iamthefij
/
authelia-cloudron
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
authelia-cloudron/config.template.yml

155 lines
4.6 KiB
YAML
Raw Permalink Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

###############################################################
# Authelia configuration #
###############################################################
# The port to listen on
port: 3000
# Log level
#
# Level of verbosity for logs
logs_level: debug
# Default redirection URL
#
# If user tries to authenticate without any referer, Authelia
# does not know where to redirect the user to at the end of the
# authentication process.
# This parameter allows you to specify the default redirection
# URL Authelia will use in such a case.
#
# Note: this parameter is optional. If not provided, user won't
# be redirected upon successful authentication.
default_redirection_url: ##DEFAULT_REDIRECT_URL
# TOTP Issuer Name
#
# This will be the issuer name displayed in Google Authenticator
# See: https://github.com/google/google-authenticator/wiki/Key-Uri-Format for more info on issuer names
totp:
issuer: ##APP_DOMAIN
# The authentication backend to use for verifying user passwords
# and retrieve information such as email address and groups
# users belong to.
#
# There are two supported backends: `ldap` and `file`.
authentication_backend:
# LDAP backend configuration.
#
# This backend allows Authelia to be scaled to more
# than one instance and therefore is recommended for
# production.
ldap:
# The url of the ldap server
url: ##LDAP_URL
# The base dn for every entries
base_dn: dc=cloudron
# An additional dn to define the scope to all users
# additional_users_dn: ##LDAP_USERS_BASE_DN
additional_users_dn: ou=users
# The users filter used to find the user DN
# {0} is a matcher replaced by username.
# 'cn={0}' by default.
users_filter: (&(objectclass=user)(|(username={0})(mail={0})))
# An additional dn to define the scope of groups
# additional_groups_dn: ##LDAP_GROUPS_BASE_DN
additional_groups_dn: ou=groups
# The groups filter used for retrieving groups of a given user.
# {0} is a matcher replaced by username.
# {dn} is a matcher replaced by user DN.
# {uid} is a matcher replaced by user uid.
# 'member={dn}' by default.
groups_filter: (&(memberuid={uid})(objectclass=group))
# The attribute holding the name of the group
group_name_attribute: cn
# The attribute holding the mail address of the user
mail_attribute: mail
# The username and password of the admin user.
user: ##LDAP_BIND_DN
password: ##LDAP_BIND_PASSWORD
# Access Control must be customized in /app/data/config.yml
# access_control:
# Configuration of session cookies
#
# The session cookies identify the user once logged in.
session:
# The name of the session cookie. (default: authelia_session).
name: authelia_session
# The secret to encrypt the session cookie.
secret: ##SESSION_SECRET
# The time in ms before the cookie expires and session is reset.
expiration: 3600000 # 1 hour
# The inactivity time in ms before the session is reset.
inactivity: 300000 # 5 minutes
# The domain to protect.
# Note: the authenticator must also be in that domain. If empty, the cookie
# is restricted to the subdomain of the issuer.
domain: ##APP_DOMAIN
# The redis connection details
redis:
host: ##REDIS_HOST
port: ##REDIS_PORT
password: ##REDIS_PASSWORD
# Configuration of the authentication regulation mechanism.
#
# This mechanism prevents attackers from brute forcing the first factor.
# It bans the user if too many attempts are done in a short period of
# time.
regulation:
# The number of failed login attempts before user is banned.
# Set it to 0 to disable regulation.
max_retries: 3
# The time range during which the user can attempt login before being banned.
# The user is banned if the authenticaction failed `max_retries` times in a `find_time` seconds window.
find_time: 120
# The length of time before a banned user can login again.
ban_time: 300
# Configuration of the storage backend used to store data and secrets.
#
# You must use only an available configuration: local, mongo
storage:
# Settings to connect to mongo server
mongo:
url: ##MONGODB_URL
database: ##MONGODB_DATABASE
auth:
username: ##MONGODB_USERNAME
password: ##MONGODB_PASSWORD
# Configuration of the notification system.
#
# Notifications are sent to users when they require a password reset, a u2f
# registration or a TOTP registration.
# Use only an available configuration: filesystem, gmail
notifier:
# Use a SMTP server for sending notifications
smtp:
username: ##MAIL_SMTP_USERNAME
password: ##MAIL_SMTP_PASSWORD
secure: false
host: ##MAIL_SMTP_SERVER
port: ##MAIL_SMTP_PORT
sender: ##MAIL_FROM
Reference in New Issue View Git Blame Copy Permalink