authelia/internal/suites/Postgres/configuration.yml

---
###############################################################
#                Authelia minimal configuration               #
###############################################################

jwt_secret: very_important_secret
default_redirection_url: https://home.example.com:8080/

server:
  address: 'tcp://:9091'
  tls:
    certificate: /pki/public.backend.crt
    key: /pki/private.backend.pem

log:
  level: debug

authentication_backend:
  file:
    path: /config/users.yml

session:
  secret: unsecure_session_secret
  expiration: 3600  # 1 hour
  inactivity: 300  # 5 minutes
  remember_me: 1y
  cookies:
    - domain: 'example.com'
      authelia_url: 'https://login.example.com:8080'

# Configuration of the storage backend used to store data and secrets. i.e. totp data
storage:
  encryption_key: a_not_so_secure_encryption_key
  postgres:
    address: 'tcp://postgres:5432'
    database: 'authelia'
    username: 'admin'
    password: 'password'

# TOTP Issuer Name
#
# This will be the issuer name displayed in Google Authenticator
# See: https://github.com/google/google-authenticator/wiki/Key-Uri-Format for more info on issuer names
totp:
  issuer: example.com

access_control:
  default_policy: deny
  rules:
    - domain: "public.example.com"
      policy: bypass
    - domain: "admin.example.com"
      policy: two_factor
    - domain: "secure.example.com"
      policy: two_factor
    - domain: "singlefactor.example.com"
      policy: one_factor

# Configuration of the authentication regulation mechanism.
regulation:
  # Set it to 0 to disable max_retries.
  max_retries: 3

  # The user is banned if the authentication failed `max_retries` times in a `find_time` seconds window.
  find_time: 8

  # The length of time before a banned user can login again.
  ban_time: 10

notifier:
  # Use a SMTP server for sending notifications
  smtp:
    address: 'smtp://smtp:1025'
    sender: admin@example.com
    disable_require_tls: true
...
ci: add yamllint (#1895) This change implements yamllint and adjusts all yaml files to abide by our linting setup. This excludes config.template.yml as this will be done in an alternate commit. 2021-04-10 20:51:00 +00:00			`---`
Add support for PostgreSQL. 2019-11-16 19:50:58 +00:00			`###############################################################`
			`# Authelia minimal configuration #`
			`###############################################################`

feat(configuration): replace several configuration options (#2209) This change adjusts several global options moving them into the server block. It additionally notes other breaking changes in the configuration. BREAKING CHANGE: Several configuration options have been changed and moved into other sections. Migration instructions are documented here: https://authelia.com/docs/configuration/migration.html#4.30.0 2021-08-02 11:55:30 +00:00			`jwt_secret: very_important_secret`
			`default_redirection_url: https://home.example.com:8080/`

			`server:`
feat(authentication): suport ldap over unix socket (#5397) This adds support for LDAP unix sockets using the ldapi scheme. In addition it improves all of the address related parsing significantly deprecating old options. Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com> 2023-05-07 06:39:17 +00:00			`address: 'tcp://:9091'`
feat(configuration): replace several configuration options (#2209) This change adjusts several global options moving them into the server block. It additionally notes other breaking changes in the configuration. BREAKING CHANGE: Several configuration options have been changed and moved into other sections. Migration instructions are documented here: https://authelia.com/docs/configuration/migration.html#4.30.0 2021-08-02 11:55:30 +00:00			`tls:`
refactor(suites): use pki for oidc (#4913) 2023-02-11 04:37:54 +00:00			`certificate: /pki/public.backend.crt`
			`key: /pki/private.backend.pem`
Add support for PostgreSQL. 2019-11-16 19:50:58 +00:00
refactor(configuration): use key log instead of logging (#2072) * refactor: logging config key to log This refactors the recent pre-release change adding log options to their own configuration section in favor of a log section (from logging). * docs: add step to getting started to get the latest tagged commit This is so we avoid issues with changes on master having differences that don't work on the latest docker tag. * test: adjust tests * docs: adjust doc strings 2021-06-08 13:15:43 +00:00			`log:`
feat(configuration): add error and warn log levels (#2050) This is so levels like warn and error can be used to exclude info or warn messages. Additionally there is a reasonable refactoring of logging moving the log config options to the logging key because there are a significant number of log options now. This also decouples the expvars and pprof handlers from the log level, and they are now configured by server.enable_expvars and server.enable_pprof at any logging level. 2021-06-01 04:09:50 +00:00			`level: debug`
Add support for PostgreSQL. 2019-11-16 19:50:58 +00:00
			`authentication_backend:`
			`file:`
[FEATURE] Docker simplification and configuration generation (#1113) * [FEATURE] Docker simplification and configuration generation The Authelia binary now will attempt to generate configuration based on the latest template assuming that the config location specified on startup does not exist. If a file based backend is selected and the backend cannot be found similarly it will generate a `user_database.yml` based a template. This will allow more seamless bootstrapping of an environment no matter the deployment method. We have also squashed the Docker volume requirement down to just `/config` thus removing the requirement for `/var/lib/authelia` this is primarily in attempts to simplify the Docker deployment. Users with the old volume mappings have two options: 1. Change their mappings to conform to `/config` 2. Change the container entrypoint from `authelia --config /config/configuration.yml` to their old mapping * Adjust paths relative to `/etc/authelia` and simplify to single volume for compose * Add generation for file backend based user database * Refactor Docker volumes and paths to /config * Refactor Docker WORKDIR to /app * Fix integration tests * Update BREAKING.md for v4.20.0 * Run go mod tidy * Fix log_file_path in miscellaneous.md docs * Generate config and userdb with 0600 permissions * Fix log_file_path in config.template.yml 2020-06-17 06:25:35 +00:00			`path: /config/users.yml`
Add support for PostgreSQL. 2019-11-16 19:50:58 +00:00
			`session:`
			`secret: unsecure_session_secret`
ci: add yamllint (#1895) This change implements yamllint and adjusts all yaml files to abide by our linting setup. This excludes config.template.yml as this will be done in an alternate commit. 2021-04-10 20:51:00 +00:00			`expiration: 3600 # 1 hour`
			`inactivity: 300 # 5 minutes`
feat(session): multiple session cookie domains (#3754) This adds support to configure multiple session cookie domains. Closes #1198 Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com> Co-authored-by: Amir Zarrinkafsh <nightah@me.com> 2023-01-12 10:57:44 +00:00			`remember_me: 1y`
feat(server): customizable authz endpoints (#4296) This allows users to customize the authz endpoints. Closes #2753, Fixes #3716 Co-authored-by: Amir Zarrinkafsh <nightah@me.com> 2023-01-25 09:36:40 +00:00			`cookies:`
			`- domain: 'example.com'`
			`authelia_url: 'https://login.example.com:8080'`
Add support for PostgreSQL. 2019-11-16 19:50:58 +00:00
			`# Configuration of the storage backend used to store data and secrets. i.e. totp data`
			`storage:`
feat(storage): encrypted secret values (#2588) This adds an AES-GCM 256bit encryption layer for storage for sensitive items. This is only TOTP secrets for the time being but this may be expanded later. This will require a configuration change as per https://www.authelia.com/docs/configuration/migration.html#4330. Closes #682 2021-11-25 01:56:58 +00:00			`encryption_key: a_not_so_secure_encryption_key`
Add support for PostgreSQL. 2019-11-16 19:50:58 +00:00			`postgres:`
feat(authentication): suport ldap over unix socket (#5397) This adds support for LDAP unix sockets using the ldapi scheme. In addition it improves all of the address related parsing significantly deprecating old options. Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com> 2023-05-07 06:39:17 +00:00			`address: 'tcp://postgres:5432'`
			`database: 'authelia'`
			`username: 'admin'`
			`password: 'password'`
Add support for PostgreSQL. 2019-11-16 19:50:58 +00:00
			`# TOTP Issuer Name`
			`#`
			`# This will be the issuer name displayed in Google Authenticator`
			`# See: https://github.com/google/google-authenticator/wiki/Key-Uri-Format for more info on issuer names`
			`totp:`
			`issuer: example.com`

			`access_control:`
			`default_policy: deny`
			`rules:`
			`- domain: "public.example.com"`
			`policy: bypass`
			`- domain: "admin.example.com"`
			`policy: two_factor`
			`- domain: "secure.example.com"`
			`policy: two_factor`
			`- domain: "singlefactor.example.com"`
			`policy: one_factor`

			`# Configuration of the authentication regulation mechanism.`
			`regulation:`
			`# Set it to 0 to disable max_retries.`
			`max_retries: 3`

Misc Spelling Corrections - Mostly changes to spelling of comments/docs/displayed text - A few changes to test function names 2020-01-21 00:10:00 +00:00			# The user is banned if the authentication failed `max_retries` times in a `find_time` seconds window.
Add support for PostgreSQL. 2019-11-16 19:50:58 +00:00			`find_time: 8`

			`# The length of time before a banned user can login again.`
			`ban_time: 10`

			`notifier:`
			`# Use a SMTP server for sending notifications`
			`smtp:`
feat(authentication): suport ldap over unix socket (#5397) This adds support for LDAP unix sockets using the ldapi scheme. In addition it improves all of the address related parsing significantly deprecating old options. Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com> 2023-05-07 06:39:17 +00:00			`address: 'smtp://smtp:1025'`
Add support for PostgreSQL. 2019-11-16 19:50:58 +00:00			`sender: admin@example.com`
ci: add yamllint (#1895) This change implements yamllint and adjusts all yaml files to abide by our linting setup. This excludes config.template.yml as this will be done in an alternate commit. 2021-04-10 20:51:00 +00:00			`disable_require_tls: true`
			`...`