aki/docker-compose-nas
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
docker-compose-nas/authelia/configuration.yml
aki 91873062c9
Some checks failed
/ validate-docker-compose (push) Has been cancelled
Details
fix(env): Rename HOSTNAME to APP_HOSTNAME to avoid conflicts and update related configurations
2025-04-25 21:52:38 +08:00

97 lines
3.1 KiB
YAML
Raw Blame History

# Authelia Configuration File v4.38+
# Documentation: https://www.authelia.com/configuration/
# Server settings using the new 'address' format
server:
# host: 0.0.0.0 # Deprecated
# port: 9091 # Deprecated
address: 'tcp://0.0.0.0:9091' # Listen on all interfaces, port 9091
# Logging configuration
log:
level: info
format: text # or json
# Session configuration using the new 'domains' list format
session:
name: authelia_session
secret: ${AUTHELIA_SESSION_SECRET}
expiration: 1h # Adjust as needed
inactivity: 5m # Adjust as needed
# domain: ${AUTHELIA_SESSION_DOMAIN} # Deprecated top-level domain
redis:
host: redis
port: 6379
# Set password directly here instead of relying on potentially problematic env var
password: ${AUTHELIA_REDIS_PASSWORD}
database_index: 0
# Define session domains explicitly
domains:
- domain: ${APP_HOSTNAME} # Use the renamed variable from .env
default_redirection_url: https://${APP_HOSTNAME}/home # Default redirect after login
# Optional: Define specific Authelia portal URL if different from domain root
# authelia_url: https://${APP_HOSTNAME}/
# Regulation (brute force protection)
regulation:
max_retries: 3
find_time: 2m
ban_time: 5m
# Storage (for user preferences, etc. - encrypted using storage key)
# Using SQLite as defined. Ensure Redis above is only for session state.
storage:
encryption_key: ${AUTHELIA_STORAGE_ENCRYPTION_KEY}
local:
path: /config/db.sqlite3
# Authentication backend (using file-based user database)
authentication_backend:
file:
path: /config/users_database.yml
password:
algorithm: argon2id # Recommended hashing algorithm
iterations: 1
memory: 1024 # MiB
parallelism: 8
salt_length: 16
key_length: 32
# Access control rules
access_control:
default_policy: deny # Deny access by default
rules:
# Rule to allow authenticated users access to the domain
# Use the renamed variable APP_HOSTNAME here as well
- domain: ${APP_HOSTNAME}
policy: one_factor # Requires username/password
# Notifier configuration (Required since v4.38+)
# Added basic filesystem notifier to satisfy the requirement.
# Configure SMTP if you need email notifications (e.g., password reset).
notifier:
filesystem:
filename: /config/notification.txt
# smtp:
# address: smtp.example.com:587
# username: user@example.com
# password: password # Consider using secrets
# sender: Authelia <authelia@example.com>
# subject: "[Authelia] {title}"
# startup_check_address: test@authelia.com
# Identity Validation (includes JWT secret for password reset, moved from top level)
identity_validation:
reset_password:
jwt_secret: ${AUTHELIA_JWT_SECRET} # Moved from top level
# Identity Providers (None configured for this setup)
identity_providers:
oidc: null # Explicitly disable OIDC
# Enable registration (requires manual approval by editing users_database.yml)
# Set 'enable: true' to allow users to register.
# They will be added to users_database.yml commented out or with disabled: true.
# registration:
# enable: false # Set to true to enable registration form
Reference in New Issue View Git Blame Copy Permalink