RPJosh
/
authelia
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
authelia/internal/suites/Traefik2/configuration.yml

69 lines
1.3 KiB
YAML
Raw Normal View History

ci: add yamllint (#1895) This change implements yamllint and adjusts all yaml files to abide by our linting setup. This excludes config.template.yml as this will be done in an alternate commit.
2021-04-10 20:51:00 +00:00
---
Add Traefik2 suite and refactor Traefik suite (#562) * Update Traefik 1.x to v1.7.20 for integration tests * Add suite for Traefik 2.x * Refactor Traefik2 suite to utilise Docker labels * Move Traefik2 middleware definition to a file based provider * Expose Traefik2 dashboard The API/Dashboard can be reached at https://traefik.example.com:8080/ * Move Traefik frontend/backend definitions to Docker labels * Move Traefik2 router/service definitions to Docker labels * Normalise all Traefik configuration via labels and commands When the the middleware issue with Traefik 2.x (#476) is resolved this means all Traefik related configuration can be self-contained within the respective docker-compose.yml files. * Define ports for Authelia frontend/backend services * Adjust Traefik2 suite to new dev workflow * Normalise all Traefik2 middlewares via labels * Fix typo in middleware and comment labels specifying Traefik version
2020-01-19 10:06:37 +00:00
###############################################################
# Authelia minimal configuration #
###############################################################
feat(configuration): replace several configuration options (#2209) This change adjusts several global options moving them into the server block. It additionally notes other breaking changes in the configuration. BREAKING CHANGE: Several configuration options have been changed and moved into other sections. Migration instructions are documented here: https://authelia.com/docs/configuration/migration.html#4.30.0
2021-08-02 11:55:30 +00:00
jwt_secret: unsecure_secret
server:
port: 9091
feat: customizable static assets (#2597) * feat: customizable static assets This change provides the means to override specific assets from the embedded Go FS with files situated on disk. We only allow overriding the following files currently: * favicon.ico * logo.png * refactor(server): make logo string a const * refactor(suites): override favicon and use ntp3 in traefik2 suite * test(suites): test logo override in traefik2 suite * test(suites): test asset override fallback in traefik suite Closes #1630.
2021-11-15 08:37:58 +00:00
asset_path: /config/assets/
feat(configuration): replace several configuration options (#2209) This change adjusts several global options moving them into the server block. It additionally notes other breaking changes in the configuration. BREAKING CHANGE: Several configuration options have been changed and moved into other sections. Migration instructions are documented here: https://authelia.com/docs/configuration/migration.html#4.30.0
2021-08-02 11:55:30 +00:00
tls:
refactor(suites): use pki for oidc (#4913)
2023-02-11 04:37:54 +00:00
certificate: /pki/public.backend.crt
key: /pki/private.backend.pem
feat(server): customizable authz endpoints (#4296) This allows users to customize the authz endpoints. Closes #2753, Fixes #3716 Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2023-01-25 09:36:40 +00:00
endpoints:
authz:
forward-auth:
implementation: ForwardAuth
authn_strategies: []
Add Traefik2 suite and refactor Traefik suite (#562) * Update Traefik 1.x to v1.7.20 for integration tests * Add suite for Traefik 2.x * Refactor Traefik2 suite to utilise Docker labels * Move Traefik2 middleware definition to a file based provider * Expose Traefik2 dashboard The API/Dashboard can be reached at https://traefik.example.com:8080/ * Move Traefik frontend/backend definitions to Docker labels * Move Traefik2 router/service definitions to Docker labels * Normalise all Traefik configuration via labels and commands When the the middleware issue with Traefik 2.x (#476) is resolved this means all Traefik related configuration can be self-contained within the respective docker-compose.yml files. * Define ports for Authelia frontend/backend services * Adjust Traefik2 suite to new dev workflow * Normalise all Traefik2 middlewares via labels * Fix typo in middleware and comment labels specifying Traefik version
2020-01-19 10:06:37 +00:00
refactor(configuration): use key log instead of logging (#2072) * refactor: logging config key to log This refactors the recent pre-release change adding log options to their own configuration section in favor of a log section (from logging). * docs: add step to getting started to get the latest tagged commit This is so we avoid issues with changes on master having differences that don't work on the latest docker tag. * test: adjust tests * docs: adjust doc strings
2021-06-08 13:15:43 +00:00
log:
feat(configuration): add error and warn log levels (#2050) This is so levels like warn and error can be used to exclude info or warn messages. Additionally there is a reasonable refactoring of logging moving the log config options to the logging key because there are a significant number of log options now. This also decouples the expvars and pprof handlers from the log level, and they are now configured by server.enable_expvars and server.enable_pprof at any logging level.
2021-06-01 04:09:50 +00:00
level: debug
Add Traefik2 suite and refactor Traefik suite (#562) * Update Traefik 1.x to v1.7.20 for integration tests * Add suite for Traefik 2.x * Refactor Traefik2 suite to utilise Docker labels * Move Traefik2 middleware definition to a file based provider * Expose Traefik2 dashboard The API/Dashboard can be reached at https://traefik.example.com:8080/ * Move Traefik frontend/backend definitions to Docker labels * Move Traefik2 router/service definitions to Docker labels * Normalise all Traefik configuration via labels and commands When the the middleware issue with Traefik 2.x (#476) is resolved this means all Traefik related configuration can be self-contained within the respective docker-compose.yml files. * Define ports for Authelia frontend/backend services * Adjust Traefik2 suite to new dev workflow * Normalise all Traefik2 middlewares via labels * Fix typo in middleware and comment labels specifying Traefik version
2020-01-19 10:06:37 +00:00
authentication_backend:
file:
[FEATURE] Docker simplification and configuration generation (#1113) * [FEATURE] Docker simplification and configuration generation The Authelia binary now will attempt to generate configuration based on the latest template assuming that the config location specified on startup does not exist. If a file based backend is selected and the backend cannot be found similarly it will generate a `user_database.yml` based a template. This will allow more seamless bootstrapping of an environment no matter the deployment method. We have also squashed the Docker volume requirement down to just `/config` thus removing the requirement for `/var/lib/authelia` this is primarily in attempts to simplify the Docker deployment. Users with the old volume mappings have two options: 1. Change their mappings to conform to `/config` 2. Change the container entrypoint from `authelia --config /config/configuration.yml` to their old mapping * Adjust paths relative to `/etc/authelia` and simplify to single volume for compose * Add generation for file backend based user database * Refactor Docker volumes and paths to /config * Refactor Docker WORKDIR to /app * Fix integration tests * Update BREAKING.md for v4.20.0 * Run go mod tidy * Fix log_file_path in miscellaneous.md docs * Generate config and userdb with 0600 permissions * Fix log_file_path in config.template.yml
2020-06-17 06:25:35 +00:00
path: /config/users.yml
Add Traefik2 suite and refactor Traefik suite (#562) * Update Traefik 1.x to v1.7.20 for integration tests * Add suite for Traefik 2.x * Refactor Traefik2 suite to utilise Docker labels * Move Traefik2 middleware definition to a file based provider * Expose Traefik2 dashboard The API/Dashboard can be reached at https://traefik.example.com:8080/ * Move Traefik frontend/backend definitions to Docker labels * Move Traefik2 router/service definitions to Docker labels * Normalise all Traefik configuration via labels and commands When the the middleware issue with Traefik 2.x (#476) is resolved this means all Traefik related configuration can be self-contained within the respective docker-compose.yml files. * Define ports for Authelia frontend/backend services * Adjust Traefik2 suite to new dev workflow * Normalise all Traefik2 middlewares via labels * Fix typo in middleware and comment labels specifying Traefik version
2020-01-19 10:06:37 +00:00
session:
secret: unsecure_session_secret
ci: add yamllint (#1895) This change implements yamllint and adjusts all yaml files to abide by our linting setup. This excludes config.template.yml as this will be done in an alternate commit.
2021-04-10 20:51:00 +00:00
expiration: 3600 # 1 hour
inactivity: 300 # 5 minutes
feat(session): multiple session cookie domains (#3754) This adds support to configure multiple session cookie domains. Closes #1198 Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com> Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2023-01-12 10:57:44 +00:00
remember_me: 1y
feat(server): customizable authz endpoints (#4296) This allows users to customize the authz endpoints. Closes #2753, Fixes #3716 Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2023-01-25 09:36:40 +00:00
cookies:
- domain: 'example.com'
authelia_url: 'https://login.example.com:8080'
feat(session): add redis sentinel provider (#1768) * feat(session): add redis sentinel provider * refactor(session): use int for ports as per go standards * refactor(configuration): adjust tests and validation * refactor(configuration): add err format consts * refactor(configuration): explicitly map redis structs * refactor(session): merge redis/redis sentinel providers * refactor(session): add additional checks to redis providers * feat(session): add redis cluster provider * fix: update config for new values * fix: provide nil certpool to affected tests/mocks * test: add additional tests to cover uncovered code * docs: expand explanation of host and nodes relation for redis * ci: add redis-sentinel to suite highavailability, add redis-sentinel quorum * fix(session): sentinel password * test: use redis alpine library image for redis sentinel, use expose instead of ports, use redis ip, adjust redis ip range, adjust redis config * test: make entrypoint.sh executable, fix entrypoint.sh if/elif * test: add redis failover tests * test: defer docker start, adjust sleep, attempt logout before login, attempt visit before login and tune timeouts, add additional logging * test: add sentinel integration test * test: add secondary node failure to tests, fix password usage, bump test timeout, add sleep * feat: use sentinel failover cluster * fix: renamed addrs to sentineladdrs upstream * test(session): sentinel failover * test: add redis standard back into testing * test: move redis standalone test to traefik2 * fix/docs: apply suggestions from code review
2021-03-09 23:03:05 +00:00
redis:
host: redis
port: 6379
username: authelia
password: redis-user-password
Add Traefik2 suite and refactor Traefik suite (#562) * Update Traefik 1.x to v1.7.20 for integration tests * Add suite for Traefik 2.x * Refactor Traefik2 suite to utilise Docker labels * Move Traefik2 middleware definition to a file based provider * Expose Traefik2 dashboard The API/Dashboard can be reached at https://traefik.example.com:8080/ * Move Traefik frontend/backend definitions to Docker labels * Move Traefik2 router/service definitions to Docker labels * Normalise all Traefik configuration via labels and commands When the the middleware issue with Traefik 2.x (#476) is resolved this means all Traefik related configuration can be self-contained within the respective docker-compose.yml files. * Define ports for Authelia frontend/backend services * Adjust Traefik2 suite to new dev workflow * Normalise all Traefik2 middlewares via labels * Fix typo in middleware and comment labels specifying Traefik version
2020-01-19 10:06:37 +00:00
storage:
feat(storage): encrypted secret values (#2588) This adds an AES-GCM 256bit encryption layer for storage for sensitive items. This is only TOTP secrets for the time being but this may be expanded later. This will require a configuration change as per https://www.authelia.com/docs/configuration/migration.html#4330. Closes #682
2021-11-25 01:56:58 +00:00
encryption_key: a_not_so_secure_encryption_key
Add Traefik2 suite and refactor Traefik suite (#562) * Update Traefik 1.x to v1.7.20 for integration tests * Add suite for Traefik 2.x * Refactor Traefik2 suite to utilise Docker labels * Move Traefik2 middleware definition to a file based provider * Expose Traefik2 dashboard The API/Dashboard can be reached at https://traefik.example.com:8080/ * Move Traefik frontend/backend definitions to Docker labels * Move Traefik2 router/service definitions to Docker labels * Normalise all Traefik configuration via labels and commands When the the middleware issue with Traefik 2.x (#476) is resolved this means all Traefik related configuration can be self-contained within the respective docker-compose.yml files. * Define ports for Authelia frontend/backend services * Adjust Traefik2 suite to new dev workflow * Normalise all Traefik2 middlewares via labels * Fix typo in middleware and comment labels specifying Traefik version
2020-01-19 10:06:37 +00:00
local:
[FEATURE] Docker simplification and configuration generation (#1113) * [FEATURE] Docker simplification and configuration generation The Authelia binary now will attempt to generate configuration based on the latest template assuming that the config location specified on startup does not exist. If a file based backend is selected and the backend cannot be found similarly it will generate a `user_database.yml` based a template. This will allow more seamless bootstrapping of an environment no matter the deployment method. We have also squashed the Docker volume requirement down to just `/config` thus removing the requirement for `/var/lib/authelia` this is primarily in attempts to simplify the Docker deployment. Users with the old volume mappings have two options: 1. Change their mappings to conform to `/config` 2. Change the container entrypoint from `authelia --config /config/configuration.yml` to their old mapping * Adjust paths relative to `/etc/authelia` and simplify to single volume for compose * Add generation for file backend based user database * Refactor Docker volumes and paths to /config * Refactor Docker WORKDIR to /app * Fix integration tests * Update BREAKING.md for v4.20.0 * Run go mod tidy * Fix log_file_path in miscellaneous.md docs * Generate config and userdb with 0600 permissions * Fix log_file_path in config.template.yml
2020-06-17 06:25:35 +00:00
path: /config/db.sqlite
Add Traefik2 suite and refactor Traefik suite (#562) * Update Traefik 1.x to v1.7.20 for integration tests * Add suite for Traefik 2.x * Refactor Traefik2 suite to utilise Docker labels * Move Traefik2 middleware definition to a file based provider * Expose Traefik2 dashboard The API/Dashboard can be reached at https://traefik.example.com:8080/ * Move Traefik frontend/backend definitions to Docker labels * Move Traefik2 router/service definitions to Docker labels * Normalise all Traefik configuration via labels and commands When the the middleware issue with Traefik 2.x (#476) is resolved this means all Traefik related configuration can be self-contained within the respective docker-compose.yml files. * Define ports for Authelia frontend/backend services * Adjust Traefik2 suite to new dev workflow * Normalise all Traefik2 middlewares via labels * Fix typo in middleware and comment labels specifying Traefik version
2020-01-19 10:06:37 +00:00
access_control:
default_policy: bypass
rules:
- domain: "public.example.com"
policy: bypass
- domain: "admin.example.com"
policy: two_factor
- domain: "secure.example.com"
policy: two_factor
- domain: "singlefactor.example.com"
policy: one_factor
feat: customizable static assets (#2597) * feat: customizable static assets This change provides the means to override specific assets from the embedded Go FS with files situated on disk. We only allow overriding the following files currently: * favicon.ico * logo.png * refactor(server): make logo string a const * refactor(suites): override favicon and use ntp3 in traefik2 suite * test(suites): test logo override in traefik2 suite * test(suites): test asset override fallback in traefik suite Closes #1630.
2021-11-15 08:37:58 +00:00
ntp:
version: 3
Add Traefik2 suite and refactor Traefik suite (#562) * Update Traefik 1.x to v1.7.20 for integration tests * Add suite for Traefik 2.x * Refactor Traefik2 suite to utilise Docker labels * Move Traefik2 middleware definition to a file based provider * Expose Traefik2 dashboard The API/Dashboard can be reached at https://traefik.example.com:8080/ * Move Traefik frontend/backend definitions to Docker labels * Move Traefik2 router/service definitions to Docker labels * Normalise all Traefik configuration via labels and commands When the the middleware issue with Traefik 2.x (#476) is resolved this means all Traefik related configuration can be self-contained within the respective docker-compose.yml files. * Define ports for Authelia frontend/backend services * Adjust Traefik2 suite to new dev workflow * Normalise all Traefik2 middlewares via labels * Fix typo in middleware and comment labels specifying Traefik version
2020-01-19 10:06:37 +00:00
notifier:
smtp:
host: smtp
port: 1025
sender: admin@example.com
ci: add yamllint (#1895) This change implements yamllint and adjusts all yaml files to abide by our linting setup. This excludes config.template.yml as this will be done in an alternate commit.
2021-04-10 20:51:00 +00:00
disable_require_tls: true
...