feat(configuration): comment unnecessary template lines (#4222)

This adjusts the default configuration to mostly include commented configuration.
pull/4203/head^2
James Elliott 2022-10-21 20:17:30 +11:00 committed by GitHub
parent 9532823a99
commit 5c981e7603
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 901 additions and 595 deletions

View File

@ -218,13 +218,13 @@ webauthn:
## ##
## Parameters used to contact the Duo API. Those are generated when you protect an application of type ## Parameters used to contact the Duo API. Those are generated when you protect an application of type
## "Partner Auth API" in the management panel. ## "Partner Auth API" in the management panel.
duo_api: # duo_api:
disable: false # disable: false
hostname: api-123456789.example.com # hostname: api-123456789.example.com
integration_key: ABCDEF # integration_key: ABCDEF
## Secret can also be set using a secret: https://www.authelia.com/c/secrets ## Secret can also be set using a secret: https://www.authelia.com/c/secrets
secret_key: 1234567890abcdefghifjkl # secret_key: 1234567890abcdefghifjkl
enable_self_enrollment: false # enable_self_enrollment: false
## ##
## NTP Configuration ## NTP Configuration
@ -281,7 +281,7 @@ authentication_backend:
## This is the recommended Authentication Provider in production ## This is the recommended Authentication Provider in production
## because it allows Authelia to offload the stateful operations ## because it allows Authelia to offload the stateful operations
## onto the LDAP service. ## onto the LDAP service.
ldap: # ldap:
## The LDAP implementation, this affects elements like the attribute utilised for resetting a password. ## The LDAP implementation, this affects elements like the attribute utilised for resetting a password.
## Acceptable options are as follows: ## Acceptable options are as follows:
## - 'activedirectory' - For Microsoft Active Directory. ## - 'activedirectory' - For Microsoft Active Directory.
@ -291,32 +291,32 @@ authentication_backend:
## Depending on the option here certain other values in this section have a default value, notably all of the ## Depending on the option here certain other values in this section have a default value, notably all of the
## attribute mappings have a default value that this config overrides, you can read more about these default values ## attribute mappings have a default value that this config overrides, you can read more about these default values
## at https://www.authelia.com/c/ldap#defaults ## at https://www.authelia.com/c/ldap#defaults
implementation: custom # implementation: custom
## The url to the ldap server. Format: <scheme>://<address>[:<port>]. ## The url to the ldap server. Format: <scheme>://<address>[:<port>].
## Scheme can be ldap or ldaps in the format (port optional). ## Scheme can be ldap or ldaps in the format (port optional).
url: ldap://127.0.0.1 # url: ldap://127.0.0.1
## The dial timeout for LDAP. ## The dial timeout for LDAP.
timeout: 5s # timeout: 5s
## Use StartTLS with the LDAP connection. ## Use StartTLS with the LDAP connection.
start_tls: false # start_tls: false
tls: # tls:
## Server Name for certificate validation (in case it's not set correctly in the URL). ## Server Name for certificate validation (in case it's not set correctly in the URL).
# server_name: ldap.example.com # server_name: ldap.example.com
## Skip verifying the server certificate (to allow a self-signed certificate). ## Skip verifying the server certificate (to allow a self-signed certificate).
## In preference to setting this we strongly recommend you add the public portion of the certificate to the ## In preference to setting this we strongly recommend you add the public portion of the certificate to the
## certificates directory which is defined by the `certificates_directory` option at the top of the config. ## certificates directory which is defined by the `certificates_directory` option at the top of the config.
skip_verify: false # skip_verify: false
## Minimum TLS version for either Secure LDAP or LDAP StartTLS. ## Minimum TLS version for either Secure LDAP or LDAP StartTLS.
minimum_version: TLS1.2 # minimum_version: TLS1.2
## Maximum TLS version for either Secure LDAP or LDAP StartTLS. ## Maximum TLS version for either Secure LDAP or LDAP StartTLS.
maximum_version: TLS1.3 # maximum_version: TLS1.3
## The certificate chain used with the private_key if the server requests TLS Client Authentication ## The certificate chain used with the private_key if the server requests TLS Client Authentication
## i.e. Mutual TLS. ## i.e. Mutual TLS.
@ -393,7 +393,7 @@ authentication_backend:
## The distinguished name of the container searched for objects in the directory information tree. ## The distinguished name of the container searched for objects in the directory information tree.
## See also: additional_users_dn, additional_groups_dn. ## See also: additional_users_dn, additional_groups_dn.
base_dn: dc=example,dc=com # base_dn: dc=example,dc=com
## The attribute holding the username of the user. This attribute is used to populate the username in the session ## The attribute holding the username of the user. This attribute is used to populate the username in the session
## information. It was introduced due to #561 to handle case insensitive search queries. For you information, ## information. It was introduced due to #561 to handle case insensitive search queries. For you information,
@ -407,7 +407,7 @@ authentication_backend:
## The additional_users_dn is prefixed to base_dn and delimited by a comma when searching for users. ## The additional_users_dn is prefixed to base_dn and delimited by a comma when searching for users.
## i.e. with this set to OU=Users and base_dn set to DC=a,DC=com; OU=Users,DC=a,DC=com is searched for users. ## i.e. with this set to OU=Users and base_dn set to DC=a,DC=com; OU=Users,DC=a,DC=com is searched for users.
additional_users_dn: ou=users # additional_users_dn: ou=users
## The users filter used in search queries to find the user profile based on input filled in login form. ## The users filter used in search queries to find the user profile based on input filled in login form.
## Various placeholders are available in the user filter which you can read about in the documentation which can ## Various placeholders are available in the user filter which you can read about in the documentation which can
@ -421,11 +421,11 @@ authentication_backend:
## ##
## To allow sign in both with username and email, one can use a filter like ## To allow sign in both with username and email, one can use a filter like
## (&(|({username_attribute}={input})({mail_attribute}={input}))(objectClass=person)) ## (&(|({username_attribute}={input})({mail_attribute}={input}))(objectClass=person))
users_filter: (&({username_attribute}={input})(objectClass=person)) # users_filter: (&({username_attribute}={input})(objectClass=person))
## The additional_groups_dn is prefixed to base_dn and delimited by a comma when searching for groups. ## The additional_groups_dn is prefixed to base_dn and delimited by a comma when searching for groups.
## i.e. with this set to OU=Groups and base_dn set to DC=a,DC=com; OU=Groups,DC=a,DC=com is searched for groups. ## i.e. with this set to OU=Groups and base_dn set to DC=a,DC=com; OU=Groups,DC=a,DC=com is searched for groups.
additional_groups_dn: ou=groups # additional_groups_dn: ou=groups
## The groups filter used in search queries to find the groups based on relevant authenticated user. ## The groups filter used in search queries to find the groups based on relevant authenticated user.
## Various placeholders are available in the groups filter which you can read about in the documentation which can ## Various placeholders are available in the groups filter which you can read about in the documentation which can
@ -433,7 +433,7 @@ authentication_backend:
## ##
## If your groups use the `groupOfUniqueNames` structure use this instead: ## If your groups use the `groupOfUniqueNames` structure use this instead:
## (&(uniqueMember={dn})(objectClass=groupOfUniqueNames)) ## (&(uniqueMember={dn})(objectClass=groupOfUniqueNames))
groups_filter: (&(member={dn})(objectClass=groupOfNames)) # groups_filter: (&(member={dn})(objectClass=groupOfNames))
## The attribute holding the name of the group. ## The attribute holding the name of the group.
# group_name_attribute: cn # group_name_attribute: cn
@ -447,12 +447,12 @@ authentication_backend:
## Follow referrals returned by the server. ## Follow referrals returned by the server.
## This is especially useful for environments where read-only servers exist. Only implemented for write operations. ## This is especially useful for environments where read-only servers exist. Only implemented for write operations.
permit_referrals: false # permit_referrals: false
## The username and password of the admin user. ## The username and password of the admin user.
user: cn=admin,dc=example,dc=com # user: cn=admin,dc=example,dc=com
## Password can also be set using a secret: https://www.authelia.com/c/secrets ## Password can also be set using a secret: https://www.authelia.com/c/secrets
password: password # password: password
## ##
## File (Authentication Provider) ## File (Authentication Provider)
@ -566,18 +566,18 @@ access_control:
## resource if there is no policy to be applied to the user. ## resource if there is no policy to be applied to the user.
default_policy: deny default_policy: deny
networks: # networks:
- name: internal # - name: internal
networks: # networks:
- 10.10.0.0/16 # - 10.10.0.0/16
- 192.168.2.0/24 # - 192.168.2.0/24
- name: VPN # - name: VPN
networks: 10.9.0.0/16 # networks: 10.9.0.0/16
rules: # rules:
## Rules applied to everyone ## Rules applied to everyone
- domain: 'public.example.com' # - domain: 'public.example.com'
policy: bypass # policy: bypass
## Domain Regex examples. Generally we recommend just using a standard domain. ## Domain Regex examples. Generally we recommend just using a standard domain.
# - domain_regex: '^(?P<User>\w+)\.example\.com$' # - domain_regex: '^(?P<User>\w+)\.example\.com$'
@ -591,64 +591,64 @@ access_control:
# - domain_regex: '^.*\.example\.com$' # - domain_regex: '^.*\.example\.com$'
# policy: two_factor # policy: two_factor
- domain: 'secure.example.com' # - domain: 'secure.example.com'
policy: one_factor # policy: one_factor
## Network based rule, if not provided any network matches. ## Network based rule, if not provided any network matches.
networks: # networks:
- internal # - internal
- VPN # - VPN
- 192.168.1.0/24 # - 192.168.1.0/24
- 10.0.0.1 # - 10.0.0.1
- domain: # - domain:
- 'secure.example.com' # - 'secure.example.com'
- 'private.example.com' # - 'private.example.com'
policy: two_factor # policy: two_factor
- domain: 'singlefactor.example.com' # - domain: 'singlefactor.example.com'
policy: one_factor # policy: one_factor
## Rules applied to 'admins' group ## Rules applied to 'admins' group
- domain: 'mx2.mail.example.com' # - domain: 'mx2.mail.example.com'
subject: 'group:admins' # subject: 'group:admins'
policy: deny # policy: deny
- domain: '*.example.com' # - domain: '*.example.com'
subject: # subject:
- 'group:admins' # - 'group:admins'
- 'group:moderators' # - 'group:moderators'
policy: two_factor # policy: two_factor
## Rules applied to 'dev' group ## Rules applied to 'dev' group
- domain: 'dev.example.com' # - domain: 'dev.example.com'
resources: # resources:
- '^/groups/dev/.*$' # - '^/groups/dev/.*$'
subject: 'group:dev' # subject: 'group:dev'
policy: two_factor # policy: two_factor
## Rules applied to user 'john' ## Rules applied to user 'john'
- domain: 'dev.example.com' # - domain: 'dev.example.com'
resources: # resources:
- '^/users/john/.*$' # - '^/users/john/.*$'
subject: 'user:john' # subject: 'user:john'
policy: two_factor # policy: two_factor
## Rules applied to user 'harry' ## Rules applied to user 'harry'
- domain: 'dev.example.com' # - domain: 'dev.example.com'
resources: # resources:
- '^/users/harry/.*$' # - '^/users/harry/.*$'
subject: 'user:harry' # subject: 'user:harry'
policy: two_factor # policy: two_factor
## Rules applied to user 'bob' ## Rules applied to user 'bob'
- domain: '*.mail.example.com' # - domain: '*.mail.example.com'
subject: 'user:bob' # subject: 'user:bob'
policy: two_factor # policy: two_factor
- domain: 'dev.example.com' # - domain: 'dev.example.com'
resources: # resources:
- '^/users/bob/.*$' # - '^/users/bob/.*$'
subject: 'user:bob' # subject: 'user:bob'
policy: two_factor # policy: two_factor
## ##
## Session Provider Configuration ## Session Provider Configuration
@ -694,9 +694,9 @@ session:
## ##
## Important: Kubernetes (or HA) users must read https://www.authelia.com/t/statelessness ## Important: Kubernetes (or HA) users must read https://www.authelia.com/t/statelessness
## ##
redis: # redis:
host: 127.0.0.1 # host: 127.0.0.1
port: 6379 # port: 6379
## Use a unix socket instead ## Use a unix socket instead
# host: /var/run/redis/redis.sock # host: /var/run/redis/redis.sock
@ -704,16 +704,16 @@ session:
# username: authelia # username: authelia
## Password can also be set using a secret: https://www.authelia.com/c/secrets ## Password can also be set using a secret: https://www.authelia.com/c/secrets
password: authelia # password: authelia
## This is the Redis DB Index https://redis.io/commands/select (sometimes referred to as database number, DB, etc). ## This is the Redis DB Index https://redis.io/commands/select (sometimes referred to as database number, DB, etc).
database_index: 0 # database_index: 0
## The maximum number of concurrent active connections to Redis. ## The maximum number of concurrent active connections to Redis.
maximum_active_connections: 8 # maximum_active_connections: 8
## The target number of idle connections to have open ready for work. Useful when opening connections is slow. ## The target number of idle connections to have open ready for work. Useful when opening connections is slow.
minimum_idle_connections: 0 # minimum_idle_connections: 0
## The Redis TLS configuration. If defined will require a TLS connection to the Redis instance(s). ## The Redis TLS configuration. If defined will require a TLS connection to the Redis instance(s).
# tls: # tls:
@ -728,6 +728,82 @@ session:
## Minimum TLS version for the connection. ## Minimum TLS version for the connection.
# minimum_version: TLS1.2 # minimum_version: TLS1.2
## Maximum TLS version for the connection.
# maximum_version: TLS1.3
## The certificate chain used with the private_key if the server requests TLS Client Authentication
## i.e. Mutual TLS.
# certificate_chain: |
# -----BEGIN CERTIFICATE-----
# MIIC5jCCAc6gAwIBAgIRAK4Sj7FiN6PXo/urPfO4E7owDQYJKoZIhvcNAQELBQAw
# EzERMA8GA1UEChMIQXV0aGVsaWEwHhcNNzAwMTAxMDAwMDAwWhcNNzEwMTAxMDAw
# MDAwWjATMREwDwYDVQQKEwhBdXRoZWxpYTCCASIwDQYJKoZIhvcNAQEBBQADggEP
# ADCCAQoCggEBAPKv3pSyP4ozGEiVLJ14dIWFCEGEgq7WUMI0SZZqQA2ID0L59U/Q
# /Usyy7uC9gfMUzODTpANtkOjFQcQAsxlR1FOjVBrX5QgjSvXwbQn3DtwMA7XWSl6
# LuYx2rBYSlMSN5UZQm/RxMtXfLK2b51WgEEYDFi+nECSqKzR4R54eOPkBEWRfvuY
# 91AMjlhpivg8e4JWkq4LVQUKbmiFYwIdK8XQiN4blY9WwXwJFYs5sQ/UYMwBFi0H
# kWOh7GEjfxgoUOPauIueZSMSlQp7zqAH39N0ZSYb6cS0Npj57QoWZSY3ak87ebcR
# Nf4rCvZLby7LoN7qYCKxmCaDD3x2+NYpWH8CAwEAAaM1MDMwDgYDVR0PAQH/BAQD
# AgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcN
# AQELBQADggEBAHSITqIQSNzonFl3DzxHPEzr2hp6peo45buAAtu8FZHoA+U7Icfh
# /ZXjPg7Xz+hgFwM/DTNGXkMWacQA/PaNWvZspgRJf2AXvNbMSs2UQODr7Tbv+Fb4
# lyblmMUNYFMCFVAMU0eIxXAFq2qcwv8UMcQFT0Z/35s6PVOakYnAGGQjTfp5Ljuq
# wsdc/xWmM0cHWube6sdRRUD7SY20KU/kWzl8iFO0VbSSrDf1AlEhnLEkp1SPaxXg
# OdBnl98MeoramNiJ7NT6Jnyb3zZ578fjaWfThiBpagItI8GZmG4s4Ovh2JbheN8i
# ZsjNr9jqHTjhyLVbDRlmJzcqoj4JhbKs6/I^invalid DO NOT USE=
# -----END CERTIFICATE-----
# -----BEGIN CERTIFICATE-----
# MIIDBDCCAeygAwIBAgIRALJsPg21kA0zY4F1wUCIuoMwDQYJKoZIhvcNAQELBQAw
# EzERMA8GA1UEChMIQXV0aGVsaWEwHhcNNzAwMTAxMDAwMDAwWhcNNzEwMTAxMDAw
# MDAwWjATMREwDwYDVQQKEwhBdXRoZWxpYTCCASIwDQYJKoZIhvcNAQEBBQADggEP
# ADCCAQoCggEBAMXHBvVxUzYk0u34/DINMSF+uiOekKOAjOrC6Mi9Ww8ytPVO7t2S
# zfTvM+XnEJqkFQFgimERfG/eGhjF9XIEY6LtnXe8ATvOK4nTwdufzBaoeQu3Gd50
# 5VXr6OHRo//ErrGvFXwP3g8xLePABsi/fkH3oDN+ztewOBMDzpd+KgTrk8ysv2ou
# kNRMKFZZqASvCgv0LD5KWvUCnL6wgf1oTXG7aztduA4oSkUP321GpOmBC5+5ElU7
# ysoRzvD12o9QJ/IfEaulIX06w9yVMo60C/h6A3U6GdkT1SiyTIqR7v7KU/IWd/Qi
# Lfftcj91VhCmJ73Meff2e2S2PrpjdXbG5FMCAwEAAaNTMFEwDgYDVR0PAQH/BAQD
# AgKkMA8GA1UdJQQIMAYGBFUdJQAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU
# Z7AtA3mzFc0InSBA5fiMfeLXA3owDQYJKoZIhvcNAQELBQADggEBAEE5hm1mtlk/
# kviCoHH4evbpw7rxPxDftIQlqYTtvMM4eWY/6icFoSZ4fUHEWYyps8SsPu/8f2tf
# 71LGgZn0FdHi1QU2H8m0HHK7TFw+5Q6RLrLdSyk0PItJ71s9en7r8pX820nAFEHZ
# HkOSfJZ7B5hFgUDkMtVM6bardXAhoqcMk4YCU96e9d4PB4eI+xGc+mNuYvov3RbB
# D0s8ICyojeyPVLerz4wHjZu68Z5frAzhZ68YbzNs8j2fIBKKHkHyLG1iQyF+LJVj
# 2PjCP+auJsj6fQQpMGoyGtpLcSDh+ptcTngUD8JsWipzTCjmaNqdPHAOYmcgtf4b
# qocikt3WAdU^invalid DO NOT USE=
# -----END CERTIFICATE-----
## The private key used with the certificate_chain if the server requests TLS Client Authentication
## i.e. Mutual TLS.
# private_key: |
# -----BEGIN RSA PRIVATE KEY-----
# MIIEpAIBAAKCAQEA8q/elLI/ijMYSJUsnXh0hYUIQYSCrtZQwjRJlmpADYgPQvn1
# T9D9SzLLu4L2B8xTM4NOkA22Q6MVBxACzGVHUU6NUGtflCCNK9fBtCfcO3AwDtdZ
# KXou5jHasFhKUxI3lRlCb9HEy1d8srZvnVaAQRgMWL6cQJKorNHhHnh44+QERZF+
# +5j3UAyOWGmK+Dx7glaSrgtVBQpuaIVjAh0rxdCI3huVj1bBfAkVizmxD9RgzAEW
# LQeRY6HsYSN/GChQ49q4i55lIxKVCnvOoAff03RlJhvpxLQ2mPntChZlJjdqTzt5
# txE1/isK9ktvLsug3upgIrGYJoMPfHb41ilYfwIDAQABAoIBAQDTOdFf2JjHH1um
# aPgRAvNf9v7Nj5jytaRKs5nM6iNf46ls4QPreXnMhqSeSwj6lpNgBYxOgzC9Q+cc
# Y4ob/paJJPaIJTxmP8K/gyWcOQlNToL1l+eJ20eQoZm23NGr5fIsunSBwLEpTrdB
# ENqqtcwhW937K8Pxy/Q1nuLyU2bc6Tn/ivLozc8n27dpQWWKh8537VY7ancIaACr
# LJJLYxKqhQpjtBWAyCDvZQirnAOm9KnvIHaGXIswCZ4Xbsu0Y9NL+woARPyRVQvG
# jfxy4EmO9s1s6y7OObSukwKDSNihAKHx/VIbvVWx8g2Lv5fGOa+J2Y7o9Qurs8t5
# BQwMTt0BAoGBAPUw5Z32EszNepAeV3E2mPFUc5CLiqAxagZJuNDO2pKtyN29ETTR
# Ma4O1cWtGb6RqcNNN/Iukfkdk27Q5nC9VJSUUPYelOLc1WYOoUf6oKRzE72dkMQV
# R4bf6TkjD+OVR17fAfkswkGahZ5XA7j48KIQ+YC4jbnYKSxZTYyKPjH/AoGBAP1i
# tqXt36OVlP+y84wWqZSjMelBIVa9phDVGJmmhz3i1cMni8eLpJzWecA3pfnG6Tm9
# ze5M4whASleEt+M00gEvNaU9ND+z0wBfi+/DwJYIbv8PQdGrBiZFrPhTPjGQUldR
# lXccV2meeLZv7TagVxSi3DO6dSJfSEHyemd5j9mBAoGAX8Hv+0gOQZQCSOTAq8Nx
# 6dZcp9gHlNaXnMsP9eTDckOSzh636JPGvj6m+GPJSSbkURUIQ3oyokMNwFqvlNos
# fTaLhAOfjBZI9WnDTTQxpugWjphJ4HqbC67JC/qIiw5S6FdaEvGLEEoD4zoChywZ
# 9oGAn+fz2d/0/JAH/FpFPgsCgYEAp/ipZgPzziiZ9ov1wbdAQcWRj7RaWnssPFpX
# jXwEiXT3CgEMO4MJ4+KWIWOChrti3qFBg6i6lDyyS6Qyls7sLFbUdC7HlTcrOEMe
# rBoTcCI1GqZNlqWOVQ65ZIEiaI7o1vPBZo2GMQEZuq8mDKFsOMThvvTrM5cAep84
# n6HJR4ECgYABWcbsSnr0MKvVth/inxjbKapbZnp2HUCuw87Ie5zK2Of/tbC20wwk
# yKw3vrGoE3O1t1g2m2tn8UGGASeZ842jZWjIODdSi5+icysQGuULKt86h/woz2SQ
# 27GoE2i5mh6Yez6VAYbUuns3FcwIsMyWLq043Tu2DNkx9ijOOAuQzw^invalid..
# DO NOT USE==
# -----END RSA PRIVATE KEY-----
## The Redis HA configuration options. ## The Redis HA configuration options.
## This provides specific options to Redis Sentinel, sentinel_name must be defined (Master Name). ## This provides specific options to Redis Sentinel, sentinel_name must be defined (Master Name).
# high_availability: # high_availability:
@ -777,7 +853,7 @@ regulation:
## Storage Provider Configuration ## Storage Provider Configuration
## ##
## The available providers are: `local`, `mysql`, `postgres`. You must use one and only one of these providers. ## The available providers are: `local`, `mysql`, `postgres`. You must use one and only one of these providers.
storage: # storage:
## The encryption key that is used to encrypt sensitive information in the database. Must be a string with a minimum ## The encryption key that is used to encrypt sensitive information in the database. Must be a string with a minimum
## length of 20. Please see the docs if you configure this with an undesirable key and need to change it. ## length of 20. Please see the docs if you configure this with an undesirable key and need to change it.
# encryption_key: you_must_generate_a_random_string_of_more_than_twenty_chars_and_configure_this # encryption_key: you_must_generate_a_random_string_of_more_than_twenty_chars_and_configure_this
@ -791,19 +867,20 @@ storage:
## Important: Kubernetes (or HA) users must read https://www.authelia.com/t/statelessness ## Important: Kubernetes (or HA) users must read https://www.authelia.com/t/statelessness
## ##
# local: # local:
## Path to the SQLite3 Database.
# path: /config/db.sqlite3 # path: /config/db.sqlite3
## ##
## MySQL / MariaDB (Storage Provider) ## MySQL / MariaDB (Storage Provider)
## ##
mysql: # mysql:
host: 127.0.0.1 # host: 127.0.0.1
port: 3306 # port: 3306
database: authelia # database: authelia
username: authelia # username: authelia
## Password can also be set using a secret: https://www.authelia.com/c/secrets ## Password can also be set using a secret: https://www.authelia.com/c/secrets
password: mypassword # password: mypassword
timeout: 5s # timeout: 5s
## ##
## PostgreSQL (Storage Provider) ## PostgreSQL (Storage Provider)
@ -814,7 +891,7 @@ storage:
# database: authelia # database: authelia
# schema: public # schema: public
# username: authelia # username: authelia
# ## Password can also be set using a secret: https://www.authelia.com/c/secrets ## Password can also be set using a secret: https://www.authelia.com/c/secrets
# password: mypassword # password: mypassword
# timeout: 5s # timeout: 5s
# ssl: # ssl:
@ -850,55 +927,131 @@ notifier:
## (only works for unauthenticated connections) ## (only works for unauthenticated connections)
## - validate the SMTP server x509 certificate during the TLS handshake against the hosts trusted certificates ## - validate the SMTP server x509 certificate during the TLS handshake against the hosts trusted certificates
## (configure in tls section) ## (configure in tls section)
smtp: # smtp:
## The SMTP host to connect to. ## The SMTP host to connect to.
host: 127.0.0.1 # host: 127.0.0.1
## The port to connect to the SMTP host on. ## The port to connect to the SMTP host on.
port: 1025 # port: 1025
## The connection timeout. ## The connection timeout.
timeout: 5s # timeout: 5s
## The username used for SMTP authentication. ## The username used for SMTP authentication.
username: test # username: test
## The password used for SMTP authentication. ## The password used for SMTP authentication.
## Can also be set using a secret: https://www.authelia.com/c/secrets ## Can also be set using a secret: https://www.authelia.com/c/secrets
password: password # password: password
## The sender is used to is used for the MAIL FROM command and the FROM header. ## The sender is used to is used for the MAIL FROM command and the FROM header.
## If this is not defined and the username is an email, we use the username as this value. This can either be just ## If this is not defined and the username is an email, we use the username as this value. This can either be just
## an email address or the RFC5322 'Name <email address>' format. ## an email address or the RFC5322 'Name <email address>' format.
sender: "Authelia <admin@example.com>" # sender: "Authelia <admin@example.com>"
## HELO/EHLO Identifier. Some SMTP Servers may reject the default of localhost. ## HELO/EHLO Identifier. Some SMTP Servers may reject the default of localhost.
identifier: localhost # identifier: localhost
## Subject configuration of the emails sent. {title} is replaced by the text from the notifier. ## Subject configuration of the emails sent. {title} is replaced by the text from the notifier.
subject: "[Authelia] {title}" # subject: "[Authelia] {title}"
## This address is used during the startup check to verify the email configuration is correct. ## This address is used during the startup check to verify the email configuration is correct.
## It's not important what it is except if your email server only allows local delivery. ## It's not important what it is except if your email server only allows local delivery.
startup_check_address: test@authelia.com # startup_check_address: test@authelia.com
## By default we require some form of TLS. This disables this check though is not advised. ## By default we require some form of TLS. This disables this check though is not advised.
disable_require_tls: false # disable_require_tls: false
## Disables sending HTML formatted emails. ## Disables sending HTML formatted emails.
disable_html_emails: false # disable_html_emails: false
tls: # tls:
## Server Name for certificate validation (in case you are using the IP or non-FQDN in the host option). ## Server Name for certificate validation (in case you are using the IP or non-FQDN in the host option).
# server_name: smtp.example.com # server_name: smtp.example.com
## Skip verifying the server certificate (to allow a self-signed certificate). ## Skip verifying the server certificate (to allow a self-signed certificate).
## In preference to setting this we strongly recommend you add the public portion of the certificate to the ## In preference to setting this we strongly recommend you add the public portion of the certificate to the
## certificates directory which is defined by the `certificates_directory` option at the top of the config. ## certificates directory which is defined by the `certificates_directory` option at the top of the config.
skip_verify: false # skip_verify: false
## Minimum TLS version for either StartTLS or SMTPS. ## Minimum TLS version for either StartTLS or SMTPS.
minimum_version: TLS1.2 # minimum_version: TLS1.2
## Maximum TLS version for either StartTLS or SMTPS.
# maximum_version: TLS1.3
## The certificate chain used with the private_key if the server requests TLS Client Authentication
## i.e. Mutual TLS.
# certificate_chain: |
# -----BEGIN CERTIFICATE-----
# MIIC5jCCAc6gAwIBAgIRAK4Sj7FiN6PXo/urPfO4E7owDQYJKoZIhvcNAQELBQAw
# EzERMA8GA1UEChMIQXV0aGVsaWEwHhcNNzAwMTAxMDAwMDAwWhcNNzEwMTAxMDAw
# MDAwWjATMREwDwYDVQQKEwhBdXRoZWxpYTCCASIwDQYJKoZIhvcNAQEBBQADggEP
# ADCCAQoCggEBAPKv3pSyP4ozGEiVLJ14dIWFCEGEgq7WUMI0SZZqQA2ID0L59U/Q
# /Usyy7uC9gfMUzODTpANtkOjFQcQAsxlR1FOjVBrX5QgjSvXwbQn3DtwMA7XWSl6
# LuYx2rBYSlMSN5UZQm/RxMtXfLK2b51WgEEYDFi+nECSqKzR4R54eOPkBEWRfvuY
# 91AMjlhpivg8e4JWkq4LVQUKbmiFYwIdK8XQiN4blY9WwXwJFYs5sQ/UYMwBFi0H
# kWOh7GEjfxgoUOPauIueZSMSlQp7zqAH39N0ZSYb6cS0Npj57QoWZSY3ak87ebcR
# Nf4rCvZLby7LoN7qYCKxmCaDD3x2+NYpWH8CAwEAAaM1MDMwDgYDVR0PAQH/BAQD
# AgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcN
# AQELBQADggEBAHSITqIQSNzonFl3DzxHPEzr2hp6peo45buAAtu8FZHoA+U7Icfh
# /ZXjPg7Xz+hgFwM/DTNGXkMWacQA/PaNWvZspgRJf2AXvNbMSs2UQODr7Tbv+Fb4
# lyblmMUNYFMCFVAMU0eIxXAFq2qcwv8UMcQFT0Z/35s6PVOakYnAGGQjTfp5Ljuq
# wsdc/xWmM0cHWube6sdRRUD7SY20KU/kWzl8iFO0VbSSrDf1AlEhnLEkp1SPaxXg
# OdBnl98MeoramNiJ7NT6Jnyb3zZ578fjaWfThiBpagItI8GZmG4s4Ovh2JbheN8i
# ZsjNr9jqHTjhyLVbDRlmJzcqoj4JhbKs6/I^invalid DO NOT USE=
# -----END CERTIFICATE-----
# -----BEGIN CERTIFICATE-----
# MIIDBDCCAeygAwIBAgIRALJsPg21kA0zY4F1wUCIuoMwDQYJKoZIhvcNAQELBQAw
# EzERMA8GA1UEChMIQXV0aGVsaWEwHhcNNzAwMTAxMDAwMDAwWhcNNzEwMTAxMDAw
# MDAwWjATMREwDwYDVQQKEwhBdXRoZWxpYTCCASIwDQYJKoZIhvcNAQEBBQADggEP
# ADCCAQoCggEBAMXHBvVxUzYk0u34/DINMSF+uiOekKOAjOrC6Mi9Ww8ytPVO7t2S
# zfTvM+XnEJqkFQFgimERfG/eGhjF9XIEY6LtnXe8ATvOK4nTwdufzBaoeQu3Gd50
# 5VXr6OHRo//ErrGvFXwP3g8xLePABsi/fkH3oDN+ztewOBMDzpd+KgTrk8ysv2ou
# kNRMKFZZqASvCgv0LD5KWvUCnL6wgf1oTXG7aztduA4oSkUP321GpOmBC5+5ElU7
# ysoRzvD12o9QJ/IfEaulIX06w9yVMo60C/h6A3U6GdkT1SiyTIqR7v7KU/IWd/Qi
# Lfftcj91VhCmJ73Meff2e2S2PrpjdXbG5FMCAwEAAaNTMFEwDgYDVR0PAQH/BAQD
# AgKkMA8GA1UdJQQIMAYGBFUdJQAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU
# Z7AtA3mzFc0InSBA5fiMfeLXA3owDQYJKoZIhvcNAQELBQADggEBAEE5hm1mtlk/
# kviCoHH4evbpw7rxPxDftIQlqYTtvMM4eWY/6icFoSZ4fUHEWYyps8SsPu/8f2tf
# 71LGgZn0FdHi1QU2H8m0HHK7TFw+5Q6RLrLdSyk0PItJ71s9en7r8pX820nAFEHZ
# HkOSfJZ7B5hFgUDkMtVM6bardXAhoqcMk4YCU96e9d4PB4eI+xGc+mNuYvov3RbB
# D0s8ICyojeyPVLerz4wHjZu68Z5frAzhZ68YbzNs8j2fIBKKHkHyLG1iQyF+LJVj
# 2PjCP+auJsj6fQQpMGoyGtpLcSDh+ptcTngUD8JsWipzTCjmaNqdPHAOYmcgtf4b
# qocikt3WAdU^invalid DO NOT USE=
# -----END CERTIFICATE-----
## The private key used with the certificate_chain if the server requests TLS Client Authentication
## i.e. Mutual TLS.
# private_key: |
# -----BEGIN RSA PRIVATE KEY-----
# MIIEpAIBAAKCAQEA8q/elLI/ijMYSJUsnXh0hYUIQYSCrtZQwjRJlmpADYgPQvn1
# T9D9SzLLu4L2B8xTM4NOkA22Q6MVBxACzGVHUU6NUGtflCCNK9fBtCfcO3AwDtdZ
# KXou5jHasFhKUxI3lRlCb9HEy1d8srZvnVaAQRgMWL6cQJKorNHhHnh44+QERZF+
# +5j3UAyOWGmK+Dx7glaSrgtVBQpuaIVjAh0rxdCI3huVj1bBfAkVizmxD9RgzAEW
# LQeRY6HsYSN/GChQ49q4i55lIxKVCnvOoAff03RlJhvpxLQ2mPntChZlJjdqTzt5
# txE1/isK9ktvLsug3upgIrGYJoMPfHb41ilYfwIDAQABAoIBAQDTOdFf2JjHH1um
# aPgRAvNf9v7Nj5jytaRKs5nM6iNf46ls4QPreXnMhqSeSwj6lpNgBYxOgzC9Q+cc
# Y4ob/paJJPaIJTxmP8K/gyWcOQlNToL1l+eJ20eQoZm23NGr5fIsunSBwLEpTrdB
# ENqqtcwhW937K8Pxy/Q1nuLyU2bc6Tn/ivLozc8n27dpQWWKh8537VY7ancIaACr
# LJJLYxKqhQpjtBWAyCDvZQirnAOm9KnvIHaGXIswCZ4Xbsu0Y9NL+woARPyRVQvG
# jfxy4EmO9s1s6y7OObSukwKDSNihAKHx/VIbvVWx8g2Lv5fGOa+J2Y7o9Qurs8t5
# BQwMTt0BAoGBAPUw5Z32EszNepAeV3E2mPFUc5CLiqAxagZJuNDO2pKtyN29ETTR
# Ma4O1cWtGb6RqcNNN/Iukfkdk27Q5nC9VJSUUPYelOLc1WYOoUf6oKRzE72dkMQV
# R4bf6TkjD+OVR17fAfkswkGahZ5XA7j48KIQ+YC4jbnYKSxZTYyKPjH/AoGBAP1i
# tqXt36OVlP+y84wWqZSjMelBIVa9phDVGJmmhz3i1cMni8eLpJzWecA3pfnG6Tm9
# ze5M4whASleEt+M00gEvNaU9ND+z0wBfi+/DwJYIbv8PQdGrBiZFrPhTPjGQUldR
# lXccV2meeLZv7TagVxSi3DO6dSJfSEHyemd5j9mBAoGAX8Hv+0gOQZQCSOTAq8Nx
# 6dZcp9gHlNaXnMsP9eTDckOSzh636JPGvj6m+GPJSSbkURUIQ3oyokMNwFqvlNos
# fTaLhAOfjBZI9WnDTTQxpugWjphJ4HqbC67JC/qIiw5S6FdaEvGLEEoD4zoChywZ
# 9oGAn+fz2d/0/JAH/FpFPgsCgYEAp/ipZgPzziiZ9ov1wbdAQcWRj7RaWnssPFpX
# jXwEiXT3CgEMO4MJ4+KWIWOChrti3qFBg6i6lDyyS6Qyls7sLFbUdC7HlTcrOEMe
# rBoTcCI1GqZNlqWOVQ65ZIEiaI7o1vPBZo2GMQEZuq8mDKFsOMThvvTrM5cAep84
# n6HJR4ECgYABWcbsSnr0MKvVth/inxjbKapbZnp2HUCuw87Ie5zK2Of/tbC20wwk
# yKw3vrGoE3O1t1g2m2tn8UGGASeZ842jZWjIODdSi5+icysQGuULKt86h/woz2SQ
# 27GoE2i5mh6Yez6VAYbUuns3FcwIsMyWLq043Tu2DNkx9ijOOAuQzw^invalid..
# DO NOT USE==
# -----END RSA PRIVATE KEY-----
## ##
## Identity Providers ## Identity Providers

View File

@ -218,13 +218,13 @@ webauthn:
## ##
## Parameters used to contact the Duo API. Those are generated when you protect an application of type ## Parameters used to contact the Duo API. Those are generated when you protect an application of type
## "Partner Auth API" in the management panel. ## "Partner Auth API" in the management panel.
duo_api: # duo_api:
disable: false # disable: false
hostname: api-123456789.example.com # hostname: api-123456789.example.com
integration_key: ABCDEF # integration_key: ABCDEF
## Secret can also be set using a secret: https://www.authelia.com/c/secrets ## Secret can also be set using a secret: https://www.authelia.com/c/secrets
secret_key: 1234567890abcdefghifjkl # secret_key: 1234567890abcdefghifjkl
enable_self_enrollment: false # enable_self_enrollment: false
## ##
## NTP Configuration ## NTP Configuration
@ -281,7 +281,7 @@ authentication_backend:
## This is the recommended Authentication Provider in production ## This is the recommended Authentication Provider in production
## because it allows Authelia to offload the stateful operations ## because it allows Authelia to offload the stateful operations
## onto the LDAP service. ## onto the LDAP service.
ldap: # ldap:
## The LDAP implementation, this affects elements like the attribute utilised for resetting a password. ## The LDAP implementation, this affects elements like the attribute utilised for resetting a password.
## Acceptable options are as follows: ## Acceptable options are as follows:
## - 'activedirectory' - For Microsoft Active Directory. ## - 'activedirectory' - For Microsoft Active Directory.
@ -291,32 +291,32 @@ authentication_backend:
## Depending on the option here certain other values in this section have a default value, notably all of the ## Depending on the option here certain other values in this section have a default value, notably all of the
## attribute mappings have a default value that this config overrides, you can read more about these default values ## attribute mappings have a default value that this config overrides, you can read more about these default values
## at https://www.authelia.com/c/ldap#defaults ## at https://www.authelia.com/c/ldap#defaults
implementation: custom # implementation: custom
## The url to the ldap server. Format: <scheme>://<address>[:<port>]. ## The url to the ldap server. Format: <scheme>://<address>[:<port>].
## Scheme can be ldap or ldaps in the format (port optional). ## Scheme can be ldap or ldaps in the format (port optional).
url: ldap://127.0.0.1 # url: ldap://127.0.0.1
## The dial timeout for LDAP. ## The dial timeout for LDAP.
timeout: 5s # timeout: 5s
## Use StartTLS with the LDAP connection. ## Use StartTLS with the LDAP connection.
start_tls: false # start_tls: false
tls: # tls:
## Server Name for certificate validation (in case it's not set correctly in the URL). ## Server Name for certificate validation (in case it's not set correctly in the URL).
# server_name: ldap.example.com # server_name: ldap.example.com
## Skip verifying the server certificate (to allow a self-signed certificate). ## Skip verifying the server certificate (to allow a self-signed certificate).
## In preference to setting this we strongly recommend you add the public portion of the certificate to the ## In preference to setting this we strongly recommend you add the public portion of the certificate to the
## certificates directory which is defined by the `certificates_directory` option at the top of the config. ## certificates directory which is defined by the `certificates_directory` option at the top of the config.
skip_verify: false # skip_verify: false
## Minimum TLS version for either Secure LDAP or LDAP StartTLS. ## Minimum TLS version for either Secure LDAP or LDAP StartTLS.
minimum_version: TLS1.2 # minimum_version: TLS1.2
## Maximum TLS version for either Secure LDAP or LDAP StartTLS. ## Maximum TLS version for either Secure LDAP or LDAP StartTLS.
maximum_version: TLS1.3 # maximum_version: TLS1.3
## The certificate chain used with the private_key if the server requests TLS Client Authentication ## The certificate chain used with the private_key if the server requests TLS Client Authentication
## i.e. Mutual TLS. ## i.e. Mutual TLS.
@ -393,7 +393,7 @@ authentication_backend:
## The distinguished name of the container searched for objects in the directory information tree. ## The distinguished name of the container searched for objects in the directory information tree.
## See also: additional_users_dn, additional_groups_dn. ## See also: additional_users_dn, additional_groups_dn.
base_dn: dc=example,dc=com # base_dn: dc=example,dc=com
## The attribute holding the username of the user. This attribute is used to populate the username in the session ## The attribute holding the username of the user. This attribute is used to populate the username in the session
## information. It was introduced due to #561 to handle case insensitive search queries. For you information, ## information. It was introduced due to #561 to handle case insensitive search queries. For you information,
@ -407,7 +407,7 @@ authentication_backend:
## The additional_users_dn is prefixed to base_dn and delimited by a comma when searching for users. ## The additional_users_dn is prefixed to base_dn and delimited by a comma when searching for users.
## i.e. with this set to OU=Users and base_dn set to DC=a,DC=com; OU=Users,DC=a,DC=com is searched for users. ## i.e. with this set to OU=Users and base_dn set to DC=a,DC=com; OU=Users,DC=a,DC=com is searched for users.
additional_users_dn: ou=users # additional_users_dn: ou=users
## The users filter used in search queries to find the user profile based on input filled in login form. ## The users filter used in search queries to find the user profile based on input filled in login form.
## Various placeholders are available in the user filter which you can read about in the documentation which can ## Various placeholders are available in the user filter which you can read about in the documentation which can
@ -421,11 +421,11 @@ authentication_backend:
## ##
## To allow sign in both with username and email, one can use a filter like ## To allow sign in both with username and email, one can use a filter like
## (&(|({username_attribute}={input})({mail_attribute}={input}))(objectClass=person)) ## (&(|({username_attribute}={input})({mail_attribute}={input}))(objectClass=person))
users_filter: (&({username_attribute}={input})(objectClass=person)) # users_filter: (&({username_attribute}={input})(objectClass=person))
## The additional_groups_dn is prefixed to base_dn and delimited by a comma when searching for groups. ## The additional_groups_dn is prefixed to base_dn and delimited by a comma when searching for groups.
## i.e. with this set to OU=Groups and base_dn set to DC=a,DC=com; OU=Groups,DC=a,DC=com is searched for groups. ## i.e. with this set to OU=Groups and base_dn set to DC=a,DC=com; OU=Groups,DC=a,DC=com is searched for groups.
additional_groups_dn: ou=groups # additional_groups_dn: ou=groups
## The groups filter used in search queries to find the groups based on relevant authenticated user. ## The groups filter used in search queries to find the groups based on relevant authenticated user.
## Various placeholders are available in the groups filter which you can read about in the documentation which can ## Various placeholders are available in the groups filter which you can read about in the documentation which can
@ -433,7 +433,7 @@ authentication_backend:
## ##
## If your groups use the `groupOfUniqueNames` structure use this instead: ## If your groups use the `groupOfUniqueNames` structure use this instead:
## (&(uniqueMember={dn})(objectClass=groupOfUniqueNames)) ## (&(uniqueMember={dn})(objectClass=groupOfUniqueNames))
groups_filter: (&(member={dn})(objectClass=groupOfNames)) # groups_filter: (&(member={dn})(objectClass=groupOfNames))
## The attribute holding the name of the group. ## The attribute holding the name of the group.
# group_name_attribute: cn # group_name_attribute: cn
@ -447,12 +447,12 @@ authentication_backend:
## Follow referrals returned by the server. ## Follow referrals returned by the server.
## This is especially useful for environments where read-only servers exist. Only implemented for write operations. ## This is especially useful for environments where read-only servers exist. Only implemented for write operations.
permit_referrals: false # permit_referrals: false
## The username and password of the admin user. ## The username and password of the admin user.
user: cn=admin,dc=example,dc=com # user: cn=admin,dc=example,dc=com
## Password can also be set using a secret: https://www.authelia.com/c/secrets ## Password can also be set using a secret: https://www.authelia.com/c/secrets
password: password # password: password
## ##
## File (Authentication Provider) ## File (Authentication Provider)
@ -566,18 +566,18 @@ access_control:
## resource if there is no policy to be applied to the user. ## resource if there is no policy to be applied to the user.
default_policy: deny default_policy: deny
networks: # networks:
- name: internal # - name: internal
networks: # networks:
- 10.10.0.0/16 # - 10.10.0.0/16
- 192.168.2.0/24 # - 192.168.2.0/24
- name: VPN # - name: VPN
networks: 10.9.0.0/16 # networks: 10.9.0.0/16
rules: # rules:
## Rules applied to everyone ## Rules applied to everyone
- domain: 'public.example.com' # - domain: 'public.example.com'
policy: bypass # policy: bypass
## Domain Regex examples. Generally we recommend just using a standard domain. ## Domain Regex examples. Generally we recommend just using a standard domain.
# - domain_regex: '^(?P<User>\w+)\.example\.com$' # - domain_regex: '^(?P<User>\w+)\.example\.com$'
@ -591,64 +591,64 @@ access_control:
# - domain_regex: '^.*\.example\.com$' # - domain_regex: '^.*\.example\.com$'
# policy: two_factor # policy: two_factor
- domain: 'secure.example.com' # - domain: 'secure.example.com'
policy: one_factor # policy: one_factor
## Network based rule, if not provided any network matches. ## Network based rule, if not provided any network matches.
networks: # networks:
- internal # - internal
- VPN # - VPN
- 192.168.1.0/24 # - 192.168.1.0/24
- 10.0.0.1 # - 10.0.0.1
- domain: # - domain:
- 'secure.example.com' # - 'secure.example.com'
- 'private.example.com' # - 'private.example.com'
policy: two_factor # policy: two_factor
- domain: 'singlefactor.example.com' # - domain: 'singlefactor.example.com'
policy: one_factor # policy: one_factor
## Rules applied to 'admins' group ## Rules applied to 'admins' group
- domain: 'mx2.mail.example.com' # - domain: 'mx2.mail.example.com'
subject: 'group:admins' # subject: 'group:admins'
policy: deny # policy: deny
- domain: '*.example.com' # - domain: '*.example.com'
subject: # subject:
- 'group:admins' # - 'group:admins'
- 'group:moderators' # - 'group:moderators'
policy: two_factor # policy: two_factor
## Rules applied to 'dev' group ## Rules applied to 'dev' group
- domain: 'dev.example.com' # - domain: 'dev.example.com'
resources: # resources:
- '^/groups/dev/.*$' # - '^/groups/dev/.*$'
subject: 'group:dev' # subject: 'group:dev'
policy: two_factor # policy: two_factor
## Rules applied to user 'john' ## Rules applied to user 'john'
- domain: 'dev.example.com' # - domain: 'dev.example.com'
resources: # resources:
- '^/users/john/.*$' # - '^/users/john/.*$'
subject: 'user:john' # subject: 'user:john'
policy: two_factor # policy: two_factor
## Rules applied to user 'harry' ## Rules applied to user 'harry'
- domain: 'dev.example.com' # - domain: 'dev.example.com'
resources: # resources:
- '^/users/harry/.*$' # - '^/users/harry/.*$'
subject: 'user:harry' # subject: 'user:harry'
policy: two_factor # policy: two_factor
## Rules applied to user 'bob' ## Rules applied to user 'bob'
- domain: '*.mail.example.com' # - domain: '*.mail.example.com'
subject: 'user:bob' # subject: 'user:bob'
policy: two_factor # policy: two_factor
- domain: 'dev.example.com' # - domain: 'dev.example.com'
resources: # resources:
- '^/users/bob/.*$' # - '^/users/bob/.*$'
subject: 'user:bob' # subject: 'user:bob'
policy: two_factor # policy: two_factor
## ##
## Session Provider Configuration ## Session Provider Configuration
@ -694,9 +694,9 @@ session:
## ##
## Important: Kubernetes (or HA) users must read https://www.authelia.com/t/statelessness ## Important: Kubernetes (or HA) users must read https://www.authelia.com/t/statelessness
## ##
redis: # redis:
host: 127.0.0.1 # host: 127.0.0.1
port: 6379 # port: 6379
## Use a unix socket instead ## Use a unix socket instead
# host: /var/run/redis/redis.sock # host: /var/run/redis/redis.sock
@ -704,16 +704,16 @@ session:
# username: authelia # username: authelia
## Password can also be set using a secret: https://www.authelia.com/c/secrets ## Password can also be set using a secret: https://www.authelia.com/c/secrets
password: authelia # password: authelia
## This is the Redis DB Index https://redis.io/commands/select (sometimes referred to as database number, DB, etc). ## This is the Redis DB Index https://redis.io/commands/select (sometimes referred to as database number, DB, etc).
database_index: 0 # database_index: 0
## The maximum number of concurrent active connections to Redis. ## The maximum number of concurrent active connections to Redis.
maximum_active_connections: 8 # maximum_active_connections: 8
## The target number of idle connections to have open ready for work. Useful when opening connections is slow. ## The target number of idle connections to have open ready for work. Useful when opening connections is slow.
minimum_idle_connections: 0 # minimum_idle_connections: 0
## The Redis TLS configuration. If defined will require a TLS connection to the Redis instance(s). ## The Redis TLS configuration. If defined will require a TLS connection to the Redis instance(s).
# tls: # tls:
@ -728,6 +728,82 @@ session:
## Minimum TLS version for the connection. ## Minimum TLS version for the connection.
# minimum_version: TLS1.2 # minimum_version: TLS1.2
## Maximum TLS version for the connection.
# maximum_version: TLS1.3
## The certificate chain used with the private_key if the server requests TLS Client Authentication
## i.e. Mutual TLS.
# certificate_chain: |
# -----BEGIN CERTIFICATE-----
# MIIC5jCCAc6gAwIBAgIRAK4Sj7FiN6PXo/urPfO4E7owDQYJKoZIhvcNAQELBQAw
# EzERMA8GA1UEChMIQXV0aGVsaWEwHhcNNzAwMTAxMDAwMDAwWhcNNzEwMTAxMDAw
# MDAwWjATMREwDwYDVQQKEwhBdXRoZWxpYTCCASIwDQYJKoZIhvcNAQEBBQADggEP
# ADCCAQoCggEBAPKv3pSyP4ozGEiVLJ14dIWFCEGEgq7WUMI0SZZqQA2ID0L59U/Q
# /Usyy7uC9gfMUzODTpANtkOjFQcQAsxlR1FOjVBrX5QgjSvXwbQn3DtwMA7XWSl6
# LuYx2rBYSlMSN5UZQm/RxMtXfLK2b51WgEEYDFi+nECSqKzR4R54eOPkBEWRfvuY
# 91AMjlhpivg8e4JWkq4LVQUKbmiFYwIdK8XQiN4blY9WwXwJFYs5sQ/UYMwBFi0H
# kWOh7GEjfxgoUOPauIueZSMSlQp7zqAH39N0ZSYb6cS0Npj57QoWZSY3ak87ebcR
# Nf4rCvZLby7LoN7qYCKxmCaDD3x2+NYpWH8CAwEAAaM1MDMwDgYDVR0PAQH/BAQD
# AgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcN
# AQELBQADggEBAHSITqIQSNzonFl3DzxHPEzr2hp6peo45buAAtu8FZHoA+U7Icfh
# /ZXjPg7Xz+hgFwM/DTNGXkMWacQA/PaNWvZspgRJf2AXvNbMSs2UQODr7Tbv+Fb4
# lyblmMUNYFMCFVAMU0eIxXAFq2qcwv8UMcQFT0Z/35s6PVOakYnAGGQjTfp5Ljuq
# wsdc/xWmM0cHWube6sdRRUD7SY20KU/kWzl8iFO0VbSSrDf1AlEhnLEkp1SPaxXg
# OdBnl98MeoramNiJ7NT6Jnyb3zZ578fjaWfThiBpagItI8GZmG4s4Ovh2JbheN8i
# ZsjNr9jqHTjhyLVbDRlmJzcqoj4JhbKs6/I^invalid DO NOT USE=
# -----END CERTIFICATE-----
# -----BEGIN CERTIFICATE-----
# MIIDBDCCAeygAwIBAgIRALJsPg21kA0zY4F1wUCIuoMwDQYJKoZIhvcNAQELBQAw
# EzERMA8GA1UEChMIQXV0aGVsaWEwHhcNNzAwMTAxMDAwMDAwWhcNNzEwMTAxMDAw
# MDAwWjATMREwDwYDVQQKEwhBdXRoZWxpYTCCASIwDQYJKoZIhvcNAQEBBQADggEP
# ADCCAQoCggEBAMXHBvVxUzYk0u34/DINMSF+uiOekKOAjOrC6Mi9Ww8ytPVO7t2S
# zfTvM+XnEJqkFQFgimERfG/eGhjF9XIEY6LtnXe8ATvOK4nTwdufzBaoeQu3Gd50
# 5VXr6OHRo//ErrGvFXwP3g8xLePABsi/fkH3oDN+ztewOBMDzpd+KgTrk8ysv2ou
# kNRMKFZZqASvCgv0LD5KWvUCnL6wgf1oTXG7aztduA4oSkUP321GpOmBC5+5ElU7
# ysoRzvD12o9QJ/IfEaulIX06w9yVMo60C/h6A3U6GdkT1SiyTIqR7v7KU/IWd/Qi
# Lfftcj91VhCmJ73Meff2e2S2PrpjdXbG5FMCAwEAAaNTMFEwDgYDVR0PAQH/BAQD
# AgKkMA8GA1UdJQQIMAYGBFUdJQAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU
# Z7AtA3mzFc0InSBA5fiMfeLXA3owDQYJKoZIhvcNAQELBQADggEBAEE5hm1mtlk/
# kviCoHH4evbpw7rxPxDftIQlqYTtvMM4eWY/6icFoSZ4fUHEWYyps8SsPu/8f2tf
# 71LGgZn0FdHi1QU2H8m0HHK7TFw+5Q6RLrLdSyk0PItJ71s9en7r8pX820nAFEHZ
# HkOSfJZ7B5hFgUDkMtVM6bardXAhoqcMk4YCU96e9d4PB4eI+xGc+mNuYvov3RbB
# D0s8ICyojeyPVLerz4wHjZu68Z5frAzhZ68YbzNs8j2fIBKKHkHyLG1iQyF+LJVj
# 2PjCP+auJsj6fQQpMGoyGtpLcSDh+ptcTngUD8JsWipzTCjmaNqdPHAOYmcgtf4b
# qocikt3WAdU^invalid DO NOT USE=
# -----END CERTIFICATE-----
## The private key used with the certificate_chain if the server requests TLS Client Authentication
## i.e. Mutual TLS.
# private_key: |
# -----BEGIN RSA PRIVATE KEY-----
# MIIEpAIBAAKCAQEA8q/elLI/ijMYSJUsnXh0hYUIQYSCrtZQwjRJlmpADYgPQvn1
# T9D9SzLLu4L2B8xTM4NOkA22Q6MVBxACzGVHUU6NUGtflCCNK9fBtCfcO3AwDtdZ
# KXou5jHasFhKUxI3lRlCb9HEy1d8srZvnVaAQRgMWL6cQJKorNHhHnh44+QERZF+
# +5j3UAyOWGmK+Dx7glaSrgtVBQpuaIVjAh0rxdCI3huVj1bBfAkVizmxD9RgzAEW
# LQeRY6HsYSN/GChQ49q4i55lIxKVCnvOoAff03RlJhvpxLQ2mPntChZlJjdqTzt5
# txE1/isK9ktvLsug3upgIrGYJoMPfHb41ilYfwIDAQABAoIBAQDTOdFf2JjHH1um
# aPgRAvNf9v7Nj5jytaRKs5nM6iNf46ls4QPreXnMhqSeSwj6lpNgBYxOgzC9Q+cc
# Y4ob/paJJPaIJTxmP8K/gyWcOQlNToL1l+eJ20eQoZm23NGr5fIsunSBwLEpTrdB
# ENqqtcwhW937K8Pxy/Q1nuLyU2bc6Tn/ivLozc8n27dpQWWKh8537VY7ancIaACr
# LJJLYxKqhQpjtBWAyCDvZQirnAOm9KnvIHaGXIswCZ4Xbsu0Y9NL+woARPyRVQvG
# jfxy4EmO9s1s6y7OObSukwKDSNihAKHx/VIbvVWx8g2Lv5fGOa+J2Y7o9Qurs8t5
# BQwMTt0BAoGBAPUw5Z32EszNepAeV3E2mPFUc5CLiqAxagZJuNDO2pKtyN29ETTR
# Ma4O1cWtGb6RqcNNN/Iukfkdk27Q5nC9VJSUUPYelOLc1WYOoUf6oKRzE72dkMQV
# R4bf6TkjD+OVR17fAfkswkGahZ5XA7j48KIQ+YC4jbnYKSxZTYyKPjH/AoGBAP1i
# tqXt36OVlP+y84wWqZSjMelBIVa9phDVGJmmhz3i1cMni8eLpJzWecA3pfnG6Tm9
# ze5M4whASleEt+M00gEvNaU9ND+z0wBfi+/DwJYIbv8PQdGrBiZFrPhTPjGQUldR
# lXccV2meeLZv7TagVxSi3DO6dSJfSEHyemd5j9mBAoGAX8Hv+0gOQZQCSOTAq8Nx
# 6dZcp9gHlNaXnMsP9eTDckOSzh636JPGvj6m+GPJSSbkURUIQ3oyokMNwFqvlNos
# fTaLhAOfjBZI9WnDTTQxpugWjphJ4HqbC67JC/qIiw5S6FdaEvGLEEoD4zoChywZ
# 9oGAn+fz2d/0/JAH/FpFPgsCgYEAp/ipZgPzziiZ9ov1wbdAQcWRj7RaWnssPFpX
# jXwEiXT3CgEMO4MJ4+KWIWOChrti3qFBg6i6lDyyS6Qyls7sLFbUdC7HlTcrOEMe
# rBoTcCI1GqZNlqWOVQ65ZIEiaI7o1vPBZo2GMQEZuq8mDKFsOMThvvTrM5cAep84
# n6HJR4ECgYABWcbsSnr0MKvVth/inxjbKapbZnp2HUCuw87Ie5zK2Of/tbC20wwk
# yKw3vrGoE3O1t1g2m2tn8UGGASeZ842jZWjIODdSi5+icysQGuULKt86h/woz2SQ
# 27GoE2i5mh6Yez6VAYbUuns3FcwIsMyWLq043Tu2DNkx9ijOOAuQzw^invalid..
# DO NOT USE==
# -----END RSA PRIVATE KEY-----
## The Redis HA configuration options. ## The Redis HA configuration options.
## This provides specific options to Redis Sentinel, sentinel_name must be defined (Master Name). ## This provides specific options to Redis Sentinel, sentinel_name must be defined (Master Name).
# high_availability: # high_availability:
@ -777,7 +853,7 @@ regulation:
## Storage Provider Configuration ## Storage Provider Configuration
## ##
## The available providers are: `local`, `mysql`, `postgres`. You must use one and only one of these providers. ## The available providers are: `local`, `mysql`, `postgres`. You must use one and only one of these providers.
storage: # storage:
## The encryption key that is used to encrypt sensitive information in the database. Must be a string with a minimum ## The encryption key that is used to encrypt sensitive information in the database. Must be a string with a minimum
## length of 20. Please see the docs if you configure this with an undesirable key and need to change it. ## length of 20. Please see the docs if you configure this with an undesirable key and need to change it.
# encryption_key: you_must_generate_a_random_string_of_more_than_twenty_chars_and_configure_this # encryption_key: you_must_generate_a_random_string_of_more_than_twenty_chars_and_configure_this
@ -791,19 +867,20 @@ storage:
## Important: Kubernetes (or HA) users must read https://www.authelia.com/t/statelessness ## Important: Kubernetes (or HA) users must read https://www.authelia.com/t/statelessness
## ##
# local: # local:
## Path to the SQLite3 Database.
# path: /config/db.sqlite3 # path: /config/db.sqlite3
## ##
## MySQL / MariaDB (Storage Provider) ## MySQL / MariaDB (Storage Provider)
## ##
mysql: # mysql:
host: 127.0.0.1 # host: 127.0.0.1
port: 3306 # port: 3306
database: authelia # database: authelia
username: authelia # username: authelia
## Password can also be set using a secret: https://www.authelia.com/c/secrets ## Password can also be set using a secret: https://www.authelia.com/c/secrets
password: mypassword # password: mypassword
timeout: 5s # timeout: 5s
## ##
## PostgreSQL (Storage Provider) ## PostgreSQL (Storage Provider)
@ -814,7 +891,7 @@ storage:
# database: authelia # database: authelia
# schema: public # schema: public
# username: authelia # username: authelia
# ## Password can also be set using a secret: https://www.authelia.com/c/secrets ## Password can also be set using a secret: https://www.authelia.com/c/secrets
# password: mypassword # password: mypassword
# timeout: 5s # timeout: 5s
# ssl: # ssl:
@ -850,55 +927,131 @@ notifier:
## (only works for unauthenticated connections) ## (only works for unauthenticated connections)
## - validate the SMTP server x509 certificate during the TLS handshake against the hosts trusted certificates ## - validate the SMTP server x509 certificate during the TLS handshake against the hosts trusted certificates
## (configure in tls section) ## (configure in tls section)
smtp: # smtp:
## The SMTP host to connect to. ## The SMTP host to connect to.
host: 127.0.0.1 # host: 127.0.0.1
## The port to connect to the SMTP host on. ## The port to connect to the SMTP host on.
port: 1025 # port: 1025
## The connection timeout. ## The connection timeout.
timeout: 5s # timeout: 5s
## The username used for SMTP authentication. ## The username used for SMTP authentication.
username: test # username: test
## The password used for SMTP authentication. ## The password used for SMTP authentication.
## Can also be set using a secret: https://www.authelia.com/c/secrets ## Can also be set using a secret: https://www.authelia.com/c/secrets
password: password # password: password
## The sender is used to is used for the MAIL FROM command and the FROM header. ## The sender is used to is used for the MAIL FROM command and the FROM header.
## If this is not defined and the username is an email, we use the username as this value. This can either be just ## If this is not defined and the username is an email, we use the username as this value. This can either be just
## an email address or the RFC5322 'Name <email address>' format. ## an email address or the RFC5322 'Name <email address>' format.
sender: "Authelia <admin@example.com>" # sender: "Authelia <admin@example.com>"
## HELO/EHLO Identifier. Some SMTP Servers may reject the default of localhost. ## HELO/EHLO Identifier. Some SMTP Servers may reject the default of localhost.
identifier: localhost # identifier: localhost
## Subject configuration of the emails sent. {title} is replaced by the text from the notifier. ## Subject configuration of the emails sent. {title} is replaced by the text from the notifier.
subject: "[Authelia] {title}" # subject: "[Authelia] {title}"
## This address is used during the startup check to verify the email configuration is correct. ## This address is used during the startup check to verify the email configuration is correct.
## It's not important what it is except if your email server only allows local delivery. ## It's not important what it is except if your email server only allows local delivery.
startup_check_address: test@authelia.com # startup_check_address: test@authelia.com
## By default we require some form of TLS. This disables this check though is not advised. ## By default we require some form of TLS. This disables this check though is not advised.
disable_require_tls: false # disable_require_tls: false
## Disables sending HTML formatted emails. ## Disables sending HTML formatted emails.
disable_html_emails: false # disable_html_emails: false
tls: # tls:
## Server Name for certificate validation (in case you are using the IP or non-FQDN in the host option). ## Server Name for certificate validation (in case you are using the IP or non-FQDN in the host option).
# server_name: smtp.example.com # server_name: smtp.example.com
## Skip verifying the server certificate (to allow a self-signed certificate). ## Skip verifying the server certificate (to allow a self-signed certificate).
## In preference to setting this we strongly recommend you add the public portion of the certificate to the ## In preference to setting this we strongly recommend you add the public portion of the certificate to the
## certificates directory which is defined by the `certificates_directory` option at the top of the config. ## certificates directory which is defined by the `certificates_directory` option at the top of the config.
skip_verify: false # skip_verify: false
## Minimum TLS version for either StartTLS or SMTPS. ## Minimum TLS version for either StartTLS or SMTPS.
minimum_version: TLS1.2 # minimum_version: TLS1.2
## Maximum TLS version for either StartTLS or SMTPS.
# maximum_version: TLS1.3
## The certificate chain used with the private_key if the server requests TLS Client Authentication
## i.e. Mutual TLS.
# certificate_chain: |
# -----BEGIN CERTIFICATE-----
# MIIC5jCCAc6gAwIBAgIRAK4Sj7FiN6PXo/urPfO4E7owDQYJKoZIhvcNAQELBQAw
# EzERMA8GA1UEChMIQXV0aGVsaWEwHhcNNzAwMTAxMDAwMDAwWhcNNzEwMTAxMDAw
# MDAwWjATMREwDwYDVQQKEwhBdXRoZWxpYTCCASIwDQYJKoZIhvcNAQEBBQADggEP
# ADCCAQoCggEBAPKv3pSyP4ozGEiVLJ14dIWFCEGEgq7WUMI0SZZqQA2ID0L59U/Q
# /Usyy7uC9gfMUzODTpANtkOjFQcQAsxlR1FOjVBrX5QgjSvXwbQn3DtwMA7XWSl6
# LuYx2rBYSlMSN5UZQm/RxMtXfLK2b51WgEEYDFi+nECSqKzR4R54eOPkBEWRfvuY
# 91AMjlhpivg8e4JWkq4LVQUKbmiFYwIdK8XQiN4blY9WwXwJFYs5sQ/UYMwBFi0H
# kWOh7GEjfxgoUOPauIueZSMSlQp7zqAH39N0ZSYb6cS0Npj57QoWZSY3ak87ebcR
# Nf4rCvZLby7LoN7qYCKxmCaDD3x2+NYpWH8CAwEAAaM1MDMwDgYDVR0PAQH/BAQD
# AgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcN
# AQELBQADggEBAHSITqIQSNzonFl3DzxHPEzr2hp6peo45buAAtu8FZHoA+U7Icfh
# /ZXjPg7Xz+hgFwM/DTNGXkMWacQA/PaNWvZspgRJf2AXvNbMSs2UQODr7Tbv+Fb4
# lyblmMUNYFMCFVAMU0eIxXAFq2qcwv8UMcQFT0Z/35s6PVOakYnAGGQjTfp5Ljuq
# wsdc/xWmM0cHWube6sdRRUD7SY20KU/kWzl8iFO0VbSSrDf1AlEhnLEkp1SPaxXg
# OdBnl98MeoramNiJ7NT6Jnyb3zZ578fjaWfThiBpagItI8GZmG4s4Ovh2JbheN8i
# ZsjNr9jqHTjhyLVbDRlmJzcqoj4JhbKs6/I^invalid DO NOT USE=
# -----END CERTIFICATE-----
# -----BEGIN CERTIFICATE-----
# MIIDBDCCAeygAwIBAgIRALJsPg21kA0zY4F1wUCIuoMwDQYJKoZIhvcNAQELBQAw
# EzERMA8GA1UEChMIQXV0aGVsaWEwHhcNNzAwMTAxMDAwMDAwWhcNNzEwMTAxMDAw
# MDAwWjATMREwDwYDVQQKEwhBdXRoZWxpYTCCASIwDQYJKoZIhvcNAQEBBQADggEP
# ADCCAQoCggEBAMXHBvVxUzYk0u34/DINMSF+uiOekKOAjOrC6Mi9Ww8ytPVO7t2S
# zfTvM+XnEJqkFQFgimERfG/eGhjF9XIEY6LtnXe8ATvOK4nTwdufzBaoeQu3Gd50
# 5VXr6OHRo//ErrGvFXwP3g8xLePABsi/fkH3oDN+ztewOBMDzpd+KgTrk8ysv2ou
# kNRMKFZZqASvCgv0LD5KWvUCnL6wgf1oTXG7aztduA4oSkUP321GpOmBC5+5ElU7
# ysoRzvD12o9QJ/IfEaulIX06w9yVMo60C/h6A3U6GdkT1SiyTIqR7v7KU/IWd/Qi
# Lfftcj91VhCmJ73Meff2e2S2PrpjdXbG5FMCAwEAAaNTMFEwDgYDVR0PAQH/BAQD
# AgKkMA8GA1UdJQQIMAYGBFUdJQAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU
# Z7AtA3mzFc0InSBA5fiMfeLXA3owDQYJKoZIhvcNAQELBQADggEBAEE5hm1mtlk/
# kviCoHH4evbpw7rxPxDftIQlqYTtvMM4eWY/6icFoSZ4fUHEWYyps8SsPu/8f2tf
# 71LGgZn0FdHi1QU2H8m0HHK7TFw+5Q6RLrLdSyk0PItJ71s9en7r8pX820nAFEHZ
# HkOSfJZ7B5hFgUDkMtVM6bardXAhoqcMk4YCU96e9d4PB4eI+xGc+mNuYvov3RbB
# D0s8ICyojeyPVLerz4wHjZu68Z5frAzhZ68YbzNs8j2fIBKKHkHyLG1iQyF+LJVj
# 2PjCP+auJsj6fQQpMGoyGtpLcSDh+ptcTngUD8JsWipzTCjmaNqdPHAOYmcgtf4b
# qocikt3WAdU^invalid DO NOT USE=
# -----END CERTIFICATE-----
## The private key used with the certificate_chain if the server requests TLS Client Authentication
## i.e. Mutual TLS.
# private_key: |
# -----BEGIN RSA PRIVATE KEY-----
# MIIEpAIBAAKCAQEA8q/elLI/ijMYSJUsnXh0hYUIQYSCrtZQwjRJlmpADYgPQvn1
# T9D9SzLLu4L2B8xTM4NOkA22Q6MVBxACzGVHUU6NUGtflCCNK9fBtCfcO3AwDtdZ
# KXou5jHasFhKUxI3lRlCb9HEy1d8srZvnVaAQRgMWL6cQJKorNHhHnh44+QERZF+
# +5j3UAyOWGmK+Dx7glaSrgtVBQpuaIVjAh0rxdCI3huVj1bBfAkVizmxD9RgzAEW
# LQeRY6HsYSN/GChQ49q4i55lIxKVCnvOoAff03RlJhvpxLQ2mPntChZlJjdqTzt5
# txE1/isK9ktvLsug3upgIrGYJoMPfHb41ilYfwIDAQABAoIBAQDTOdFf2JjHH1um
# aPgRAvNf9v7Nj5jytaRKs5nM6iNf46ls4QPreXnMhqSeSwj6lpNgBYxOgzC9Q+cc
# Y4ob/paJJPaIJTxmP8K/gyWcOQlNToL1l+eJ20eQoZm23NGr5fIsunSBwLEpTrdB
# ENqqtcwhW937K8Pxy/Q1nuLyU2bc6Tn/ivLozc8n27dpQWWKh8537VY7ancIaACr
# LJJLYxKqhQpjtBWAyCDvZQirnAOm9KnvIHaGXIswCZ4Xbsu0Y9NL+woARPyRVQvG
# jfxy4EmO9s1s6y7OObSukwKDSNihAKHx/VIbvVWx8g2Lv5fGOa+J2Y7o9Qurs8t5
# BQwMTt0BAoGBAPUw5Z32EszNepAeV3E2mPFUc5CLiqAxagZJuNDO2pKtyN29ETTR
# Ma4O1cWtGb6RqcNNN/Iukfkdk27Q5nC9VJSUUPYelOLc1WYOoUf6oKRzE72dkMQV
# R4bf6TkjD+OVR17fAfkswkGahZ5XA7j48KIQ+YC4jbnYKSxZTYyKPjH/AoGBAP1i
# tqXt36OVlP+y84wWqZSjMelBIVa9phDVGJmmhz3i1cMni8eLpJzWecA3pfnG6Tm9
# ze5M4whASleEt+M00gEvNaU9ND+z0wBfi+/DwJYIbv8PQdGrBiZFrPhTPjGQUldR
# lXccV2meeLZv7TagVxSi3DO6dSJfSEHyemd5j9mBAoGAX8Hv+0gOQZQCSOTAq8Nx
# 6dZcp9gHlNaXnMsP9eTDckOSzh636JPGvj6m+GPJSSbkURUIQ3oyokMNwFqvlNos
# fTaLhAOfjBZI9WnDTTQxpugWjphJ4HqbC67JC/qIiw5S6FdaEvGLEEoD4zoChywZ
# 9oGAn+fz2d/0/JAH/FpFPgsCgYEAp/ipZgPzziiZ9ov1wbdAQcWRj7RaWnssPFpX
# jXwEiXT3CgEMO4MJ4+KWIWOChrti3qFBg6i6lDyyS6Qyls7sLFbUdC7HlTcrOEMe
# rBoTcCI1GqZNlqWOVQ65ZIEiaI7o1vPBZo2GMQEZuq8mDKFsOMThvvTrM5cAep84
# n6HJR4ECgYABWcbsSnr0MKvVth/inxjbKapbZnp2HUCuw87Ie5zK2Of/tbC20wwk
# yKw3vrGoE3O1t1g2m2tn8UGGASeZ842jZWjIODdSi5+icysQGuULKt86h/woz2SQ
# 27GoE2i5mh6Yez6VAYbUuns3FcwIsMyWLq043Tu2DNkx9ijOOAuQzw^invalid..
# DO NOT USE==
# -----END RSA PRIVATE KEY-----
## ##
## Identity Providers ## Identity Providers

View File

@ -48,13 +48,13 @@ var ErrTLSVersionNotSupported = errors.New("supplied tls version isn't supported
const ProfileRefreshDisabled = "disable" const ProfileRefreshDisabled = "disable"
const ( const (
// ProfileRefreshAlways represents a Value for refresh_interval that's the same as 0ms. // ProfileRefreshAlways represents a value for refresh_interval that's the same as 0ms.
ProfileRefreshAlways = "always" ProfileRefreshAlways = "always"
// RefreshIntervalDefault represents the default Value of refresh_interval. // RefreshIntervalDefault represents the default value of refresh_interval.
RefreshIntervalDefault = "5m" RefreshIntervalDefault = "5m"
// RefreshIntervalAlways represents the duration Value refresh interval should have if set to always. // RefreshIntervalAlways represents the duration value refresh interval should have if set to always.
RefreshIntervalAlways = 0 * time.Millisecond RefreshIntervalAlways = 0 * time.Millisecond
) )