authelia/internal/suites/Standalone/configuration.yml

144 lines
3.3 KiB
YAML
Raw Permalink Normal View History

---
2019-01-30 22:33:14 +00:00
###############################################################
# Authelia minimal configuration #
###############################################################
theme: auto
server:
address: 'tcp://:9091'
tls:
certificate: /pki/public.backend.crt
key: /pki/private.backend.pem
2023-06-23 19:19:56 +00:00
grpc:
address: 'tcp://0.0.0.0:9092'
disableTLS: false
telemetry:
metrics:
enabled: true
address: tcp://0.0.0.0:9959
log:
2023-06-23 19:19:56 +00:00
level: trace
2019-01-30 22:33:14 +00:00
authentication_backend:
file:
path: /config/users.yml
2019-01-30 22:33:14 +00:00
session:
expiration: 3600
inactivity: 300
remember_me: 1y
cookies:
- domain: 'example.com'
authelia_url: 'https://login.example.com:8080'
2023-06-23 19:19:56 +00:00
- domain: 'rpjosh.de'
authelia_url: 'https://ubuntugui.rpjosh.de:9091'
2019-01-30 22:33:14 +00:00
storage:
encryption_key: a_not_so_secure_encryption_key
2019-01-30 22:33:14 +00:00
local:
path: /tmp/db.sqlite3
2019-01-30 22:33:14 +00:00
totp:
issuer: example.com
access_control:
default_policy: deny
rules:
- domain: singlefactor.example.com
2019-01-30 22:33:14 +00:00
policy: one_factor
- domain: public.example.com
policy: bypass
- domain: secure.example.com
policy: bypass
methods:
- OPTIONS
- domain: secure.example.com
policy: two_factor
- domain: "*.example.com"
2019-01-30 22:33:14 +00:00
subject: "group:admins"
policy: two_factor
- domain: dev.example.com
resources:
- "^/users/john/.*$"
2019-01-30 22:33:14 +00:00
subject: "user:john"
policy: two_factor
- domain: dev.example.com
resources:
- "^/users/harry/.*$"
2019-01-30 22:33:14 +00:00
subject: "user:harry"
policy: two_factor
- domain: "*.mail.example.com"
2019-01-30 22:33:14 +00:00
subject: "user:bob"
policy: two_factor
- domain: dev.example.com
resources:
- "^/users/bob/.*$"
2019-01-30 22:33:14 +00:00
subject: "user:bob"
policy: two_factor
2023-06-23 19:19:56 +00:00
- domain: auth.rpjosh.de
policy: bypass
- domain: datenbank.rpjosh.de
resources:
- "^/$"
policy: bypass
- domain: datenbank.rpjosh.de
resources:
- "^/hi.*$"
policy: one_factor
regulation:
2019-01-30 22:33:14 +00:00
# Set it to 0 to disable max_retries.
max_retries: 3
# The user is banned if the authentication failed `max_retries` times in a `find_time` seconds window.
find_time: 300
2019-01-30 22:33:14 +00:00
# The length of time before a banned user can login again.
ban_time: 900
2019-01-30 22:33:14 +00:00
notifier:
smtp:
address: 'smtp://smtp:1025'
2019-01-30 22:33:14 +00:00
sender: admin@example.com
disable_require_tls: true
ntp:
## NTP server address
address: "time.cloudflare.com:123"
## ntp version
version: 4
## "maximum desynchronization" is the allowed offset time between the host and the ntp server
max_desync: 3s
## You can enable or disable the NTP synchronization check on startup
disable_startup_check: false
password_policy:
standard:
# Enables standard password Policy
enabled: false
min_length: 8
max_length: 0
require_uppercase: true
require_lowercase: true
require_number: true
require_special: true
zxcvbn:
## zxcvbn: uses zxcvbn for password strength checking (see: https://github.com/dropbox/zxcvbn)
## Note that the zxcvbn option does not prohibit the user from using a weak password,
## it only offers feedback about the strength of the password they are entering.
## if you need to enforce password rules, you should use `mode=classic`
enabled: false
...