76 lines
1.7 KiB
YAML
76 lines
1.7 KiB
YAML
# Authelia Configuration File v4.38+
|
|
# Documentation: https://www.authelia.com/configuration/
|
|
|
|
# Server settings
|
|
server:
|
|
address: 'tcp://0.0.0.0:9091'
|
|
|
|
# Logging configuration
|
|
log:
|
|
level: info
|
|
format: text
|
|
|
|
# Session configuration for v4.38+
|
|
session:
|
|
name: authelia_session
|
|
secret: ${AUTHELIA_SESSION_SECRET}
|
|
expiration: 1h
|
|
inactivity: 5m
|
|
redis:
|
|
host: redis
|
|
port: 6379
|
|
password: ${AUTHELIA_SESSION_REDIS_PASSWORD}
|
|
database_index: 0
|
|
cookies:
|
|
# Using a wildcard domain pattern - works for Tailscale domains
|
|
- domain: '*.ts.net'
|
|
authelia_url: 'https://tailscale-nas.ts.net'
|
|
default_redirection_url: 'https://tailscale-nas.ts.net/home'
|
|
same_site: lax
|
|
|
|
# Regulation (brute force protection)
|
|
regulation:
|
|
max_retries: 3
|
|
find_time: 2m
|
|
ban_time: 5m
|
|
|
|
# Storage (for user preferences, etc. - encrypted using storage key)
|
|
storage:
|
|
encryption_key: ${AUTHELIA_STORAGE_ENCRYPTION_KEY}
|
|
local:
|
|
path: /config/db.sqlite3
|
|
|
|
# Authentication backend (using file-based user database)
|
|
authentication_backend:
|
|
file:
|
|
path: /config/users_database.yml
|
|
password:
|
|
algorithm: argon2id
|
|
iterations: 1
|
|
memory: 1024
|
|
parallelism: 8
|
|
salt_length: 16
|
|
key_length: 32
|
|
|
|
# Access control rules
|
|
access_control:
|
|
default_policy: deny
|
|
rules:
|
|
# This will match any Tailscale domain
|
|
- domain: '*.ts.net'
|
|
policy: one_factor
|
|
|
|
# Notifier configuration
|
|
notifier:
|
|
filesystem:
|
|
filename: /config/notification.txt
|
|
|
|
# Identity Validation (includes JWT secret for password reset)
|
|
identity_validation:
|
|
reset_password:
|
|
jwt_secret: ${AUTHELIA_JWT_SECRET}
|
|
|
|
# Identity Providers
|
|
identity_providers:
|
|
oidc: null
|