-type: string
-{: .label .label-config .label-purple }
-default: 0.0.0.0
-{: .label .label-config .label-blue }
-required: no
-{: .label .label-config .label-green }
-
-
-Defines the address to listen on. See also [port](#port). Should typically be `0.0.0.0` or `127.0.0.1`, the former for
-containerized environments and the later for daemonized environments like init.d and systemd.
-
-Note: If utilising an IPv6 literal address it must be enclosed by square brackets and quoted:
-
-```yaml
-host: "[fd00:1111:2222:3333::1]"
-```
-
-### port
-
-type: integer
-{: .label .label-config .label-purple }
-default: 9091
-{: .label .label-config .label-blue }
-required: no
-{: .label .label-config .label-green }
-
-
-Defines the port to listen on. See also [host](#host).
-
-## TLS
-
-Authelia's port typically listens for plain unencrypted connections. This is by design as most environments allow to
-security on lower areas of the OSI model. However it required, if you specify both of the tls options the port will
-listen for TLS connections.
-
-```yaml
-tls_key: /config/ssl/key.pem
-tls_cert: /config/ssl/cert.pem
-```
-
-### tls_key
-
-type: string (path)
-{: .label .label-config .label-purple }
-default: ""
-{: .label .label-config .label-blue }
-required: situational
-{: .label .label-config .label-yellow }
-
-
-The path to the private key for TLS connections. Must be in DER base64/PEM format.
-
-### tls_cert
-
-type: string (path)
-{: .label .label-config .label-purple }
-default: ""
-{: .label .label-config .label-blue }
-required: situational
-{: .label .label-config .label-yellow }
-
-
-The path to the public certificate for TLS connections. Must be in DER base64/PEM format.
+Here are the main customizable options in Authelia that don't fit into their own sections.
## certificates_directory
diff --git a/docs/configuration/one-time-password.md b/docs/configuration/one-time-password.md
index 9aa05be98..67f367bc8 100644
--- a/docs/configuration/one-time-password.md
+++ b/docs/configuration/one-time-password.md
@@ -2,7 +2,7 @@
layout: default
title: Time-based One-Time Password
parent: Configuration
-nav_order: 6
+nav_order: 15
---
# Time-based One-Time Password
diff --git a/docs/configuration/regulation.md b/docs/configuration/regulation.md
index f4567abb2..14abfa0bb 100644
--- a/docs/configuration/regulation.md
+++ b/docs/configuration/regulation.md
@@ -2,7 +2,7 @@
layout: default
title: Regulation
parent: Configuration
-nav_order: 7
+nav_order: 9
---
# Regulation
diff --git a/docs/configuration/secrets.md b/docs/configuration/secrets.md
index 00ce029e3..93e749a99 100644
--- a/docs/configuration/secrets.md
+++ b/docs/configuration/secrets.md
@@ -2,7 +2,7 @@
layout: default
title: Secrets
parent: Configuration
-nav_order: 8
+nav_order: 10
---
# Secrets
diff --git a/docs/configuration/server.md b/docs/configuration/server.md
index a851cb178..064b64a86 100644
--- a/docs/configuration/server.md
+++ b/docs/configuration/server.md
@@ -2,7 +2,7 @@
layout: default
title: Server
parent: Configuration
-nav_order: 9
+nav_order: 11
---
# Server
@@ -13,15 +13,51 @@ The server section configures and tunes the http server module Authelia uses.
```yaml
server:
+ host: 0.0.0.0
+ port: 9091
read_buffer_size: 4096
write_buffer_size: 4096
path: ""
enable_pprof: false
enable_expvars: false
+ tls:
+ key: ""
+ certificate: ""
```
## Options
+## host
+
+type: string
+{: .label .label-config .label-purple }
+default: 0.0.0.0
+{: .label .label-config .label-blue }
+required: no
+{: .label .label-config .label-green }
+
+
+Defines the address to listen on. See also [port](#port). Should typically be `0.0.0.0` or `127.0.0.1`, the former for
+containerized environments and the later for daemonized environments like init.d and systemd.
+
+Note: If utilising an IPv6 literal address it must be enclosed by square brackets and quoted:
+
+```yaml
+host: "[fd00:1111:2222:3333::1]"
+```
+
+### port
+
+type: integer
+{: .label .label-config .label-purple }
+default: 9091
+{: .label .label-config .label-blue }
+required: no
+{: .label .label-config .label-green }
+
+
+Defines the port to listen on. See also [host](#host).
+
### read_buffer_size
type: integer
@@ -98,6 +134,35 @@ required: no
Enables the go expvars endpoints.
+### tls
+
+Authelia typically listens for plain unencrypted connections. This is by design as most environments allow to
+security on lower areas of the OSI model. However it required, if you specify both the [tls key](#key) and
+[tls certificate](#certificate) options, Authelia will listen for TLS connections.
+
+#### key
+
+type: string (path)
+{: .label .label-config .label-purple }
+default: ""
+{: .label .label-config .label-blue }
+required: situational
+{: .label .label-config .label-yellow }
+
+
+The path to the private key for TLS connections. Must be in DER base64/PEM format.
+
+#### certificate
+
+type: string (path)
+{: .label .label-config .label-purple }
+default: ""
+{: .label .label-config .label-blue }
+required: situational
+{: .label .label-config .label-yellow }
+
+
+The path to the public certificate for TLS connections. Must be in DER base64/PEM format.
## Additional Notes
diff --git a/docs/configuration/session/index.md b/docs/configuration/session/index.md
index 97006c2b4..34bb6d0a3 100644
--- a/docs/configuration/session/index.md
+++ b/docs/configuration/session/index.md
@@ -2,7 +2,7 @@
layout: default
title: Session
parent: Configuration
-nav_order: 10
+nav_order: 12
has_children: true
---
diff --git a/docs/configuration/storage/index.md b/docs/configuration/storage/index.md
index 7c7677d82..43a711d5f 100644
--- a/docs/configuration/storage/index.md
+++ b/docs/configuration/storage/index.md
@@ -1,8 +1,8 @@
---
layout: default
-title: Storage backends
+title: Storage Backends
parent: Configuration
-nav_order: 12
+nav_order: 13
has_children: true
---
diff --git a/docs/configuration/theme.md b/docs/configuration/theme.md
index 07d42e8fc..3929ac8e9 100644
--- a/docs/configuration/theme.md
+++ b/docs/configuration/theme.md
@@ -2,7 +2,7 @@
layout: default
title: Theme
parent: Configuration
-nav_order: 13
+nav_order: 14
---
# Theme
diff --git a/examples/compose/lite/authelia/configuration.yml b/examples/compose/lite/authelia/configuration.yml
index 39aa9fc24..a1b6ced1f 100644
--- a/examples/compose/lite/authelia/configuration.yml
+++ b/examples/compose/lite/authelia/configuration.yml
@@ -3,13 +3,17 @@
# Authelia configuration #
###############################################################
-host: 0.0.0.0
-port: 9091
+jwt_secret: a_very_important_secret
+default_redirection_url: https://public.example.com
+
+server:
+ host: 0.0.0.0
+ port: 9091
+
log:
level: debug
# This secret can also be set using the env variables AUTHELIA_JWT_SECRET_FILE
-jwt_secret: a_very_important_secret
-default_redirection_url: https://public.example.com
+
totp:
issuer: authelia.com
diff --git a/examples/compose/local/authelia/configuration.yml b/examples/compose/local/authelia/configuration.yml
index 3d4086208..32925f908 100644
--- a/examples/compose/local/authelia/configuration.yml
+++ b/examples/compose/local/authelia/configuration.yml
@@ -3,12 +3,16 @@
# Authelia configuration #
###############################################################
-host: 0.0.0.0
-port: 9091
-log:
- level: debug
jwt_secret: a_very_important_secret
default_redirection_url: https://public.example.com
+
+server:
+ host: 0.0.0.0
+ port: 9091
+
+log:
+ level: debug
+
totp:
issuer: authelia.com
diff --git a/internal/configuration/config.template.yml b/internal/configuration/config.template.yml
index 71919fe07..d8d877f8f 100644
--- a/internal/configuration/config.template.yml
+++ b/internal/configuration/config.template.yml
@@ -4,14 +4,6 @@
# Authelia Configuration #
###############################################################################
-## The host and port to listen on.
-host: 0.0.0.0
-port: 9091
-
-## The TLS key and cert used with Authelia.
-# tls_key: /config/ssl/key.pem
-# tls_cert: /config/ssl/cert.pem
-
## Certificates directory specifies where Authelia will load trusted certificates (public portion) from in addition to
## the system certificates store.
## They should be in base64 format, and have one of the following extensions: *.cer, *.crt, *.pem.
@@ -20,10 +12,39 @@ port: 9091
## The theme to display: light, dark, grey, auto.
theme: light
+## The secret used to generate JWT tokens when validating user identity by email confirmation. JWT Secret can also be
+## set using a secret: https://www.authelia.com/docs/configuration/secrets.html
+jwt_secret: a_very_important_secret
+
+## Default redirection URL
+##
+## If user tries to authenticate without any referer, Authelia does not know where to redirect the user to at the end
+## of the authentication process. This parameter allows you to specify the default redirection URL Authelia will use
+## in such a case.
+##
+## Note: this parameter is optional. If not provided, user won't be redirected upon successful authentication.
+default_redirection_url: https://home.example.com/
+
##
## Server Configuration
##
server:
+ ## The address to listen on.
+ host: 0.0.0.0
+
+ ## The port to listen on.
+ port: 9091
+
+ ## Authelia by default doesn't accept TLS communication on the server port. This section overrides this behaviour.
+ tls:
+ ## The path to the DER base64/PEM format private key.
+ key: ""
+ # key: /config/ssl/key.pem
+
+ ## The path to the DER base64/PEM format public certificate.
+ certificate: ""
+ # certificate: /config/ssl/cert.pem
+
## Buffers usually should be configured to be the same value.
## Explanation at https://www.authelia.com/docs/configuration/server.html
## Read buffer size adjusts the server's max incoming request size in bytes.
@@ -54,19 +75,6 @@ log:
## Whether to also log to stdout when a log_file_path is defined.
# keep_stdout: false
-## The secret used to generate JWT tokens when validating user identity by email confirmation. JWT Secret can also be
-## set using a secret: https://www.authelia.com/docs/configuration/secrets.html
-jwt_secret: a_very_important_secret
-
-## Default redirection URL
-##
-## If user tries to authenticate without any referer, Authelia does not know where to redirect the user to at the end
-## of the authentication process. This parameter allows you to specify the default redirection URL Authelia will use
-## in such a case.
-##
-## Note: this parameter is optional. If not provided, user won't be redirected upon successful authentication.
-default_redirection_url: https://home.example.com/
-
##
## TOTP Configuration
##
diff --git a/internal/configuration/reader_test.go b/internal/configuration/reader_test.go
index aa2e5ecd7..102f91d22 100644
--- a/internal/configuration/reader_test.go
+++ b/internal/configuration/reader_test.go
@@ -164,7 +164,7 @@ func TestShouldErrorParseBadConfigFile(t *testing.T) {
require.Len(t, errors, 1)
- require.EqualError(t, errors[0], "Error malformed yaml: line 26: did not find expected alphabetic or numeric character")
+ require.EqualError(t, errors[0], "Error malformed yaml: line 27: did not find expected alphabetic or numeric character")
}
func TestShouldParseConfigFile(t *testing.T) {
@@ -184,7 +184,7 @@ func TestShouldParseConfigFile(t *testing.T) {
require.Len(t, errors, 0)
- assert.Equal(t, 9091, config.Port)
+ assert.Equal(t, 9091, config.Server.Port)
assert.Equal(t, "debug", config.Logging.Level)
assert.Equal(t, "https://home.example.com:8080/", config.DefaultRedirectionURL)
assert.Equal(t, "authelia.com", config.TOTP.Issuer)
@@ -220,7 +220,7 @@ func TestShouldParseAltConfigFile(t *testing.T) {
config, errors := Read("./test_resources/config_alt.yml")
require.Len(t, errors, 0)
- assert.Equal(t, 9091, config.Port)
+ assert.Equal(t, 9091, config.Server.Port)
assert.Equal(t, "debug", config.Logging.Level)
assert.Equal(t, "https://home.example.com:8080/", config.DefaultRedirectionURL)
assert.Equal(t, "authelia.com", config.TOTP.Issuer)
diff --git a/internal/configuration/schema/configuration.go b/internal/configuration/schema/configuration.go
index 5c423bc85..1ef567bc8 100644
--- a/internal/configuration/schema/configuration.go
+++ b/internal/configuration/schema/configuration.go
@@ -2,20 +2,18 @@ package schema
// Configuration object extracted from YAML configuration file.
type Configuration struct {
- Host string `mapstructure:"host"`
- Port int `mapstructure:"port"`
Theme string `mapstructure:"theme"`
- TLSCert string `mapstructure:"tls_cert"`
- TLSKey string `mapstructure:"tls_key"`
CertificatesDirectory string `mapstructure:"certificates_directory"`
JWTSecret string `mapstructure:"jwt_secret"`
DefaultRedirectionURL string `mapstructure:"default_redirection_url"`
- // TODO: DEPRECATED START. Remove in 4.33.0.
- LogLevel string `mapstructure:"log_level"`
- LogFormat string `mapstructure:"log_format"`
- LogFilePath string `mapstructure:"log_file_path"`
- // TODO: DEPRECATED END. Remove in 4.33.0.
+ Host string `koanf:"host"` // Deprecated: To be Removed. TODO: Remove in 4.33.0.
+ Port int `koanf:"port"` // Deprecated: To be Removed. TODO: Remove in 4.33.0.
+ TLSCert string `koanf:"tls_cert"` // Deprecated: To be Removed. TODO: Remove in 4.33.0.
+ TLSKey string `koanf:"tls_key"` // Deprecated: To be Removed. TODO: Remove in 4.33.0.
+ LogLevel string `koanf:"log_level"` // Deprecated: To be Removed. TODO: Remove in 4.33.0.
+ LogFormat string `koanf:"log_format"` // Deprecated: To be Removed. TODO: Remove in 4.33.0.
+ LogFilePath string `koanf:"log_file_path"` // Deprecated: To be Removed. TODO: Remove in 4.33.0.
Logging LogConfiguration `mapstructure:"log"`
IdentityProviders IdentityProvidersConfiguration `mapstructure:"identity_providers"`
diff --git a/internal/configuration/schema/server.go b/internal/configuration/schema/server.go
index 2ede2251e..541df99e1 100644
--- a/internal/configuration/schema/server.go
+++ b/internal/configuration/schema/server.go
@@ -2,15 +2,27 @@ package schema
// ServerConfiguration represents the configuration of the http server.
type ServerConfiguration struct {
+ Host string `mapstructure:"host"`
+ Port int `mapstructure:"port"`
Path string `mapstructure:"path"`
ReadBufferSize int `mapstructure:"read_buffer_size"`
WriteBufferSize int `mapstructure:"write_buffer_size"`
EnablePprof bool `mapstructure:"enable_endpoint_pprof"`
EnableExpvars bool `mapstructure:"enable_endpoint_expvars"`
+
+ TLS ServerTLSConfiguration `mapstructure:"tls"`
+}
+
+// ServerTLSConfiguration represents the configuration of the http servers TLS options.
+type ServerTLSConfiguration struct {
+ Certificate string `mapstructure:"certificate"`
+ Key string `mapstructure:"key"`
}
// DefaultServerConfiguration represents the default values of the ServerConfiguration.
var DefaultServerConfiguration = ServerConfiguration{
+ Host: "0.0.0.0",
+ Port: 9091,
ReadBufferSize: 4096,
WriteBufferSize: 4096,
}
diff --git a/internal/configuration/test_resources/config.yml b/internal/configuration/test_resources/config.yml
index 854a9dcb6..8c72bc6f3 100644
--- a/internal/configuration/test_resources/config.yml
+++ b/internal/configuration/test_resources/config.yml
@@ -1,12 +1,13 @@
---
-host: 127.0.0.1
-port: 9091
+default_redirection_url: https://home.example.com:8080/
+
+server:
+ host: 127.0.0.1
+ port: 9091
log:
level: debug
-default_redirection_url: https://home.example.com:8080/
-
totp:
issuer: authelia.com
diff --git a/internal/configuration/test_resources/config_alt.yml b/internal/configuration/test_resources/config_alt.yml
index b128922a1..69a5884a7 100644
--- a/internal/configuration/test_resources/config_alt.yml
+++ b/internal/configuration/test_resources/config_alt.yml
@@ -1,12 +1,13 @@
---
-host: 127.0.0.1
-port: 9091
+default_redirection_url: https://home.example.com:8080/
+
+server:
+ host: 127.0.0.1
+ port: 9091
log:
level: debug
-default_redirection_url: https://home.example.com:8080/
-
totp:
issuer: authelia.com
diff --git a/internal/configuration/test_resources/config_bad_keys.yml b/internal/configuration/test_resources/config_bad_keys.yml
index a7822b997..f7bed7693 100644
--- a/internal/configuration/test_resources/config_bad_keys.yml
+++ b/internal/configuration/test_resources/config_bad_keys.yml
@@ -1,12 +1,14 @@
---
-host: 127.0.0.1
-port: 9091
loggy_file: /config/svc.log
logs_level: debug
default_redirection_url: https://home.example.com:8080/
+server:
+ host: 127.0.0.1
+ port: 9091
+
totp:
issuer: authelia.com
diff --git a/internal/configuration/test_resources/config_bad_quoting.yml b/internal/configuration/test_resources/config_bad_quoting.yml
index 0a6f88a3b..90613b2d0 100644
--- a/internal/configuration/test_resources/config_bad_quoting.yml
+++ b/internal/configuration/test_resources/config_bad_quoting.yml
@@ -1,14 +1,15 @@
---
-host: 0.0.0.0
-port: 9091
-
-log:
- level: debug
-
jwt_secret: RUtG9TnbXrOl1XLLmDgySw1DGgx9QcrtepIf1uDDBlBVKFZxkVBruYKBi32PvaU
default_redirection_url: example.com
+server:
+ host: 0.0.0.0
+ port: 9091
+
+log:
+ level: debug
+
totp:
issuer: example.com
period: 30
diff --git a/internal/configuration/test_resources/config_with_secret.yml b/internal/configuration/test_resources/config_with_secret.yml
index df096e4b8..95497479a 100644
--- a/internal/configuration/test_resources/config_with_secret.yml
+++ b/internal/configuration/test_resources/config_with_secret.yml
@@ -1,13 +1,15 @@
---
-host: 127.0.0.1
-port: 9091
jwt_secret: secret_from_config
+default_redirection_url: https://home.example.com:8080/
+
+server:
+ host: 127.0.0.1
+ port: 9091
+
log:
level: debug
-default_redirection_url: https://home.example.com:8080/
-
totp:
issuer: authelia.com
diff --git a/internal/configuration/validator/configuration.go b/internal/configuration/validator/configuration.go
index d8ce23c6c..b54dbaa46 100644
--- a/internal/configuration/validator/configuration.go
+++ b/internal/configuration/validator/configuration.go
@@ -8,25 +8,8 @@ import (
"github.com/authelia/authelia/internal/utils"
)
-var defaultPort = 9091
-
// ValidateConfiguration and adapt the configuration read from file.
-//nolint:gocyclo // This function is likely to always have lots of if/else statements, as long as we keep the flow clean it should be understandable.
func ValidateConfiguration(configuration *schema.Configuration, validator *schema.StructValidator) {
- if configuration.Host == "" {
- configuration.Host = "0.0.0.0"
- }
-
- if configuration.Port == 0 {
- configuration.Port = defaultPort
- }
-
- if configuration.TLSKey != "" && configuration.TLSCert == "" {
- validator.Push(fmt.Errorf("No TLS certificate provided, please check the \"tls_cert\" which has been configured"))
- } else if configuration.TLSKey == "" && configuration.TLSCert != "" {
- validator.Push(fmt.Errorf("No TLS key provided, please check the \"tls_key\" which has been configured"))
- }
-
if configuration.CertificatesDirectory != "" {
info, err := os.Stat(configuration.CertificatesDirectory)
if err != nil {
@@ -71,7 +54,7 @@ func ValidateConfiguration(configuration *schema.Configuration, validator *schem
ValidateRegulation(configuration.Regulation, validator)
- ValidateServer(&configuration.Server, validator)
+ ValidateServer(configuration, validator)
ValidateStorage(configuration.Storage, validator)
diff --git a/internal/configuration/validator/configuration_test.go b/internal/configuration/validator/configuration_test.go
index 76c439b32..071cf5659 100644
--- a/internal/configuration/validator/configuration_test.go
+++ b/internal/configuration/validator/configuration_test.go
@@ -12,8 +12,8 @@ import (
func newDefaultConfig() schema.Configuration {
config := schema.Configuration{}
- config.Host = loopback
- config.Port = 9090
+ config.Server.Host = loopback
+ config.Server.Port = 9090
config.Logging.Level = "info"
config.Logging.Format = "text"
config.JWTSecret = testJWTSecret
@@ -40,39 +40,6 @@ func newDefaultConfig() schema.Configuration {
return config
}
-func TestShouldNotUpdateConfig(t *testing.T) {
- validator := schema.NewStructValidator()
- config := newDefaultConfig()
-
- ValidateConfiguration(&config, validator)
-
- require.Len(t, validator.Errors(), 0)
- assert.Equal(t, 9090, config.Port)
- assert.Equal(t, "info", config.Logging.Level)
-}
-
-func TestShouldValidateAndUpdatePort(t *testing.T) {
- validator := schema.NewStructValidator()
- config := newDefaultConfig()
- config.Port = 0
-
- ValidateConfiguration(&config, validator)
-
- require.Len(t, validator.Errors(), 0)
- assert.Equal(t, 9091, config.Port)
-}
-
-func TestShouldValidateAndUpdateHost(t *testing.T) {
- validator := schema.NewStructValidator()
- config := newDefaultConfig()
- config.Host = ""
-
- ValidateConfiguration(&config, validator)
-
- require.Len(t, validator.Errors(), 0)
- assert.Equal(t, "0.0.0.0", config.Host)
-}
-
func TestShouldEnsureNotifierConfigIsProvided(t *testing.T) {
validator := schema.NewStructValidator()
config := newDefaultConfig()
@@ -107,36 +74,6 @@ func TestShouldAddDefaultAccessControl(t *testing.T) {
assert.Equal(t, "deny", config.AccessControl.DefaultPolicy)
}
-func TestShouldRaiseErrorWhenTLSCertWithoutKeyIsProvided(t *testing.T) {
- validator := schema.NewStructValidator()
- config := newDefaultConfig()
- config.TLSCert = testTLSCert
-
- ValidateConfiguration(&config, validator)
- require.Len(t, validator.Errors(), 1)
- assert.EqualError(t, validator.Errors()[0], "No TLS key provided, please check the \"tls_key\" which has been configured")
-}
-
-func TestShouldRaiseErrorWhenTLSKeyWithoutCertIsProvided(t *testing.T) {
- validator := schema.NewStructValidator()
- config := newDefaultConfig()
- config.TLSKey = testTLSKey
-
- ValidateConfiguration(&config, validator)
- require.Len(t, validator.Errors(), 1)
- assert.EqualError(t, validator.Errors()[0], "No TLS certificate provided, please check the \"tls_cert\" which has been configured")
-}
-
-func TestShouldNotRaiseErrorWhenBothTLSCertificateAndKeyAreProvided(t *testing.T) {
- validator := schema.NewStructValidator()
- config := newDefaultConfig()
- config.TLSCert = testTLSCert
- config.TLSKey = testTLSKey
-
- ValidateConfiguration(&config, validator)
- require.Len(t, validator.Errors(), 0)
-}
-
func TestShouldRaiseErrorWithUndefinedJWTSecretKey(t *testing.T) {
validator := schema.NewStructValidator()
config := newDefaultConfig()
diff --git a/internal/configuration/validator/const.go b/internal/configuration/validator/const.go
index f6e33cd3b..13feb7690 100644
--- a/internal/configuration/validator/const.go
+++ b/internal/configuration/validator/const.go
@@ -103,13 +103,9 @@ var SecretNames = map[string]string{
// the secret names map and reuse it in relevant sections.
var validKeys = []string{
// Root Keys.
- "host",
- "port",
- "default_redirection_url",
- "theme",
- "tls_key",
- "tls_cert",
"certificates_directory",
+ "theme",
+ "default_redirection_url",
// Log keys.
"log.level",
@@ -118,17 +114,25 @@ var validKeys = []string{
"log.keep_stdout",
// TODO: DEPRECATED START. Remove in 4.33.0.
+ "host",
+ "port",
+ "tls_key",
+ "tls_cert",
"log_level",
"log_format",
"log_file_path",
// TODO: DEPRECATED END. Remove in 4.33.0.
// Server Keys.
+ "server.host",
+ "server.port",
"server.read_buffer_size",
"server.write_buffer_size",
"server.path",
"server.enable_pprof",
"server.enable_expvars",
+ "server.tls.key",
+ "server.tls.certificate",
// TOTP Keys.
"totp.issuer",
diff --git a/internal/configuration/validator/server.go b/internal/configuration/validator/server.go
index 14c4302d4..8aa4d9fcf 100644
--- a/internal/configuration/validator/server.go
+++ b/internal/configuration/validator/server.go
@@ -9,30 +9,77 @@ import (
"github.com/authelia/authelia/internal/utils"
)
-var defaultReadBufferSize = 4096
-var defaultWriteBufferSize = 4096
-
// ValidateServer checks a server configuration is correct.
-func ValidateServer(configuration *schema.ServerConfiguration, validator *schema.StructValidator) {
- switch {
- case strings.Contains(configuration.Path, "/"):
- validator.Push(fmt.Errorf("server path must not contain any forward slashes"))
- case !utils.IsStringAlphaNumeric(configuration.Path):
- validator.Push(fmt.Errorf("server path must only be alpha numeric characters"))
- case configuration.Path == "": // Don't do anything if it's blank.
- default:
- configuration.Path = path.Clean("/" + configuration.Path)
+func ValidateServer(configuration *schema.Configuration, validator *schema.StructValidator) {
+ applyDeprecatedServerConfiguration(configuration, validator)
+
+ if configuration.Server.Host == "" {
+ configuration.Server.Host = schema.DefaultServerConfiguration.Host
}
- if configuration.ReadBufferSize == 0 {
- configuration.ReadBufferSize = defaultReadBufferSize
- } else if configuration.ReadBufferSize < 0 {
+ if configuration.Server.Port == 0 {
+ configuration.Server.Port = schema.DefaultServerConfiguration.Port
+ }
+
+ if configuration.Server.TLS.Key != "" && configuration.Server.TLS.Certificate == "" {
+ validator.Push(fmt.Errorf("server: no TLS certificate provided to accompany the TLS key, please configure the 'server.tls.certificate' option"))
+ } else if configuration.Server.TLS.Key == "" && configuration.Server.TLS.Certificate != "" {
+ validator.Push(fmt.Errorf("server: no TLS key provided to accompany the TLS certificate, please configure the 'server.tls.key' option"))
+ }
+
+ switch {
+ case strings.Contains(configuration.Server.Path, "/"):
+ validator.Push(fmt.Errorf("server path must not contain any forward slashes"))
+ case !utils.IsStringAlphaNumeric(configuration.Server.Path):
+ validator.Push(fmt.Errorf("server path must only be alpha numeric characters"))
+ case configuration.Server.Path == "": // Don't do anything if it's blank.
+ default:
+ configuration.Server.Path = path.Clean("/" + configuration.Server.Path)
+ }
+
+ if configuration.Server.ReadBufferSize == 0 {
+ configuration.Server.ReadBufferSize = schema.DefaultServerConfiguration.ReadBufferSize
+ } else if configuration.Server.ReadBufferSize < 0 {
validator.Push(fmt.Errorf("server read buffer size must be above 0"))
}
- if configuration.WriteBufferSize == 0 {
- configuration.WriteBufferSize = defaultWriteBufferSize
- } else if configuration.WriteBufferSize < 0 {
+ if configuration.Server.WriteBufferSize == 0 {
+ configuration.Server.WriteBufferSize = schema.DefaultServerConfiguration.WriteBufferSize
+ } else if configuration.Server.WriteBufferSize < 0 {
validator.Push(fmt.Errorf("server write buffer size must be above 0"))
}
}
+
+func applyDeprecatedServerConfiguration(configuration *schema.Configuration, validator *schema.StructValidator) {
+ if configuration.Host != "" {
+ validator.PushWarning(fmt.Errorf(errFmtDeprecatedConfigurationKey, "host", "4.33.0", "server.host"))
+
+ if configuration.Server.Host == "" {
+ configuration.Server.Host = configuration.Host
+ }
+ }
+
+ if configuration.Port != 0 {
+ validator.PushWarning(fmt.Errorf(errFmtDeprecatedConfigurationKey, "port", "4.33.0", "server.port"))
+
+ if configuration.Server.Port == 0 {
+ configuration.Server.Port = configuration.Port
+ }
+ }
+
+ if configuration.TLSCert != "" {
+ validator.PushWarning(fmt.Errorf(errFmtDeprecatedConfigurationKey, "tls_cert", "4.33.0", "server.tls_cert"))
+
+ if configuration.Server.TLS.Certificate == "" {
+ configuration.Server.TLS.Certificate = configuration.TLSCert
+ }
+ }
+
+ if configuration.TLSKey != "" {
+ validator.PushWarning(fmt.Errorf(errFmtDeprecatedConfigurationKey, "tls_key", "4.33.0", "server.tls_key"))
+
+ if configuration.Server.TLS.Key == "" {
+ configuration.Server.TLS.Key = configuration.TLSKey
+ }
+ }
+}
diff --git a/internal/configuration/validator/server_test.go b/internal/configuration/validator/server_test.go
index 25c1bde71..55230ff3e 100644
--- a/internal/configuration/validator/server_test.go
+++ b/internal/configuration/validator/server_test.go
@@ -1,6 +1,7 @@
package validator
import (
+ "fmt"
"testing"
"github.com/stretchr/testify/assert"
@@ -9,55 +10,212 @@ import (
"github.com/authelia/authelia/internal/configuration/schema"
)
+func TestShouldSetDefaultServerValues(t *testing.T) {
+ validator := schema.NewStructValidator()
+ config := &schema.Configuration{}
+
+ ValidateServer(config, validator)
+
+ assert.Len(t, validator.Errors(), 0)
+ assert.Len(t, validator.Warnings(), 0)
+
+ assert.Equal(t, schema.DefaultServerConfiguration.Host, config.Server.Host)
+ assert.Equal(t, schema.DefaultServerConfiguration.Port, config.Server.Port)
+ assert.Equal(t, schema.DefaultServerConfiguration.ReadBufferSize, config.Server.ReadBufferSize)
+ assert.Equal(t, schema.DefaultServerConfiguration.WriteBufferSize, config.Server.WriteBufferSize)
+ assert.Equal(t, schema.DefaultServerConfiguration.TLS.Key, config.Server.TLS.Key)
+ assert.Equal(t, schema.DefaultServerConfiguration.TLS.Certificate, config.Server.TLS.Certificate)
+ assert.Equal(t, schema.DefaultServerConfiguration.Path, config.Server.Path)
+ assert.Equal(t, schema.DefaultServerConfiguration.EnableExpvars, config.Server.EnableExpvars)
+ assert.Equal(t, schema.DefaultServerConfiguration.EnablePprof, config.Server.EnablePprof)
+}
+
+// TODO: DEPRECATED TEST. Remove in 4.33.0.
+func TestShouldNotOverrideNewValuesWithDeprecatedValues(t *testing.T) {
+ validator := schema.NewStructValidator()
+ config := &schema.Configuration{Host: "123.0.0.1", Port: 9101, TLSKey: "/tmp/key.pem", TLSCert: "/tmp/cert.pem"}
+ config.Server.Host = "192.168.0.2"
+ config.Server.Port = 80
+ config.Server.TLS.Key = "/tmp/new/key.pem"
+ config.Server.TLS.Certificate = "/tmp/new/cert.pem"
+
+ ValidateServer(config, validator)
+
+ require.Len(t, validator.Errors(), 0)
+ require.Len(t, validator.Warnings(), 4)
+
+ assert.EqualError(t, validator.Warnings()[0], fmt.Sprintf(errFmtDeprecatedConfigurationKey, "host", "4.33.0", "server.host"))
+ assert.EqualError(t, validator.Warnings()[1], fmt.Sprintf(errFmtDeprecatedConfigurationKey, "port", "4.33.0", "server.port"))
+ assert.EqualError(t, validator.Warnings()[2], fmt.Sprintf(errFmtDeprecatedConfigurationKey, "tls_cert", "4.33.0", "server.tls_cert"))
+ assert.EqualError(t, validator.Warnings()[3], fmt.Sprintf(errFmtDeprecatedConfigurationKey, "tls_key", "4.33.0", "server.tls_key"))
+
+ assert.Equal(t, "192.168.0.2", config.Server.Host)
+ assert.Equal(t, 80, config.Server.Port)
+ assert.Equal(t, "/tmp/new/key.pem", config.Server.TLS.Key)
+ assert.Equal(t, "/tmp/new/cert.pem", config.Server.TLS.Certificate)
+}
+
+// TODO: DEPRECATED TEST. Remove in 4.33.0.
+func TestShouldSetDeprecatedValues(t *testing.T) {
+ validator := schema.NewStructValidator()
+ config := &schema.Configuration{}
+
+ config.Host = "192.168.0.1"
+ config.Port = 80
+ config.TLSCert = "/tmp/cert.pem"
+ config.TLSKey = "/tmp/key.pem"
+
+ ValidateServer(config, validator)
+
+ assert.Len(t, validator.Errors(), 0)
+ require.Len(t, validator.Warnings(), 4)
+
+ assert.Equal(t, "192.168.0.1", config.Server.Host)
+ assert.Equal(t, 80, config.Server.Port)
+ assert.Equal(t, "/tmp/cert.pem", config.Server.TLS.Certificate)
+ assert.Equal(t, "/tmp/key.pem", config.Server.TLS.Key)
+
+ assert.EqualError(t, validator.Warnings()[0], fmt.Sprintf(errFmtDeprecatedConfigurationKey, "host", "4.33.0", "server.host"))
+ assert.EqualError(t, validator.Warnings()[1], fmt.Sprintf(errFmtDeprecatedConfigurationKey, "port", "4.33.0", "server.port"))
+ assert.EqualError(t, validator.Warnings()[2], fmt.Sprintf(errFmtDeprecatedConfigurationKey, "tls_cert", "4.33.0", "server.tls_cert"))
+ assert.EqualError(t, validator.Warnings()[3], fmt.Sprintf(errFmtDeprecatedConfigurationKey, "tls_key", "4.33.0", "server.tls_key"))
+}
+
func TestShouldSetDefaultConfig(t *testing.T) {
validator := schema.NewStructValidator()
- config := schema.ServerConfiguration{}
- ValidateServer(&config, validator)
- require.Len(t, validator.Errors(), 0)
- assert.Equal(t, defaultReadBufferSize, config.ReadBufferSize)
- assert.Equal(t, defaultWriteBufferSize, config.WriteBufferSize)
+ config := &schema.Configuration{}
+
+ ValidateServer(config, validator)
+
+ assert.Len(t, validator.Errors(), 0)
+ assert.Len(t, validator.Warnings(), 0)
+
+ assert.Equal(t, schema.DefaultServerConfiguration.ReadBufferSize, config.Server.ReadBufferSize)
+ assert.Equal(t, schema.DefaultServerConfiguration.WriteBufferSize, config.Server.WriteBufferSize)
}
func TestShouldParsePathCorrectly(t *testing.T) {
validator := schema.NewStructValidator()
- config := schema.ServerConfiguration{
- Path: "apple",
+ config := &schema.Configuration{
+ Server: schema.ServerConfiguration{
+ Path: "apple",
+ },
}
- ValidateServer(&config, validator)
- require.Len(t, validator.Errors(), 0)
+ ValidateServer(config, validator)
- assert.Equal(t, "/apple", config.Path)
+ assert.Len(t, validator.Errors(), 0)
+ assert.Len(t, validator.Warnings(), 0)
+
+ assert.Equal(t, "/apple", config.Server.Path)
}
func TestShouldRaiseOnNegativeValues(t *testing.T) {
validator := schema.NewStructValidator()
- config := schema.ServerConfiguration{
- ReadBufferSize: -1,
- WriteBufferSize: -1,
+ config := &schema.Configuration{
+ Server: schema.ServerConfiguration{
+ ReadBufferSize: -1,
+ WriteBufferSize: -1,
+ },
}
- ValidateServer(&config, validator)
+
+ ValidateServer(config, validator)
+
require.Len(t, validator.Errors(), 2)
+
assert.EqualError(t, validator.Errors()[0], "server read buffer size must be above 0")
assert.EqualError(t, validator.Errors()[1], "server write buffer size must be above 0")
}
func TestShouldRaiseOnNonAlphanumericCharsInPath(t *testing.T) {
validator := schema.NewStructValidator()
- config := schema.ServerConfiguration{
- Path: "app le",
+ config := &schema.Configuration{
+ Server: schema.ServerConfiguration{
+ Path: "app le",
+ },
}
- ValidateServer(&config, validator)
+
+ ValidateServer(config, validator)
+
require.Len(t, validator.Errors(), 1)
+
assert.Error(t, validator.Errors()[0], "server path must only be alpha numeric characters")
}
func TestShouldRaiseOnForwardSlashInPath(t *testing.T) {
validator := schema.NewStructValidator()
- config := schema.ServerConfiguration{
- Path: "app/le",
+ config := &schema.Configuration{
+ Server: schema.ServerConfiguration{
+ Path: "app/le",
+ },
}
- ValidateServer(&config, validator)
+
+ ValidateServer(config, validator)
+
assert.Len(t, validator.Errors(), 1)
+
assert.Error(t, validator.Errors()[0], "server path must not contain any forward slashes")
}
+
+func TestShouldValidateAndUpdateHost(t *testing.T) {
+ validator := schema.NewStructValidator()
+ config := newDefaultConfig()
+ config.Server.Host = ""
+
+ ValidateServer(&config, validator)
+
+ require.Len(t, validator.Errors(), 0)
+ assert.Equal(t, "0.0.0.0", config.Server.Host)
+}
+
+func TestShouldRaiseErrorWhenTLSCertWithoutKeyIsProvided(t *testing.T) {
+ validator := schema.NewStructValidator()
+ config := newDefaultConfig()
+ config.Server.TLS.Certificate = testTLSCert
+
+ ValidateServer(&config, validator)
+ require.Len(t, validator.Errors(), 1)
+ assert.EqualError(t, validator.Errors()[0], "server: no TLS key provided to accompany the TLS certificate, please configure the 'server.tls.key' option")
+}
+
+func TestShouldRaiseErrorWhenTLSKeyWithoutCertIsProvided(t *testing.T) {
+ validator := schema.NewStructValidator()
+ config := newDefaultConfig()
+ config.Server.TLS.Key = testTLSKey
+
+ ValidateServer(&config, validator)
+ require.Len(t, validator.Errors(), 1)
+ assert.EqualError(t, validator.Errors()[0], "server: no TLS certificate provided to accompany the TLS key, please configure the 'server.tls.certificate' option")
+}
+
+func TestShouldNotRaiseErrorWhenBothTLSCertificateAndKeyAreProvided(t *testing.T) {
+ validator := schema.NewStructValidator()
+ config := newDefaultConfig()
+ config.Server.TLS.Certificate = testTLSCert
+ config.Server.TLS.Key = testTLSKey
+
+ ValidateServer(&config, validator)
+ require.Len(t, validator.Errors(), 0)
+}
+
+func TestShouldNotUpdateConfig(t *testing.T) {
+ validator := schema.NewStructValidator()
+ config := newDefaultConfig()
+
+ ValidateServer(&config, validator)
+
+ require.Len(t, validator.Errors(), 0)
+ assert.Equal(t, 9090, config.Server.Port)
+ assert.Equal(t, loopback, config.Server.Host)
+}
+
+func TestShouldValidateAndUpdatePort(t *testing.T) {
+ validator := schema.NewStructValidator()
+ config := newDefaultConfig()
+ config.Server.Port = 0
+
+ ValidateServer(&config, validator)
+
+ require.Len(t, validator.Errors(), 0)
+ assert.Equal(t, 9091, config.Server.Port)
+}
diff --git a/internal/server/server.go b/internal/server/server.go
index d5f78c688..7cad36644 100644
--- a/internal/server/server.go
+++ b/internal/server/server.go
@@ -167,7 +167,7 @@ func StartServer(configuration schema.Configuration, providers middlewares.Provi
WriteBufferSize: configuration.Server.WriteBufferSize,
}
- addrPattern := net.JoinHostPort(configuration.Host, strconv.Itoa(configuration.Port))
+ addrPattern := net.JoinHostPort(configuration.Server.Host, strconv.Itoa(configuration.Server.Port))
listener, err := net.Listen("tcp", addrPattern)
if err != nil {
@@ -191,9 +191,9 @@ func StartServer(configuration schema.Configuration, providers middlewares.Provi
}
}
- if configuration.TLSCert != "" && configuration.TLSKey != "" {
+ if configuration.Server.TLS.Certificate != "" && configuration.Server.TLS.Key != "" {
logger.Infof("Authelia is listening for TLS connections on %s%s", addrPattern, configuration.Server.Path)
- logger.Fatal(server.ServeTLS(listener, configuration.TLSCert, configuration.TLSKey))
+ logger.Fatal(server.ServeTLS(listener, configuration.Server.TLS.Certificate, configuration.Server.TLS.Key))
} else {
logger.Infof("Authelia is listening for non-TLS connections on %s%s", addrPattern, configuration.Server.Path)
logger.Fatal(server.Serve(listener))
diff --git a/internal/suites/ActiveDirectory/configuration.yml b/internal/suites/ActiveDirectory/configuration.yml
index c22fa575f..9f8ed8439 100644
--- a/internal/suites/ActiveDirectory/configuration.yml
+++ b/internal/suites/ActiveDirectory/configuration.yml
@@ -3,19 +3,19 @@
# Authelia minimal configuration #
###############################################################
-port: 9091
-tls_cert: /config/ssl/cert.pem
-tls_key: /config/ssl/key.pem
-
theme: grey
+jwt_secret: very_important_secret
+default_redirection_url: https://home.example.com:8080/
+
+server:
+ port: 9091
+ tls:
+ certificate: /config/ssl/cert.pem
+ key: /config/ssl/key.pem
log:
level: debug
-default_redirection_url: https://home.example.com:8080/
-
-jwt_secret: very_important_secret
-
authentication_backend:
ldap:
implementation: activedirectory
diff --git a/internal/suites/BypassAll/configuration.yml b/internal/suites/BypassAll/configuration.yml
index 5c4afdc59..09caba0f6 100644
--- a/internal/suites/BypassAll/configuration.yml
+++ b/internal/suites/BypassAll/configuration.yml
@@ -3,9 +3,11 @@
# Authelia minimal configuration #
###############################################################
-port: 9091
-tls_cert: /config/ssl/cert.pem
-tls_key: /config/ssl/key.pem
+server:
+ port: 9091
+ tls:
+ certificate: /config/ssl/cert.pem
+ key: /config/ssl/key.pem
log:
level: debug
diff --git a/internal/suites/CLI/configuration.yml b/internal/suites/CLI/configuration.yml
index 4d9f244f7..d4c33c5ca 100644
--- a/internal/suites/CLI/configuration.yml
+++ b/internal/suites/CLI/configuration.yml
@@ -3,9 +3,11 @@
# Authelia minimal configuration #
###############################################################
-port: 9091
-tls_cert: /config/ssl/cert.pem
-tls_key: /config/ssl/key.pem
+server:
+ port: 9091
+ tls:
+ certificate: /config/ssl/cert.pem
+ key: /config/ssl/key.pem
log:
level: debug
diff --git a/internal/suites/Docker/configuration.yml b/internal/suites/Docker/configuration.yml
index d0476e679..056c63ed9 100644
--- a/internal/suites/Docker/configuration.yml
+++ b/internal/suites/Docker/configuration.yml
@@ -3,17 +3,18 @@
# Authelia minimal configuration #
###############################################################
-port: 9091
-tls_cert: /config/ssl/cert.pem
-tls_key: /config/ssl/key.pem
+jwt_secret: very_important_secret
+default_redirection_url: https://home.example.com:8080/
+
+server:
+ port: 9091
+ tls:
+ certificate: /config/ssl/cert.pem
+ key: /config/ssl/key.pem
log:
level: debug
-default_redirection_url: https://home.example.com:8080/
-
-jwt_secret: very_important_secret
-
authentication_backend:
file:
path: /config/users.yml
diff --git a/internal/suites/DuoPush/configuration.yml b/internal/suites/DuoPush/configuration.yml
index dc7ed1f5b..d0881199b 100644
--- a/internal/suites/DuoPush/configuration.yml
+++ b/internal/suites/DuoPush/configuration.yml
@@ -3,17 +3,18 @@
# Authelia minimal configuration #
###############################################################
-port: 9091
-tls_cert: /config/ssl/cert.pem
-tls_key: /config/ssl/key.pem
+jwt_secret: very_important_secret
+default_redirection_url: https://home.example.com:8080/
+
+server:
+ port: 9091
+ tls:
+ certificate: /config/ssl/cert.pem
+ key: /config/ssl/key.pem
log:
level: trace
-default_redirection_url: https://home.example.com:8080/
-
-jwt_secret: very_important_secret
-
authentication_backend:
file:
path: /config/users.yml
diff --git a/internal/suites/HAProxy/configuration.yml b/internal/suites/HAProxy/configuration.yml
index 09e61b84f..046c181dc 100644
--- a/internal/suites/HAProxy/configuration.yml
+++ b/internal/suites/HAProxy/configuration.yml
@@ -3,15 +3,17 @@
# Authelia minimal configuration #
###############################################################
-port: 9091
-tls_cert: /config/ssl/cert.pem
-tls_key: /config/ssl/key.pem
+jwt_secret: unsecure_secret
+
+server:
+ port: 9091
+ tls:
+ certificate: /config/ssl/cert.pem
+ key: /config/ssl/key.pem
log:
level: debug
-jwt_secret: unsecure_secret
-
authentication_backend:
file:
path: /config/users.yml
diff --git a/internal/suites/HighAvailability/configuration.yml b/internal/suites/HighAvailability/configuration.yml
index 985297c32..4447cb43e 100644
--- a/internal/suites/HighAvailability/configuration.yml
+++ b/internal/suites/HighAvailability/configuration.yml
@@ -3,15 +3,17 @@
# Authelia configuration #
###############################################################
-port: 9091
-tls_cert: /config/ssl/cert.pem
-tls_key: /config/ssl/key.pem
+jwt_secret: unsecure_secret
+
+server:
+ port: 9091
+ tls:
+ certificate: /config/ssl/cert.pem
+ key: /config/ssl/key.pem
log:
level: debug
-jwt_secret: unsecure_secret
-
totp:
issuer: authelia.com
diff --git a/internal/suites/LDAP/configuration.yml b/internal/suites/LDAP/configuration.yml
index 6cbfd566b..94538f78b 100644
--- a/internal/suites/LDAP/configuration.yml
+++ b/internal/suites/LDAP/configuration.yml
@@ -3,19 +3,19 @@
# Authelia minimal configuration #
###############################################################
-port: 9091
-tls_cert: /config/ssl/cert.pem
-tls_key: /config/ssl/key.pem
-
theme: dark
+jwt_secret: very_important_secret
+default_redirection_url: https://home.example.com:8080/
+
+server:
+ port: 9091
+ tls:
+ certificate: /config/ssl/cert.pem
+ key: /config/ssl/key.pem
log:
level: debug
-default_redirection_url: https://home.example.com:8080/
-
-jwt_secret: very_important_secret
-
authentication_backend:
ldap:
url: ldaps://openldap
diff --git a/internal/suites/Mariadb/configuration.yml b/internal/suites/Mariadb/configuration.yml
index 40914e69a..d2adc36d1 100644
--- a/internal/suites/Mariadb/configuration.yml
+++ b/internal/suites/Mariadb/configuration.yml
@@ -3,17 +3,18 @@
# Authelia minimal configuration #
###############################################################
-port: 9091
-tls_cert: /config/ssl/cert.pem
-tls_key: /config/ssl/key.pem
+jwt_secret: very_important_secret
+default_redirection_url: https://home.example.com:8080/
+
+server:
+ port: 9091
+ tls:
+ certificate: /config/ssl/cert.pem
+ key: /config/ssl/key.pem
log:
level: debug
-default_redirection_url: https://home.example.com:8080/
-
-jwt_secret: very_important_secret
-
authentication_backend:
file:
path: /config/users.yml
diff --git a/internal/suites/MySQL/configuration.yml b/internal/suites/MySQL/configuration.yml
index 36c895915..d847cb2f1 100644
--- a/internal/suites/MySQL/configuration.yml
+++ b/internal/suites/MySQL/configuration.yml
@@ -3,9 +3,11 @@
# Authelia minimal configuration #
###############################################################
-port: 9091
-tls_cert: /config/ssl/cert.pem
-tls_key: /config/ssl/key.pem
+server:
+ port: 9091
+ tls:
+ certificate: /config/ssl/cert.pem
+ key: /config/ssl/key.pem
log:
level: debug
diff --git a/internal/suites/NetworkACL/configuration.yml b/internal/suites/NetworkACL/configuration.yml
index 59ee9295f..1c83a54b1 100644
--- a/internal/suites/NetworkACL/configuration.yml
+++ b/internal/suites/NetworkACL/configuration.yml
@@ -3,9 +3,11 @@
# Authelia minimal configuration #
###############################################################
-port: 9091
-tls_cert: /config/ssl/cert.pem
-tls_key: /config/ssl/key.pem
+server:
+ port: 9091
+ tls:
+ certificate: /config/ssl/cert.pem
+ key: /config/ssl/key.pem
log:
level: debug
diff --git a/internal/suites/OIDC/configuration.yml b/internal/suites/OIDC/configuration.yml
index 39c551d9d..8508271de 100644
--- a/internal/suites/OIDC/configuration.yml
+++ b/internal/suites/OIDC/configuration.yml
@@ -1,7 +1,9 @@
---
-port: 9091
-tls_cert: /config/ssl/cert.pem
-tls_key: /config/ssl/key.pem
+server:
+ port: 9091
+ tls:
+ certificate: /config/ssl/cert.pem
+ key: /config/ssl/key.pem
log:
level: debug
diff --git a/internal/suites/OIDCTraefik/configuration.yml b/internal/suites/OIDCTraefik/configuration.yml
index eca289651..3381211fe 100644
--- a/internal/suites/OIDCTraefik/configuration.yml
+++ b/internal/suites/OIDCTraefik/configuration.yml
@@ -1,7 +1,9 @@
---
-port: 9091
-tls_cert: /config/ssl/cert.pem
-tls_key: /config/ssl/key.pem
+server:
+ port: 9091
+ tls:
+ certificate: /config/ssl/cert.pem
+ key: /config/ssl/key.pem
log:
level: debug
diff --git a/internal/suites/OneFactorOnly/configuration.yml b/internal/suites/OneFactorOnly/configuration.yml
index d3de00832..b90513fec 100644
--- a/internal/suites/OneFactorOnly/configuration.yml
+++ b/internal/suites/OneFactorOnly/configuration.yml
@@ -3,17 +3,18 @@
# Authelia minimal configuration #
###############################################################
-port: 9091
-tls_cert: /config/ssl/cert.pem
-tls_key: /config/ssl/key.pem
+jwt_secret: unsecure_secret
+default_redirection_url: https://home.example.com:8080/
+
+server:
+ port: 9091
+ tls:
+ certificate: /config/ssl/cert.pem
+ key: /config/ssl/key.pem
log:
level: debug
-default_redirection_url: https://home.example.com:8080/
-
-jwt_secret: unsecure_secret
-
authentication_backend:
file:
path: /config/users.yml
diff --git a/internal/suites/PathPrefix/configuration.yml b/internal/suites/PathPrefix/configuration.yml
index d973e5baa..72f37c065 100644
--- a/internal/suites/PathPrefix/configuration.yml
+++ b/internal/suites/PathPrefix/configuration.yml
@@ -3,18 +3,18 @@
# Authelia minimal configuration #
###############################################################
-port: 9091
-tls_cert: /config/ssl/cert.pem
-tls_key: /config/ssl/key.pem
+jwt_secret: unsecure_secret
server:
+ port: 9091
path: auth
+ tls:
+ certificate: /config/ssl/cert.pem
+ key: /config/ssl/key.pem
log:
level: debug
-jwt_secret: unsecure_secret
-
authentication_backend:
file:
path: /config/users.yml
diff --git a/internal/suites/Postgres/configuration.yml b/internal/suites/Postgres/configuration.yml
index e2f789b09..53ce1e700 100644
--- a/internal/suites/Postgres/configuration.yml
+++ b/internal/suites/Postgres/configuration.yml
@@ -3,17 +3,18 @@
# Authelia minimal configuration #
###############################################################
-port: 9091
-tls_cert: /config/ssl/cert.pem
-tls_key: /config/ssl/key.pem
+jwt_secret: very_important_secret
+default_redirection_url: https://home.example.com:8080/
+
+server:
+ port: 9091
+ tls:
+ certificate: /config/ssl/cert.pem
+ key: /config/ssl/key.pem
log:
level: debug
-default_redirection_url: https://home.example.com:8080/
-
-jwt_secret: very_important_secret
-
authentication_backend:
file:
path: /config/users.yml
diff --git a/internal/suites/ShortTimeouts/configuration.yml b/internal/suites/ShortTimeouts/configuration.yml
index 953de5f3c..a091b2c94 100644
--- a/internal/suites/ShortTimeouts/configuration.yml
+++ b/internal/suites/ShortTimeouts/configuration.yml
@@ -3,17 +3,18 @@
# Authelia minimal configuration #
###############################################################
-port: 9091
-tls_cert: /config/ssl/cert.pem
-tls_key: /config/ssl/key.pem
+jwt_secret: unsecure_secret
+default_redirection_url: https://home.example.com:8080/
+
+server:
+ port: 9091
+ tls:
+ certificate: /config/ssl/cert.pem
+ key: /config/ssl/key.pem
log:
level: debug
-jwt_secret: unsecure_secret
-
-default_redirection_url: https://home.example.com:8080/
-
authentication_backend:
file:
path: /config/users.yml
diff --git a/internal/suites/Standalone/configuration.yml b/internal/suites/Standalone/configuration.yml
index 5325b2a4a..19fe89f01 100644
--- a/internal/suites/Standalone/configuration.yml
+++ b/internal/suites/Standalone/configuration.yml
@@ -3,12 +3,14 @@
# Authelia minimal configuration #
###############################################################
-port: 9091
-tls_cert: /config/ssl/cert.pem
-tls_key: /config/ssl/key.pem
-
theme: auto
+server:
+ port: 9091
+ tls:
+ certificate: /config/ssl/cert.pem
+ key: /config/ssl/key.pem
+
log:
level: debug
diff --git a/internal/suites/Traefik/configuration.yml b/internal/suites/Traefik/configuration.yml
index 09e61b84f..046c181dc 100644
--- a/internal/suites/Traefik/configuration.yml
+++ b/internal/suites/Traefik/configuration.yml
@@ -3,15 +3,17 @@
# Authelia minimal configuration #
###############################################################
-port: 9091
-tls_cert: /config/ssl/cert.pem
-tls_key: /config/ssl/key.pem
+jwt_secret: unsecure_secret
+
+server:
+ port: 9091
+ tls:
+ certificate: /config/ssl/cert.pem
+ key: /config/ssl/key.pem
log:
level: debug
-jwt_secret: unsecure_secret
-
authentication_backend:
file:
path: /config/users.yml
diff --git a/internal/suites/Traefik2/configuration.yml b/internal/suites/Traefik2/configuration.yml
index 79df8f6b7..c2427fdc7 100644
--- a/internal/suites/Traefik2/configuration.yml
+++ b/internal/suites/Traefik2/configuration.yml
@@ -3,15 +3,17 @@
# Authelia minimal configuration #
###############################################################
-port: 9091
-tls_cert: /config/ssl/cert.pem
-tls_key: /config/ssl/key.pem
+jwt_secret: unsecure_secret
+
+server:
+ port: 9091
+ tls:
+ certificate: /config/ssl/cert.pem
+ key: /config/ssl/key.pem
log:
level: debug
-jwt_secret: unsecure_secret
-
authentication_backend:
file:
path: /config/users.yml
diff --git a/internal/suites/example/kube/authelia/configs/configuration.yml b/internal/suites/example/kube/authelia/configs/configuration.yml
index 362effa8c..4045b9946 100644
--- a/internal/suites/example/kube/authelia/configs/configuration.yml
+++ b/internal/suites/example/kube/authelia/configs/configuration.yml
@@ -3,15 +3,17 @@
# Authelia configuration #
###############################################################
-port: 443
-tls_cert: /config/ssl/cert.pem
-tls_key: /config/ssl/key.pem
+default_redirection_url: https://home.example.com:8080
+
+server:
+ port: 443
+ tls:
+ certificate: /config/ssl/cert.pem
+ key: /config/ssl/key.pem
log:
level: debug
-default_redirection_url: https://home.example.com:8080
-
authentication_backend:
ldap:
url: ldaps://ldap-service
diff --git a/internal/utils/const.go b/internal/utils/const.go
index bf4c2fe7b..13cf000a3 100644
--- a/internal/utils/const.go
+++ b/internal/utils/const.go
@@ -46,16 +46,13 @@ const (
unknown = "unknown"
)
-// ErrTimeoutReached error thrown when a timeout is reached.
-var ErrTimeoutReached = errors.New("timeout reached")
-var parseDurationRegexp = regexp.MustCompile(`^(?P
[1-9]\d*?)(?P[smhdwMy])?$`)
+var (
+ reDuration = regexp.MustCompile(`^(?P[1-9]\d*?)(?P[smhdwMy])?$`)
+)
// AlphaNumericCharacters are literally just valid alphanumeric chars.
var AlphaNumericCharacters = []rune("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789")
-// ErrTLSVersionNotSupported returned when an unknown TLS version supplied.
-var ErrTLSVersionNotSupported = errors.New("supplied TLS version isn't supported")
-
var htmlEscaper = strings.NewReplacer(
"&", "&",
"<", "<",
@@ -63,3 +60,9 @@ var htmlEscaper = strings.NewReplacer(
`"`, """,
"'", "'",
)
+
+// ErrTimeoutReached error thrown when a timeout is reached.
+var ErrTimeoutReached = errors.New("timeout reached")
+
+// ErrTLSVersionNotSupported returned when an unknown TLS version supplied.
+var ErrTLSVersionNotSupported = errors.New("supplied TLS version isn't supported")
diff --git a/internal/utils/time.go b/internal/utils/time.go
index 87628741e..17160ec60 100644
--- a/internal/utils/time.go
+++ b/internal/utils/time.go
@@ -13,7 +13,7 @@ import (
func ParseDurationString(input string) (time.Duration, error) {
var duration time.Duration
- matches := parseDurationRegexp.FindStringSubmatch(input)
+ matches := reDuration.FindStringSubmatch(input)
switch {
case len(matches) == 3 && matches[2] != "":