aki
8a52e6894f
Some checks failed
/ validate-docker-compose (push) Has been cancelled
- Introduced Redis service for session management with health checks. - Added Authelia service for user authentication with necessary environment variables. - Configured Traefik to use Authelia as middleware for various services. - Created Authelia configuration file with session, storage, and access control settings. - Added user database for Authelia with an example admin user.
84 lines
2.3 KiB
YAML
84 lines
2.3 KiB
YAML
# Authelia Configuration File
|
|
# Documentation: https://www.authelia.com/configuration/
|
|
|
|
# Default configuration options affecting multiple sections.
|
|
default_redirection_url: ${AUTHELIA_DEFAULT_REDIRECT_URL}
|
|
|
|
# Server settings (listening address, paths, etc.)
|
|
server:
|
|
host: 0.0.0.0
|
|
port: 9091
|
|
|
|
# Logging configuration
|
|
log:
|
|
level: info
|
|
format: text # or json
|
|
|
|
# Session configuration
|
|
session:
|
|
name: authelia_session
|
|
secret: ${AUTHELIA_SESSION_SECRET}
|
|
expiration: 1h # Adjust as needed
|
|
inactivity: 5m # Adjust as needed
|
|
domain: ${AUTHELIA_SESSION_DOMAIN} # Set from .env
|
|
redis:
|
|
host: redis
|
|
port: 6379
|
|
password: ${AUTHELIA_REDIS_PASSWORD}
|
|
database_index: 0
|
|
|
|
# Regulation (brute force protection)
|
|
regulation:
|
|
max_retries: 3
|
|
find_time: 2m
|
|
ban_time: 5m
|
|
|
|
# Storage (for user preferences, etc. - encrypted using storage key)
|
|
storage:
|
|
encryption_key: ${AUTHELIA_STORAGE_ENCRYPTION_KEY}
|
|
local:
|
|
path: /config/db.sqlite3 # Example using SQLite for simple storage needs
|
|
|
|
# Authentication backend (using file-based user database)
|
|
authentication_backend:
|
|
file:
|
|
path: /config/users_database.yml
|
|
password:
|
|
algorithm: argon2id # Recommended hashing algorithm
|
|
iterations: 1
|
|
memory: 1024 # MiB
|
|
parallelism: 8
|
|
salt_length: 16
|
|
key_length: 32
|
|
|
|
# Access control rules
|
|
access_control:
|
|
default_policy: deny # Deny access by default
|
|
rules:
|
|
# Rule to allow authenticated users access to the domain
|
|
- domain: ${AUTHELIA_SESSION_DOMAIN}
|
|
policy: one_factor # Requires username/password
|
|
|
|
# Notifier (Optional, for password resets, etc. - configure if needed)
|
|
# notifier:
|
|
# smtp:
|
|
# address: smtp.example.com:587
|
|
# username: user@example.com
|
|
# password: password
|
|
# sender: Authelia <authelia@example.com>
|
|
# subject: "[Authelia] {title}"
|
|
# startup_check_address: test@authelia.com
|
|
|
|
# JWT configuration (used for forwardAuth)
|
|
jwt_secret: ${AUTHELIA_JWT_SECRET}
|
|
|
|
# Identity Providers (None configured for this setup)
|
|
identity_providers:
|
|
oidc: null # Explicitly disable OIDC
|
|
|
|
# Enable registration (requires manual approval by editing users_database.yml)
|
|
# Set 'enable: true' to allow users to register.
|
|
# They will be added to users_database.yml commented out or with disabled: true.
|
|
# registration:
|
|
# enable: false # Set to true to enable registration form
|