fix(authelia): Update configuration for v4.38+ with required variables and improved domain handling

authelia/configuration.yml

@@ -3,8 +3,6 @@
 
 # Server settings using the new 'address' format
 server:
-  # host: 0.0.0.0 # Deprecated
-  # port: 9091 # Deprecated
   address: 'tcp://0.0.0.0:9091' # Listen on all interfaces, port 9091
 
 # Logging configuration
@@ -16,19 +14,18 @@ log:
 session:
   name: authelia_session
   secret: ${AUTHELIA_SESSION_SECRET}
-  expiration: 1h # Adjust as needed
-  inactivity: 5m # Adjust as needed
-  # domain: ${AUTHELIA_SESSION_DOMAIN} # Deprecated top-level domain
+  expiration: 1h
+  inactivity: 5m
   redis:
     host: redis
     port: 6379
-    # Set password directly here instead of relying on potentially problematic env var
-    password: ${AUTHELIA_REDIS_PASSWORD}
+    password: ${AUTHELIA_SESSION_REDIS_PASSWORD}
     database_index: 0
   cookies:
-    - domain: ${APP_HOSTNAME}
-      authelia_url: https://${APP_HOSTNAME}
-      default_redirection_url: https://${APP_HOSTNAME}/home
+    # Use the wildcard domain pattern to match all subdomains
+    - domain: ${AUTHELIA_SESSION_DOMAIN}
+      authelia_url: ${AUTHELIA_DEFAULT_REDIRECTION_URL}
+      default_redirection_url: ${AUTHELIA_DEFAULT_REDIRECTION_URL}
 
 # Regulation (brute force protection)
 regulation:
@@ -37,7 +34,6 @@ regulation:
   ban_time: 5m
 
 # Storage (for user preferences, etc. - encrypted using storage key)
-# Using SQLite as defined. Ensure Redis above is only for session state.
 storage:
   encryption_key: ${AUTHELIA_STORAGE_ENCRYPTION_KEY}
   local:
@@ -59,36 +55,19 @@ authentication_backend:
 access_control:
   default_policy: deny # Deny access by default
   rules:
-    # Rule to allow authenticated users access to the domain
-    # Use the renamed variable APP_HOSTNAME here as well
-    - domain: ${APP_HOSTNAME}
+    - domain: ${AUTHELIA_SESSION_DOMAIN}
       policy: one_factor # Requires username/password
 
-# Notifier configuration (Required since v4.38+)
-# Added basic filesystem notifier to satisfy the requirement.
-# Configure SMTP if you need email notifications (e.g., password reset).
+# Notifier configuration
 notifier:
   filesystem:
     filename: /config/notification.txt
-  # smtp:
-  #   address: smtp.example.com:587
-  #   username: user@example.com
-  #   password: password # Consider using secrets
-  #   sender: Authelia <authelia@example.com>
-  #   subject: "[Authelia] {title}"
-  #   startup_check_address: test@authelia.com
 
-# Identity Validation (includes JWT secret for password reset, moved from top level)
+# Identity Validation (includes JWT secret for password reset)
 identity_validation:
   reset_password:
-    jwt_secret: ${AUTHELIA_JWT_SECRET} # Moved from top level
+    jwt_secret: ${AUTHELIA_JWT_SECRET}
 
-# Identity Providers (None configured for this setup)
+# Identity Providers
 identity_providers:
   oidc: null # Explicitly disable OIDC
-
-# Enable registration (requires manual approval by editing users_database.yml)
-# Set 'enable: true' to allow users to register.
-# They will be added to users_database.yml commented out or with disabled: true.
-# registration:
-#   enable: false # Set to true to enable registration form