fix(env): Rename HOSTNAME to APP_HOSTNAME to avoid conflicts and update related configurations

authelia/configuration.yml

@@ -1,31 +1,36 @@
-# Authelia Configuration File
+# Authelia Configuration File v4.38+
 # Documentation: https://www.authelia.com/configuration/
 
-# Default configuration options affecting multiple sections.
-default_redirection_url: ${AUTHELIA_DEFAULT_REDIRECT_URL}
-
-# Server settings (listening address, paths, etc.)
+# Server settings using the new 'address' format
 server:
-  host: 0.0.0.0
-  port: 9091
+  # host: 0.0.0.0 # Deprecated
+  # port: 9091 # Deprecated
+  address: 'tcp://0.0.0.0:9091' # Listen on all interfaces, port 9091
 
 # Logging configuration
 log:
   level: info
   format: text # or json
 
-# Session configuration
+# Session configuration using the new 'domains' list format
 session:
   name: authelia_session
   secret: ${AUTHELIA_SESSION_SECRET}
   expiration: 1h # Adjust as needed
   inactivity: 5m # Adjust as needed
-  domain: ${AUTHELIA_SESSION_DOMAIN} # Set from .env
+  # domain: ${AUTHELIA_SESSION_DOMAIN} # Deprecated top-level domain
   redis:
     host: redis
     port: 6379
+    # Set password directly here instead of relying on potentially problematic env var
     password: ${AUTHELIA_REDIS_PASSWORD}
     database_index: 0
+  # Define session domains explicitly
+  domains:
+    - domain: ${APP_HOSTNAME} # Use the renamed variable from .env
+      default_redirection_url: https://${APP_HOSTNAME}/home # Default redirect after login
+      # Optional: Define specific Authelia portal URL if different from domain root
+      # authelia_url: https://${APP_HOSTNAME}/
 
 # Regulation (brute force protection)
 regulation:
@@ -34,10 +39,11 @@ regulation:
   ban_time: 5m
 
 # Storage (for user preferences, etc. - encrypted using storage key)
+# Using SQLite as defined. Ensure Redis above is only for session state.
 storage:
   encryption_key: ${AUTHELIA_STORAGE_ENCRYPTION_KEY}
   local:
-    path: /config/db.sqlite3 # Example using SQLite for simple storage needs
+    path: /config/db.sqlite3
 
 # Authentication backend (using file-based user database)
 authentication_backend:
@@ -56,21 +62,28 @@ access_control:
   default_policy: deny # Deny access by default
   rules:
     # Rule to allow authenticated users access to the domain
-    - domain: ${AUTHELIA_SESSION_DOMAIN}
+    # Use the renamed variable APP_HOSTNAME here as well
+    - domain: ${APP_HOSTNAME}
       policy: one_factor # Requires username/password
 
-# Notifier (Optional, for password resets, etc. - configure if needed)
-# notifier:
-#   smtp:
-#     address: smtp.example.com:587
-#     username: user@example.com
-#     password: password
-#     sender: Authelia <authelia@example.com>
-#     subject: "[Authelia] {title}"
-#     startup_check_address: test@authelia.com
+# Notifier configuration (Required since v4.38+)
+# Added basic filesystem notifier to satisfy the requirement.
+# Configure SMTP if you need email notifications (e.g., password reset).
+notifier:
+  filesystem:
+    filename: /config/notification.txt
+  # smtp:
+  #   address: smtp.example.com:587
+  #   username: user@example.com
+  #   password: password # Consider using secrets
+  #   sender: Authelia <authelia@example.com>
+  #   subject: "[Authelia] {title}"
+  #   startup_check_address: test@authelia.com
 
-# JWT configuration (used for forwardAuth)
-jwt_secret: ${AUTHELIA_JWT_SECRET}
+# Identity Validation (includes JWT secret for password reset, moved from top level)
+identity_validation:
+  reset_password:
+    jwt_secret: ${AUTHELIA_JWT_SECRET} # Moved from top level
 
 # Identity Providers (None configured for this setup)
 identity_providers: