authelia/internal/suites/NetworkACL/configuration.yml

---
###############################################################
#                Authelia minimal configuration               #
###############################################################

server:
  address: 'tcp://:9091'
  tls:
    certificate: '/pki/public.backend.crt'
    key: '/pki/private.backend.pem'

log:
  level: 'debug'

jwt_secret: 'unsecure_password'

authentication_backend:
  file:
    path: '/config/users.yml'

session:
  secret: 'unsecure_session_secret'
  expiration: '1h'  # 1 hour
  inactivity: '5m'  # 5 minutes
  remember_me: '1y'
  cookies:
    - domain: 'example.com'
      authelia_url: 'https://login.example.com:8080'

# Configuration of the storage backend used to store data and secrets. i.e. totp data
storage:
  encryption_key: 'a_not_so_secure_encryption_key'
  local:
    path: '/config/db.sqlite'

# Access Control
#
# Access control is a set of rules you can use to restrict user access to certain
# resources.
access_control:
  default_policy: 'deny'
  networks:
    - name: 'Clients'
      networks:
        - 192.168.240.202/32
        - 192.168.240.203/32
  rules:
    - domain: 'secure.example.com'
      policy: 'one_factor'
      networks:
        - 192.168.240.201/32

    - domain: 'secure.example.com'
      policy: 'bypass'
      networks:
        - 'Clients'

    - domain: 'secure.example.com'
      policy: 'two_factor'

# Configuration of the authentication regulation mechanism.
regulation:
  # Set it to 0 to disable max_retries.
  max_retries: 3
  # The user is banned if the authentication failed `max_retries` times in a `find_time` seconds window.
  find_time: '5m'
  # The length of time before a banned user can login again.
  ban_time: '15m'

notifier:
  # Use a SMTP server for sending notifications
  smtp:
    address: 'smtp://smtp:1025'
    sender: 'admin@example.com'
    disable_require_tls: true
...
ci: add yamllint (#1895) This change implements yamllint and adjusts all yaml files to abide by our linting setup. This excludes config.template.yml as this will be done in an alternate commit. 2021-04-10 20:51:00 +00:00			`---`
Add network criteria in ACLs to specify policy based on network subnet. 2019-03-27 22:09:01 +00:00			`###############################################################`
			`# Authelia minimal configuration #`
			`###############################################################`

feat(configuration): replace several configuration options (#2209) This change adjusts several global options moving them into the server block. It additionally notes other breaking changes in the configuration. BREAKING CHANGE: Several configuration options have been changed and moved into other sections. Migration instructions are documented here: https://authelia.com/docs/configuration/migration.html#4.30.0 2021-08-02 11:55:30 +00:00			`server:`
feat(authentication): suport ldap over unix socket (#5397) This adds support for LDAP unix sockets using the ldapi scheme. In addition it improves all of the address related parsing significantly deprecating old options. Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com> 2023-05-07 06:39:17 +00:00			`address: 'tcp://:9091'`
feat(configuration): replace several configuration options (#2209) This change adjusts several global options moving them into the server block. It additionally notes other breaking changes in the configuration. BREAKING CHANGE: Several configuration options have been changed and moved into other sections. Migration instructions are documented here: https://authelia.com/docs/configuration/migration.html#4.30.0 2021-08-02 11:55:30 +00:00			`tls:`
refactor: single quote yaml strings Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com> 2023-05-07 06:41:41 +00:00			`certificate: '/pki/public.backend.crt'`
			`key: '/pki/private.backend.pem'`
Add network criteria in ACLs to specify policy based on network subnet. 2019-03-27 22:09:01 +00:00
refactor(configuration): use key log instead of logging (#2072) * refactor: logging config key to log This refactors the recent pre-release change adding log options to their own configuration section in favor of a log section (from logging). * docs: add step to getting started to get the latest tagged commit This is so we avoid issues with changes on master having differences that don't work on the latest docker tag. * test: adjust tests * docs: adjust doc strings 2021-06-08 13:15:43 +00:00			`log:`
refactor: single quote yaml strings Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com> 2023-05-07 06:41:41 +00:00			`level: 'debug'`
Add network criteria in ACLs to specify policy based on network subnet. 2019-03-27 22:09:01 +00:00
refactor: single quote yaml strings Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com> 2023-05-07 06:41:41 +00:00			`jwt_secret: 'unsecure_password'`
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture. 2019-04-24 21:52:08 +00:00
Add network criteria in ACLs to specify policy based on network subnet. 2019-03-27 22:09:01 +00:00			`authentication_backend:`
			`file:`
refactor: single quote yaml strings Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com> 2023-05-07 06:41:41 +00:00			`path: '/config/users.yml'`
Add network criteria in ACLs to specify policy based on network subnet. 2019-03-27 22:09:01 +00:00
			`session:`
refactor: single quote yaml strings Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com> 2023-05-07 06:41:41 +00:00			`secret: 'unsecure_session_secret'`
			`expiration: '1h' # 1 hour`
			`inactivity: '5m' # 5 minutes`
			`remember_me: '1y'`
feat(server): customizable authz endpoints (#4296) This allows users to customize the authz endpoints. Closes #2753, Fixes #3716 Co-authored-by: Amir Zarrinkafsh <nightah@me.com> 2023-01-25 09:36:40 +00:00			`cookies:`
			`- domain: 'example.com'`
			`authelia_url: 'https://login.example.com:8080'`
Add network criteria in ACLs to specify policy based on network subnet. 2019-03-27 22:09:01 +00:00
			`# Configuration of the storage backend used to store data and secrets. i.e. totp data`
			`storage:`
refactor: single quote yaml strings Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com> 2023-05-07 06:41:41 +00:00			`encryption_key: 'a_not_so_secure_encryption_key'`
Add network criteria in ACLs to specify policy based on network subnet. 2019-03-27 22:09:01 +00:00			`local:`
refactor: single quote yaml strings Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com> 2023-05-07 06:41:41 +00:00			`path: '/config/db.sqlite'`
Add network criteria in ACLs to specify policy based on network subnet. 2019-03-27 22:09:01 +00:00
			`# Access Control`
			`#`
Declare suites as Go structs and bootstrap e2e test framework in Go. Some tests are not fully rewritten in Go, a typescript wrapper is called instead until we remove the remaining TS tests and dependencies. Also, dockerize every components (mainly Authelia backend, frontend and kind) so that the project does not interfere with user host anymore (open ports for instance). The only remaining intrusive change is the one done during bootstrap to add entries in /etc/hosts. It will soon be avoided using authelia.com domain that I own. 2019-11-02 14:32:58 +00:00			`# Access control is a set of rules you can use to restrict user access to certain`
Add network criteria in ACLs to specify policy based on network subnet. 2019-03-27 22:09:01 +00:00			`# resources.`
			`access_control:`
refactor: single quote yaml strings Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com> 2023-05-07 06:41:41 +00:00			`default_policy: 'deny'`
[FEATURE] Validate ACLs and add network groups (#1568) * adds validation to ACL's * adds a new networks section that can be used as aliases in other sections (currently access_control) 2021-01-04 10:55:23 +00:00			`networks:`
refactor: single quote yaml strings Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com> 2023-05-07 06:41:41 +00:00			`- name: 'Clients'`
[FEATURE] Validate ACLs and add network groups (#1568) * adds validation to ACL's * adds a new networks section that can be used as aliases in other sections (currently access_control) 2021-01-04 10:55:23 +00:00			`networks:`
			`- 192.168.240.202/32`
			`- 192.168.240.203/32`
Add network criteria in ACLs to specify policy based on network subnet. 2019-03-27 22:09:01 +00:00			`rules:`
refactor: single quote yaml strings Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com> 2023-05-07 06:41:41 +00:00			`- domain: 'secure.example.com'`
			`policy: 'one_factor'`
Add network criteria in ACLs to specify policy based on network subnet. 2019-03-27 22:09:01 +00:00			`networks:`
			`- 192.168.240.201/32`

refactor: single quote yaml strings Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com> 2023-05-07 06:41:41 +00:00			`- domain: 'secure.example.com'`
			`policy: 'bypass'`
Add network criteria in ACLs to specify policy based on network subnet. 2019-03-27 22:09:01 +00:00			`networks:`
refactor: single quote yaml strings Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com> 2023-05-07 06:41:41 +00:00			`- 'Clients'`
Add network criteria in ACLs to specify policy based on network subnet. 2019-03-27 22:09:01 +00:00
refactor: single quote yaml strings Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com> 2023-05-07 06:41:41 +00:00			`- domain: 'secure.example.com'`
			`policy: 'two_factor'`
Add network criteria in ACLs to specify policy based on network subnet. 2019-03-27 22:09:01 +00:00
			`# Configuration of the authentication regulation mechanism.`
Declare suites as Go structs and bootstrap e2e test framework in Go. Some tests are not fully rewritten in Go, a typescript wrapper is called instead until we remove the remaining TS tests and dependencies. Also, dockerize every components (mainly Authelia backend, frontend and kind) so that the project does not interfere with user host anymore (open ports for instance). The only remaining intrusive change is the one done during bootstrap to add entries in /etc/hosts. It will soon be avoided using authelia.com domain that I own. 2019-11-02 14:32:58 +00:00			`regulation:`
Add network criteria in ACLs to specify policy based on network subnet. 2019-03-27 22:09:01 +00:00			`# Set it to 0 to disable max_retries.`
			`max_retries: 3`
Misc Spelling Corrections - Mostly changes to spelling of comments/docs/displayed text - A few changes to test function names 2020-01-21 00:10:00 +00:00			# The user is banned if the authentication failed `max_retries` times in a `find_time` seconds window.
refactor: single quote yaml strings Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com> 2023-05-07 06:41:41 +00:00			`find_time: '5m'`
Add network criteria in ACLs to specify policy based on network subnet. 2019-03-27 22:09:01 +00:00			`# The length of time before a banned user can login again.`
refactor: single quote yaml strings Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com> 2023-05-07 06:41:41 +00:00			`ban_time: '15m'`
Add network criteria in ACLs to specify policy based on network subnet. 2019-03-27 22:09:01 +00:00
			`notifier:`
			`# Use a SMTP server for sending notifications`
			`smtp:`
feat(authentication): suport ldap over unix socket (#5397) This adds support for LDAP unix sockets using the ldapi scheme. In addition it improves all of the address related parsing significantly deprecating old options. Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com> 2023-05-07 06:39:17 +00:00			`address: 'smtp://smtp:1025'`
refactor: single quote yaml strings Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com> 2023-05-07 06:41:41 +00:00			`sender: 'admin@example.com'`
ci: add yamllint (#1895) This change implements yamllint and adjusts all yaml files to abide by our linting setup. This excludes config.template.yml as this will be done in an alternate commit. 2021-04-10 20:51:00 +00:00			`disable_require_tls: true`
			`...`