authelia/internal/suites/HighAvailability/configuration.yml

###############################################################
#                   Authelia configuration                    #
###############################################################

port: 9091
tls_cert: /config/ssl/cert.pem
tls_key: /config/ssl/key.pem

log_level: debug

jwt_secret: unsecure_secret

totp:
  issuer: authelia.com

authentication_backend:
  ldap:
    url: ldap://openldap
    base_dn: dc=example,dc=com
    username_attribute: uid
    additional_users_dn: ou=users
    users_filter: (&({username_attribute}={input})(objectClass=person))
    additional_groups_dn: ou=groups
    groups_filter: (&(member={dn})(objectclass=groupOfNames))
    group_name_attribute: cn
    mail_attribute: mail
    user: cn=admin,dc=example,dc=com
    password: password

access_control:
  default_policy: deny

  rules:
    # Rules applied to everyone
    - domain: public.example.com
      policy: bypass
    - domain: secure.example.com
      policy: two_factor
    - domain: singlefactor.example.com
      policy: one_factor

    # Rules applied to 'admins' group
    - domain: mx2.mail.example.com
      subject: "group:admins"
      policy: deny

    # Rules applied to user 'john'
    - domain: "*.example.com"
      subject: "user:john"
      policy: two_factor

    - domain: "*.example.com"
      subject: "group:admins"
      policy: two_factor

    # Rules applied to 'dev' group
    - domain: dev.example.com
      resources:
        - "^/groups/dev/.*$"
      subject: "group:dev"
      policy: two_factor

    # Rules applied to user 'harry'
    - domain: dev.example.com
      resources:
        - "^/users/harry/.*$"
      subject: "user:harry"
      policy: two_factor

    # Rules applied to user 'bob'
    - domain: "*.mail.example.com"
      subject: "user:bob"
      policy: two_factor
    - domain: "dev.example.com"
      resources:
        - "^/users/bob/.*$"
      subject: "user:bob"
      policy: two_factor

session:
  name: authelia_session
  secret: unsecure_session_secret
  expiration: 3600 # 1 hour
  inactivity: 300 # 5 minutes
  domain: example.com
  redis:
    host: redis
    port: 6379
    password: authelia
  remember_me_duration: 1y

regulation:
  max_retries: 3
  find_time: 8
  ban_time: 10

storage:
  mysql:
    host: mariadb
    port: 3306
    database: authelia
    username: admin
    password: password

notifier:
  smtp:
    host: smtp
    port: 1025
    sender: admin@example.com
    disable_require_tls: true
Add config file in complete suite and remove useless files. 2019-01-30 22:36:58 +00:00			`###############################################################`
			`# Authelia configuration #`
			`###############################################################`

			`port: 9091`
[FEATURE] Docker simplification and configuration generation (#1113) * [FEATURE] Docker simplification and configuration generation The Authelia binary now will attempt to generate configuration based on the latest template assuming that the config location specified on startup does not exist. If a file based backend is selected and the backend cannot be found similarly it will generate a `user_database.yml` based a template. This will allow more seamless bootstrapping of an environment no matter the deployment method. We have also squashed the Docker volume requirement down to just `/config` thus removing the requirement for `/var/lib/authelia` this is primarily in attempts to simplify the Docker deployment. Users with the old volume mappings have two options: 1. Change their mappings to conform to `/config` 2. Change the container entrypoint from `authelia --config /config/configuration.yml` to their old mapping * Adjust paths relative to `/etc/authelia` and simplify to single volume for compose * Add generation for file backend based user database * Refactor Docker volumes and paths to /config * Refactor Docker WORKDIR to /app * Fix integration tests * Update BREAKING.md for v4.20.0 * Run go mod tidy * Fix log_file_path in miscellaneous.md docs * Generate config and userdb with 0600 permissions * Fix log_file_path in config.template.yml 2020-06-17 06:25:35 +00:00			`tls_cert: /config/ssl/cert.pem`
			`tls_key: /config/ssl/key.pem`
Add config file in complete suite and remove useless files. 2019-01-30 22:36:58 +00:00
[FEATURE] [BREAKING] Support writing logs in a file. (#686) * [FEATURE] Support writing logs in a file. * Add documentation about logs file path. * Rename logs_level and logs_file_path into log_level and log_file_path. * Update BREAKING.md Fixes #338 Co-authored-by: Amir Zarrinkafsh <nightah@me.com> 2020-03-09 19:57:53 +00:00			`log_level: debug`
Add config file in complete suite and remove useless files. 2019-01-30 22:36:58 +00:00
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture. 2019-04-24 21:52:08 +00:00			`jwt_secret: unsecure_secret`

Add config file in complete suite and remove useless files. 2019-01-30 22:36:58 +00:00			`totp:`
			`issuer: authelia.com`

			`authentication_backend:`
			`ldap:`
Declare suites as Go structs and bootstrap e2e test framework in Go. Some tests are not fully rewritten in Go, a typescript wrapper is called instead until we remove the remaining TS tests and dependencies. Also, dockerize every components (mainly Authelia backend, frontend and kind) so that the project does not interfere with user host anymore (open ports for instance). The only remaining intrusive change is the one done during bootstrap to add entries in /etc/hosts. It will soon be avoided using authelia.com domain that I own. 2019-11-02 14:32:58 +00:00			`url: ldap://openldap`
Add config file in complete suite and remove useless files. 2019-01-30 22:36:58 +00:00			`base_dn: dc=example,dc=com`
[BUGFIX] [BREAKING] Set username retrieved from authentication backend in session. (#687) * [BUGFIX] Set username retrieved from authentication backend in session. In some setups, binding is case insensitive but Authelia is case sensitive and therefore need the actual username as stored in the authentication backend in order for Authelia to work correctly. Fixes #561. * Use uid attribute as unique user identifier in suites. * Fix the integration tests. * Update config.template.yml * Compute user filter based on username attribute and users_filter. The filter provided in users_filter is now combined with a filter based on the username attribute to perform the LDAP search query finding a user object from the username. * Fix LDAP based integration tests. * Update `users_filter` reference examples 2020-03-15 07:10:25 +00:00			`username_attribute: uid`
Add config file in complete suite and remove useless files. 2019-01-30 22:36:58 +00:00			`additional_users_dn: ou=users`
[FEATURE][BREAKING] Allow users to sign in with email. (#792) * [FEATURE][BREAKING] Allow users to sign in with email. The users_filter purpose evolved with the introduction of username_attribute but is reverted here to allow the most flexibility. users_filter is now the actual filter used for searching the user and not a sub-filter based on the username_attribute anymore. * {input} placeholder has been introduced to later deprecate {0} which has been kept for backward compatibility. * {username_attribute} and {mail_attribute} are new placeholders used to back reference other configuration options. Fix #735 * [MISC] Introduce new placeholders for groups_filter too. * [MISC] Update BREAKING.md to mention the change regarding users_filter. * [MISC] Fix unit and integration tests. * Log an error message in console when U2F is not supported. * Apply suggestions from code review * Update BREAKING.md Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com> Co-authored-by: Amir Zarrinkafsh <nightah@me.com> 2020-03-30 22:36:04 +00:00			`users_filter: (&({username_attribute}={input})(objectClass=person))`
Add config file in complete suite and remove useless files. 2019-01-30 22:36:58 +00:00			`additional_groups_dn: ou=groups`
			`groups_filter: (&(member={dn})(objectclass=groupOfNames))`
			`group_name_attribute: cn`
			`mail_attribute: mail`
			`user: cn=admin,dc=example,dc=com`
			`password: password`

			`access_control:`
			`default_policy: deny`

			`rules:`
			`# Rules applied to everyone`
			`- domain: public.example.com`
[BREAKING] Create a suite for kubernetes tests. Authelia client uses hash router instead of browser router in order to work with Kubernetes nginx-ingress-controller. This is also better for users having old browsers. This commit is breaking because it requires to change the configuration of the proxy to include the # in the URL of the login portal. 2019-03-03 22:51:52 +00:00			`policy: bypass`
			`- domain: secure.example.com`
Add config file in complete suite and remove useless files. 2019-01-30 22:36:58 +00:00			`policy: two_factor`
[BREAKING] Create a suite for kubernetes tests. Authelia client uses hash router instead of browser router in order to work with Kubernetes nginx-ingress-controller. This is also better for users having old browsers. This commit is breaking because it requires to change the configuration of the proxy to include the # in the URL of the login portal. 2019-03-03 22:51:52 +00:00			`- domain: singlefactor.example.com`
Add config file in complete suite and remove useless files. 2019-01-30 22:36:58 +00:00			`policy: one_factor`

Fix and parallelize integration tests. 2019-11-30 16:49:52 +00:00			`# Rules applied to 'admins' group`
[BREAKING] Create a suite for kubernetes tests. Authelia client uses hash router instead of browser router in order to work with Kubernetes nginx-ingress-controller. This is also better for users having old browsers. This commit is breaking because it requires to change the configuration of the proxy to include the # in the URL of the login portal. 2019-03-03 22:51:52 +00:00			`- domain: mx2.mail.example.com`
Fix and parallelize integration tests. 2019-11-30 16:49:52 +00:00			`subject: "group:admins"`
Add config file in complete suite and remove useless files. 2019-01-30 22:36:58 +00:00			`policy: deny`
[BREAKING] Create a suite for kubernetes tests. Authelia client uses hash router instead of browser router in order to work with Kubernetes nginx-ingress-controller. This is also better for users having old browsers. This commit is breaking because it requires to change the configuration of the proxy to include the # in the URL of the login portal. 2019-03-03 22:51:52 +00:00
			`# Rules applied to user 'john'`
Declare suites as Go structs and bootstrap e2e test framework in Go. Some tests are not fully rewritten in Go, a typescript wrapper is called instead until we remove the remaining TS tests and dependencies. Also, dockerize every components (mainly Authelia backend, frontend and kind) so that the project does not interfere with user host anymore (open ports for instance). The only remaining intrusive change is the one done during bootstrap to add entries in /etc/hosts. It will soon be avoided using authelia.com domain that I own. 2019-11-02 14:32:58 +00:00			`- domain: "*.example.com"`
			`subject: "user:john"`
[BREAKING] Create a suite for kubernetes tests. Authelia client uses hash router instead of browser router in order to work with Kubernetes nginx-ingress-controller. This is also better for users having old browsers. This commit is breaking because it requires to change the configuration of the proxy to include the # in the URL of the login portal. 2019-03-03 22:51:52 +00:00			`policy: two_factor`

Declare suites as Go structs and bootstrap e2e test framework in Go. Some tests are not fully rewritten in Go, a typescript wrapper is called instead until we remove the remaining TS tests and dependencies. Also, dockerize every components (mainly Authelia backend, frontend and kind) so that the project does not interfere with user host anymore (open ports for instance). The only remaining intrusive change is the one done during bootstrap to add entries in /etc/hosts. It will soon be avoided using authelia.com domain that I own. 2019-11-02 14:32:58 +00:00			`- domain: "*.example.com"`
Fix and parallelize integration tests. 2019-11-30 16:49:52 +00:00			`subject: "group:admins"`
Add config file in complete suite and remove useless files. 2019-01-30 22:36:58 +00:00			`policy: two_factor`

			`# Rules applied to 'dev' group`
			`- domain: dev.example.com`
			`resources:`
Declare suites as Go structs and bootstrap e2e test framework in Go. Some tests are not fully rewritten in Go, a typescript wrapper is called instead until we remove the remaining TS tests and dependencies. Also, dockerize every components (mainly Authelia backend, frontend and kind) so that the project does not interfere with user host anymore (open ports for instance). The only remaining intrusive change is the one done during bootstrap to add entries in /etc/hosts. It will soon be avoided using authelia.com domain that I own. 2019-11-02 14:32:58 +00:00			`- "^/groups/dev/.*$"`
			`subject: "group:dev"`
Add config file in complete suite and remove useless files. 2019-01-30 22:36:58 +00:00			`policy: two_factor`

			`# Rules applied to user 'harry'`
			`- domain: dev.example.com`
			`resources:`
Declare suites as Go structs and bootstrap e2e test framework in Go. Some tests are not fully rewritten in Go, a typescript wrapper is called instead until we remove the remaining TS tests and dependencies. Also, dockerize every components (mainly Authelia backend, frontend and kind) so that the project does not interfere with user host anymore (open ports for instance). The only remaining intrusive change is the one done during bootstrap to add entries in /etc/hosts. It will soon be avoided using authelia.com domain that I own. 2019-11-02 14:32:58 +00:00			`- "^/users/harry/.*$"`
			`subject: "user:harry"`
Add config file in complete suite and remove useless files. 2019-01-30 22:36:58 +00:00			`policy: two_factor`

			`# Rules applied to user 'bob'`
Declare suites as Go structs and bootstrap e2e test framework in Go. Some tests are not fully rewritten in Go, a typescript wrapper is called instead until we remove the remaining TS tests and dependencies. Also, dockerize every components (mainly Authelia backend, frontend and kind) so that the project does not interfere with user host anymore (open ports for instance). The only remaining intrusive change is the one done during bootstrap to add entries in /etc/hosts. It will soon be avoided using authelia.com domain that I own. 2019-11-02 14:32:58 +00:00			`- domain: "*.mail.example.com"`
			`subject: "user:bob"`
Add config file in complete suite and remove useless files. 2019-01-30 22:36:58 +00:00			`policy: two_factor`
Declare suites as Go structs and bootstrap e2e test framework in Go. Some tests are not fully rewritten in Go, a typescript wrapper is called instead until we remove the remaining TS tests and dependencies. Also, dockerize every components (mainly Authelia backend, frontend and kind) so that the project does not interfere with user host anymore (open ports for instance). The only remaining intrusive change is the one done during bootstrap to add entries in /etc/hosts. It will soon be avoided using authelia.com domain that I own. 2019-11-02 14:32:58 +00:00			`- domain: "dev.example.com"`
Add config file in complete suite and remove useless files. 2019-01-30 22:36:58 +00:00			`resources:`
Declare suites as Go structs and bootstrap e2e test framework in Go. Some tests are not fully rewritten in Go, a typescript wrapper is called instead until we remove the remaining TS tests and dependencies. Also, dockerize every components (mainly Authelia backend, frontend and kind) so that the project does not interfere with user host anymore (open ports for instance). The only remaining intrusive change is the one done during bootstrap to add entries in /etc/hosts. It will soon be avoided using authelia.com domain that I own. 2019-11-02 14:32:58 +00:00			`- "^/users/bob/.*$"`
			`subject: "user:bob"`
Add config file in complete suite and remove useless files. 2019-01-30 22:36:58 +00:00			`policy: two_factor`

			`session:`
			`name: authelia_session`
			`secret: unsecure_session_secret`
Update expiration timeouts from milliseconds to seconds. 2019-12-06 08:59:32 +00:00			`expiration: 3600 # 1 hour`
			`inactivity: 300 # 5 minutes`
Add config file in complete suite and remove useless files. 2019-01-30 22:36:58 +00:00			`domain: example.com`
			`redis:`
Declare suites as Go structs and bootstrap e2e test framework in Go. Some tests are not fully rewritten in Go, a typescript wrapper is called instead until we remove the remaining TS tests and dependencies. Also, dockerize every components (mainly Authelia backend, frontend and kind) so that the project does not interfere with user host anymore (open ports for instance). The only remaining intrusive change is the one done during bootstrap to add entries in /etc/hosts. It will soon be avoided using authelia.com domain that I own. 2019-11-02 14:32:58 +00:00			`host: redis`
Add config file in complete suite and remove useless files. 2019-01-30 22:36:58 +00:00			`port: 6379`
			`password: authelia`
[FEATURE] Remember Me Configuration (#813) * [FEATURE] Remember Me Configuration * allow users to specify the duration of remember me using remember_me_duration in session config * setting the duration to 0 disables remember me * only render the remember me element if remember me is enabled * prevent malicious users from faking remember me functionality in the backend * add string to duration helper called ParseDurationString to parse a string into a duration * added tests to the helper function * use the SessionProvider to store the time.Duration instead of parsing it over and over again * add sec doc, adjust month/min, consistency * renamed internal/utils/constants.go to internal/utils/const.go to be consistent * added security measure docs * adjusted default remember me duration to be 1 month instead of 1 year * utilize default remember me duration in the autheliaCtx mock * adjust order of keys in session configuration examples * add notes on session security measures secret only being redis * add TODO items for duration notation for both Expiration and Inactivity (will be removed soon) * fix error text for Inactivity in the validator * add session validator tests * deref check bodyJSON.KeepMeLoggedIn and derive the value based on conf and user input and store it (DRY) * remove unnecessary regex for the simplified ParseDurationString utility * ParseDurationString only accepts decimals without leading zeros now * comprehensively test all unit types * remove unnecessary type unions in web * add test to check sanity of time duration consts, this is just so they can't be accidentally changed * simplify deref check and assignment * fix reset password padding/margins * adjust some doc wording * adjust the handler configuration suite test * actually run the handler configuration suite test (whoops) * reduce the number of regex's used by ParseDurationString to 1, thanks to Clement * adjust some error wording 2020-04-03 23:11:33 +00:00			`remember_me_duration: 1y`
Add config file in complete suite and remove useless files. 2019-01-30 22:36:58 +00:00
			`regulation:`
			`max_retries: 3`
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture. 2019-04-24 21:52:08 +00:00			`find_time: 8`
			`ban_time: 10`
Add config file in complete suite and remove useless files. 2019-01-30 22:36:58 +00:00
			`storage:`
Add support for PostgreSQL. 2019-11-16 19:50:58 +00:00			`mysql:`
Deprecate mongo and add mariadb as storage backend option. 2019-11-16 10:38:21 +00:00			`host: mariadb`
Fix and parallelize integration tests. 2019-11-30 16:49:52 +00:00			`port: 3306`
Add config file in complete suite and remove useless files. 2019-01-30 22:36:58 +00:00			`database: authelia`
Deprecate mongo and add mariadb as storage backend option. 2019-11-16 10:38:21 +00:00			`username: admin`
			`password: password`
Add config file in complete suite and remove useless files. 2019-01-30 22:36:58 +00:00
			`notifier:`
			`smtp:`
Declare suites as Go structs and bootstrap e2e test framework in Go. Some tests are not fully rewritten in Go, a typescript wrapper is called instead until we remove the remaining TS tests and dependencies. Also, dockerize every components (mainly Authelia backend, frontend and kind) so that the project does not interfere with user host anymore (open ports for instance). The only remaining intrusive change is the one done during bootstrap to add entries in /etc/hosts. It will soon be avoided using authelia.com domain that I own. 2019-11-02 14:32:58 +00:00			`host: smtp`
Add config file in complete suite and remove useless files. 2019-01-30 22:36:58 +00:00			`port: 1025`
			`sender: admin@example.com`
Force TLS and valid x509 certs in SMTP Notifier by default - Adjust AUTH LOGIN functionality to be closer to AUTH PLAIN - Removed: secure (notifier smtp conf) boolean string - Added: disable_verify_cert (notifier smtp conf) boolean - disables X509 validation of certificates - Added: disable_require_tls (notifier smtp conf) boolean - allows emails to be sent over plain text (for non-authenticated only) - Added: trusted_cert (notifier smtp conf) string (path) - allows specifying the path of a PEM format cert to add to trusted cert pool - Make SMTP notifier return errors on connection over plain text - Make SMTP notifier return errors on TLS connection with invalid certs - Implemented various debug logging for the SMTP notifier - Implemented explicit SMTP closes on errors (previously left con open) - Split SMTPNotifier Send func to seperate funcs for: - writing future test suites and startup checks more easily - organization and readability - Add details of changes to docs/security.yml - Adjust config.yml's (template and test) for the changes 2019-12-30 02:03:51 +00:00			`disable_require_tls: true`