
authorization_policy: one_factor |
|
audience: [] |
|
scopes: |
|
- openid |
|
- groups |
|
- email |
|
- profile |
|
redirect_uris: |
|
- https://wiki.jaredtsmith.com/auth/oidc.callback |
|
grant_types: |
|
- refresh_token |
|
- authorization_code |
|
response_types: |
|
- code |
|
response_modes: |
|
- form_post |
|
- query |
|
- fragment |
|
userinfo_signing_algorithm: none
|
|
|