Merge pull request #281 from p-rintz/patch-1

Changed minimal config to provide for a working installation + docker swarm example
2018-10-13 10:31:24 +02:00 · 2018-10-13 10:31:24 +02:00 · 33bede9e5f
parent e7ad831d4d ed9b593ddf
commit 33bede9e5f
2 changed files with 145 additions and 5 deletions
--- a/config.minimal.yml
+++ b/config.minimal.yml
@ -4,13 +4,105 @@

 authentication_backend:
  file:
-    # The path to the database file. The file is at the root of the repo.
    path: /etc/authelia/users_database.yml

 session:
-  # The secret to encrypt the session cookies with.
  secret: unsecure_session_secret
-
-  # The domain to protect.
-  # Note: Authelia must also be served by that domain.
  domain: example.com
+
+# Configuration of the storage backend used to store data and secrets. i.e. totp data
+storage:
+  local:
+    path: /etc/authelia/storage
+
+# TOTP Issuer Name
+#
+# This will be the issuer name displayed in Google Authenticator
+# See: https://github.com/google/google-authenticator/wiki/Key-Uri-Format for more info on issuer names
+totp:
+  issuer: example.com
+
+# Authentication methods
+#
+# Authentication methods can be defined per subdomain.
+# There are currently two available methods: "single_factor" and "two_factor"
+authentication_methods:
+  default_method: two_factor
+  per_subdomain_methods:
+    single_factor.example.com: single_factor
+
+# Access Control
+#
+# Access control is a set of rules you can use to restrict user access to certain 
+# resources.
+access_control:
+  # Default policy can either be `allow` or `deny`.
+  default_policy: deny
+  groups:
+    admins:
+      # All resources in all domains
+      - domain: '*.example.com'
+        policy: allow
+      # Except mx2.mail.example.com (it restricts the first rule)
+      #- domain: 'mx2.mail.example.com'
+      #  policy: deny
+
+  # User-based rules.
+  users:
+    john:
+      - domain: dev.example.com
+        policy: allow
+        resources:
+          - '^/users/john/.*$' 
+    harry:
+      - domain: dev.example.com
+        policy: allow
+        resources:
+          - '^/users/harry/.*$'
+    bob:
+      - domain: '*.mail.example.com'
+        policy: allow
+      - domain: 'dev.example.com'
+        policy: allow
+        resources:
+          - '^/users/bob/.*$'      
+
+# Configuration of the authentication regulation mechanism.
+regulation: 
+  # Set it to 0 to disable max_retries.
+  max_retries: 3
+
+  # The user is banned if the authenticaction failed `max_retries` times in a `find_time` seconds window. 
+  find_time: 120
+
+  # The length of time before a banned user can login again.
+  ban_time: 300
+
+# Default redirection URL
+#
+# Note: this parameter is optional. If not provided, user won't
+# be redirected upon successful authentication.
+#default_redirection_url: https://authelia.example.domain
+
+notifier:
+  # For testing purpose, notifications can be sent in a file
+   filesystem:
+     filename: /tmp/authelia/notification.txt
+
+  # Use your email account to send the notifications. You can use an app password.
+  # List of valid services can be found here: https://nodemailer.com/smtp/well-known/  
+  ## email:
+  ##   username: user@example.com
+  ##   password: yourpassword
+  ##   sender: admin@example.com
+  ##   service: gmail
+  
+  # Use a SMTP server for sending notifications
+  #smtp:
+  #  username: test
+  #  password: password
+  #  secure: false
+  #  host: 'smtp'
+  #  port: 1025
+  #  sender: admin@example.com
+
--- a/docker-compose.swarm.minimal.yml
+++ b/docker-compose.swarm.minimal.yml
@ -0,0 +1,48 @@
+version: '3.4'
+services:
+  authelia:
+    image: clems4ever/authelia:latest
+    # Used for Docker configs
+    configs:
+      - source: authelia
+        target: /etc/authelia/config.yml
+        uid: '0'
+        gid: '0'
+        mode: 0444
+    environment:
+      - NODE_TLS_REJECT_UNAUTHORIZED=0
+    # Where the authelia volume is to be mounted. To only use a single volume, the minimal config needs to be changed to read the users_database.yml also from this subdirectory.
+    # Otherwise a second volume will need to be configured here to mount the users_database.yml.
+    volumes:
+      - authelia:/etc/authelia/storage
+    networks:
+      - overlay
+    deploy:
+      #Configure Authelia to automatically restart on failure.
+      restart_policy:
+        condition: on-failure
+        delay: 5s
+        max_attempts: 3
+        window: 120s
+      # Mode: global would start authelia on all available nodes, replicated limits it to how many replicas are configured.
+      mode: replicated
+      # How many replicas are wanted. Can be any number >0 up to however many nodes are available.
+      replicas: 1
+      placement:
+        constraints:
+          - node.role == worker
+
+#The volume for authelia needs to be configured. There are many drivers available. Such as local storage, ceph-rdb, nfs, cifs etc.
+volumes:
+  authelia:
+    driver: default
+    name: volume-authelia
+
+networks:
+  overlay:
+    external: true
+
+# This is needed if Docker configs are being used to provide Authelia with its configuration.
+configs:
+  authelia:
+    external: true