--- # Authelia Configuration File ## Server Configuration server: ## Server options address: 'tcp://:9091' asset_path: '/config/assets/' ## Endpoints endpoints: authz: forward-auth: implementation: 'ForwardAuth' ## Log Configuration log: level: 'info' format: 'text' ## Theme Configuration theme: 'light' ## JWT Secret jwt_secret: '5812e26c776947f2fae8a9cc80605e59a895b7b6df573af284a4c3db9115411c' ## Default Redirection URL default_redirection_url: 'https://3launchpad.com' ## TOTP Configuration totp: disable_reuse_security_policy: false issuer: 'Authelia' algorithm: 'sha1' digits: 6 period: 30 skew: 1 secret_size: 32 ## WebAuthn Configuration webauthn: disable: false display_name: 'Authelia' attestation_conveyance_preference: 'indirect' user_verification: 'preferred' timeout: '60s' ## Duo Push API Configuration (optional) # duo_api: # hostname: 'api-123456789.duosecurity.com' # integration_key: 'ABCDEF' # secret_key: 'GHIJKLMNOPQRSTUVWXYZ' ## Authentication Backend Configuration authentication_backend: ## Password Reset password_reset: disable: false custom_url: '' ## Refresh Interval refresh_interval: '5m' ## LDAP Configuration (uncomment and configure if using LDAP) # ldap: # implementation: 'custom' # address: 'ldap://127.0.0.1:389' # timeout: '5s' # start_tls: false # skip_verify: false # base_dn: 'dc=example,dc=com' # username_attribute: 'uid' # additional_users_dn: 'ou=users' # users_filter: '(&({username_attribute}={input})(objectClass=person))' # additional_groups_dn: 'ou=groups' # groups_filter: '(&(member={dn})(objectclass=groupOfNames))' # group_name_attribute: 'cn' # mail_attribute: 'mail' # display_name_attribute: 'displayName' # user: 'cn=admin,dc=example,dc=com' # password: 'password' ## File Configuration file: path: '/config/users_database.yml' watch: false search: email: false case_insensitive: false password: algorithm: 'argon2' argon2: variant: 'argon2id' iterations: 3 memory: 65536 parallelism: 4 key_length: 32 salt_length: 16 ## Access Control Configuration access_control: ## Default Policy default_policy: 'deny' ## Networks (optional, for IP-based rules) networks: - name: 'internal' networks: - '10.0.0.0/8' - '172.16.0.0/12' - '192.168.0.0/16' ## Rules rules: ## Authelia itself - domain: 'auth.gate.3la' policy: 'bypass' ## Admin access - domain: - 'traefik.gate.3launchpad.com' - 'portainer.gate.3launchpad.com' policy: 'two_factor' subject: - 'group:admins' ## General protected services - domain: '*.gate.3launchpad.com' policy: 'one_factor' ## Session Configuration session: ## Session Name name: 'authelia_session' ## Session Domain domain: 'gate.3launchpad.com' ## Session Secret secret: 'dcc8a066488b44cf185777f12a56bc0540bce2b3034e0b77c6118a9545dac831' ## Session Expiration expiration: '1h' inactivity: '5m' ## Remember Me remember_me_duration: '1M' ## Cookies Configuration cookies: - domain: 'gate.3launchpad.com' authelia_url: 'https://auth.gate.3launchpad.com' default_redirection_url: 'https://gate.3launchpad.com' ## Redis Configuration (uncomment if using Redis) # redis: # host: 'redis' # port: 6379 # password: '' # database_index: 0 # maximum_active_connections: 8 # minimum_idle_connections: 0 ## Regulation Configuration regulation: max_retries: 3 find_time: '2m' ban_time: '5m' ## Storage Configuration storage: ## Database Engine local: path: '/config/db.sqlite3' ## MySQL Configuration (alternative to local) # mysql: # address: 'tcp://mysql:3306' # database: 'authelia' # username: 'authelia' # password: 'password' # timeout: '5s' ## PostgreSQL Configuration (alternative to local) # postgres: # address: 'tcp://postgres:5432' # database: 'authelia' # schema: 'public' # username: 'authelia' # password: 'password' # timeout: '5s' # ssl: # mode: 'disable' ## Notification Configuration notifier: ## Disable Startup Check disable_startup_check: false ## File System Notifier (for development/testing) filesystem: filename: '/config/notification.txt' ## SMTP Configuration (for production) # smtp: # address: 'smtp://mail.example.com:587' # username: 'authelia@example.com' # password: 'password' # sender: 'Authelia ' # identifier: 'authelia' # subject: '[Authelia] {title}' # startup_check_address: 'test@authelia.com' # disable_require_tls: false # disable_html_emails: false # disable_starttls: false # tls: # skip_verify: false # minimum_version: 'TLS1.2' # maximum_version: 'TLS1.3' ## Identity Providers Configuration (optional) # identity_providers: # oidc: # hmac_secret: 'GENERATE_RANDOM_HMAC_SECRET' # issuer_private_key: | # -----BEGIN RSA PRIVATE KEY----- # ... # -----END RSA PRIVATE KEY----- # access_token_lifespan: '1h' # authorize_code_lifespan: '1m' # id_token_lifespan: '1h' # refresh_token_lifespan: '90m' # enable_client_debug_messages: false # clients: # - id: 'myapp' # description: 'My Application' # secret: '$pbkdf2-sha512$310000$...' # public: false # authorization_policy: 'two_factor' # redirect_uris: # - 'https://myapp.example.com/callback' # scopes: # - 'openid' # - 'profile' # - 'email' # - 'groups' # userinfo_signing_algorithm: 'none'