feat(configuration): replace several configuration options (#2209)
This change adjusts several global options moving them into the server block. It additionally notes other breaking changes in the configuration. BREAKING CHANGE: Several configuration options have been changed and moved into other sections. Migration instructions are documented here: https://authelia.com/docs/configuration/migration.html#4.30.0pull/2225/head
parent
ac17841721
commit
158783a9d4
|
@ -4,14 +4,6 @@
|
||||||
# Authelia Configuration #
|
# Authelia Configuration #
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
|
||||||
## The host and port to listen on.
|
|
||||||
host: 0.0.0.0
|
|
||||||
port: 9091
|
|
||||||
|
|
||||||
## The TLS key and cert used with Authelia.
|
|
||||||
# tls_key: /config/ssl/key.pem
|
|
||||||
# tls_cert: /config/ssl/cert.pem
|
|
||||||
|
|
||||||
## Certificates directory specifies where Authelia will load trusted certificates (public portion) from in addition to
|
## Certificates directory specifies where Authelia will load trusted certificates (public portion) from in addition to
|
||||||
## the system certificates store.
|
## the system certificates store.
|
||||||
## They should be in base64 format, and have one of the following extensions: *.cer, *.crt, *.pem.
|
## They should be in base64 format, and have one of the following extensions: *.cer, *.crt, *.pem.
|
||||||
|
@ -20,10 +12,39 @@ port: 9091
|
||||||
## The theme to display: light, dark, grey, auto.
|
## The theme to display: light, dark, grey, auto.
|
||||||
theme: light
|
theme: light
|
||||||
|
|
||||||
|
## The secret used to generate JWT tokens when validating user identity by email confirmation. JWT Secret can also be
|
||||||
|
## set using a secret: https://www.authelia.com/docs/configuration/secrets.html
|
||||||
|
jwt_secret: a_very_important_secret
|
||||||
|
|
||||||
|
## Default redirection URL
|
||||||
|
##
|
||||||
|
## If user tries to authenticate without any referer, Authelia does not know where to redirect the user to at the end
|
||||||
|
## of the authentication process. This parameter allows you to specify the default redirection URL Authelia will use
|
||||||
|
## in such a case.
|
||||||
|
##
|
||||||
|
## Note: this parameter is optional. If not provided, user won't be redirected upon successful authentication.
|
||||||
|
default_redirection_url: https://home.example.com/
|
||||||
|
|
||||||
##
|
##
|
||||||
## Server Configuration
|
## Server Configuration
|
||||||
##
|
##
|
||||||
server:
|
server:
|
||||||
|
## The address to listen on.
|
||||||
|
host: 0.0.0.0
|
||||||
|
|
||||||
|
## The port to listen on.
|
||||||
|
port: 9091
|
||||||
|
|
||||||
|
## Authelia by default doesn't accept TLS communication on the server port. This section overrides this behaviour.
|
||||||
|
tls:
|
||||||
|
## The path to the DER base64/PEM format private key.
|
||||||
|
key: ""
|
||||||
|
# key: /config/ssl/key.pem
|
||||||
|
|
||||||
|
## The path to the DER base64/PEM format public certificate.
|
||||||
|
certificate: ""
|
||||||
|
# certificate: /config/ssl/cert.pem
|
||||||
|
|
||||||
## Buffers usually should be configured to be the same value.
|
## Buffers usually should be configured to be the same value.
|
||||||
## Explanation at https://www.authelia.com/docs/configuration/server.html
|
## Explanation at https://www.authelia.com/docs/configuration/server.html
|
||||||
## Read buffer size adjusts the server's max incoming request size in bytes.
|
## Read buffer size adjusts the server's max incoming request size in bytes.
|
||||||
|
@ -54,19 +75,6 @@ log:
|
||||||
## Whether to also log to stdout when a log_file_path is defined.
|
## Whether to also log to stdout when a log_file_path is defined.
|
||||||
# keep_stdout: false
|
# keep_stdout: false
|
||||||
|
|
||||||
## The secret used to generate JWT tokens when validating user identity by email confirmation. JWT Secret can also be
|
|
||||||
## set using a secret: https://www.authelia.com/docs/configuration/secrets.html
|
|
||||||
jwt_secret: a_very_important_secret
|
|
||||||
|
|
||||||
## Default redirection URL
|
|
||||||
##
|
|
||||||
## If user tries to authenticate without any referer, Authelia does not know where to redirect the user to at the end
|
|
||||||
## of the authentication process. This parameter allows you to specify the default redirection URL Authelia will use
|
|
||||||
## in such a case.
|
|
||||||
##
|
|
||||||
## Note: this parameter is optional. If not provided, user won't be redirected upon successful authentication.
|
|
||||||
default_redirection_url: https://home.example.com/
|
|
||||||
|
|
||||||
##
|
##
|
||||||
## TOTP Configuration
|
## TOTP Configuration
|
||||||
##
|
##
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
---
|
---
|
||||||
layout: default
|
layout: default
|
||||||
title: Authentication backends
|
title: Authentication Backends
|
||||||
parent: Configuration
|
parent: Configuration
|
||||||
nav_order: 1
|
nav_order: 2
|
||||||
has_children: true
|
has_children: true
|
||||||
---
|
---
|
||||||
|
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
layout: default
|
layout: default
|
||||||
title: Duo Push Notifications
|
title: Duo Push Notifications
|
||||||
parent: Configuration
|
parent: Configuration
|
||||||
nav_order: 2
|
nav_order: 3
|
||||||
---
|
---
|
||||||
|
|
||||||
# Duo Push Notifications
|
# Duo Push Notifications
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
layout: default
|
layout: default
|
||||||
title: Identity Providers
|
title: Identity Providers
|
||||||
parent: Configuration
|
parent: Configuration
|
||||||
nav_order: 3
|
nav_order: 4
|
||||||
has_children: true
|
has_children: true
|
||||||
---
|
---
|
||||||
|
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
layout: default
|
layout: default
|
||||||
title: Logging
|
title: Logging
|
||||||
parent: Configuration
|
parent: Configuration
|
||||||
nav_order: 4
|
nav_order: 5
|
||||||
---
|
---
|
||||||
|
|
||||||
# Logging
|
# Logging
|
||||||
|
|
|
@ -0,0 +1,70 @@
|
||||||
|
---
|
||||||
|
layout: default
|
||||||
|
title: Migration
|
||||||
|
parent: Configuration
|
||||||
|
nav_order: 6
|
||||||
|
---
|
||||||
|
|
||||||
|
This section documents changes in the configuration which may require manual migration by the administrator. Typically
|
||||||
|
this only occurs when a configuration key is renamed or moved to a more appropriate location.
|
||||||
|
|
||||||
|
## Format
|
||||||
|
|
||||||
|
The migrations are formatted in a table with the old key and the new key. Periods indicate a different section which can
|
||||||
|
be represented in YAML as a dictionary i.e. it's indented.
|
||||||
|
|
||||||
|
In our table `server.host` with a value of `0.0.0.0` is represented in YAML like this:
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
server:
|
||||||
|
host: 0.0.0.0
|
||||||
|
```
|
||||||
|
|
||||||
|
## Policy
|
||||||
|
|
||||||
|
Our deprecation policy for configuration keys is 3 minor versions. For example if a configuration option is deprecated
|
||||||
|
in version 4.30.0, it will remain as a warning for 4.30.x, 4.31.x, and 4.32.x; then it will become a fatal error in
|
||||||
|
4.33.0+.
|
||||||
|
|
||||||
|
## Migrations
|
||||||
|
|
||||||
|
### 4.30.0
|
||||||
|
|
||||||
|
The following changes occurred in 4.30.0:
|
||||||
|
|
||||||
|
|Previous Key|New Key |
|
||||||
|
|:----------:|:--------------------:|
|
||||||
|
|host |server.host |
|
||||||
|
|port |server.port |
|
||||||
|
|tls_key |server.tls.key |
|
||||||
|
|tls_cert |server.tls.certificate|
|
||||||
|
|log_level |log.level |
|
||||||
|
|log_file |log.file |
|
||||||
|
|log_format |log.format |
|
||||||
|
|
||||||
|
### 4.25.0
|
||||||
|
|
||||||
|
The following changes occurred in 4.25.0:
|
||||||
|
|
||||||
|
|Previous Key |New Key |
|
||||||
|
|:---------------------------------------------:|:---------------------------------------------:|
|
||||||
|
|authentication_backend.ldap.tls.skip_verify |authentication_backend.ldap.tls.skip_verify |
|
||||||
|
|authentication_backend.ldap.minimum_tls_version|authentication_backend.ldap.tls.minimum_version|
|
||||||
|
|notifier.smtp.disable_verify_cert |notifier.smtp.tls.skip_verify |
|
||||||
|
|notifier.smtp.trusted_cert |certificates_directory |
|
||||||
|
|
||||||
|
_**Please Note:** `certificates_directory` is not a direct replacement for the `notifier.smtp.trusted_cert`, instead
|
||||||
|
of being the path to a specific file it is a path to a directory containing certificates trusted by Authelia. This
|
||||||
|
affects other services like LDAP as well._
|
||||||
|
|
||||||
|
### 4.7.0
|
||||||
|
|
||||||
|
The following changes occurred in 4.7.0:
|
||||||
|
|
||||||
|
|Previous Key|New Key |
|
||||||
|
|:----------:|:-------:|
|
||||||
|
|logs_level |log_level|
|
||||||
|
|logs_file |log_file |
|
||||||
|
|
||||||
|
_**Please Note:** The new keys also changed in [4.30.0](#4.30.0) so you will need to update them to the new values if you
|
||||||
|
are using [4.30.0](#4.30.0) or newer instead of the new keys listed here._
|
|
@ -2,85 +2,12 @@
|
||||||
layout: default
|
layout: default
|
||||||
title: Miscellaneous
|
title: Miscellaneous
|
||||||
parent: Configuration
|
parent: Configuration
|
||||||
nav_order: 5
|
nav_order: 7
|
||||||
---
|
---
|
||||||
|
|
||||||
# Miscellaneous
|
# Miscellaneous
|
||||||
|
|
||||||
Here are the main customizable options in Authelia.
|
Here are the main customizable options in Authelia that don't fit into their own sections.
|
||||||
|
|
||||||
## Host & Port
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
host: 0.0.0.0
|
|
||||||
port: 9091
|
|
||||||
```
|
|
||||||
|
|
||||||
### host
|
|
||||||
<div markdown="1">
|
|
||||||
type: string
|
|
||||||
{: .label .label-config .label-purple }
|
|
||||||
default: 0.0.0.0
|
|
||||||
{: .label .label-config .label-blue }
|
|
||||||
required: no
|
|
||||||
{: .label .label-config .label-green }
|
|
||||||
</div>
|
|
||||||
|
|
||||||
Defines the address to listen on. See also [port](#port). Should typically be `0.0.0.0` or `127.0.0.1`, the former for
|
|
||||||
containerized environments and the later for daemonized environments like init.d and systemd.
|
|
||||||
|
|
||||||
Note: If utilising an IPv6 literal address it must be enclosed by square brackets and quoted:
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
host: "[fd00:1111:2222:3333::1]"
|
|
||||||
```
|
|
||||||
|
|
||||||
### port
|
|
||||||
<div markdown="1">
|
|
||||||
type: integer
|
|
||||||
{: .label .label-config .label-purple }
|
|
||||||
default: 9091
|
|
||||||
{: .label .label-config .label-blue }
|
|
||||||
required: no
|
|
||||||
{: .label .label-config .label-green }
|
|
||||||
</div>
|
|
||||||
|
|
||||||
Defines the port to listen on. See also [host](#host).
|
|
||||||
|
|
||||||
## TLS
|
|
||||||
|
|
||||||
Authelia's port typically listens for plain unencrypted connections. This is by design as most environments allow to
|
|
||||||
security on lower areas of the OSI model. However it required, if you specify both of the tls options the port will
|
|
||||||
listen for TLS connections.
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
tls_key: /config/ssl/key.pem
|
|
||||||
tls_cert: /config/ssl/cert.pem
|
|
||||||
```
|
|
||||||
|
|
||||||
### tls_key
|
|
||||||
<div markdown="1">
|
|
||||||
type: string (path)
|
|
||||||
{: .label .label-config .label-purple }
|
|
||||||
default: ""
|
|
||||||
{: .label .label-config .label-blue }
|
|
||||||
required: situational
|
|
||||||
{: .label .label-config .label-yellow }
|
|
||||||
</div>
|
|
||||||
|
|
||||||
The path to the private key for TLS connections. Must be in DER base64/PEM format.
|
|
||||||
|
|
||||||
### tls_cert
|
|
||||||
<div markdown="1">
|
|
||||||
type: string (path)
|
|
||||||
{: .label .label-config .label-purple }
|
|
||||||
default: ""
|
|
||||||
{: .label .label-config .label-blue }
|
|
||||||
required: situational
|
|
||||||
{: .label .label-config .label-yellow }
|
|
||||||
</div>
|
|
||||||
|
|
||||||
The path to the public certificate for TLS connections. Must be in DER base64/PEM format.
|
|
||||||
|
|
||||||
## certificates_directory
|
## certificates_directory
|
||||||
|
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
layout: default
|
layout: default
|
||||||
title: Time-based One-Time Password
|
title: Time-based One-Time Password
|
||||||
parent: Configuration
|
parent: Configuration
|
||||||
nav_order: 6
|
nav_order: 15
|
||||||
---
|
---
|
||||||
|
|
||||||
# Time-based One-Time Password
|
# Time-based One-Time Password
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
layout: default
|
layout: default
|
||||||
title: Regulation
|
title: Regulation
|
||||||
parent: Configuration
|
parent: Configuration
|
||||||
nav_order: 7
|
nav_order: 9
|
||||||
---
|
---
|
||||||
|
|
||||||
# Regulation
|
# Regulation
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
layout: default
|
layout: default
|
||||||
title: Secrets
|
title: Secrets
|
||||||
parent: Configuration
|
parent: Configuration
|
||||||
nav_order: 8
|
nav_order: 10
|
||||||
---
|
---
|
||||||
|
|
||||||
# Secrets
|
# Secrets
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
layout: default
|
layout: default
|
||||||
title: Server
|
title: Server
|
||||||
parent: Configuration
|
parent: Configuration
|
||||||
nav_order: 9
|
nav_order: 11
|
||||||
---
|
---
|
||||||
|
|
||||||
# Server
|
# Server
|
||||||
|
@ -13,15 +13,51 @@ The server section configures and tunes the http server module Authelia uses.
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
server:
|
server:
|
||||||
|
host: 0.0.0.0
|
||||||
|
port: 9091
|
||||||
read_buffer_size: 4096
|
read_buffer_size: 4096
|
||||||
write_buffer_size: 4096
|
write_buffer_size: 4096
|
||||||
path: ""
|
path: ""
|
||||||
enable_pprof: false
|
enable_pprof: false
|
||||||
enable_expvars: false
|
enable_expvars: false
|
||||||
|
tls:
|
||||||
|
key: ""
|
||||||
|
certificate: ""
|
||||||
```
|
```
|
||||||
|
|
||||||
## Options
|
## Options
|
||||||
|
|
||||||
|
## host
|
||||||
|
<div markdown="1">
|
||||||
|
type: string
|
||||||
|
{: .label .label-config .label-purple }
|
||||||
|
default: 0.0.0.0
|
||||||
|
{: .label .label-config .label-blue }
|
||||||
|
required: no
|
||||||
|
{: .label .label-config .label-green }
|
||||||
|
</div>
|
||||||
|
|
||||||
|
Defines the address to listen on. See also [port](#port). Should typically be `0.0.0.0` or `127.0.0.1`, the former for
|
||||||
|
containerized environments and the later for daemonized environments like init.d and systemd.
|
||||||
|
|
||||||
|
Note: If utilising an IPv6 literal address it must be enclosed by square brackets and quoted:
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
host: "[fd00:1111:2222:3333::1]"
|
||||||
|
```
|
||||||
|
|
||||||
|
### port
|
||||||
|
<div markdown="1">
|
||||||
|
type: integer
|
||||||
|
{: .label .label-config .label-purple }
|
||||||
|
default: 9091
|
||||||
|
{: .label .label-config .label-blue }
|
||||||
|
required: no
|
||||||
|
{: .label .label-config .label-green }
|
||||||
|
</div>
|
||||||
|
|
||||||
|
Defines the port to listen on. See also [host](#host).
|
||||||
|
|
||||||
### read_buffer_size
|
### read_buffer_size
|
||||||
<div markdown="1">
|
<div markdown="1">
|
||||||
type: integer
|
type: integer
|
||||||
|
@ -98,6 +134,35 @@ required: no
|
||||||
|
|
||||||
Enables the go expvars endpoints.
|
Enables the go expvars endpoints.
|
||||||
|
|
||||||
|
### tls
|
||||||
|
|
||||||
|
Authelia typically listens for plain unencrypted connections. This is by design as most environments allow to
|
||||||
|
security on lower areas of the OSI model. However it required, if you specify both the [tls key](#key) and
|
||||||
|
[tls certificate](#certificate) options, Authelia will listen for TLS connections.
|
||||||
|
|
||||||
|
#### key
|
||||||
|
<div markdown="1">
|
||||||
|
type: string (path)
|
||||||
|
{: .label .label-config .label-purple }
|
||||||
|
default: ""
|
||||||
|
{: .label .label-config .label-blue }
|
||||||
|
required: situational
|
||||||
|
{: .label .label-config .label-yellow }
|
||||||
|
</div>
|
||||||
|
|
||||||
|
The path to the private key for TLS connections. Must be in DER base64/PEM format.
|
||||||
|
|
||||||
|
#### certificate
|
||||||
|
<div markdown="1">
|
||||||
|
type: string (path)
|
||||||
|
{: .label .label-config .label-purple }
|
||||||
|
default: ""
|
||||||
|
{: .label .label-config .label-blue }
|
||||||
|
required: situational
|
||||||
|
{: .label .label-config .label-yellow }
|
||||||
|
</div>
|
||||||
|
|
||||||
|
The path to the public certificate for TLS connections. Must be in DER base64/PEM format.
|
||||||
|
|
||||||
## Additional Notes
|
## Additional Notes
|
||||||
|
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
layout: default
|
layout: default
|
||||||
title: Session
|
title: Session
|
||||||
parent: Configuration
|
parent: Configuration
|
||||||
nav_order: 10
|
nav_order: 12
|
||||||
has_children: true
|
has_children: true
|
||||||
---
|
---
|
||||||
|
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
---
|
---
|
||||||
layout: default
|
layout: default
|
||||||
title: Storage backends
|
title: Storage Backends
|
||||||
parent: Configuration
|
parent: Configuration
|
||||||
nav_order: 12
|
nav_order: 13
|
||||||
has_children: true
|
has_children: true
|
||||||
---
|
---
|
||||||
|
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
layout: default
|
layout: default
|
||||||
title: Theme
|
title: Theme
|
||||||
parent: Configuration
|
parent: Configuration
|
||||||
nav_order: 13
|
nav_order: 14
|
||||||
---
|
---
|
||||||
|
|
||||||
# Theme
|
# Theme
|
||||||
|
|
|
@ -3,13 +3,17 @@
|
||||||
# Authelia configuration #
|
# Authelia configuration #
|
||||||
###############################################################
|
###############################################################
|
||||||
|
|
||||||
|
jwt_secret: a_very_important_secret
|
||||||
|
default_redirection_url: https://public.example.com
|
||||||
|
|
||||||
|
server:
|
||||||
host: 0.0.0.0
|
host: 0.0.0.0
|
||||||
port: 9091
|
port: 9091
|
||||||
|
|
||||||
log:
|
log:
|
||||||
level: debug
|
level: debug
|
||||||
# This secret can also be set using the env variables AUTHELIA_JWT_SECRET_FILE
|
# This secret can also be set using the env variables AUTHELIA_JWT_SECRET_FILE
|
||||||
jwt_secret: a_very_important_secret
|
|
||||||
default_redirection_url: https://public.example.com
|
|
||||||
totp:
|
totp:
|
||||||
issuer: authelia.com
|
issuer: authelia.com
|
||||||
|
|
||||||
|
|
|
@ -3,12 +3,16 @@
|
||||||
# Authelia configuration #
|
# Authelia configuration #
|
||||||
###############################################################
|
###############################################################
|
||||||
|
|
||||||
host: 0.0.0.0
|
|
||||||
port: 9091
|
|
||||||
log:
|
|
||||||
level: debug
|
|
||||||
jwt_secret: a_very_important_secret
|
jwt_secret: a_very_important_secret
|
||||||
default_redirection_url: https://public.example.com
|
default_redirection_url: https://public.example.com
|
||||||
|
|
||||||
|
server:
|
||||||
|
host: 0.0.0.0
|
||||||
|
port: 9091
|
||||||
|
|
||||||
|
log:
|
||||||
|
level: debug
|
||||||
|
|
||||||
totp:
|
totp:
|
||||||
issuer: authelia.com
|
issuer: authelia.com
|
||||||
|
|
||||||
|
|
|
@ -4,14 +4,6 @@
|
||||||
# Authelia Configuration #
|
# Authelia Configuration #
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
|
||||||
## The host and port to listen on.
|
|
||||||
host: 0.0.0.0
|
|
||||||
port: 9091
|
|
||||||
|
|
||||||
## The TLS key and cert used with Authelia.
|
|
||||||
# tls_key: /config/ssl/key.pem
|
|
||||||
# tls_cert: /config/ssl/cert.pem
|
|
||||||
|
|
||||||
## Certificates directory specifies where Authelia will load trusted certificates (public portion) from in addition to
|
## Certificates directory specifies where Authelia will load trusted certificates (public portion) from in addition to
|
||||||
## the system certificates store.
|
## the system certificates store.
|
||||||
## They should be in base64 format, and have one of the following extensions: *.cer, *.crt, *.pem.
|
## They should be in base64 format, and have one of the following extensions: *.cer, *.crt, *.pem.
|
||||||
|
@ -20,10 +12,39 @@ port: 9091
|
||||||
## The theme to display: light, dark, grey, auto.
|
## The theme to display: light, dark, grey, auto.
|
||||||
theme: light
|
theme: light
|
||||||
|
|
||||||
|
## The secret used to generate JWT tokens when validating user identity by email confirmation. JWT Secret can also be
|
||||||
|
## set using a secret: https://www.authelia.com/docs/configuration/secrets.html
|
||||||
|
jwt_secret: a_very_important_secret
|
||||||
|
|
||||||
|
## Default redirection URL
|
||||||
|
##
|
||||||
|
## If user tries to authenticate without any referer, Authelia does not know where to redirect the user to at the end
|
||||||
|
## of the authentication process. This parameter allows you to specify the default redirection URL Authelia will use
|
||||||
|
## in such a case.
|
||||||
|
##
|
||||||
|
## Note: this parameter is optional. If not provided, user won't be redirected upon successful authentication.
|
||||||
|
default_redirection_url: https://home.example.com/
|
||||||
|
|
||||||
##
|
##
|
||||||
## Server Configuration
|
## Server Configuration
|
||||||
##
|
##
|
||||||
server:
|
server:
|
||||||
|
## The address to listen on.
|
||||||
|
host: 0.0.0.0
|
||||||
|
|
||||||
|
## The port to listen on.
|
||||||
|
port: 9091
|
||||||
|
|
||||||
|
## Authelia by default doesn't accept TLS communication on the server port. This section overrides this behaviour.
|
||||||
|
tls:
|
||||||
|
## The path to the DER base64/PEM format private key.
|
||||||
|
key: ""
|
||||||
|
# key: /config/ssl/key.pem
|
||||||
|
|
||||||
|
## The path to the DER base64/PEM format public certificate.
|
||||||
|
certificate: ""
|
||||||
|
# certificate: /config/ssl/cert.pem
|
||||||
|
|
||||||
## Buffers usually should be configured to be the same value.
|
## Buffers usually should be configured to be the same value.
|
||||||
## Explanation at https://www.authelia.com/docs/configuration/server.html
|
## Explanation at https://www.authelia.com/docs/configuration/server.html
|
||||||
## Read buffer size adjusts the server's max incoming request size in bytes.
|
## Read buffer size adjusts the server's max incoming request size in bytes.
|
||||||
|
@ -54,19 +75,6 @@ log:
|
||||||
## Whether to also log to stdout when a log_file_path is defined.
|
## Whether to also log to stdout when a log_file_path is defined.
|
||||||
# keep_stdout: false
|
# keep_stdout: false
|
||||||
|
|
||||||
## The secret used to generate JWT tokens when validating user identity by email confirmation. JWT Secret can also be
|
|
||||||
## set using a secret: https://www.authelia.com/docs/configuration/secrets.html
|
|
||||||
jwt_secret: a_very_important_secret
|
|
||||||
|
|
||||||
## Default redirection URL
|
|
||||||
##
|
|
||||||
## If user tries to authenticate without any referer, Authelia does not know where to redirect the user to at the end
|
|
||||||
## of the authentication process. This parameter allows you to specify the default redirection URL Authelia will use
|
|
||||||
## in such a case.
|
|
||||||
##
|
|
||||||
## Note: this parameter is optional. If not provided, user won't be redirected upon successful authentication.
|
|
||||||
default_redirection_url: https://home.example.com/
|
|
||||||
|
|
||||||
##
|
##
|
||||||
## TOTP Configuration
|
## TOTP Configuration
|
||||||
##
|
##
|
||||||
|
|
|
@ -164,7 +164,7 @@ func TestShouldErrorParseBadConfigFile(t *testing.T) {
|
||||||
|
|
||||||
require.Len(t, errors, 1)
|
require.Len(t, errors, 1)
|
||||||
|
|
||||||
require.EqualError(t, errors[0], "Error malformed yaml: line 26: did not find expected alphabetic or numeric character")
|
require.EqualError(t, errors[0], "Error malformed yaml: line 27: did not find expected alphabetic or numeric character")
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestShouldParseConfigFile(t *testing.T) {
|
func TestShouldParseConfigFile(t *testing.T) {
|
||||||
|
@ -184,7 +184,7 @@ func TestShouldParseConfigFile(t *testing.T) {
|
||||||
|
|
||||||
require.Len(t, errors, 0)
|
require.Len(t, errors, 0)
|
||||||
|
|
||||||
assert.Equal(t, 9091, config.Port)
|
assert.Equal(t, 9091, config.Server.Port)
|
||||||
assert.Equal(t, "debug", config.Logging.Level)
|
assert.Equal(t, "debug", config.Logging.Level)
|
||||||
assert.Equal(t, "https://home.example.com:8080/", config.DefaultRedirectionURL)
|
assert.Equal(t, "https://home.example.com:8080/", config.DefaultRedirectionURL)
|
||||||
assert.Equal(t, "authelia.com", config.TOTP.Issuer)
|
assert.Equal(t, "authelia.com", config.TOTP.Issuer)
|
||||||
|
@ -220,7 +220,7 @@ func TestShouldParseAltConfigFile(t *testing.T) {
|
||||||
config, errors := Read("./test_resources/config_alt.yml")
|
config, errors := Read("./test_resources/config_alt.yml")
|
||||||
require.Len(t, errors, 0)
|
require.Len(t, errors, 0)
|
||||||
|
|
||||||
assert.Equal(t, 9091, config.Port)
|
assert.Equal(t, 9091, config.Server.Port)
|
||||||
assert.Equal(t, "debug", config.Logging.Level)
|
assert.Equal(t, "debug", config.Logging.Level)
|
||||||
assert.Equal(t, "https://home.example.com:8080/", config.DefaultRedirectionURL)
|
assert.Equal(t, "https://home.example.com:8080/", config.DefaultRedirectionURL)
|
||||||
assert.Equal(t, "authelia.com", config.TOTP.Issuer)
|
assert.Equal(t, "authelia.com", config.TOTP.Issuer)
|
||||||
|
|
|
@ -2,20 +2,18 @@ package schema
|
||||||
|
|
||||||
// Configuration object extracted from YAML configuration file.
|
// Configuration object extracted from YAML configuration file.
|
||||||
type Configuration struct {
|
type Configuration struct {
|
||||||
Host string `mapstructure:"host"`
|
|
||||||
Port int `mapstructure:"port"`
|
|
||||||
Theme string `mapstructure:"theme"`
|
Theme string `mapstructure:"theme"`
|
||||||
TLSCert string `mapstructure:"tls_cert"`
|
|
||||||
TLSKey string `mapstructure:"tls_key"`
|
|
||||||
CertificatesDirectory string `mapstructure:"certificates_directory"`
|
CertificatesDirectory string `mapstructure:"certificates_directory"`
|
||||||
JWTSecret string `mapstructure:"jwt_secret"`
|
JWTSecret string `mapstructure:"jwt_secret"`
|
||||||
DefaultRedirectionURL string `mapstructure:"default_redirection_url"`
|
DefaultRedirectionURL string `mapstructure:"default_redirection_url"`
|
||||||
|
|
||||||
// TODO: DEPRECATED START. Remove in 4.33.0.
|
Host string `koanf:"host"` // Deprecated: To be Removed. TODO: Remove in 4.33.0.
|
||||||
LogLevel string `mapstructure:"log_level"`
|
Port int `koanf:"port"` // Deprecated: To be Removed. TODO: Remove in 4.33.0.
|
||||||
LogFormat string `mapstructure:"log_format"`
|
TLSCert string `koanf:"tls_cert"` // Deprecated: To be Removed. TODO: Remove in 4.33.0.
|
||||||
LogFilePath string `mapstructure:"log_file_path"`
|
TLSKey string `koanf:"tls_key"` // Deprecated: To be Removed. TODO: Remove in 4.33.0.
|
||||||
// TODO: DEPRECATED END. Remove in 4.33.0.
|
LogLevel string `koanf:"log_level"` // Deprecated: To be Removed. TODO: Remove in 4.33.0.
|
||||||
|
LogFormat string `koanf:"log_format"` // Deprecated: To be Removed. TODO: Remove in 4.33.0.
|
||||||
|
LogFilePath string `koanf:"log_file_path"` // Deprecated: To be Removed. TODO: Remove in 4.33.0.
|
||||||
|
|
||||||
Logging LogConfiguration `mapstructure:"log"`
|
Logging LogConfiguration `mapstructure:"log"`
|
||||||
IdentityProviders IdentityProvidersConfiguration `mapstructure:"identity_providers"`
|
IdentityProviders IdentityProvidersConfiguration `mapstructure:"identity_providers"`
|
||||||
|
|
|
@ -2,15 +2,27 @@ package schema
|
||||||
|
|
||||||
// ServerConfiguration represents the configuration of the http server.
|
// ServerConfiguration represents the configuration of the http server.
|
||||||
type ServerConfiguration struct {
|
type ServerConfiguration struct {
|
||||||
|
Host string `mapstructure:"host"`
|
||||||
|
Port int `mapstructure:"port"`
|
||||||
Path string `mapstructure:"path"`
|
Path string `mapstructure:"path"`
|
||||||
ReadBufferSize int `mapstructure:"read_buffer_size"`
|
ReadBufferSize int `mapstructure:"read_buffer_size"`
|
||||||
WriteBufferSize int `mapstructure:"write_buffer_size"`
|
WriteBufferSize int `mapstructure:"write_buffer_size"`
|
||||||
EnablePprof bool `mapstructure:"enable_endpoint_pprof"`
|
EnablePprof bool `mapstructure:"enable_endpoint_pprof"`
|
||||||
EnableExpvars bool `mapstructure:"enable_endpoint_expvars"`
|
EnableExpvars bool `mapstructure:"enable_endpoint_expvars"`
|
||||||
|
|
||||||
|
TLS ServerTLSConfiguration `mapstructure:"tls"`
|
||||||
|
}
|
||||||
|
|
||||||
|
// ServerTLSConfiguration represents the configuration of the http servers TLS options.
|
||||||
|
type ServerTLSConfiguration struct {
|
||||||
|
Certificate string `mapstructure:"certificate"`
|
||||||
|
Key string `mapstructure:"key"`
|
||||||
}
|
}
|
||||||
|
|
||||||
// DefaultServerConfiguration represents the default values of the ServerConfiguration.
|
// DefaultServerConfiguration represents the default values of the ServerConfiguration.
|
||||||
var DefaultServerConfiguration = ServerConfiguration{
|
var DefaultServerConfiguration = ServerConfiguration{
|
||||||
|
Host: "0.0.0.0",
|
||||||
|
Port: 9091,
|
||||||
ReadBufferSize: 4096,
|
ReadBufferSize: 4096,
|
||||||
WriteBufferSize: 4096,
|
WriteBufferSize: 4096,
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,12 +1,13 @@
|
||||||
---
|
---
|
||||||
|
default_redirection_url: https://home.example.com:8080/
|
||||||
|
|
||||||
|
server:
|
||||||
host: 127.0.0.1
|
host: 127.0.0.1
|
||||||
port: 9091
|
port: 9091
|
||||||
|
|
||||||
log:
|
log:
|
||||||
level: debug
|
level: debug
|
||||||
|
|
||||||
default_redirection_url: https://home.example.com:8080/
|
|
||||||
|
|
||||||
totp:
|
totp:
|
||||||
issuer: authelia.com
|
issuer: authelia.com
|
||||||
|
|
||||||
|
|
|
@ -1,12 +1,13 @@
|
||||||
---
|
---
|
||||||
|
default_redirection_url: https://home.example.com:8080/
|
||||||
|
|
||||||
|
server:
|
||||||
host: 127.0.0.1
|
host: 127.0.0.1
|
||||||
port: 9091
|
port: 9091
|
||||||
|
|
||||||
log:
|
log:
|
||||||
level: debug
|
level: debug
|
||||||
|
|
||||||
default_redirection_url: https://home.example.com:8080/
|
|
||||||
|
|
||||||
totp:
|
totp:
|
||||||
issuer: authelia.com
|
issuer: authelia.com
|
||||||
|
|
||||||
|
|
|
@ -1,12 +1,14 @@
|
||||||
---
|
---
|
||||||
host: 127.0.0.1
|
|
||||||
port: 9091
|
|
||||||
loggy_file: /config/svc.log
|
loggy_file: /config/svc.log
|
||||||
|
|
||||||
logs_level: debug
|
logs_level: debug
|
||||||
|
|
||||||
default_redirection_url: https://home.example.com:8080/
|
default_redirection_url: https://home.example.com:8080/
|
||||||
|
|
||||||
|
server:
|
||||||
|
host: 127.0.0.1
|
||||||
|
port: 9091
|
||||||
|
|
||||||
totp:
|
totp:
|
||||||
issuer: authelia.com
|
issuer: authelia.com
|
||||||
|
|
||||||
|
|
|
@ -1,14 +1,15 @@
|
||||||
---
|
---
|
||||||
|
jwt_secret: RUtG9TnbXrOl1XLLmDgySw1DGgx9QcrtepIf1uDDBlBVKFZxkVBruYKBi32PvaU
|
||||||
|
|
||||||
|
default_redirection_url: example.com
|
||||||
|
|
||||||
|
server:
|
||||||
host: 0.0.0.0
|
host: 0.0.0.0
|
||||||
port: 9091
|
port: 9091
|
||||||
|
|
||||||
log:
|
log:
|
||||||
level: debug
|
level: debug
|
||||||
|
|
||||||
jwt_secret: RUtG9TnbXrOl1XLLmDgySw1DGgx9QcrtepIf1uDDBlBVKFZxkVBruYKBi32PvaU
|
|
||||||
|
|
||||||
default_redirection_url: example.com
|
|
||||||
|
|
||||||
totp:
|
totp:
|
||||||
issuer: example.com
|
issuer: example.com
|
||||||
period: 30
|
period: 30
|
||||||
|
|
|
@ -1,13 +1,15 @@
|
||||||
---
|
---
|
||||||
|
jwt_secret: secret_from_config
|
||||||
|
|
||||||
|
default_redirection_url: https://home.example.com:8080/
|
||||||
|
|
||||||
|
server:
|
||||||
host: 127.0.0.1
|
host: 127.0.0.1
|
||||||
port: 9091
|
port: 9091
|
||||||
jwt_secret: secret_from_config
|
|
||||||
|
|
||||||
log:
|
log:
|
||||||
level: debug
|
level: debug
|
||||||
|
|
||||||
default_redirection_url: https://home.example.com:8080/
|
|
||||||
|
|
||||||
totp:
|
totp:
|
||||||
issuer: authelia.com
|
issuer: authelia.com
|
||||||
|
|
||||||
|
|
|
@ -8,25 +8,8 @@ import (
|
||||||
"github.com/authelia/authelia/internal/utils"
|
"github.com/authelia/authelia/internal/utils"
|
||||||
)
|
)
|
||||||
|
|
||||||
var defaultPort = 9091
|
|
||||||
|
|
||||||
// ValidateConfiguration and adapt the configuration read from file.
|
// ValidateConfiguration and adapt the configuration read from file.
|
||||||
//nolint:gocyclo // This function is likely to always have lots of if/else statements, as long as we keep the flow clean it should be understandable.
|
|
||||||
func ValidateConfiguration(configuration *schema.Configuration, validator *schema.StructValidator) {
|
func ValidateConfiguration(configuration *schema.Configuration, validator *schema.StructValidator) {
|
||||||
if configuration.Host == "" {
|
|
||||||
configuration.Host = "0.0.0.0"
|
|
||||||
}
|
|
||||||
|
|
||||||
if configuration.Port == 0 {
|
|
||||||
configuration.Port = defaultPort
|
|
||||||
}
|
|
||||||
|
|
||||||
if configuration.TLSKey != "" && configuration.TLSCert == "" {
|
|
||||||
validator.Push(fmt.Errorf("No TLS certificate provided, please check the \"tls_cert\" which has been configured"))
|
|
||||||
} else if configuration.TLSKey == "" && configuration.TLSCert != "" {
|
|
||||||
validator.Push(fmt.Errorf("No TLS key provided, please check the \"tls_key\" which has been configured"))
|
|
||||||
}
|
|
||||||
|
|
||||||
if configuration.CertificatesDirectory != "" {
|
if configuration.CertificatesDirectory != "" {
|
||||||
info, err := os.Stat(configuration.CertificatesDirectory)
|
info, err := os.Stat(configuration.CertificatesDirectory)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -71,7 +54,7 @@ func ValidateConfiguration(configuration *schema.Configuration, validator *schem
|
||||||
|
|
||||||
ValidateRegulation(configuration.Regulation, validator)
|
ValidateRegulation(configuration.Regulation, validator)
|
||||||
|
|
||||||
ValidateServer(&configuration.Server, validator)
|
ValidateServer(configuration, validator)
|
||||||
|
|
||||||
ValidateStorage(configuration.Storage, validator)
|
ValidateStorage(configuration.Storage, validator)
|
||||||
|
|
||||||
|
|
|
@ -12,8 +12,8 @@ import (
|
||||||
|
|
||||||
func newDefaultConfig() schema.Configuration {
|
func newDefaultConfig() schema.Configuration {
|
||||||
config := schema.Configuration{}
|
config := schema.Configuration{}
|
||||||
config.Host = loopback
|
config.Server.Host = loopback
|
||||||
config.Port = 9090
|
config.Server.Port = 9090
|
||||||
config.Logging.Level = "info"
|
config.Logging.Level = "info"
|
||||||
config.Logging.Format = "text"
|
config.Logging.Format = "text"
|
||||||
config.JWTSecret = testJWTSecret
|
config.JWTSecret = testJWTSecret
|
||||||
|
@ -40,39 +40,6 @@ func newDefaultConfig() schema.Configuration {
|
||||||
return config
|
return config
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestShouldNotUpdateConfig(t *testing.T) {
|
|
||||||
validator := schema.NewStructValidator()
|
|
||||||
config := newDefaultConfig()
|
|
||||||
|
|
||||||
ValidateConfiguration(&config, validator)
|
|
||||||
|
|
||||||
require.Len(t, validator.Errors(), 0)
|
|
||||||
assert.Equal(t, 9090, config.Port)
|
|
||||||
assert.Equal(t, "info", config.Logging.Level)
|
|
||||||
}
|
|
||||||
|
|
||||||
func TestShouldValidateAndUpdatePort(t *testing.T) {
|
|
||||||
validator := schema.NewStructValidator()
|
|
||||||
config := newDefaultConfig()
|
|
||||||
config.Port = 0
|
|
||||||
|
|
||||||
ValidateConfiguration(&config, validator)
|
|
||||||
|
|
||||||
require.Len(t, validator.Errors(), 0)
|
|
||||||
assert.Equal(t, 9091, config.Port)
|
|
||||||
}
|
|
||||||
|
|
||||||
func TestShouldValidateAndUpdateHost(t *testing.T) {
|
|
||||||
validator := schema.NewStructValidator()
|
|
||||||
config := newDefaultConfig()
|
|
||||||
config.Host = ""
|
|
||||||
|
|
||||||
ValidateConfiguration(&config, validator)
|
|
||||||
|
|
||||||
require.Len(t, validator.Errors(), 0)
|
|
||||||
assert.Equal(t, "0.0.0.0", config.Host)
|
|
||||||
}
|
|
||||||
|
|
||||||
func TestShouldEnsureNotifierConfigIsProvided(t *testing.T) {
|
func TestShouldEnsureNotifierConfigIsProvided(t *testing.T) {
|
||||||
validator := schema.NewStructValidator()
|
validator := schema.NewStructValidator()
|
||||||
config := newDefaultConfig()
|
config := newDefaultConfig()
|
||||||
|
@ -107,36 +74,6 @@ func TestShouldAddDefaultAccessControl(t *testing.T) {
|
||||||
assert.Equal(t, "deny", config.AccessControl.DefaultPolicy)
|
assert.Equal(t, "deny", config.AccessControl.DefaultPolicy)
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestShouldRaiseErrorWhenTLSCertWithoutKeyIsProvided(t *testing.T) {
|
|
||||||
validator := schema.NewStructValidator()
|
|
||||||
config := newDefaultConfig()
|
|
||||||
config.TLSCert = testTLSCert
|
|
||||||
|
|
||||||
ValidateConfiguration(&config, validator)
|
|
||||||
require.Len(t, validator.Errors(), 1)
|
|
||||||
assert.EqualError(t, validator.Errors()[0], "No TLS key provided, please check the \"tls_key\" which has been configured")
|
|
||||||
}
|
|
||||||
|
|
||||||
func TestShouldRaiseErrorWhenTLSKeyWithoutCertIsProvided(t *testing.T) {
|
|
||||||
validator := schema.NewStructValidator()
|
|
||||||
config := newDefaultConfig()
|
|
||||||
config.TLSKey = testTLSKey
|
|
||||||
|
|
||||||
ValidateConfiguration(&config, validator)
|
|
||||||
require.Len(t, validator.Errors(), 1)
|
|
||||||
assert.EqualError(t, validator.Errors()[0], "No TLS certificate provided, please check the \"tls_cert\" which has been configured")
|
|
||||||
}
|
|
||||||
|
|
||||||
func TestShouldNotRaiseErrorWhenBothTLSCertificateAndKeyAreProvided(t *testing.T) {
|
|
||||||
validator := schema.NewStructValidator()
|
|
||||||
config := newDefaultConfig()
|
|
||||||
config.TLSCert = testTLSCert
|
|
||||||
config.TLSKey = testTLSKey
|
|
||||||
|
|
||||||
ValidateConfiguration(&config, validator)
|
|
||||||
require.Len(t, validator.Errors(), 0)
|
|
||||||
}
|
|
||||||
|
|
||||||
func TestShouldRaiseErrorWithUndefinedJWTSecretKey(t *testing.T) {
|
func TestShouldRaiseErrorWithUndefinedJWTSecretKey(t *testing.T) {
|
||||||
validator := schema.NewStructValidator()
|
validator := schema.NewStructValidator()
|
||||||
config := newDefaultConfig()
|
config := newDefaultConfig()
|
||||||
|
|
|
@ -103,13 +103,9 @@ var SecretNames = map[string]string{
|
||||||
// the secret names map and reuse it in relevant sections.
|
// the secret names map and reuse it in relevant sections.
|
||||||
var validKeys = []string{
|
var validKeys = []string{
|
||||||
// Root Keys.
|
// Root Keys.
|
||||||
"host",
|
|
||||||
"port",
|
|
||||||
"default_redirection_url",
|
|
||||||
"theme",
|
|
||||||
"tls_key",
|
|
||||||
"tls_cert",
|
|
||||||
"certificates_directory",
|
"certificates_directory",
|
||||||
|
"theme",
|
||||||
|
"default_redirection_url",
|
||||||
|
|
||||||
// Log keys.
|
// Log keys.
|
||||||
"log.level",
|
"log.level",
|
||||||
|
@ -118,17 +114,25 @@ var validKeys = []string{
|
||||||
"log.keep_stdout",
|
"log.keep_stdout",
|
||||||
|
|
||||||
// TODO: DEPRECATED START. Remove in 4.33.0.
|
// TODO: DEPRECATED START. Remove in 4.33.0.
|
||||||
|
"host",
|
||||||
|
"port",
|
||||||
|
"tls_key",
|
||||||
|
"tls_cert",
|
||||||
"log_level",
|
"log_level",
|
||||||
"log_format",
|
"log_format",
|
||||||
"log_file_path",
|
"log_file_path",
|
||||||
// TODO: DEPRECATED END. Remove in 4.33.0.
|
// TODO: DEPRECATED END. Remove in 4.33.0.
|
||||||
|
|
||||||
// Server Keys.
|
// Server Keys.
|
||||||
|
"server.host",
|
||||||
|
"server.port",
|
||||||
"server.read_buffer_size",
|
"server.read_buffer_size",
|
||||||
"server.write_buffer_size",
|
"server.write_buffer_size",
|
||||||
"server.path",
|
"server.path",
|
||||||
"server.enable_pprof",
|
"server.enable_pprof",
|
||||||
"server.enable_expvars",
|
"server.enable_expvars",
|
||||||
|
"server.tls.key",
|
||||||
|
"server.tls.certificate",
|
||||||
|
|
||||||
// TOTP Keys.
|
// TOTP Keys.
|
||||||
"totp.issuer",
|
"totp.issuer",
|
||||||
|
|
|
@ -9,30 +9,77 @@ import (
|
||||||
"github.com/authelia/authelia/internal/utils"
|
"github.com/authelia/authelia/internal/utils"
|
||||||
)
|
)
|
||||||
|
|
||||||
var defaultReadBufferSize = 4096
|
|
||||||
var defaultWriteBufferSize = 4096
|
|
||||||
|
|
||||||
// ValidateServer checks a server configuration is correct.
|
// ValidateServer checks a server configuration is correct.
|
||||||
func ValidateServer(configuration *schema.ServerConfiguration, validator *schema.StructValidator) {
|
func ValidateServer(configuration *schema.Configuration, validator *schema.StructValidator) {
|
||||||
switch {
|
applyDeprecatedServerConfiguration(configuration, validator)
|
||||||
case strings.Contains(configuration.Path, "/"):
|
|
||||||
validator.Push(fmt.Errorf("server path must not contain any forward slashes"))
|
if configuration.Server.Host == "" {
|
||||||
case !utils.IsStringAlphaNumeric(configuration.Path):
|
configuration.Server.Host = schema.DefaultServerConfiguration.Host
|
||||||
validator.Push(fmt.Errorf("server path must only be alpha numeric characters"))
|
|
||||||
case configuration.Path == "": // Don't do anything if it's blank.
|
|
||||||
default:
|
|
||||||
configuration.Path = path.Clean("/" + configuration.Path)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if configuration.ReadBufferSize == 0 {
|
if configuration.Server.Port == 0 {
|
||||||
configuration.ReadBufferSize = defaultReadBufferSize
|
configuration.Server.Port = schema.DefaultServerConfiguration.Port
|
||||||
} else if configuration.ReadBufferSize < 0 {
|
}
|
||||||
|
|
||||||
|
if configuration.Server.TLS.Key != "" && configuration.Server.TLS.Certificate == "" {
|
||||||
|
validator.Push(fmt.Errorf("server: no TLS certificate provided to accompany the TLS key, please configure the 'server.tls.certificate' option"))
|
||||||
|
} else if configuration.Server.TLS.Key == "" && configuration.Server.TLS.Certificate != "" {
|
||||||
|
validator.Push(fmt.Errorf("server: no TLS key provided to accompany the TLS certificate, please configure the 'server.tls.key' option"))
|
||||||
|
}
|
||||||
|
|
||||||
|
switch {
|
||||||
|
case strings.Contains(configuration.Server.Path, "/"):
|
||||||
|
validator.Push(fmt.Errorf("server path must not contain any forward slashes"))
|
||||||
|
case !utils.IsStringAlphaNumeric(configuration.Server.Path):
|
||||||
|
validator.Push(fmt.Errorf("server path must only be alpha numeric characters"))
|
||||||
|
case configuration.Server.Path == "": // Don't do anything if it's blank.
|
||||||
|
default:
|
||||||
|
configuration.Server.Path = path.Clean("/" + configuration.Server.Path)
|
||||||
|
}
|
||||||
|
|
||||||
|
if configuration.Server.ReadBufferSize == 0 {
|
||||||
|
configuration.Server.ReadBufferSize = schema.DefaultServerConfiguration.ReadBufferSize
|
||||||
|
} else if configuration.Server.ReadBufferSize < 0 {
|
||||||
validator.Push(fmt.Errorf("server read buffer size must be above 0"))
|
validator.Push(fmt.Errorf("server read buffer size must be above 0"))
|
||||||
}
|
}
|
||||||
|
|
||||||
if configuration.WriteBufferSize == 0 {
|
if configuration.Server.WriteBufferSize == 0 {
|
||||||
configuration.WriteBufferSize = defaultWriteBufferSize
|
configuration.Server.WriteBufferSize = schema.DefaultServerConfiguration.WriteBufferSize
|
||||||
} else if configuration.WriteBufferSize < 0 {
|
} else if configuration.Server.WriteBufferSize < 0 {
|
||||||
validator.Push(fmt.Errorf("server write buffer size must be above 0"))
|
validator.Push(fmt.Errorf("server write buffer size must be above 0"))
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func applyDeprecatedServerConfiguration(configuration *schema.Configuration, validator *schema.StructValidator) {
|
||||||
|
if configuration.Host != "" {
|
||||||
|
validator.PushWarning(fmt.Errorf(errFmtDeprecatedConfigurationKey, "host", "4.33.0", "server.host"))
|
||||||
|
|
||||||
|
if configuration.Server.Host == "" {
|
||||||
|
configuration.Server.Host = configuration.Host
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if configuration.Port != 0 {
|
||||||
|
validator.PushWarning(fmt.Errorf(errFmtDeprecatedConfigurationKey, "port", "4.33.0", "server.port"))
|
||||||
|
|
||||||
|
if configuration.Server.Port == 0 {
|
||||||
|
configuration.Server.Port = configuration.Port
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if configuration.TLSCert != "" {
|
||||||
|
validator.PushWarning(fmt.Errorf(errFmtDeprecatedConfigurationKey, "tls_cert", "4.33.0", "server.tls_cert"))
|
||||||
|
|
||||||
|
if configuration.Server.TLS.Certificate == "" {
|
||||||
|
configuration.Server.TLS.Certificate = configuration.TLSCert
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if configuration.TLSKey != "" {
|
||||||
|
validator.PushWarning(fmt.Errorf(errFmtDeprecatedConfigurationKey, "tls_key", "4.33.0", "server.tls_key"))
|
||||||
|
|
||||||
|
if configuration.Server.TLS.Key == "" {
|
||||||
|
configuration.Server.TLS.Key = configuration.TLSKey
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
package validator
|
package validator
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"fmt"
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
"github.com/stretchr/testify/assert"
|
"github.com/stretchr/testify/assert"
|
||||||
|
@ -9,55 +10,212 @@ import (
|
||||||
"github.com/authelia/authelia/internal/configuration/schema"
|
"github.com/authelia/authelia/internal/configuration/schema"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
func TestShouldSetDefaultServerValues(t *testing.T) {
|
||||||
|
validator := schema.NewStructValidator()
|
||||||
|
config := &schema.Configuration{}
|
||||||
|
|
||||||
|
ValidateServer(config, validator)
|
||||||
|
|
||||||
|
assert.Len(t, validator.Errors(), 0)
|
||||||
|
assert.Len(t, validator.Warnings(), 0)
|
||||||
|
|
||||||
|
assert.Equal(t, schema.DefaultServerConfiguration.Host, config.Server.Host)
|
||||||
|
assert.Equal(t, schema.DefaultServerConfiguration.Port, config.Server.Port)
|
||||||
|
assert.Equal(t, schema.DefaultServerConfiguration.ReadBufferSize, config.Server.ReadBufferSize)
|
||||||
|
assert.Equal(t, schema.DefaultServerConfiguration.WriteBufferSize, config.Server.WriteBufferSize)
|
||||||
|
assert.Equal(t, schema.DefaultServerConfiguration.TLS.Key, config.Server.TLS.Key)
|
||||||
|
assert.Equal(t, schema.DefaultServerConfiguration.TLS.Certificate, config.Server.TLS.Certificate)
|
||||||
|
assert.Equal(t, schema.DefaultServerConfiguration.Path, config.Server.Path)
|
||||||
|
assert.Equal(t, schema.DefaultServerConfiguration.EnableExpvars, config.Server.EnableExpvars)
|
||||||
|
assert.Equal(t, schema.DefaultServerConfiguration.EnablePprof, config.Server.EnablePprof)
|
||||||
|
}
|
||||||
|
|
||||||
|
// TODO: DEPRECATED TEST. Remove in 4.33.0.
|
||||||
|
func TestShouldNotOverrideNewValuesWithDeprecatedValues(t *testing.T) {
|
||||||
|
validator := schema.NewStructValidator()
|
||||||
|
config := &schema.Configuration{Host: "123.0.0.1", Port: 9101, TLSKey: "/tmp/key.pem", TLSCert: "/tmp/cert.pem"}
|
||||||
|
config.Server.Host = "192.168.0.2"
|
||||||
|
config.Server.Port = 80
|
||||||
|
config.Server.TLS.Key = "/tmp/new/key.pem"
|
||||||
|
config.Server.TLS.Certificate = "/tmp/new/cert.pem"
|
||||||
|
|
||||||
|
ValidateServer(config, validator)
|
||||||
|
|
||||||
|
require.Len(t, validator.Errors(), 0)
|
||||||
|
require.Len(t, validator.Warnings(), 4)
|
||||||
|
|
||||||
|
assert.EqualError(t, validator.Warnings()[0], fmt.Sprintf(errFmtDeprecatedConfigurationKey, "host", "4.33.0", "server.host"))
|
||||||
|
assert.EqualError(t, validator.Warnings()[1], fmt.Sprintf(errFmtDeprecatedConfigurationKey, "port", "4.33.0", "server.port"))
|
||||||
|
assert.EqualError(t, validator.Warnings()[2], fmt.Sprintf(errFmtDeprecatedConfigurationKey, "tls_cert", "4.33.0", "server.tls_cert"))
|
||||||
|
assert.EqualError(t, validator.Warnings()[3], fmt.Sprintf(errFmtDeprecatedConfigurationKey, "tls_key", "4.33.0", "server.tls_key"))
|
||||||
|
|
||||||
|
assert.Equal(t, "192.168.0.2", config.Server.Host)
|
||||||
|
assert.Equal(t, 80, config.Server.Port)
|
||||||
|
assert.Equal(t, "/tmp/new/key.pem", config.Server.TLS.Key)
|
||||||
|
assert.Equal(t, "/tmp/new/cert.pem", config.Server.TLS.Certificate)
|
||||||
|
}
|
||||||
|
|
||||||
|
// TODO: DEPRECATED TEST. Remove in 4.33.0.
|
||||||
|
func TestShouldSetDeprecatedValues(t *testing.T) {
|
||||||
|
validator := schema.NewStructValidator()
|
||||||
|
config := &schema.Configuration{}
|
||||||
|
|
||||||
|
config.Host = "192.168.0.1"
|
||||||
|
config.Port = 80
|
||||||
|
config.TLSCert = "/tmp/cert.pem"
|
||||||
|
config.TLSKey = "/tmp/key.pem"
|
||||||
|
|
||||||
|
ValidateServer(config, validator)
|
||||||
|
|
||||||
|
assert.Len(t, validator.Errors(), 0)
|
||||||
|
require.Len(t, validator.Warnings(), 4)
|
||||||
|
|
||||||
|
assert.Equal(t, "192.168.0.1", config.Server.Host)
|
||||||
|
assert.Equal(t, 80, config.Server.Port)
|
||||||
|
assert.Equal(t, "/tmp/cert.pem", config.Server.TLS.Certificate)
|
||||||
|
assert.Equal(t, "/tmp/key.pem", config.Server.TLS.Key)
|
||||||
|
|
||||||
|
assert.EqualError(t, validator.Warnings()[0], fmt.Sprintf(errFmtDeprecatedConfigurationKey, "host", "4.33.0", "server.host"))
|
||||||
|
assert.EqualError(t, validator.Warnings()[1], fmt.Sprintf(errFmtDeprecatedConfigurationKey, "port", "4.33.0", "server.port"))
|
||||||
|
assert.EqualError(t, validator.Warnings()[2], fmt.Sprintf(errFmtDeprecatedConfigurationKey, "tls_cert", "4.33.0", "server.tls_cert"))
|
||||||
|
assert.EqualError(t, validator.Warnings()[3], fmt.Sprintf(errFmtDeprecatedConfigurationKey, "tls_key", "4.33.0", "server.tls_key"))
|
||||||
|
}
|
||||||
|
|
||||||
func TestShouldSetDefaultConfig(t *testing.T) {
|
func TestShouldSetDefaultConfig(t *testing.T) {
|
||||||
validator := schema.NewStructValidator()
|
validator := schema.NewStructValidator()
|
||||||
config := schema.ServerConfiguration{}
|
config := &schema.Configuration{}
|
||||||
ValidateServer(&config, validator)
|
|
||||||
require.Len(t, validator.Errors(), 0)
|
ValidateServer(config, validator)
|
||||||
assert.Equal(t, defaultReadBufferSize, config.ReadBufferSize)
|
|
||||||
assert.Equal(t, defaultWriteBufferSize, config.WriteBufferSize)
|
assert.Len(t, validator.Errors(), 0)
|
||||||
|
assert.Len(t, validator.Warnings(), 0)
|
||||||
|
|
||||||
|
assert.Equal(t, schema.DefaultServerConfiguration.ReadBufferSize, config.Server.ReadBufferSize)
|
||||||
|
assert.Equal(t, schema.DefaultServerConfiguration.WriteBufferSize, config.Server.WriteBufferSize)
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestShouldParsePathCorrectly(t *testing.T) {
|
func TestShouldParsePathCorrectly(t *testing.T) {
|
||||||
validator := schema.NewStructValidator()
|
validator := schema.NewStructValidator()
|
||||||
config := schema.ServerConfiguration{
|
config := &schema.Configuration{
|
||||||
|
Server: schema.ServerConfiguration{
|
||||||
Path: "apple",
|
Path: "apple",
|
||||||
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
ValidateServer(&config, validator)
|
ValidateServer(config, validator)
|
||||||
require.Len(t, validator.Errors(), 0)
|
|
||||||
|
|
||||||
assert.Equal(t, "/apple", config.Path)
|
assert.Len(t, validator.Errors(), 0)
|
||||||
|
assert.Len(t, validator.Warnings(), 0)
|
||||||
|
|
||||||
|
assert.Equal(t, "/apple", config.Server.Path)
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestShouldRaiseOnNegativeValues(t *testing.T) {
|
func TestShouldRaiseOnNegativeValues(t *testing.T) {
|
||||||
validator := schema.NewStructValidator()
|
validator := schema.NewStructValidator()
|
||||||
config := schema.ServerConfiguration{
|
config := &schema.Configuration{
|
||||||
|
Server: schema.ServerConfiguration{
|
||||||
ReadBufferSize: -1,
|
ReadBufferSize: -1,
|
||||||
WriteBufferSize: -1,
|
WriteBufferSize: -1,
|
||||||
|
},
|
||||||
}
|
}
|
||||||
ValidateServer(&config, validator)
|
|
||||||
|
ValidateServer(config, validator)
|
||||||
|
|
||||||
require.Len(t, validator.Errors(), 2)
|
require.Len(t, validator.Errors(), 2)
|
||||||
|
|
||||||
assert.EqualError(t, validator.Errors()[0], "server read buffer size must be above 0")
|
assert.EqualError(t, validator.Errors()[0], "server read buffer size must be above 0")
|
||||||
assert.EqualError(t, validator.Errors()[1], "server write buffer size must be above 0")
|
assert.EqualError(t, validator.Errors()[1], "server write buffer size must be above 0")
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestShouldRaiseOnNonAlphanumericCharsInPath(t *testing.T) {
|
func TestShouldRaiseOnNonAlphanumericCharsInPath(t *testing.T) {
|
||||||
validator := schema.NewStructValidator()
|
validator := schema.NewStructValidator()
|
||||||
config := schema.ServerConfiguration{
|
config := &schema.Configuration{
|
||||||
|
Server: schema.ServerConfiguration{
|
||||||
Path: "app le",
|
Path: "app le",
|
||||||
|
},
|
||||||
}
|
}
|
||||||
ValidateServer(&config, validator)
|
|
||||||
|
ValidateServer(config, validator)
|
||||||
|
|
||||||
require.Len(t, validator.Errors(), 1)
|
require.Len(t, validator.Errors(), 1)
|
||||||
|
|
||||||
assert.Error(t, validator.Errors()[0], "server path must only be alpha numeric characters")
|
assert.Error(t, validator.Errors()[0], "server path must only be alpha numeric characters")
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestShouldRaiseOnForwardSlashInPath(t *testing.T) {
|
func TestShouldRaiseOnForwardSlashInPath(t *testing.T) {
|
||||||
validator := schema.NewStructValidator()
|
validator := schema.NewStructValidator()
|
||||||
config := schema.ServerConfiguration{
|
config := &schema.Configuration{
|
||||||
|
Server: schema.ServerConfiguration{
|
||||||
Path: "app/le",
|
Path: "app/le",
|
||||||
|
},
|
||||||
}
|
}
|
||||||
ValidateServer(&config, validator)
|
|
||||||
|
ValidateServer(config, validator)
|
||||||
|
|
||||||
assert.Len(t, validator.Errors(), 1)
|
assert.Len(t, validator.Errors(), 1)
|
||||||
|
|
||||||
assert.Error(t, validator.Errors()[0], "server path must not contain any forward slashes")
|
assert.Error(t, validator.Errors()[0], "server path must not contain any forward slashes")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestShouldValidateAndUpdateHost(t *testing.T) {
|
||||||
|
validator := schema.NewStructValidator()
|
||||||
|
config := newDefaultConfig()
|
||||||
|
config.Server.Host = ""
|
||||||
|
|
||||||
|
ValidateServer(&config, validator)
|
||||||
|
|
||||||
|
require.Len(t, validator.Errors(), 0)
|
||||||
|
assert.Equal(t, "0.0.0.0", config.Server.Host)
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestShouldRaiseErrorWhenTLSCertWithoutKeyIsProvided(t *testing.T) {
|
||||||
|
validator := schema.NewStructValidator()
|
||||||
|
config := newDefaultConfig()
|
||||||
|
config.Server.TLS.Certificate = testTLSCert
|
||||||
|
|
||||||
|
ValidateServer(&config, validator)
|
||||||
|
require.Len(t, validator.Errors(), 1)
|
||||||
|
assert.EqualError(t, validator.Errors()[0], "server: no TLS key provided to accompany the TLS certificate, please configure the 'server.tls.key' option")
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestShouldRaiseErrorWhenTLSKeyWithoutCertIsProvided(t *testing.T) {
|
||||||
|
validator := schema.NewStructValidator()
|
||||||
|
config := newDefaultConfig()
|
||||||
|
config.Server.TLS.Key = testTLSKey
|
||||||
|
|
||||||
|
ValidateServer(&config, validator)
|
||||||
|
require.Len(t, validator.Errors(), 1)
|
||||||
|
assert.EqualError(t, validator.Errors()[0], "server: no TLS certificate provided to accompany the TLS key, please configure the 'server.tls.certificate' option")
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestShouldNotRaiseErrorWhenBothTLSCertificateAndKeyAreProvided(t *testing.T) {
|
||||||
|
validator := schema.NewStructValidator()
|
||||||
|
config := newDefaultConfig()
|
||||||
|
config.Server.TLS.Certificate = testTLSCert
|
||||||
|
config.Server.TLS.Key = testTLSKey
|
||||||
|
|
||||||
|
ValidateServer(&config, validator)
|
||||||
|
require.Len(t, validator.Errors(), 0)
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestShouldNotUpdateConfig(t *testing.T) {
|
||||||
|
validator := schema.NewStructValidator()
|
||||||
|
config := newDefaultConfig()
|
||||||
|
|
||||||
|
ValidateServer(&config, validator)
|
||||||
|
|
||||||
|
require.Len(t, validator.Errors(), 0)
|
||||||
|
assert.Equal(t, 9090, config.Server.Port)
|
||||||
|
assert.Equal(t, loopback, config.Server.Host)
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestShouldValidateAndUpdatePort(t *testing.T) {
|
||||||
|
validator := schema.NewStructValidator()
|
||||||
|
config := newDefaultConfig()
|
||||||
|
config.Server.Port = 0
|
||||||
|
|
||||||
|
ValidateServer(&config, validator)
|
||||||
|
|
||||||
|
require.Len(t, validator.Errors(), 0)
|
||||||
|
assert.Equal(t, 9091, config.Server.Port)
|
||||||
|
}
|
||||||
|
|
|
@ -167,7 +167,7 @@ func StartServer(configuration schema.Configuration, providers middlewares.Provi
|
||||||
WriteBufferSize: configuration.Server.WriteBufferSize,
|
WriteBufferSize: configuration.Server.WriteBufferSize,
|
||||||
}
|
}
|
||||||
|
|
||||||
addrPattern := net.JoinHostPort(configuration.Host, strconv.Itoa(configuration.Port))
|
addrPattern := net.JoinHostPort(configuration.Server.Host, strconv.Itoa(configuration.Server.Port))
|
||||||
|
|
||||||
listener, err := net.Listen("tcp", addrPattern)
|
listener, err := net.Listen("tcp", addrPattern)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -191,9 +191,9 @@ func StartServer(configuration schema.Configuration, providers middlewares.Provi
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if configuration.TLSCert != "" && configuration.TLSKey != "" {
|
if configuration.Server.TLS.Certificate != "" && configuration.Server.TLS.Key != "" {
|
||||||
logger.Infof("Authelia is listening for TLS connections on %s%s", addrPattern, configuration.Server.Path)
|
logger.Infof("Authelia is listening for TLS connections on %s%s", addrPattern, configuration.Server.Path)
|
||||||
logger.Fatal(server.ServeTLS(listener, configuration.TLSCert, configuration.TLSKey))
|
logger.Fatal(server.ServeTLS(listener, configuration.Server.TLS.Certificate, configuration.Server.TLS.Key))
|
||||||
} else {
|
} else {
|
||||||
logger.Infof("Authelia is listening for non-TLS connections on %s%s", addrPattern, configuration.Server.Path)
|
logger.Infof("Authelia is listening for non-TLS connections on %s%s", addrPattern, configuration.Server.Path)
|
||||||
logger.Fatal(server.Serve(listener))
|
logger.Fatal(server.Serve(listener))
|
||||||
|
|
|
@ -3,19 +3,19 @@
|
||||||
# Authelia minimal configuration #
|
# Authelia minimal configuration #
|
||||||
###############################################################
|
###############################################################
|
||||||
|
|
||||||
port: 9091
|
|
||||||
tls_cert: /config/ssl/cert.pem
|
|
||||||
tls_key: /config/ssl/key.pem
|
|
||||||
|
|
||||||
theme: grey
|
theme: grey
|
||||||
|
jwt_secret: very_important_secret
|
||||||
|
default_redirection_url: https://home.example.com:8080/
|
||||||
|
|
||||||
|
server:
|
||||||
|
port: 9091
|
||||||
|
tls:
|
||||||
|
certificate: /config/ssl/cert.pem
|
||||||
|
key: /config/ssl/key.pem
|
||||||
|
|
||||||
log:
|
log:
|
||||||
level: debug
|
level: debug
|
||||||
|
|
||||||
default_redirection_url: https://home.example.com:8080/
|
|
||||||
|
|
||||||
jwt_secret: very_important_secret
|
|
||||||
|
|
||||||
authentication_backend:
|
authentication_backend:
|
||||||
ldap:
|
ldap:
|
||||||
implementation: activedirectory
|
implementation: activedirectory
|
||||||
|
|
|
@ -3,9 +3,11 @@
|
||||||
# Authelia minimal configuration #
|
# Authelia minimal configuration #
|
||||||
###############################################################
|
###############################################################
|
||||||
|
|
||||||
|
server:
|
||||||
port: 9091
|
port: 9091
|
||||||
tls_cert: /config/ssl/cert.pem
|
tls:
|
||||||
tls_key: /config/ssl/key.pem
|
certificate: /config/ssl/cert.pem
|
||||||
|
key: /config/ssl/key.pem
|
||||||
|
|
||||||
log:
|
log:
|
||||||
level: debug
|
level: debug
|
||||||
|
|
|
@ -3,9 +3,11 @@
|
||||||
# Authelia minimal configuration #
|
# Authelia minimal configuration #
|
||||||
###############################################################
|
###############################################################
|
||||||
|
|
||||||
|
server:
|
||||||
port: 9091
|
port: 9091
|
||||||
tls_cert: /config/ssl/cert.pem
|
tls:
|
||||||
tls_key: /config/ssl/key.pem
|
certificate: /config/ssl/cert.pem
|
||||||
|
key: /config/ssl/key.pem
|
||||||
|
|
||||||
log:
|
log:
|
||||||
level: debug
|
level: debug
|
||||||
|
|
|
@ -3,17 +3,18 @@
|
||||||
# Authelia minimal configuration #
|
# Authelia minimal configuration #
|
||||||
###############################################################
|
###############################################################
|
||||||
|
|
||||||
|
jwt_secret: very_important_secret
|
||||||
|
default_redirection_url: https://home.example.com:8080/
|
||||||
|
|
||||||
|
server:
|
||||||
port: 9091
|
port: 9091
|
||||||
tls_cert: /config/ssl/cert.pem
|
tls:
|
||||||
tls_key: /config/ssl/key.pem
|
certificate: /config/ssl/cert.pem
|
||||||
|
key: /config/ssl/key.pem
|
||||||
|
|
||||||
log:
|
log:
|
||||||
level: debug
|
level: debug
|
||||||
|
|
||||||
default_redirection_url: https://home.example.com:8080/
|
|
||||||
|
|
||||||
jwt_secret: very_important_secret
|
|
||||||
|
|
||||||
authentication_backend:
|
authentication_backend:
|
||||||
file:
|
file:
|
||||||
path: /config/users.yml
|
path: /config/users.yml
|
||||||
|
|
|
@ -3,17 +3,18 @@
|
||||||
# Authelia minimal configuration #
|
# Authelia minimal configuration #
|
||||||
###############################################################
|
###############################################################
|
||||||
|
|
||||||
|
jwt_secret: very_important_secret
|
||||||
|
default_redirection_url: https://home.example.com:8080/
|
||||||
|
|
||||||
|
server:
|
||||||
port: 9091
|
port: 9091
|
||||||
tls_cert: /config/ssl/cert.pem
|
tls:
|
||||||
tls_key: /config/ssl/key.pem
|
certificate: /config/ssl/cert.pem
|
||||||
|
key: /config/ssl/key.pem
|
||||||
|
|
||||||
log:
|
log:
|
||||||
level: trace
|
level: trace
|
||||||
|
|
||||||
default_redirection_url: https://home.example.com:8080/
|
|
||||||
|
|
||||||
jwt_secret: very_important_secret
|
|
||||||
|
|
||||||
authentication_backend:
|
authentication_backend:
|
||||||
file:
|
file:
|
||||||
path: /config/users.yml
|
path: /config/users.yml
|
||||||
|
|
|
@ -3,15 +3,17 @@
|
||||||
# Authelia minimal configuration #
|
# Authelia minimal configuration #
|
||||||
###############################################################
|
###############################################################
|
||||||
|
|
||||||
|
jwt_secret: unsecure_secret
|
||||||
|
|
||||||
|
server:
|
||||||
port: 9091
|
port: 9091
|
||||||
tls_cert: /config/ssl/cert.pem
|
tls:
|
||||||
tls_key: /config/ssl/key.pem
|
certificate: /config/ssl/cert.pem
|
||||||
|
key: /config/ssl/key.pem
|
||||||
|
|
||||||
log:
|
log:
|
||||||
level: debug
|
level: debug
|
||||||
|
|
||||||
jwt_secret: unsecure_secret
|
|
||||||
|
|
||||||
authentication_backend:
|
authentication_backend:
|
||||||
file:
|
file:
|
||||||
path: /config/users.yml
|
path: /config/users.yml
|
||||||
|
|
|
@ -3,15 +3,17 @@
|
||||||
# Authelia configuration #
|
# Authelia configuration #
|
||||||
###############################################################
|
###############################################################
|
||||||
|
|
||||||
|
jwt_secret: unsecure_secret
|
||||||
|
|
||||||
|
server:
|
||||||
port: 9091
|
port: 9091
|
||||||
tls_cert: /config/ssl/cert.pem
|
tls:
|
||||||
tls_key: /config/ssl/key.pem
|
certificate: /config/ssl/cert.pem
|
||||||
|
key: /config/ssl/key.pem
|
||||||
|
|
||||||
log:
|
log:
|
||||||
level: debug
|
level: debug
|
||||||
|
|
||||||
jwt_secret: unsecure_secret
|
|
||||||
|
|
||||||
totp:
|
totp:
|
||||||
issuer: authelia.com
|
issuer: authelia.com
|
||||||
|
|
||||||
|
|
|
@ -3,19 +3,19 @@
|
||||||
# Authelia minimal configuration #
|
# Authelia minimal configuration #
|
||||||
###############################################################
|
###############################################################
|
||||||
|
|
||||||
port: 9091
|
|
||||||
tls_cert: /config/ssl/cert.pem
|
|
||||||
tls_key: /config/ssl/key.pem
|
|
||||||
|
|
||||||
theme: dark
|
theme: dark
|
||||||
|
jwt_secret: very_important_secret
|
||||||
|
default_redirection_url: https://home.example.com:8080/
|
||||||
|
|
||||||
|
server:
|
||||||
|
port: 9091
|
||||||
|
tls:
|
||||||
|
certificate: /config/ssl/cert.pem
|
||||||
|
key: /config/ssl/key.pem
|
||||||
|
|
||||||
log:
|
log:
|
||||||
level: debug
|
level: debug
|
||||||
|
|
||||||
default_redirection_url: https://home.example.com:8080/
|
|
||||||
|
|
||||||
jwt_secret: very_important_secret
|
|
||||||
|
|
||||||
authentication_backend:
|
authentication_backend:
|
||||||
ldap:
|
ldap:
|
||||||
url: ldaps://openldap
|
url: ldaps://openldap
|
||||||
|
|
|
@ -3,17 +3,18 @@
|
||||||
# Authelia minimal configuration #
|
# Authelia minimal configuration #
|
||||||
###############################################################
|
###############################################################
|
||||||
|
|
||||||
|
jwt_secret: very_important_secret
|
||||||
|
default_redirection_url: https://home.example.com:8080/
|
||||||
|
|
||||||
|
server:
|
||||||
port: 9091
|
port: 9091
|
||||||
tls_cert: /config/ssl/cert.pem
|
tls:
|
||||||
tls_key: /config/ssl/key.pem
|
certificate: /config/ssl/cert.pem
|
||||||
|
key: /config/ssl/key.pem
|
||||||
|
|
||||||
log:
|
log:
|
||||||
level: debug
|
level: debug
|
||||||
|
|
||||||
default_redirection_url: https://home.example.com:8080/
|
|
||||||
|
|
||||||
jwt_secret: very_important_secret
|
|
||||||
|
|
||||||
authentication_backend:
|
authentication_backend:
|
||||||
file:
|
file:
|
||||||
path: /config/users.yml
|
path: /config/users.yml
|
||||||
|
|
|
@ -3,9 +3,11 @@
|
||||||
# Authelia minimal configuration #
|
# Authelia minimal configuration #
|
||||||
###############################################################
|
###############################################################
|
||||||
|
|
||||||
|
server:
|
||||||
port: 9091
|
port: 9091
|
||||||
tls_cert: /config/ssl/cert.pem
|
tls:
|
||||||
tls_key: /config/ssl/key.pem
|
certificate: /config/ssl/cert.pem
|
||||||
|
key: /config/ssl/key.pem
|
||||||
|
|
||||||
log:
|
log:
|
||||||
level: debug
|
level: debug
|
||||||
|
|
|
@ -3,9 +3,11 @@
|
||||||
# Authelia minimal configuration #
|
# Authelia minimal configuration #
|
||||||
###############################################################
|
###############################################################
|
||||||
|
|
||||||
|
server:
|
||||||
port: 9091
|
port: 9091
|
||||||
tls_cert: /config/ssl/cert.pem
|
tls:
|
||||||
tls_key: /config/ssl/key.pem
|
certificate: /config/ssl/cert.pem
|
||||||
|
key: /config/ssl/key.pem
|
||||||
|
|
||||||
log:
|
log:
|
||||||
level: debug
|
level: debug
|
||||||
|
|
|
@ -1,7 +1,9 @@
|
||||||
---
|
---
|
||||||
|
server:
|
||||||
port: 9091
|
port: 9091
|
||||||
tls_cert: /config/ssl/cert.pem
|
tls:
|
||||||
tls_key: /config/ssl/key.pem
|
certificate: /config/ssl/cert.pem
|
||||||
|
key: /config/ssl/key.pem
|
||||||
|
|
||||||
log:
|
log:
|
||||||
level: debug
|
level: debug
|
||||||
|
|
|
@ -1,7 +1,9 @@
|
||||||
---
|
---
|
||||||
|
server:
|
||||||
port: 9091
|
port: 9091
|
||||||
tls_cert: /config/ssl/cert.pem
|
tls:
|
||||||
tls_key: /config/ssl/key.pem
|
certificate: /config/ssl/cert.pem
|
||||||
|
key: /config/ssl/key.pem
|
||||||
|
|
||||||
log:
|
log:
|
||||||
level: debug
|
level: debug
|
||||||
|
|
|
@ -3,17 +3,18 @@
|
||||||
# Authelia minimal configuration #
|
# Authelia minimal configuration #
|
||||||
###############################################################
|
###############################################################
|
||||||
|
|
||||||
|
jwt_secret: unsecure_secret
|
||||||
|
default_redirection_url: https://home.example.com:8080/
|
||||||
|
|
||||||
|
server:
|
||||||
port: 9091
|
port: 9091
|
||||||
tls_cert: /config/ssl/cert.pem
|
tls:
|
||||||
tls_key: /config/ssl/key.pem
|
certificate: /config/ssl/cert.pem
|
||||||
|
key: /config/ssl/key.pem
|
||||||
|
|
||||||
log:
|
log:
|
||||||
level: debug
|
level: debug
|
||||||
|
|
||||||
default_redirection_url: https://home.example.com:8080/
|
|
||||||
|
|
||||||
jwt_secret: unsecure_secret
|
|
||||||
|
|
||||||
authentication_backend:
|
authentication_backend:
|
||||||
file:
|
file:
|
||||||
path: /config/users.yml
|
path: /config/users.yml
|
||||||
|
|
|
@ -3,18 +3,18 @@
|
||||||
# Authelia minimal configuration #
|
# Authelia minimal configuration #
|
||||||
###############################################################
|
###############################################################
|
||||||
|
|
||||||
port: 9091
|
jwt_secret: unsecure_secret
|
||||||
tls_cert: /config/ssl/cert.pem
|
|
||||||
tls_key: /config/ssl/key.pem
|
|
||||||
|
|
||||||
server:
|
server:
|
||||||
|
port: 9091
|
||||||
path: auth
|
path: auth
|
||||||
|
tls:
|
||||||
|
certificate: /config/ssl/cert.pem
|
||||||
|
key: /config/ssl/key.pem
|
||||||
|
|
||||||
log:
|
log:
|
||||||
level: debug
|
level: debug
|
||||||
|
|
||||||
jwt_secret: unsecure_secret
|
|
||||||
|
|
||||||
authentication_backend:
|
authentication_backend:
|
||||||
file:
|
file:
|
||||||
path: /config/users.yml
|
path: /config/users.yml
|
||||||
|
|
|
@ -3,17 +3,18 @@
|
||||||
# Authelia minimal configuration #
|
# Authelia minimal configuration #
|
||||||
###############################################################
|
###############################################################
|
||||||
|
|
||||||
|
jwt_secret: very_important_secret
|
||||||
|
default_redirection_url: https://home.example.com:8080/
|
||||||
|
|
||||||
|
server:
|
||||||
port: 9091
|
port: 9091
|
||||||
tls_cert: /config/ssl/cert.pem
|
tls:
|
||||||
tls_key: /config/ssl/key.pem
|
certificate: /config/ssl/cert.pem
|
||||||
|
key: /config/ssl/key.pem
|
||||||
|
|
||||||
log:
|
log:
|
||||||
level: debug
|
level: debug
|
||||||
|
|
||||||
default_redirection_url: https://home.example.com:8080/
|
|
||||||
|
|
||||||
jwt_secret: very_important_secret
|
|
||||||
|
|
||||||
authentication_backend:
|
authentication_backend:
|
||||||
file:
|
file:
|
||||||
path: /config/users.yml
|
path: /config/users.yml
|
||||||
|
|
|
@ -3,17 +3,18 @@
|
||||||
# Authelia minimal configuration #
|
# Authelia minimal configuration #
|
||||||
###############################################################
|
###############################################################
|
||||||
|
|
||||||
|
jwt_secret: unsecure_secret
|
||||||
|
default_redirection_url: https://home.example.com:8080/
|
||||||
|
|
||||||
|
server:
|
||||||
port: 9091
|
port: 9091
|
||||||
tls_cert: /config/ssl/cert.pem
|
tls:
|
||||||
tls_key: /config/ssl/key.pem
|
certificate: /config/ssl/cert.pem
|
||||||
|
key: /config/ssl/key.pem
|
||||||
|
|
||||||
log:
|
log:
|
||||||
level: debug
|
level: debug
|
||||||
|
|
||||||
jwt_secret: unsecure_secret
|
|
||||||
|
|
||||||
default_redirection_url: https://home.example.com:8080/
|
|
||||||
|
|
||||||
authentication_backend:
|
authentication_backend:
|
||||||
file:
|
file:
|
||||||
path: /config/users.yml
|
path: /config/users.yml
|
||||||
|
|
|
@ -3,12 +3,14 @@
|
||||||
# Authelia minimal configuration #
|
# Authelia minimal configuration #
|
||||||
###############################################################
|
###############################################################
|
||||||
|
|
||||||
port: 9091
|
|
||||||
tls_cert: /config/ssl/cert.pem
|
|
||||||
tls_key: /config/ssl/key.pem
|
|
||||||
|
|
||||||
theme: auto
|
theme: auto
|
||||||
|
|
||||||
|
server:
|
||||||
|
port: 9091
|
||||||
|
tls:
|
||||||
|
certificate: /config/ssl/cert.pem
|
||||||
|
key: /config/ssl/key.pem
|
||||||
|
|
||||||
log:
|
log:
|
||||||
level: debug
|
level: debug
|
||||||
|
|
||||||
|
|
|
@ -3,15 +3,17 @@
|
||||||
# Authelia minimal configuration #
|
# Authelia minimal configuration #
|
||||||
###############################################################
|
###############################################################
|
||||||
|
|
||||||
|
jwt_secret: unsecure_secret
|
||||||
|
|
||||||
|
server:
|
||||||
port: 9091
|
port: 9091
|
||||||
tls_cert: /config/ssl/cert.pem
|
tls:
|
||||||
tls_key: /config/ssl/key.pem
|
certificate: /config/ssl/cert.pem
|
||||||
|
key: /config/ssl/key.pem
|
||||||
|
|
||||||
log:
|
log:
|
||||||
level: debug
|
level: debug
|
||||||
|
|
||||||
jwt_secret: unsecure_secret
|
|
||||||
|
|
||||||
authentication_backend:
|
authentication_backend:
|
||||||
file:
|
file:
|
||||||
path: /config/users.yml
|
path: /config/users.yml
|
||||||
|
|
|
@ -3,15 +3,17 @@
|
||||||
# Authelia minimal configuration #
|
# Authelia minimal configuration #
|
||||||
###############################################################
|
###############################################################
|
||||||
|
|
||||||
|
jwt_secret: unsecure_secret
|
||||||
|
|
||||||
|
server:
|
||||||
port: 9091
|
port: 9091
|
||||||
tls_cert: /config/ssl/cert.pem
|
tls:
|
||||||
tls_key: /config/ssl/key.pem
|
certificate: /config/ssl/cert.pem
|
||||||
|
key: /config/ssl/key.pem
|
||||||
|
|
||||||
log:
|
log:
|
||||||
level: debug
|
level: debug
|
||||||
|
|
||||||
jwt_secret: unsecure_secret
|
|
||||||
|
|
||||||
authentication_backend:
|
authentication_backend:
|
||||||
file:
|
file:
|
||||||
path: /config/users.yml
|
path: /config/users.yml
|
||||||
|
|
|
@ -3,15 +3,17 @@
|
||||||
# Authelia configuration #
|
# Authelia configuration #
|
||||||
###############################################################
|
###############################################################
|
||||||
|
|
||||||
|
default_redirection_url: https://home.example.com:8080
|
||||||
|
|
||||||
|
server:
|
||||||
port: 443
|
port: 443
|
||||||
tls_cert: /config/ssl/cert.pem
|
tls:
|
||||||
tls_key: /config/ssl/key.pem
|
certificate: /config/ssl/cert.pem
|
||||||
|
key: /config/ssl/key.pem
|
||||||
|
|
||||||
log:
|
log:
|
||||||
level: debug
|
level: debug
|
||||||
|
|
||||||
default_redirection_url: https://home.example.com:8080
|
|
||||||
|
|
||||||
authentication_backend:
|
authentication_backend:
|
||||||
ldap:
|
ldap:
|
||||||
url: ldaps://ldap-service
|
url: ldaps://ldap-service
|
||||||
|
|
|
@ -46,16 +46,13 @@ const (
|
||||||
unknown = "unknown"
|
unknown = "unknown"
|
||||||
)
|
)
|
||||||
|
|
||||||
// ErrTimeoutReached error thrown when a timeout is reached.
|
var (
|
||||||
var ErrTimeoutReached = errors.New("timeout reached")
|
reDuration = regexp.MustCompile(`^(?P<Duration>[1-9]\d*?)(?P<Unit>[smhdwMy])?$`)
|
||||||
var parseDurationRegexp = regexp.MustCompile(`^(?P<Duration>[1-9]\d*?)(?P<Unit>[smhdwMy])?$`)
|
)
|
||||||
|
|
||||||
// AlphaNumericCharacters are literally just valid alphanumeric chars.
|
// AlphaNumericCharacters are literally just valid alphanumeric chars.
|
||||||
var AlphaNumericCharacters = []rune("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789")
|
var AlphaNumericCharacters = []rune("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789")
|
||||||
|
|
||||||
// ErrTLSVersionNotSupported returned when an unknown TLS version supplied.
|
|
||||||
var ErrTLSVersionNotSupported = errors.New("supplied TLS version isn't supported")
|
|
||||||
|
|
||||||
var htmlEscaper = strings.NewReplacer(
|
var htmlEscaper = strings.NewReplacer(
|
||||||
"&", "&",
|
"&", "&",
|
||||||
"<", "<",
|
"<", "<",
|
||||||
|
@ -63,3 +60,9 @@ var htmlEscaper = strings.NewReplacer(
|
||||||
`"`, """,
|
`"`, """,
|
||||||
"'", "'",
|
"'", "'",
|
||||||
)
|
)
|
||||||
|
|
||||||
|
// ErrTimeoutReached error thrown when a timeout is reached.
|
||||||
|
var ErrTimeoutReached = errors.New("timeout reached")
|
||||||
|
|
||||||
|
// ErrTLSVersionNotSupported returned when an unknown TLS version supplied.
|
||||||
|
var ErrTLSVersionNotSupported = errors.New("supplied TLS version isn't supported")
|
||||||
|
|
|
@ -13,7 +13,7 @@ import (
|
||||||
func ParseDurationString(input string) (time.Duration, error) {
|
func ParseDurationString(input string) (time.Duration, error) {
|
||||||
var duration time.Duration
|
var duration time.Duration
|
||||||
|
|
||||||
matches := parseDurationRegexp.FindStringSubmatch(input)
|
matches := reDuration.FindStringSubmatch(input)
|
||||||
|
|
||||||
switch {
|
switch {
|
||||||
case len(matches) == 3 && matches[2] != "":
|
case len(matches) == 3 && matches[2] != "":
|
||||||
|
|
Loading…
Reference in New Issue