elfateh/launchpad-gateway
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
dc7871c9ec89bf0516c1921e0daa7febacda7502
launchpad-gateway/authelia/configuration.yml

248 lines
5.7 KiB
YAML
Raw Blame History

---
# Authelia Configuration File
## Server Configuration
server:
## Server options
address: 'tcp://:9091'
asset_path: '/config/assets/'
## Endpoints
endpoints:
authz:
forward-auth:
implementation: 'ForwardAuth'
## Log Configuration
log:
level: 'info'
format: 'text'
## Theme Configuration
theme: 'light'
## JWT Secret
jwt_secret: '5812e26c776947f2fae8a9cc80605e59a895b7b6df573af284a4c3db9115411c'
## Default Redirection URL
default_redirection_url: 'https://3launchpad.com'
## TOTP Configuration
totp:
disable_reuse_security_policy: false
issuer: 'Authelia'
algorithm: 'sha1'
digits: 6
period: 30
skew: 1
secret_size: 32
## WebAuthn Configuration
webauthn:
disable: false
display_name: 'Authelia'
attestation_conveyance_preference: 'indirect'
user_verification: 'preferred'
timeout: '60s'
## Duo Push API Configuration (optional)
# duo_api:
# hostname: 'api-123456789.duosecurity.com'
# integration_key: 'ABCDEF'
# secret_key: 'GHIJKLMNOPQRSTUVWXYZ'
## Authentication Backend Configuration
authentication_backend:
## Password Reset
password_reset:
disable: false
custom_url: ''
## Refresh Interval
refresh_interval: '5m'
## LDAP Configuration (uncomment and configure if using LDAP)
# ldap:
# implementation: 'custom'
# address: 'ldap://127.0.0.1:389'
# timeout: '5s'
# start_tls: false
# skip_verify: false
# base_dn: 'dc=example,dc=com'
# username_attribute: 'uid'
# additional_users_dn: 'ou=users'
# users_filter: '(&({username_attribute}={input})(objectClass=person))'
# additional_groups_dn: 'ou=groups'
# groups_filter: '(&(member={dn})(objectclass=groupOfNames))'
# group_name_attribute: 'cn'
# mail_attribute: 'mail'
# display_name_attribute: 'displayName'
# user: 'cn=admin,dc=example,dc=com'
# password: 'password'
## File Configuration
file:
path: '/config/users_database.yml'
watch: false
search:
email: false
case_insensitive: false
password:
algorithm: 'argon2'
argon2:
variant: 'argon2id'
iterations: 3
memory: 65536
parallelism: 4
key_length: 32
salt_length: 16
## Access Control Configuration
access_control:
## Default Policy
default_policy: 'deny'
## Networks (optional, for IP-based rules)
networks:
- name: 'internal'
networks:
- '10.0.0.0/8'
- '172.16.0.0/12'
- '192.168.0.0/16'
## Rules
rules:
## Authelia itself
- domain: 'auth.gate.3la'
policy: 'bypass'
## Admin access
- domain:
- 'traefik.gate.3launchpad.com'
- 'portainer.gate.3launchpad.com'
policy: 'two_factor'
subject:
- 'group:admins'
## General protected services
- domain: '*.gate.3launchpad.com'
policy: 'one_factor'
## Session Configuration
session:
## Session Name
name: 'authelia_session'
## Session Domain
domain: 'gate.3launchpad.com'
## Session Secret
secret: 'dcc8a066488b44cf185777f12a56bc0540bce2b3034e0b77c6118a9545dac831'
## Session Expiration
expiration: '1h'
inactivity: '5m'
## Remember Me
remember_me_duration: '1M'
## Cookies Configuration
cookies:
- domain: 'gate.3launchpad.com'
authelia_url: 'https://auth.gate.3launchpad.com'
default_redirection_url: 'https://gate.3launchpad.com'
## Redis Configuration (uncomment if using Redis)
# redis:
# host: 'redis'
# port: 6379
# password: ''
# database_index: 0
# maximum_active_connections: 8
# minimum_idle_connections: 0
## Regulation Configuration
regulation:
max_retries: 3
find_time: '2m'
ban_time: '5m'
## Storage Configuration
storage:
## Database Engine
local:
path: '/config/db.sqlite3'
## MySQL Configuration (alternative to local)
# mysql:
# address: 'tcp://mysql:3306'
# database: 'authelia'
# username: 'authelia'
# password: 'password'
# timeout: '5s'
## PostgreSQL Configuration (alternative to local)
# postgres:
# address: 'tcp://postgres:5432'
# database: 'authelia'
# schema: 'public'
# username: 'authelia'
# password: 'password'
# timeout: '5s'
# ssl:
# mode: 'disable'
## Notification Configuration
notifier:
## Disable Startup Check
disable_startup_check: false
## File System Notifier (for development/testing)
filesystem:
filename: '/config/notification.txt'
## SMTP Configuration (for production)
# smtp:
# address: 'smtp://mail.example.com:587'
# username: 'authelia@example.com'
# password: 'password'
# sender: 'Authelia <authelia@example.com>'
# identifier: 'authelia'
# subject: '[Authelia] {title}'
# startup_check_address: 'test@authelia.com'
# disable_require_tls: false
# disable_html_emails: false
# disable_starttls: false
# tls:
# skip_verify: false
# minimum_version: 'TLS1.2'
# maximum_version: 'TLS1.3'
## Identity Providers Configuration (optional)
# identity_providers:
# oidc:
# hmac_secret: 'GENERATE_RANDOM_HMAC_SECRET'
# issuer_private_key: |
# -----BEGIN RSA PRIVATE KEY-----
# ...
# -----END RSA PRIVATE KEY-----
# access_token_lifespan: '1h'
# authorize_code_lifespan: '1m'
# id_token_lifespan: '1h'
# refresh_token_lifespan: '90m'
# enable_client_debug_messages: false
# clients:
# - id: 'myapp'
# description: 'My Application'
# secret: '$pbkdf2-sha512$310000$...'
# public: false
# authorization_policy: 'two_factor'
# redirect_uris:
# - 'https://myapp.example.com/callback'
# scopes:
# - 'openid'
# - 'profile'
# - 'email'
# - 'groups'
# userinfo_signing_algorithm: 'none'
Reference in New Issue View Git Blame Copy Permalink