feat(configuration): comment unnecessary template lines (#4222)
This adjusts the default configuration to mostly include commented configuration.pull/4203/head^2
parent
9532823a99
commit
5c981e7603
|
@ -218,13 +218,13 @@ webauthn:
|
|||
##
|
||||
## Parameters used to contact the Duo API. Those are generated when you protect an application of type
|
||||
## "Partner Auth API" in the management panel.
|
||||
duo_api:
|
||||
disable: false
|
||||
hostname: api-123456789.example.com
|
||||
integration_key: ABCDEF
|
||||
# duo_api:
|
||||
# disable: false
|
||||
# hostname: api-123456789.example.com
|
||||
# integration_key: ABCDEF
|
||||
## Secret can also be set using a secret: https://www.authelia.com/c/secrets
|
||||
secret_key: 1234567890abcdefghifjkl
|
||||
enable_self_enrollment: false
|
||||
# secret_key: 1234567890abcdefghifjkl
|
||||
# enable_self_enrollment: false
|
||||
|
||||
##
|
||||
## NTP Configuration
|
||||
|
@ -281,7 +281,7 @@ authentication_backend:
|
|||
## This is the recommended Authentication Provider in production
|
||||
## because it allows Authelia to offload the stateful operations
|
||||
## onto the LDAP service.
|
||||
ldap:
|
||||
# ldap:
|
||||
## The LDAP implementation, this affects elements like the attribute utilised for resetting a password.
|
||||
## Acceptable options are as follows:
|
||||
## - 'activedirectory' - For Microsoft Active Directory.
|
||||
|
@ -291,32 +291,32 @@ authentication_backend:
|
|||
## Depending on the option here certain other values in this section have a default value, notably all of the
|
||||
## attribute mappings have a default value that this config overrides, you can read more about these default values
|
||||
## at https://www.authelia.com/c/ldap#defaults
|
||||
implementation: custom
|
||||
# implementation: custom
|
||||
|
||||
## The url to the ldap server. Format: <scheme>://<address>[:<port>].
|
||||
## Scheme can be ldap or ldaps in the format (port optional).
|
||||
url: ldap://127.0.0.1
|
||||
# url: ldap://127.0.0.1
|
||||
|
||||
## The dial timeout for LDAP.
|
||||
timeout: 5s
|
||||
# timeout: 5s
|
||||
|
||||
## Use StartTLS with the LDAP connection.
|
||||
start_tls: false
|
||||
# start_tls: false
|
||||
|
||||
tls:
|
||||
# tls:
|
||||
## Server Name for certificate validation (in case it's not set correctly in the URL).
|
||||
# server_name: ldap.example.com
|
||||
|
||||
## Skip verifying the server certificate (to allow a self-signed certificate).
|
||||
## In preference to setting this we strongly recommend you add the public portion of the certificate to the
|
||||
## certificates directory which is defined by the `certificates_directory` option at the top of the config.
|
||||
skip_verify: false
|
||||
# skip_verify: false
|
||||
|
||||
## Minimum TLS version for either Secure LDAP or LDAP StartTLS.
|
||||
minimum_version: TLS1.2
|
||||
# minimum_version: TLS1.2
|
||||
|
||||
## Maximum TLS version for either Secure LDAP or LDAP StartTLS.
|
||||
maximum_version: TLS1.3
|
||||
# maximum_version: TLS1.3
|
||||
|
||||
## The certificate chain used with the private_key if the server requests TLS Client Authentication
|
||||
## i.e. Mutual TLS.
|
||||
|
@ -393,7 +393,7 @@ authentication_backend:
|
|||
|
||||
## The distinguished name of the container searched for objects in the directory information tree.
|
||||
## See also: additional_users_dn, additional_groups_dn.
|
||||
base_dn: dc=example,dc=com
|
||||
# base_dn: dc=example,dc=com
|
||||
|
||||
## The attribute holding the username of the user. This attribute is used to populate the username in the session
|
||||
## information. It was introduced due to #561 to handle case insensitive search queries. For you information,
|
||||
|
@ -407,7 +407,7 @@ authentication_backend:
|
|||
|
||||
## The additional_users_dn is prefixed to base_dn and delimited by a comma when searching for users.
|
||||
## i.e. with this set to OU=Users and base_dn set to DC=a,DC=com; OU=Users,DC=a,DC=com is searched for users.
|
||||
additional_users_dn: ou=users
|
||||
# additional_users_dn: ou=users
|
||||
|
||||
## The users filter used in search queries to find the user profile based on input filled in login form.
|
||||
## Various placeholders are available in the user filter which you can read about in the documentation which can
|
||||
|
@ -421,11 +421,11 @@ authentication_backend:
|
|||
##
|
||||
## To allow sign in both with username and email, one can use a filter like
|
||||
## (&(|({username_attribute}={input})({mail_attribute}={input}))(objectClass=person))
|
||||
users_filter: (&({username_attribute}={input})(objectClass=person))
|
||||
# users_filter: (&({username_attribute}={input})(objectClass=person))
|
||||
|
||||
## The additional_groups_dn is prefixed to base_dn and delimited by a comma when searching for groups.
|
||||
## i.e. with this set to OU=Groups and base_dn set to DC=a,DC=com; OU=Groups,DC=a,DC=com is searched for groups.
|
||||
additional_groups_dn: ou=groups
|
||||
# additional_groups_dn: ou=groups
|
||||
|
||||
## The groups filter used in search queries to find the groups based on relevant authenticated user.
|
||||
## Various placeholders are available in the groups filter which you can read about in the documentation which can
|
||||
|
@ -433,7 +433,7 @@ authentication_backend:
|
|||
##
|
||||
## If your groups use the `groupOfUniqueNames` structure use this instead:
|
||||
## (&(uniqueMember={dn})(objectClass=groupOfUniqueNames))
|
||||
groups_filter: (&(member={dn})(objectClass=groupOfNames))
|
||||
# groups_filter: (&(member={dn})(objectClass=groupOfNames))
|
||||
|
||||
## The attribute holding the name of the group.
|
||||
# group_name_attribute: cn
|
||||
|
@ -447,12 +447,12 @@ authentication_backend:
|
|||
|
||||
## Follow referrals returned by the server.
|
||||
## This is especially useful for environments where read-only servers exist. Only implemented for write operations.
|
||||
permit_referrals: false
|
||||
# permit_referrals: false
|
||||
|
||||
## The username and password of the admin user.
|
||||
user: cn=admin,dc=example,dc=com
|
||||
# user: cn=admin,dc=example,dc=com
|
||||
## Password can also be set using a secret: https://www.authelia.com/c/secrets
|
||||
password: password
|
||||
# password: password
|
||||
|
||||
##
|
||||
## File (Authentication Provider)
|
||||
|
@ -566,18 +566,18 @@ access_control:
|
|||
## resource if there is no policy to be applied to the user.
|
||||
default_policy: deny
|
||||
|
||||
networks:
|
||||
- name: internal
|
||||
networks:
|
||||
- 10.10.0.0/16
|
||||
- 192.168.2.0/24
|
||||
- name: VPN
|
||||
networks: 10.9.0.0/16
|
||||
# networks:
|
||||
# - name: internal
|
||||
# networks:
|
||||
# - 10.10.0.0/16
|
||||
# - 192.168.2.0/24
|
||||
# - name: VPN
|
||||
# networks: 10.9.0.0/16
|
||||
|
||||
rules:
|
||||
# rules:
|
||||
## Rules applied to everyone
|
||||
- domain: 'public.example.com'
|
||||
policy: bypass
|
||||
# - domain: 'public.example.com'
|
||||
# policy: bypass
|
||||
|
||||
## Domain Regex examples. Generally we recommend just using a standard domain.
|
||||
# - domain_regex: '^(?P<User>\w+)\.example\.com$'
|
||||
|
@ -591,64 +591,64 @@ access_control:
|
|||
# - domain_regex: '^.*\.example\.com$'
|
||||
# policy: two_factor
|
||||
|
||||
- domain: 'secure.example.com'
|
||||
policy: one_factor
|
||||
# - domain: 'secure.example.com'
|
||||
# policy: one_factor
|
||||
## Network based rule, if not provided any network matches.
|
||||
networks:
|
||||
- internal
|
||||
- VPN
|
||||
- 192.168.1.0/24
|
||||
- 10.0.0.1
|
||||
# networks:
|
||||
# - internal
|
||||
# - VPN
|
||||
# - 192.168.1.0/24
|
||||
# - 10.0.0.1
|
||||
|
||||
- domain:
|
||||
- 'secure.example.com'
|
||||
- 'private.example.com'
|
||||
policy: two_factor
|
||||
# - domain:
|
||||
# - 'secure.example.com'
|
||||
# - 'private.example.com'
|
||||
# policy: two_factor
|
||||
|
||||
- domain: 'singlefactor.example.com'
|
||||
policy: one_factor
|
||||
# - domain: 'singlefactor.example.com'
|
||||
# policy: one_factor
|
||||
|
||||
## Rules applied to 'admins' group
|
||||
- domain: 'mx2.mail.example.com'
|
||||
subject: 'group:admins'
|
||||
policy: deny
|
||||
# - domain: 'mx2.mail.example.com'
|
||||
# subject: 'group:admins'
|
||||
# policy: deny
|
||||
|
||||
- domain: '*.example.com'
|
||||
subject:
|
||||
- 'group:admins'
|
||||
- 'group:moderators'
|
||||
policy: two_factor
|
||||
# - domain: '*.example.com'
|
||||
# subject:
|
||||
# - 'group:admins'
|
||||
# - 'group:moderators'
|
||||
# policy: two_factor
|
||||
|
||||
## Rules applied to 'dev' group
|
||||
- domain: 'dev.example.com'
|
||||
resources:
|
||||
- '^/groups/dev/.*$'
|
||||
subject: 'group:dev'
|
||||
policy: two_factor
|
||||
# - domain: 'dev.example.com'
|
||||
# resources:
|
||||
# - '^/groups/dev/.*$'
|
||||
# subject: 'group:dev'
|
||||
# policy: two_factor
|
||||
|
||||
## Rules applied to user 'john'
|
||||
- domain: 'dev.example.com'
|
||||
resources:
|
||||
- '^/users/john/.*$'
|
||||
subject: 'user:john'
|
||||
policy: two_factor
|
||||
# - domain: 'dev.example.com'
|
||||
# resources:
|
||||
# - '^/users/john/.*$'
|
||||
# subject: 'user:john'
|
||||
# policy: two_factor
|
||||
|
||||
## Rules applied to user 'harry'
|
||||
- domain: 'dev.example.com'
|
||||
resources:
|
||||
- '^/users/harry/.*$'
|
||||
subject: 'user:harry'
|
||||
policy: two_factor
|
||||
# - domain: 'dev.example.com'
|
||||
# resources:
|
||||
# - '^/users/harry/.*$'
|
||||
# subject: 'user:harry'
|
||||
# policy: two_factor
|
||||
|
||||
## Rules applied to user 'bob'
|
||||
- domain: '*.mail.example.com'
|
||||
subject: 'user:bob'
|
||||
policy: two_factor
|
||||
- domain: 'dev.example.com'
|
||||
resources:
|
||||
- '^/users/bob/.*$'
|
||||
subject: 'user:bob'
|
||||
policy: two_factor
|
||||
# - domain: '*.mail.example.com'
|
||||
# subject: 'user:bob'
|
||||
# policy: two_factor
|
||||
# - domain: 'dev.example.com'
|
||||
# resources:
|
||||
# - '^/users/bob/.*$'
|
||||
# subject: 'user:bob'
|
||||
# policy: two_factor
|
||||
|
||||
##
|
||||
## Session Provider Configuration
|
||||
|
@ -694,9 +694,9 @@ session:
|
|||
##
|
||||
## Important: Kubernetes (or HA) users must read https://www.authelia.com/t/statelessness
|
||||
##
|
||||
redis:
|
||||
host: 127.0.0.1
|
||||
port: 6379
|
||||
# redis:
|
||||
# host: 127.0.0.1
|
||||
# port: 6379
|
||||
## Use a unix socket instead
|
||||
# host: /var/run/redis/redis.sock
|
||||
|
||||
|
@ -704,16 +704,16 @@ session:
|
|||
# username: authelia
|
||||
|
||||
## Password can also be set using a secret: https://www.authelia.com/c/secrets
|
||||
password: authelia
|
||||
# password: authelia
|
||||
|
||||
## This is the Redis DB Index https://redis.io/commands/select (sometimes referred to as database number, DB, etc).
|
||||
database_index: 0
|
||||
# database_index: 0
|
||||
|
||||
## The maximum number of concurrent active connections to Redis.
|
||||
maximum_active_connections: 8
|
||||
# maximum_active_connections: 8
|
||||
|
||||
## The target number of idle connections to have open ready for work. Useful when opening connections is slow.
|
||||
minimum_idle_connections: 0
|
||||
# minimum_idle_connections: 0
|
||||
|
||||
## The Redis TLS configuration. If defined will require a TLS connection to the Redis instance(s).
|
||||
# tls:
|
||||
|
@ -728,6 +728,82 @@ session:
|
|||
## Minimum TLS version for the connection.
|
||||
# minimum_version: TLS1.2
|
||||
|
||||
## Maximum TLS version for the connection.
|
||||
# maximum_version: TLS1.3
|
||||
|
||||
## The certificate chain used with the private_key if the server requests TLS Client Authentication
|
||||
## i.e. Mutual TLS.
|
||||
# certificate_chain: |
|
||||
# -----BEGIN CERTIFICATE-----
|
||||
# MIIC5jCCAc6gAwIBAgIRAK4Sj7FiN6PXo/urPfO4E7owDQYJKoZIhvcNAQELBQAw
|
||||
# EzERMA8GA1UEChMIQXV0aGVsaWEwHhcNNzAwMTAxMDAwMDAwWhcNNzEwMTAxMDAw
|
||||
# MDAwWjATMREwDwYDVQQKEwhBdXRoZWxpYTCCASIwDQYJKoZIhvcNAQEBBQADggEP
|
||||
# ADCCAQoCggEBAPKv3pSyP4ozGEiVLJ14dIWFCEGEgq7WUMI0SZZqQA2ID0L59U/Q
|
||||
# /Usyy7uC9gfMUzODTpANtkOjFQcQAsxlR1FOjVBrX5QgjSvXwbQn3DtwMA7XWSl6
|
||||
# LuYx2rBYSlMSN5UZQm/RxMtXfLK2b51WgEEYDFi+nECSqKzR4R54eOPkBEWRfvuY
|
||||
# 91AMjlhpivg8e4JWkq4LVQUKbmiFYwIdK8XQiN4blY9WwXwJFYs5sQ/UYMwBFi0H
|
||||
# kWOh7GEjfxgoUOPauIueZSMSlQp7zqAH39N0ZSYb6cS0Npj57QoWZSY3ak87ebcR
|
||||
# Nf4rCvZLby7LoN7qYCKxmCaDD3x2+NYpWH8CAwEAAaM1MDMwDgYDVR0PAQH/BAQD
|
||||
# AgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcN
|
||||
# AQELBQADggEBAHSITqIQSNzonFl3DzxHPEzr2hp6peo45buAAtu8FZHoA+U7Icfh
|
||||
# /ZXjPg7Xz+hgFwM/DTNGXkMWacQA/PaNWvZspgRJf2AXvNbMSs2UQODr7Tbv+Fb4
|
||||
# lyblmMUNYFMCFVAMU0eIxXAFq2qcwv8UMcQFT0Z/35s6PVOakYnAGGQjTfp5Ljuq
|
||||
# wsdc/xWmM0cHWube6sdRRUD7SY20KU/kWzl8iFO0VbSSrDf1AlEhnLEkp1SPaxXg
|
||||
# OdBnl98MeoramNiJ7NT6Jnyb3zZ578fjaWfThiBpagItI8GZmG4s4Ovh2JbheN8i
|
||||
# ZsjNr9jqHTjhyLVbDRlmJzcqoj4JhbKs6/I^invalid DO NOT USE=
|
||||
# -----END CERTIFICATE-----
|
||||
# -----BEGIN CERTIFICATE-----
|
||||
# MIIDBDCCAeygAwIBAgIRALJsPg21kA0zY4F1wUCIuoMwDQYJKoZIhvcNAQELBQAw
|
||||
# EzERMA8GA1UEChMIQXV0aGVsaWEwHhcNNzAwMTAxMDAwMDAwWhcNNzEwMTAxMDAw
|
||||
# MDAwWjATMREwDwYDVQQKEwhBdXRoZWxpYTCCASIwDQYJKoZIhvcNAQEBBQADggEP
|
||||
# ADCCAQoCggEBAMXHBvVxUzYk0u34/DINMSF+uiOekKOAjOrC6Mi9Ww8ytPVO7t2S
|
||||
# zfTvM+XnEJqkFQFgimERfG/eGhjF9XIEY6LtnXe8ATvOK4nTwdufzBaoeQu3Gd50
|
||||
# 5VXr6OHRo//ErrGvFXwP3g8xLePABsi/fkH3oDN+ztewOBMDzpd+KgTrk8ysv2ou
|
||||
# kNRMKFZZqASvCgv0LD5KWvUCnL6wgf1oTXG7aztduA4oSkUP321GpOmBC5+5ElU7
|
||||
# ysoRzvD12o9QJ/IfEaulIX06w9yVMo60C/h6A3U6GdkT1SiyTIqR7v7KU/IWd/Qi
|
||||
# Lfftcj91VhCmJ73Meff2e2S2PrpjdXbG5FMCAwEAAaNTMFEwDgYDVR0PAQH/BAQD
|
||||
# AgKkMA8GA1UdJQQIMAYGBFUdJQAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU
|
||||
# Z7AtA3mzFc0InSBA5fiMfeLXA3owDQYJKoZIhvcNAQELBQADggEBAEE5hm1mtlk/
|
||||
# kviCoHH4evbpw7rxPxDftIQlqYTtvMM4eWY/6icFoSZ4fUHEWYyps8SsPu/8f2tf
|
||||
# 71LGgZn0FdHi1QU2H8m0HHK7TFw+5Q6RLrLdSyk0PItJ71s9en7r8pX820nAFEHZ
|
||||
# HkOSfJZ7B5hFgUDkMtVM6bardXAhoqcMk4YCU96e9d4PB4eI+xGc+mNuYvov3RbB
|
||||
# D0s8ICyojeyPVLerz4wHjZu68Z5frAzhZ68YbzNs8j2fIBKKHkHyLG1iQyF+LJVj
|
||||
# 2PjCP+auJsj6fQQpMGoyGtpLcSDh+ptcTngUD8JsWipzTCjmaNqdPHAOYmcgtf4b
|
||||
# qocikt3WAdU^invalid DO NOT USE=
|
||||
# -----END CERTIFICATE-----
|
||||
|
||||
## The private key used with the certificate_chain if the server requests TLS Client Authentication
|
||||
## i.e. Mutual TLS.
|
||||
# private_key: |
|
||||
# -----BEGIN RSA PRIVATE KEY-----
|
||||
# MIIEpAIBAAKCAQEA8q/elLI/ijMYSJUsnXh0hYUIQYSCrtZQwjRJlmpADYgPQvn1
|
||||
# T9D9SzLLu4L2B8xTM4NOkA22Q6MVBxACzGVHUU6NUGtflCCNK9fBtCfcO3AwDtdZ
|
||||
# KXou5jHasFhKUxI3lRlCb9HEy1d8srZvnVaAQRgMWL6cQJKorNHhHnh44+QERZF+
|
||||
# +5j3UAyOWGmK+Dx7glaSrgtVBQpuaIVjAh0rxdCI3huVj1bBfAkVizmxD9RgzAEW
|
||||
# LQeRY6HsYSN/GChQ49q4i55lIxKVCnvOoAff03RlJhvpxLQ2mPntChZlJjdqTzt5
|
||||
# txE1/isK9ktvLsug3upgIrGYJoMPfHb41ilYfwIDAQABAoIBAQDTOdFf2JjHH1um
|
||||
# aPgRAvNf9v7Nj5jytaRKs5nM6iNf46ls4QPreXnMhqSeSwj6lpNgBYxOgzC9Q+cc
|
||||
# Y4ob/paJJPaIJTxmP8K/gyWcOQlNToL1l+eJ20eQoZm23NGr5fIsunSBwLEpTrdB
|
||||
# ENqqtcwhW937K8Pxy/Q1nuLyU2bc6Tn/ivLozc8n27dpQWWKh8537VY7ancIaACr
|
||||
# LJJLYxKqhQpjtBWAyCDvZQirnAOm9KnvIHaGXIswCZ4Xbsu0Y9NL+woARPyRVQvG
|
||||
# jfxy4EmO9s1s6y7OObSukwKDSNihAKHx/VIbvVWx8g2Lv5fGOa+J2Y7o9Qurs8t5
|
||||
# BQwMTt0BAoGBAPUw5Z32EszNepAeV3E2mPFUc5CLiqAxagZJuNDO2pKtyN29ETTR
|
||||
# Ma4O1cWtGb6RqcNNN/Iukfkdk27Q5nC9VJSUUPYelOLc1WYOoUf6oKRzE72dkMQV
|
||||
# R4bf6TkjD+OVR17fAfkswkGahZ5XA7j48KIQ+YC4jbnYKSxZTYyKPjH/AoGBAP1i
|
||||
# tqXt36OVlP+y84wWqZSjMelBIVa9phDVGJmmhz3i1cMni8eLpJzWecA3pfnG6Tm9
|
||||
# ze5M4whASleEt+M00gEvNaU9ND+z0wBfi+/DwJYIbv8PQdGrBiZFrPhTPjGQUldR
|
||||
# lXccV2meeLZv7TagVxSi3DO6dSJfSEHyemd5j9mBAoGAX8Hv+0gOQZQCSOTAq8Nx
|
||||
# 6dZcp9gHlNaXnMsP9eTDckOSzh636JPGvj6m+GPJSSbkURUIQ3oyokMNwFqvlNos
|
||||
# fTaLhAOfjBZI9WnDTTQxpugWjphJ4HqbC67JC/qIiw5S6FdaEvGLEEoD4zoChywZ
|
||||
# 9oGAn+fz2d/0/JAH/FpFPgsCgYEAp/ipZgPzziiZ9ov1wbdAQcWRj7RaWnssPFpX
|
||||
# jXwEiXT3CgEMO4MJ4+KWIWOChrti3qFBg6i6lDyyS6Qyls7sLFbUdC7HlTcrOEMe
|
||||
# rBoTcCI1GqZNlqWOVQ65ZIEiaI7o1vPBZo2GMQEZuq8mDKFsOMThvvTrM5cAep84
|
||||
# n6HJR4ECgYABWcbsSnr0MKvVth/inxjbKapbZnp2HUCuw87Ie5zK2Of/tbC20wwk
|
||||
# yKw3vrGoE3O1t1g2m2tn8UGGASeZ842jZWjIODdSi5+icysQGuULKt86h/woz2SQ
|
||||
# 27GoE2i5mh6Yez6VAYbUuns3FcwIsMyWLq043Tu2DNkx9ijOOAuQzw^invalid..
|
||||
# DO NOT USE==
|
||||
# -----END RSA PRIVATE KEY-----
|
||||
|
||||
## The Redis HA configuration options.
|
||||
## This provides specific options to Redis Sentinel, sentinel_name must be defined (Master Name).
|
||||
# high_availability:
|
||||
|
@ -777,7 +853,7 @@ regulation:
|
|||
## Storage Provider Configuration
|
||||
##
|
||||
## The available providers are: `local`, `mysql`, `postgres`. You must use one and only one of these providers.
|
||||
storage:
|
||||
# storage:
|
||||
## The encryption key that is used to encrypt sensitive information in the database. Must be a string with a minimum
|
||||
## length of 20. Please see the docs if you configure this with an undesirable key and need to change it.
|
||||
# encryption_key: you_must_generate_a_random_string_of_more_than_twenty_chars_and_configure_this
|
||||
|
@ -791,19 +867,20 @@ storage:
|
|||
## Important: Kubernetes (or HA) users must read https://www.authelia.com/t/statelessness
|
||||
##
|
||||
# local:
|
||||
## Path to the SQLite3 Database.
|
||||
# path: /config/db.sqlite3
|
||||
|
||||
##
|
||||
## MySQL / MariaDB (Storage Provider)
|
||||
##
|
||||
mysql:
|
||||
host: 127.0.0.1
|
||||
port: 3306
|
||||
database: authelia
|
||||
username: authelia
|
||||
# mysql:
|
||||
# host: 127.0.0.1
|
||||
# port: 3306
|
||||
# database: authelia
|
||||
# username: authelia
|
||||
## Password can also be set using a secret: https://www.authelia.com/c/secrets
|
||||
password: mypassword
|
||||
timeout: 5s
|
||||
# password: mypassword
|
||||
# timeout: 5s
|
||||
|
||||
##
|
||||
## PostgreSQL (Storage Provider)
|
||||
|
@ -814,7 +891,7 @@ storage:
|
|||
# database: authelia
|
||||
# schema: public
|
||||
# username: authelia
|
||||
# ## Password can also be set using a secret: https://www.authelia.com/c/secrets
|
||||
## Password can also be set using a secret: https://www.authelia.com/c/secrets
|
||||
# password: mypassword
|
||||
# timeout: 5s
|
||||
# ssl:
|
||||
|
@ -850,55 +927,131 @@ notifier:
|
|||
## (only works for unauthenticated connections)
|
||||
## - validate the SMTP server x509 certificate during the TLS handshake against the hosts trusted certificates
|
||||
## (configure in tls section)
|
||||
smtp:
|
||||
# smtp:
|
||||
## The SMTP host to connect to.
|
||||
host: 127.0.0.1
|
||||
# host: 127.0.0.1
|
||||
|
||||
## The port to connect to the SMTP host on.
|
||||
port: 1025
|
||||
# port: 1025
|
||||
|
||||
## The connection timeout.
|
||||
timeout: 5s
|
||||
# timeout: 5s
|
||||
|
||||
## The username used for SMTP authentication.
|
||||
username: test
|
||||
# username: test
|
||||
|
||||
## The password used for SMTP authentication.
|
||||
## Can also be set using a secret: https://www.authelia.com/c/secrets
|
||||
password: password
|
||||
# password: password
|
||||
|
||||
## The sender is used to is used for the MAIL FROM command and the FROM header.
|
||||
## If this is not defined and the username is an email, we use the username as this value. This can either be just
|
||||
## an email address or the RFC5322 'Name <email address>' format.
|
||||
sender: "Authelia <admin@example.com>"
|
||||
# sender: "Authelia <admin@example.com>"
|
||||
|
||||
## HELO/EHLO Identifier. Some SMTP Servers may reject the default of localhost.
|
||||
identifier: localhost
|
||||
# identifier: localhost
|
||||
|
||||
## Subject configuration of the emails sent. {title} is replaced by the text from the notifier.
|
||||
subject: "[Authelia] {title}"
|
||||
# subject: "[Authelia] {title}"
|
||||
|
||||
## This address is used during the startup check to verify the email configuration is correct.
|
||||
## It's not important what it is except if your email server only allows local delivery.
|
||||
startup_check_address: test@authelia.com
|
||||
# startup_check_address: test@authelia.com
|
||||
|
||||
## By default we require some form of TLS. This disables this check though is not advised.
|
||||
disable_require_tls: false
|
||||
# disable_require_tls: false
|
||||
|
||||
## Disables sending HTML formatted emails.
|
||||
disable_html_emails: false
|
||||
# disable_html_emails: false
|
||||
|
||||
tls:
|
||||
# tls:
|
||||
## Server Name for certificate validation (in case you are using the IP or non-FQDN in the host option).
|
||||
# server_name: smtp.example.com
|
||||
|
||||
## Skip verifying the server certificate (to allow a self-signed certificate).
|
||||
## In preference to setting this we strongly recommend you add the public portion of the certificate to the
|
||||
## certificates directory which is defined by the `certificates_directory` option at the top of the config.
|
||||
skip_verify: false
|
||||
# skip_verify: false
|
||||
|
||||
## Minimum TLS version for either StartTLS or SMTPS.
|
||||
minimum_version: TLS1.2
|
||||
# minimum_version: TLS1.2
|
||||
|
||||
## Maximum TLS version for either StartTLS or SMTPS.
|
||||
# maximum_version: TLS1.3
|
||||
|
||||
## The certificate chain used with the private_key if the server requests TLS Client Authentication
|
||||
## i.e. Mutual TLS.
|
||||
# certificate_chain: |
|
||||
# -----BEGIN CERTIFICATE-----
|
||||
# MIIC5jCCAc6gAwIBAgIRAK4Sj7FiN6PXo/urPfO4E7owDQYJKoZIhvcNAQELBQAw
|
||||
# EzERMA8GA1UEChMIQXV0aGVsaWEwHhcNNzAwMTAxMDAwMDAwWhcNNzEwMTAxMDAw
|
||||
# MDAwWjATMREwDwYDVQQKEwhBdXRoZWxpYTCCASIwDQYJKoZIhvcNAQEBBQADggEP
|
||||
# ADCCAQoCggEBAPKv3pSyP4ozGEiVLJ14dIWFCEGEgq7WUMI0SZZqQA2ID0L59U/Q
|
||||
# /Usyy7uC9gfMUzODTpANtkOjFQcQAsxlR1FOjVBrX5QgjSvXwbQn3DtwMA7XWSl6
|
||||
# LuYx2rBYSlMSN5UZQm/RxMtXfLK2b51WgEEYDFi+nECSqKzR4R54eOPkBEWRfvuY
|
||||
# 91AMjlhpivg8e4JWkq4LVQUKbmiFYwIdK8XQiN4blY9WwXwJFYs5sQ/UYMwBFi0H
|
||||
# kWOh7GEjfxgoUOPauIueZSMSlQp7zqAH39N0ZSYb6cS0Npj57QoWZSY3ak87ebcR
|
||||
# Nf4rCvZLby7LoN7qYCKxmCaDD3x2+NYpWH8CAwEAAaM1MDMwDgYDVR0PAQH/BAQD
|
||||
# AgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcN
|
||||
# AQELBQADggEBAHSITqIQSNzonFl3DzxHPEzr2hp6peo45buAAtu8FZHoA+U7Icfh
|
||||
# /ZXjPg7Xz+hgFwM/DTNGXkMWacQA/PaNWvZspgRJf2AXvNbMSs2UQODr7Tbv+Fb4
|
||||
# lyblmMUNYFMCFVAMU0eIxXAFq2qcwv8UMcQFT0Z/35s6PVOakYnAGGQjTfp5Ljuq
|
||||
# wsdc/xWmM0cHWube6sdRRUD7SY20KU/kWzl8iFO0VbSSrDf1AlEhnLEkp1SPaxXg
|
||||
# OdBnl98MeoramNiJ7NT6Jnyb3zZ578fjaWfThiBpagItI8GZmG4s4Ovh2JbheN8i
|
||||
# ZsjNr9jqHTjhyLVbDRlmJzcqoj4JhbKs6/I^invalid DO NOT USE=
|
||||
# -----END CERTIFICATE-----
|
||||
# -----BEGIN CERTIFICATE-----
|
||||
# MIIDBDCCAeygAwIBAgIRALJsPg21kA0zY4F1wUCIuoMwDQYJKoZIhvcNAQELBQAw
|
||||
# EzERMA8GA1UEChMIQXV0aGVsaWEwHhcNNzAwMTAxMDAwMDAwWhcNNzEwMTAxMDAw
|
||||
# MDAwWjATMREwDwYDVQQKEwhBdXRoZWxpYTCCASIwDQYJKoZIhvcNAQEBBQADggEP
|
||||
# ADCCAQoCggEBAMXHBvVxUzYk0u34/DINMSF+uiOekKOAjOrC6Mi9Ww8ytPVO7t2S
|
||||
# zfTvM+XnEJqkFQFgimERfG/eGhjF9XIEY6LtnXe8ATvOK4nTwdufzBaoeQu3Gd50
|
||||
# 5VXr6OHRo//ErrGvFXwP3g8xLePABsi/fkH3oDN+ztewOBMDzpd+KgTrk8ysv2ou
|
||||
# kNRMKFZZqASvCgv0LD5KWvUCnL6wgf1oTXG7aztduA4oSkUP321GpOmBC5+5ElU7
|
||||
# ysoRzvD12o9QJ/IfEaulIX06w9yVMo60C/h6A3U6GdkT1SiyTIqR7v7KU/IWd/Qi
|
||||
# Lfftcj91VhCmJ73Meff2e2S2PrpjdXbG5FMCAwEAAaNTMFEwDgYDVR0PAQH/BAQD
|
||||
# AgKkMA8GA1UdJQQIMAYGBFUdJQAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU
|
||||
# Z7AtA3mzFc0InSBA5fiMfeLXA3owDQYJKoZIhvcNAQELBQADggEBAEE5hm1mtlk/
|
||||
# kviCoHH4evbpw7rxPxDftIQlqYTtvMM4eWY/6icFoSZ4fUHEWYyps8SsPu/8f2tf
|
||||
# 71LGgZn0FdHi1QU2H8m0HHK7TFw+5Q6RLrLdSyk0PItJ71s9en7r8pX820nAFEHZ
|
||||
# HkOSfJZ7B5hFgUDkMtVM6bardXAhoqcMk4YCU96e9d4PB4eI+xGc+mNuYvov3RbB
|
||||
# D0s8ICyojeyPVLerz4wHjZu68Z5frAzhZ68YbzNs8j2fIBKKHkHyLG1iQyF+LJVj
|
||||
# 2PjCP+auJsj6fQQpMGoyGtpLcSDh+ptcTngUD8JsWipzTCjmaNqdPHAOYmcgtf4b
|
||||
# qocikt3WAdU^invalid DO NOT USE=
|
||||
# -----END CERTIFICATE-----
|
||||
|
||||
## The private key used with the certificate_chain if the server requests TLS Client Authentication
|
||||
## i.e. Mutual TLS.
|
||||
# private_key: |
|
||||
# -----BEGIN RSA PRIVATE KEY-----
|
||||
# MIIEpAIBAAKCAQEA8q/elLI/ijMYSJUsnXh0hYUIQYSCrtZQwjRJlmpADYgPQvn1
|
||||
# T9D9SzLLu4L2B8xTM4NOkA22Q6MVBxACzGVHUU6NUGtflCCNK9fBtCfcO3AwDtdZ
|
||||
# KXou5jHasFhKUxI3lRlCb9HEy1d8srZvnVaAQRgMWL6cQJKorNHhHnh44+QERZF+
|
||||
# +5j3UAyOWGmK+Dx7glaSrgtVBQpuaIVjAh0rxdCI3huVj1bBfAkVizmxD9RgzAEW
|
||||
# LQeRY6HsYSN/GChQ49q4i55lIxKVCnvOoAff03RlJhvpxLQ2mPntChZlJjdqTzt5
|
||||
# txE1/isK9ktvLsug3upgIrGYJoMPfHb41ilYfwIDAQABAoIBAQDTOdFf2JjHH1um
|
||||
# aPgRAvNf9v7Nj5jytaRKs5nM6iNf46ls4QPreXnMhqSeSwj6lpNgBYxOgzC9Q+cc
|
||||
# Y4ob/paJJPaIJTxmP8K/gyWcOQlNToL1l+eJ20eQoZm23NGr5fIsunSBwLEpTrdB
|
||||
# ENqqtcwhW937K8Pxy/Q1nuLyU2bc6Tn/ivLozc8n27dpQWWKh8537VY7ancIaACr
|
||||
# LJJLYxKqhQpjtBWAyCDvZQirnAOm9KnvIHaGXIswCZ4Xbsu0Y9NL+woARPyRVQvG
|
||||
# jfxy4EmO9s1s6y7OObSukwKDSNihAKHx/VIbvVWx8g2Lv5fGOa+J2Y7o9Qurs8t5
|
||||
# BQwMTt0BAoGBAPUw5Z32EszNepAeV3E2mPFUc5CLiqAxagZJuNDO2pKtyN29ETTR
|
||||
# Ma4O1cWtGb6RqcNNN/Iukfkdk27Q5nC9VJSUUPYelOLc1WYOoUf6oKRzE72dkMQV
|
||||
# R4bf6TkjD+OVR17fAfkswkGahZ5XA7j48KIQ+YC4jbnYKSxZTYyKPjH/AoGBAP1i
|
||||
# tqXt36OVlP+y84wWqZSjMelBIVa9phDVGJmmhz3i1cMni8eLpJzWecA3pfnG6Tm9
|
||||
# ze5M4whASleEt+M00gEvNaU9ND+z0wBfi+/DwJYIbv8PQdGrBiZFrPhTPjGQUldR
|
||||
# lXccV2meeLZv7TagVxSi3DO6dSJfSEHyemd5j9mBAoGAX8Hv+0gOQZQCSOTAq8Nx
|
||||
# 6dZcp9gHlNaXnMsP9eTDckOSzh636JPGvj6m+GPJSSbkURUIQ3oyokMNwFqvlNos
|
||||
# fTaLhAOfjBZI9WnDTTQxpugWjphJ4HqbC67JC/qIiw5S6FdaEvGLEEoD4zoChywZ
|
||||
# 9oGAn+fz2d/0/JAH/FpFPgsCgYEAp/ipZgPzziiZ9ov1wbdAQcWRj7RaWnssPFpX
|
||||
# jXwEiXT3CgEMO4MJ4+KWIWOChrti3qFBg6i6lDyyS6Qyls7sLFbUdC7HlTcrOEMe
|
||||
# rBoTcCI1GqZNlqWOVQ65ZIEiaI7o1vPBZo2GMQEZuq8mDKFsOMThvvTrM5cAep84
|
||||
# n6HJR4ECgYABWcbsSnr0MKvVth/inxjbKapbZnp2HUCuw87Ie5zK2Of/tbC20wwk
|
||||
# yKw3vrGoE3O1t1g2m2tn8UGGASeZ842jZWjIODdSi5+icysQGuULKt86h/woz2SQ
|
||||
# 27GoE2i5mh6Yez6VAYbUuns3FcwIsMyWLq043Tu2DNkx9ijOOAuQzw^invalid..
|
||||
# DO NOT USE==
|
||||
# -----END RSA PRIVATE KEY-----
|
||||
|
||||
##
|
||||
## Identity Providers
|
||||
|
|
|
@ -218,13 +218,13 @@ webauthn:
|
|||
##
|
||||
## Parameters used to contact the Duo API. Those are generated when you protect an application of type
|
||||
## "Partner Auth API" in the management panel.
|
||||
duo_api:
|
||||
disable: false
|
||||
hostname: api-123456789.example.com
|
||||
integration_key: ABCDEF
|
||||
# duo_api:
|
||||
# disable: false
|
||||
# hostname: api-123456789.example.com
|
||||
# integration_key: ABCDEF
|
||||
## Secret can also be set using a secret: https://www.authelia.com/c/secrets
|
||||
secret_key: 1234567890abcdefghifjkl
|
||||
enable_self_enrollment: false
|
||||
# secret_key: 1234567890abcdefghifjkl
|
||||
# enable_self_enrollment: false
|
||||
|
||||
##
|
||||
## NTP Configuration
|
||||
|
@ -281,7 +281,7 @@ authentication_backend:
|
|||
## This is the recommended Authentication Provider in production
|
||||
## because it allows Authelia to offload the stateful operations
|
||||
## onto the LDAP service.
|
||||
ldap:
|
||||
# ldap:
|
||||
## The LDAP implementation, this affects elements like the attribute utilised for resetting a password.
|
||||
## Acceptable options are as follows:
|
||||
## - 'activedirectory' - For Microsoft Active Directory.
|
||||
|
@ -291,32 +291,32 @@ authentication_backend:
|
|||
## Depending on the option here certain other values in this section have a default value, notably all of the
|
||||
## attribute mappings have a default value that this config overrides, you can read more about these default values
|
||||
## at https://www.authelia.com/c/ldap#defaults
|
||||
implementation: custom
|
||||
# implementation: custom
|
||||
|
||||
## The url to the ldap server. Format: <scheme>://<address>[:<port>].
|
||||
## Scheme can be ldap or ldaps in the format (port optional).
|
||||
url: ldap://127.0.0.1
|
||||
# url: ldap://127.0.0.1
|
||||
|
||||
## The dial timeout for LDAP.
|
||||
timeout: 5s
|
||||
# timeout: 5s
|
||||
|
||||
## Use StartTLS with the LDAP connection.
|
||||
start_tls: false
|
||||
# start_tls: false
|
||||
|
||||
tls:
|
||||
# tls:
|
||||
## Server Name for certificate validation (in case it's not set correctly in the URL).
|
||||
# server_name: ldap.example.com
|
||||
|
||||
## Skip verifying the server certificate (to allow a self-signed certificate).
|
||||
## In preference to setting this we strongly recommend you add the public portion of the certificate to the
|
||||
## certificates directory which is defined by the `certificates_directory` option at the top of the config.
|
||||
skip_verify: false
|
||||
# skip_verify: false
|
||||
|
||||
## Minimum TLS version for either Secure LDAP or LDAP StartTLS.
|
||||
minimum_version: TLS1.2
|
||||
# minimum_version: TLS1.2
|
||||
|
||||
## Maximum TLS version for either Secure LDAP or LDAP StartTLS.
|
||||
maximum_version: TLS1.3
|
||||
# maximum_version: TLS1.3
|
||||
|
||||
## The certificate chain used with the private_key if the server requests TLS Client Authentication
|
||||
## i.e. Mutual TLS.
|
||||
|
@ -393,7 +393,7 @@ authentication_backend:
|
|||
|
||||
## The distinguished name of the container searched for objects in the directory information tree.
|
||||
## See also: additional_users_dn, additional_groups_dn.
|
||||
base_dn: dc=example,dc=com
|
||||
# base_dn: dc=example,dc=com
|
||||
|
||||
## The attribute holding the username of the user. This attribute is used to populate the username in the session
|
||||
## information. It was introduced due to #561 to handle case insensitive search queries. For you information,
|
||||
|
@ -407,7 +407,7 @@ authentication_backend:
|
|||
|
||||
## The additional_users_dn is prefixed to base_dn and delimited by a comma when searching for users.
|
||||
## i.e. with this set to OU=Users and base_dn set to DC=a,DC=com; OU=Users,DC=a,DC=com is searched for users.
|
||||
additional_users_dn: ou=users
|
||||
# additional_users_dn: ou=users
|
||||
|
||||
## The users filter used in search queries to find the user profile based on input filled in login form.
|
||||
## Various placeholders are available in the user filter which you can read about in the documentation which can
|
||||
|
@ -421,11 +421,11 @@ authentication_backend:
|
|||
##
|
||||
## To allow sign in both with username and email, one can use a filter like
|
||||
## (&(|({username_attribute}={input})({mail_attribute}={input}))(objectClass=person))
|
||||
users_filter: (&({username_attribute}={input})(objectClass=person))
|
||||
# users_filter: (&({username_attribute}={input})(objectClass=person))
|
||||
|
||||
## The additional_groups_dn is prefixed to base_dn and delimited by a comma when searching for groups.
|
||||
## i.e. with this set to OU=Groups and base_dn set to DC=a,DC=com; OU=Groups,DC=a,DC=com is searched for groups.
|
||||
additional_groups_dn: ou=groups
|
||||
# additional_groups_dn: ou=groups
|
||||
|
||||
## The groups filter used in search queries to find the groups based on relevant authenticated user.
|
||||
## Various placeholders are available in the groups filter which you can read about in the documentation which can
|
||||
|
@ -433,7 +433,7 @@ authentication_backend:
|
|||
##
|
||||
## If your groups use the `groupOfUniqueNames` structure use this instead:
|
||||
## (&(uniqueMember={dn})(objectClass=groupOfUniqueNames))
|
||||
groups_filter: (&(member={dn})(objectClass=groupOfNames))
|
||||
# groups_filter: (&(member={dn})(objectClass=groupOfNames))
|
||||
|
||||
## The attribute holding the name of the group.
|
||||
# group_name_attribute: cn
|
||||
|
@ -447,12 +447,12 @@ authentication_backend:
|
|||
|
||||
## Follow referrals returned by the server.
|
||||
## This is especially useful for environments where read-only servers exist. Only implemented for write operations.
|
||||
permit_referrals: false
|
||||
# permit_referrals: false
|
||||
|
||||
## The username and password of the admin user.
|
||||
user: cn=admin,dc=example,dc=com
|
||||
# user: cn=admin,dc=example,dc=com
|
||||
## Password can also be set using a secret: https://www.authelia.com/c/secrets
|
||||
password: password
|
||||
# password: password
|
||||
|
||||
##
|
||||
## File (Authentication Provider)
|
||||
|
@ -566,18 +566,18 @@ access_control:
|
|||
## resource if there is no policy to be applied to the user.
|
||||
default_policy: deny
|
||||
|
||||
networks:
|
||||
- name: internal
|
||||
networks:
|
||||
- 10.10.0.0/16
|
||||
- 192.168.2.0/24
|
||||
- name: VPN
|
||||
networks: 10.9.0.0/16
|
||||
# networks:
|
||||
# - name: internal
|
||||
# networks:
|
||||
# - 10.10.0.0/16
|
||||
# - 192.168.2.0/24
|
||||
# - name: VPN
|
||||
# networks: 10.9.0.0/16
|
||||
|
||||
rules:
|
||||
# rules:
|
||||
## Rules applied to everyone
|
||||
- domain: 'public.example.com'
|
||||
policy: bypass
|
||||
# - domain: 'public.example.com'
|
||||
# policy: bypass
|
||||
|
||||
## Domain Regex examples. Generally we recommend just using a standard domain.
|
||||
# - domain_regex: '^(?P<User>\w+)\.example\.com$'
|
||||
|
@ -591,64 +591,64 @@ access_control:
|
|||
# - domain_regex: '^.*\.example\.com$'
|
||||
# policy: two_factor
|
||||
|
||||
- domain: 'secure.example.com'
|
||||
policy: one_factor
|
||||
# - domain: 'secure.example.com'
|
||||
# policy: one_factor
|
||||
## Network based rule, if not provided any network matches.
|
||||
networks:
|
||||
- internal
|
||||
- VPN
|
||||
- 192.168.1.0/24
|
||||
- 10.0.0.1
|
||||
# networks:
|
||||
# - internal
|
||||
# - VPN
|
||||
# - 192.168.1.0/24
|
||||
# - 10.0.0.1
|
||||
|
||||
- domain:
|
||||
- 'secure.example.com'
|
||||
- 'private.example.com'
|
||||
policy: two_factor
|
||||
# - domain:
|
||||
# - 'secure.example.com'
|
||||
# - 'private.example.com'
|
||||
# policy: two_factor
|
||||
|
||||
- domain: 'singlefactor.example.com'
|
||||
policy: one_factor
|
||||
# - domain: 'singlefactor.example.com'
|
||||
# policy: one_factor
|
||||
|
||||
## Rules applied to 'admins' group
|
||||
- domain: 'mx2.mail.example.com'
|
||||
subject: 'group:admins'
|
||||
policy: deny
|
||||
# - domain: 'mx2.mail.example.com'
|
||||
# subject: 'group:admins'
|
||||
# policy: deny
|
||||
|
||||
- domain: '*.example.com'
|
||||
subject:
|
||||
- 'group:admins'
|
||||
- 'group:moderators'
|
||||
policy: two_factor
|
||||
# - domain: '*.example.com'
|
||||
# subject:
|
||||
# - 'group:admins'
|
||||
# - 'group:moderators'
|
||||
# policy: two_factor
|
||||
|
||||
## Rules applied to 'dev' group
|
||||
- domain: 'dev.example.com'
|
||||
resources:
|
||||
- '^/groups/dev/.*$'
|
||||
subject: 'group:dev'
|
||||
policy: two_factor
|
||||
# - domain: 'dev.example.com'
|
||||
# resources:
|
||||
# - '^/groups/dev/.*$'
|
||||
# subject: 'group:dev'
|
||||
# policy: two_factor
|
||||
|
||||
## Rules applied to user 'john'
|
||||
- domain: 'dev.example.com'
|
||||
resources:
|
||||
- '^/users/john/.*$'
|
||||
subject: 'user:john'
|
||||
policy: two_factor
|
||||
# - domain: 'dev.example.com'
|
||||
# resources:
|
||||
# - '^/users/john/.*$'
|
||||
# subject: 'user:john'
|
||||
# policy: two_factor
|
||||
|
||||
## Rules applied to user 'harry'
|
||||
- domain: 'dev.example.com'
|
||||
resources:
|
||||
- '^/users/harry/.*$'
|
||||
subject: 'user:harry'
|
||||
policy: two_factor
|
||||
# - domain: 'dev.example.com'
|
||||
# resources:
|
||||
# - '^/users/harry/.*$'
|
||||
# subject: 'user:harry'
|
||||
# policy: two_factor
|
||||
|
||||
## Rules applied to user 'bob'
|
||||
- domain: '*.mail.example.com'
|
||||
subject: 'user:bob'
|
||||
policy: two_factor
|
||||
- domain: 'dev.example.com'
|
||||
resources:
|
||||
- '^/users/bob/.*$'
|
||||
subject: 'user:bob'
|
||||
policy: two_factor
|
||||
# - domain: '*.mail.example.com'
|
||||
# subject: 'user:bob'
|
||||
# policy: two_factor
|
||||
# - domain: 'dev.example.com'
|
||||
# resources:
|
||||
# - '^/users/bob/.*$'
|
||||
# subject: 'user:bob'
|
||||
# policy: two_factor
|
||||
|
||||
##
|
||||
## Session Provider Configuration
|
||||
|
@ -694,9 +694,9 @@ session:
|
|||
##
|
||||
## Important: Kubernetes (or HA) users must read https://www.authelia.com/t/statelessness
|
||||
##
|
||||
redis:
|
||||
host: 127.0.0.1
|
||||
port: 6379
|
||||
# redis:
|
||||
# host: 127.0.0.1
|
||||
# port: 6379
|
||||
## Use a unix socket instead
|
||||
# host: /var/run/redis/redis.sock
|
||||
|
||||
|
@ -704,16 +704,16 @@ session:
|
|||
# username: authelia
|
||||
|
||||
## Password can also be set using a secret: https://www.authelia.com/c/secrets
|
||||
password: authelia
|
||||
# password: authelia
|
||||
|
||||
## This is the Redis DB Index https://redis.io/commands/select (sometimes referred to as database number, DB, etc).
|
||||
database_index: 0
|
||||
# database_index: 0
|
||||
|
||||
## The maximum number of concurrent active connections to Redis.
|
||||
maximum_active_connections: 8
|
||||
# maximum_active_connections: 8
|
||||
|
||||
## The target number of idle connections to have open ready for work. Useful when opening connections is slow.
|
||||
minimum_idle_connections: 0
|
||||
# minimum_idle_connections: 0
|
||||
|
||||
## The Redis TLS configuration. If defined will require a TLS connection to the Redis instance(s).
|
||||
# tls:
|
||||
|
@ -728,6 +728,82 @@ session:
|
|||
## Minimum TLS version for the connection.
|
||||
# minimum_version: TLS1.2
|
||||
|
||||
## Maximum TLS version for the connection.
|
||||
# maximum_version: TLS1.3
|
||||
|
||||
## The certificate chain used with the private_key if the server requests TLS Client Authentication
|
||||
## i.e. Mutual TLS.
|
||||
# certificate_chain: |
|
||||
# -----BEGIN CERTIFICATE-----
|
||||
# MIIC5jCCAc6gAwIBAgIRAK4Sj7FiN6PXo/urPfO4E7owDQYJKoZIhvcNAQELBQAw
|
||||
# EzERMA8GA1UEChMIQXV0aGVsaWEwHhcNNzAwMTAxMDAwMDAwWhcNNzEwMTAxMDAw
|
||||
# MDAwWjATMREwDwYDVQQKEwhBdXRoZWxpYTCCASIwDQYJKoZIhvcNAQEBBQADggEP
|
||||
# ADCCAQoCggEBAPKv3pSyP4ozGEiVLJ14dIWFCEGEgq7WUMI0SZZqQA2ID0L59U/Q
|
||||
# /Usyy7uC9gfMUzODTpANtkOjFQcQAsxlR1FOjVBrX5QgjSvXwbQn3DtwMA7XWSl6
|
||||
# LuYx2rBYSlMSN5UZQm/RxMtXfLK2b51WgEEYDFi+nECSqKzR4R54eOPkBEWRfvuY
|
||||
# 91AMjlhpivg8e4JWkq4LVQUKbmiFYwIdK8XQiN4blY9WwXwJFYs5sQ/UYMwBFi0H
|
||||
# kWOh7GEjfxgoUOPauIueZSMSlQp7zqAH39N0ZSYb6cS0Npj57QoWZSY3ak87ebcR
|
||||
# Nf4rCvZLby7LoN7qYCKxmCaDD3x2+NYpWH8CAwEAAaM1MDMwDgYDVR0PAQH/BAQD
|
||||
# AgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcN
|
||||
# AQELBQADggEBAHSITqIQSNzonFl3DzxHPEzr2hp6peo45buAAtu8FZHoA+U7Icfh
|
||||
# /ZXjPg7Xz+hgFwM/DTNGXkMWacQA/PaNWvZspgRJf2AXvNbMSs2UQODr7Tbv+Fb4
|
||||
# lyblmMUNYFMCFVAMU0eIxXAFq2qcwv8UMcQFT0Z/35s6PVOakYnAGGQjTfp5Ljuq
|
||||
# wsdc/xWmM0cHWube6sdRRUD7SY20KU/kWzl8iFO0VbSSrDf1AlEhnLEkp1SPaxXg
|
||||
# OdBnl98MeoramNiJ7NT6Jnyb3zZ578fjaWfThiBpagItI8GZmG4s4Ovh2JbheN8i
|
||||
# ZsjNr9jqHTjhyLVbDRlmJzcqoj4JhbKs6/I^invalid DO NOT USE=
|
||||
# -----END CERTIFICATE-----
|
||||
# -----BEGIN CERTIFICATE-----
|
||||
# MIIDBDCCAeygAwIBAgIRALJsPg21kA0zY4F1wUCIuoMwDQYJKoZIhvcNAQELBQAw
|
||||
# EzERMA8GA1UEChMIQXV0aGVsaWEwHhcNNzAwMTAxMDAwMDAwWhcNNzEwMTAxMDAw
|
||||
# MDAwWjATMREwDwYDVQQKEwhBdXRoZWxpYTCCASIwDQYJKoZIhvcNAQEBBQADggEP
|
||||
# ADCCAQoCggEBAMXHBvVxUzYk0u34/DINMSF+uiOekKOAjOrC6Mi9Ww8ytPVO7t2S
|
||||
# zfTvM+XnEJqkFQFgimERfG/eGhjF9XIEY6LtnXe8ATvOK4nTwdufzBaoeQu3Gd50
|
||||
# 5VXr6OHRo//ErrGvFXwP3g8xLePABsi/fkH3oDN+ztewOBMDzpd+KgTrk8ysv2ou
|
||||
# kNRMKFZZqASvCgv0LD5KWvUCnL6wgf1oTXG7aztduA4oSkUP321GpOmBC5+5ElU7
|
||||
# ysoRzvD12o9QJ/IfEaulIX06w9yVMo60C/h6A3U6GdkT1SiyTIqR7v7KU/IWd/Qi
|
||||
# Lfftcj91VhCmJ73Meff2e2S2PrpjdXbG5FMCAwEAAaNTMFEwDgYDVR0PAQH/BAQD
|
||||
# AgKkMA8GA1UdJQQIMAYGBFUdJQAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU
|
||||
# Z7AtA3mzFc0InSBA5fiMfeLXA3owDQYJKoZIhvcNAQELBQADggEBAEE5hm1mtlk/
|
||||
# kviCoHH4evbpw7rxPxDftIQlqYTtvMM4eWY/6icFoSZ4fUHEWYyps8SsPu/8f2tf
|
||||
# 71LGgZn0FdHi1QU2H8m0HHK7TFw+5Q6RLrLdSyk0PItJ71s9en7r8pX820nAFEHZ
|
||||
# HkOSfJZ7B5hFgUDkMtVM6bardXAhoqcMk4YCU96e9d4PB4eI+xGc+mNuYvov3RbB
|
||||
# D0s8ICyojeyPVLerz4wHjZu68Z5frAzhZ68YbzNs8j2fIBKKHkHyLG1iQyF+LJVj
|
||||
# 2PjCP+auJsj6fQQpMGoyGtpLcSDh+ptcTngUD8JsWipzTCjmaNqdPHAOYmcgtf4b
|
||||
# qocikt3WAdU^invalid DO NOT USE=
|
||||
# -----END CERTIFICATE-----
|
||||
|
||||
## The private key used with the certificate_chain if the server requests TLS Client Authentication
|
||||
## i.e. Mutual TLS.
|
||||
# private_key: |
|
||||
# -----BEGIN RSA PRIVATE KEY-----
|
||||
# MIIEpAIBAAKCAQEA8q/elLI/ijMYSJUsnXh0hYUIQYSCrtZQwjRJlmpADYgPQvn1
|
||||
# T9D9SzLLu4L2B8xTM4NOkA22Q6MVBxACzGVHUU6NUGtflCCNK9fBtCfcO3AwDtdZ
|
||||
# KXou5jHasFhKUxI3lRlCb9HEy1d8srZvnVaAQRgMWL6cQJKorNHhHnh44+QERZF+
|
||||
# +5j3UAyOWGmK+Dx7glaSrgtVBQpuaIVjAh0rxdCI3huVj1bBfAkVizmxD9RgzAEW
|
||||
# LQeRY6HsYSN/GChQ49q4i55lIxKVCnvOoAff03RlJhvpxLQ2mPntChZlJjdqTzt5
|
||||
# txE1/isK9ktvLsug3upgIrGYJoMPfHb41ilYfwIDAQABAoIBAQDTOdFf2JjHH1um
|
||||
# aPgRAvNf9v7Nj5jytaRKs5nM6iNf46ls4QPreXnMhqSeSwj6lpNgBYxOgzC9Q+cc
|
||||
# Y4ob/paJJPaIJTxmP8K/gyWcOQlNToL1l+eJ20eQoZm23NGr5fIsunSBwLEpTrdB
|
||||
# ENqqtcwhW937K8Pxy/Q1nuLyU2bc6Tn/ivLozc8n27dpQWWKh8537VY7ancIaACr
|
||||
# LJJLYxKqhQpjtBWAyCDvZQirnAOm9KnvIHaGXIswCZ4Xbsu0Y9NL+woARPyRVQvG
|
||||
# jfxy4EmO9s1s6y7OObSukwKDSNihAKHx/VIbvVWx8g2Lv5fGOa+J2Y7o9Qurs8t5
|
||||
# BQwMTt0BAoGBAPUw5Z32EszNepAeV3E2mPFUc5CLiqAxagZJuNDO2pKtyN29ETTR
|
||||
# Ma4O1cWtGb6RqcNNN/Iukfkdk27Q5nC9VJSUUPYelOLc1WYOoUf6oKRzE72dkMQV
|
||||
# R4bf6TkjD+OVR17fAfkswkGahZ5XA7j48KIQ+YC4jbnYKSxZTYyKPjH/AoGBAP1i
|
||||
# tqXt36OVlP+y84wWqZSjMelBIVa9phDVGJmmhz3i1cMni8eLpJzWecA3pfnG6Tm9
|
||||
# ze5M4whASleEt+M00gEvNaU9ND+z0wBfi+/DwJYIbv8PQdGrBiZFrPhTPjGQUldR
|
||||
# lXccV2meeLZv7TagVxSi3DO6dSJfSEHyemd5j9mBAoGAX8Hv+0gOQZQCSOTAq8Nx
|
||||
# 6dZcp9gHlNaXnMsP9eTDckOSzh636JPGvj6m+GPJSSbkURUIQ3oyokMNwFqvlNos
|
||||
# fTaLhAOfjBZI9WnDTTQxpugWjphJ4HqbC67JC/qIiw5S6FdaEvGLEEoD4zoChywZ
|
||||
# 9oGAn+fz2d/0/JAH/FpFPgsCgYEAp/ipZgPzziiZ9ov1wbdAQcWRj7RaWnssPFpX
|
||||
# jXwEiXT3CgEMO4MJ4+KWIWOChrti3qFBg6i6lDyyS6Qyls7sLFbUdC7HlTcrOEMe
|
||||
# rBoTcCI1GqZNlqWOVQ65ZIEiaI7o1vPBZo2GMQEZuq8mDKFsOMThvvTrM5cAep84
|
||||
# n6HJR4ECgYABWcbsSnr0MKvVth/inxjbKapbZnp2HUCuw87Ie5zK2Of/tbC20wwk
|
||||
# yKw3vrGoE3O1t1g2m2tn8UGGASeZ842jZWjIODdSi5+icysQGuULKt86h/woz2SQ
|
||||
# 27GoE2i5mh6Yez6VAYbUuns3FcwIsMyWLq043Tu2DNkx9ijOOAuQzw^invalid..
|
||||
# DO NOT USE==
|
||||
# -----END RSA PRIVATE KEY-----
|
||||
|
||||
## The Redis HA configuration options.
|
||||
## This provides specific options to Redis Sentinel, sentinel_name must be defined (Master Name).
|
||||
# high_availability:
|
||||
|
@ -777,7 +853,7 @@ regulation:
|
|||
## Storage Provider Configuration
|
||||
##
|
||||
## The available providers are: `local`, `mysql`, `postgres`. You must use one and only one of these providers.
|
||||
storage:
|
||||
# storage:
|
||||
## The encryption key that is used to encrypt sensitive information in the database. Must be a string with a minimum
|
||||
## length of 20. Please see the docs if you configure this with an undesirable key and need to change it.
|
||||
# encryption_key: you_must_generate_a_random_string_of_more_than_twenty_chars_and_configure_this
|
||||
|
@ -791,19 +867,20 @@ storage:
|
|||
## Important: Kubernetes (or HA) users must read https://www.authelia.com/t/statelessness
|
||||
##
|
||||
# local:
|
||||
## Path to the SQLite3 Database.
|
||||
# path: /config/db.sqlite3
|
||||
|
||||
##
|
||||
## MySQL / MariaDB (Storage Provider)
|
||||
##
|
||||
mysql:
|
||||
host: 127.0.0.1
|
||||
port: 3306
|
||||
database: authelia
|
||||
username: authelia
|
||||
# mysql:
|
||||
# host: 127.0.0.1
|
||||
# port: 3306
|
||||
# database: authelia
|
||||
# username: authelia
|
||||
## Password can also be set using a secret: https://www.authelia.com/c/secrets
|
||||
password: mypassword
|
||||
timeout: 5s
|
||||
# password: mypassword
|
||||
# timeout: 5s
|
||||
|
||||
##
|
||||
## PostgreSQL (Storage Provider)
|
||||
|
@ -814,7 +891,7 @@ storage:
|
|||
# database: authelia
|
||||
# schema: public
|
||||
# username: authelia
|
||||
# ## Password can also be set using a secret: https://www.authelia.com/c/secrets
|
||||
## Password can also be set using a secret: https://www.authelia.com/c/secrets
|
||||
# password: mypassword
|
||||
# timeout: 5s
|
||||
# ssl:
|
||||
|
@ -850,55 +927,131 @@ notifier:
|
|||
## (only works for unauthenticated connections)
|
||||
## - validate the SMTP server x509 certificate during the TLS handshake against the hosts trusted certificates
|
||||
## (configure in tls section)
|
||||
smtp:
|
||||
# smtp:
|
||||
## The SMTP host to connect to.
|
||||
host: 127.0.0.1
|
||||
# host: 127.0.0.1
|
||||
|
||||
## The port to connect to the SMTP host on.
|
||||
port: 1025
|
||||
# port: 1025
|
||||
|
||||
## The connection timeout.
|
||||
timeout: 5s
|
||||
# timeout: 5s
|
||||
|
||||
## The username used for SMTP authentication.
|
||||
username: test
|
||||
# username: test
|
||||
|
||||
## The password used for SMTP authentication.
|
||||
## Can also be set using a secret: https://www.authelia.com/c/secrets
|
||||
password: password
|
||||
# password: password
|
||||
|
||||
## The sender is used to is used for the MAIL FROM command and the FROM header.
|
||||
## If this is not defined and the username is an email, we use the username as this value. This can either be just
|
||||
## an email address or the RFC5322 'Name <email address>' format.
|
||||
sender: "Authelia <admin@example.com>"
|
||||
# sender: "Authelia <admin@example.com>"
|
||||
|
||||
## HELO/EHLO Identifier. Some SMTP Servers may reject the default of localhost.
|
||||
identifier: localhost
|
||||
# identifier: localhost
|
||||
|
||||
## Subject configuration of the emails sent. {title} is replaced by the text from the notifier.
|
||||
subject: "[Authelia] {title}"
|
||||
# subject: "[Authelia] {title}"
|
||||
|
||||
## This address is used during the startup check to verify the email configuration is correct.
|
||||
## It's not important what it is except if your email server only allows local delivery.
|
||||
startup_check_address: test@authelia.com
|
||||
# startup_check_address: test@authelia.com
|
||||
|
||||
## By default we require some form of TLS. This disables this check though is not advised.
|
||||
disable_require_tls: false
|
||||
# disable_require_tls: false
|
||||
|
||||
## Disables sending HTML formatted emails.
|
||||
disable_html_emails: false
|
||||
# disable_html_emails: false
|
||||
|
||||
tls:
|
||||
# tls:
|
||||
## Server Name for certificate validation (in case you are using the IP or non-FQDN in the host option).
|
||||
# server_name: smtp.example.com
|
||||
|
||||
## Skip verifying the server certificate (to allow a self-signed certificate).
|
||||
## In preference to setting this we strongly recommend you add the public portion of the certificate to the
|
||||
## certificates directory which is defined by the `certificates_directory` option at the top of the config.
|
||||
skip_verify: false
|
||||
# skip_verify: false
|
||||
|
||||
## Minimum TLS version for either StartTLS or SMTPS.
|
||||
minimum_version: TLS1.2
|
||||
# minimum_version: TLS1.2
|
||||
|
||||
## Maximum TLS version for either StartTLS or SMTPS.
|
||||
# maximum_version: TLS1.3
|
||||
|
||||
## The certificate chain used with the private_key if the server requests TLS Client Authentication
|
||||
## i.e. Mutual TLS.
|
||||
# certificate_chain: |
|
||||
# -----BEGIN CERTIFICATE-----
|
||||
# MIIC5jCCAc6gAwIBAgIRAK4Sj7FiN6PXo/urPfO4E7owDQYJKoZIhvcNAQELBQAw
|
||||
# EzERMA8GA1UEChMIQXV0aGVsaWEwHhcNNzAwMTAxMDAwMDAwWhcNNzEwMTAxMDAw
|
||||
# MDAwWjATMREwDwYDVQQKEwhBdXRoZWxpYTCCASIwDQYJKoZIhvcNAQEBBQADggEP
|
||||
# ADCCAQoCggEBAPKv3pSyP4ozGEiVLJ14dIWFCEGEgq7WUMI0SZZqQA2ID0L59U/Q
|
||||
# /Usyy7uC9gfMUzODTpANtkOjFQcQAsxlR1FOjVBrX5QgjSvXwbQn3DtwMA7XWSl6
|
||||
# LuYx2rBYSlMSN5UZQm/RxMtXfLK2b51WgEEYDFi+nECSqKzR4R54eOPkBEWRfvuY
|
||||
# 91AMjlhpivg8e4JWkq4LVQUKbmiFYwIdK8XQiN4blY9WwXwJFYs5sQ/UYMwBFi0H
|
||||
# kWOh7GEjfxgoUOPauIueZSMSlQp7zqAH39N0ZSYb6cS0Npj57QoWZSY3ak87ebcR
|
||||
# Nf4rCvZLby7LoN7qYCKxmCaDD3x2+NYpWH8CAwEAAaM1MDMwDgYDVR0PAQH/BAQD
|
||||
# AgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcN
|
||||
# AQELBQADggEBAHSITqIQSNzonFl3DzxHPEzr2hp6peo45buAAtu8FZHoA+U7Icfh
|
||||
# /ZXjPg7Xz+hgFwM/DTNGXkMWacQA/PaNWvZspgRJf2AXvNbMSs2UQODr7Tbv+Fb4
|
||||
# lyblmMUNYFMCFVAMU0eIxXAFq2qcwv8UMcQFT0Z/35s6PVOakYnAGGQjTfp5Ljuq
|
||||
# wsdc/xWmM0cHWube6sdRRUD7SY20KU/kWzl8iFO0VbSSrDf1AlEhnLEkp1SPaxXg
|
||||
# OdBnl98MeoramNiJ7NT6Jnyb3zZ578fjaWfThiBpagItI8GZmG4s4Ovh2JbheN8i
|
||||
# ZsjNr9jqHTjhyLVbDRlmJzcqoj4JhbKs6/I^invalid DO NOT USE=
|
||||
# -----END CERTIFICATE-----
|
||||
# -----BEGIN CERTIFICATE-----
|
||||
# MIIDBDCCAeygAwIBAgIRALJsPg21kA0zY4F1wUCIuoMwDQYJKoZIhvcNAQELBQAw
|
||||
# EzERMA8GA1UEChMIQXV0aGVsaWEwHhcNNzAwMTAxMDAwMDAwWhcNNzEwMTAxMDAw
|
||||
# MDAwWjATMREwDwYDVQQKEwhBdXRoZWxpYTCCASIwDQYJKoZIhvcNAQEBBQADggEP
|
||||
# ADCCAQoCggEBAMXHBvVxUzYk0u34/DINMSF+uiOekKOAjOrC6Mi9Ww8ytPVO7t2S
|
||||
# zfTvM+XnEJqkFQFgimERfG/eGhjF9XIEY6LtnXe8ATvOK4nTwdufzBaoeQu3Gd50
|
||||
# 5VXr6OHRo//ErrGvFXwP3g8xLePABsi/fkH3oDN+ztewOBMDzpd+KgTrk8ysv2ou
|
||||
# kNRMKFZZqASvCgv0LD5KWvUCnL6wgf1oTXG7aztduA4oSkUP321GpOmBC5+5ElU7
|
||||
# ysoRzvD12o9QJ/IfEaulIX06w9yVMo60C/h6A3U6GdkT1SiyTIqR7v7KU/IWd/Qi
|
||||
# Lfftcj91VhCmJ73Meff2e2S2PrpjdXbG5FMCAwEAAaNTMFEwDgYDVR0PAQH/BAQD
|
||||
# AgKkMA8GA1UdJQQIMAYGBFUdJQAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU
|
||||
# Z7AtA3mzFc0InSBA5fiMfeLXA3owDQYJKoZIhvcNAQELBQADggEBAEE5hm1mtlk/
|
||||
# kviCoHH4evbpw7rxPxDftIQlqYTtvMM4eWY/6icFoSZ4fUHEWYyps8SsPu/8f2tf
|
||||
# 71LGgZn0FdHi1QU2H8m0HHK7TFw+5Q6RLrLdSyk0PItJ71s9en7r8pX820nAFEHZ
|
||||
# HkOSfJZ7B5hFgUDkMtVM6bardXAhoqcMk4YCU96e9d4PB4eI+xGc+mNuYvov3RbB
|
||||
# D0s8ICyojeyPVLerz4wHjZu68Z5frAzhZ68YbzNs8j2fIBKKHkHyLG1iQyF+LJVj
|
||||
# 2PjCP+auJsj6fQQpMGoyGtpLcSDh+ptcTngUD8JsWipzTCjmaNqdPHAOYmcgtf4b
|
||||
# qocikt3WAdU^invalid DO NOT USE=
|
||||
# -----END CERTIFICATE-----
|
||||
|
||||
## The private key used with the certificate_chain if the server requests TLS Client Authentication
|
||||
## i.e. Mutual TLS.
|
||||
# private_key: |
|
||||
# -----BEGIN RSA PRIVATE KEY-----
|
||||
# MIIEpAIBAAKCAQEA8q/elLI/ijMYSJUsnXh0hYUIQYSCrtZQwjRJlmpADYgPQvn1
|
||||
# T9D9SzLLu4L2B8xTM4NOkA22Q6MVBxACzGVHUU6NUGtflCCNK9fBtCfcO3AwDtdZ
|
||||
# KXou5jHasFhKUxI3lRlCb9HEy1d8srZvnVaAQRgMWL6cQJKorNHhHnh44+QERZF+
|
||||
# +5j3UAyOWGmK+Dx7glaSrgtVBQpuaIVjAh0rxdCI3huVj1bBfAkVizmxD9RgzAEW
|
||||
# LQeRY6HsYSN/GChQ49q4i55lIxKVCnvOoAff03RlJhvpxLQ2mPntChZlJjdqTzt5
|
||||
# txE1/isK9ktvLsug3upgIrGYJoMPfHb41ilYfwIDAQABAoIBAQDTOdFf2JjHH1um
|
||||
# aPgRAvNf9v7Nj5jytaRKs5nM6iNf46ls4QPreXnMhqSeSwj6lpNgBYxOgzC9Q+cc
|
||||
# Y4ob/paJJPaIJTxmP8K/gyWcOQlNToL1l+eJ20eQoZm23NGr5fIsunSBwLEpTrdB
|
||||
# ENqqtcwhW937K8Pxy/Q1nuLyU2bc6Tn/ivLozc8n27dpQWWKh8537VY7ancIaACr
|
||||
# LJJLYxKqhQpjtBWAyCDvZQirnAOm9KnvIHaGXIswCZ4Xbsu0Y9NL+woARPyRVQvG
|
||||
# jfxy4EmO9s1s6y7OObSukwKDSNihAKHx/VIbvVWx8g2Lv5fGOa+J2Y7o9Qurs8t5
|
||||
# BQwMTt0BAoGBAPUw5Z32EszNepAeV3E2mPFUc5CLiqAxagZJuNDO2pKtyN29ETTR
|
||||
# Ma4O1cWtGb6RqcNNN/Iukfkdk27Q5nC9VJSUUPYelOLc1WYOoUf6oKRzE72dkMQV
|
||||
# R4bf6TkjD+OVR17fAfkswkGahZ5XA7j48KIQ+YC4jbnYKSxZTYyKPjH/AoGBAP1i
|
||||
# tqXt36OVlP+y84wWqZSjMelBIVa9phDVGJmmhz3i1cMni8eLpJzWecA3pfnG6Tm9
|
||||
# ze5M4whASleEt+M00gEvNaU9ND+z0wBfi+/DwJYIbv8PQdGrBiZFrPhTPjGQUldR
|
||||
# lXccV2meeLZv7TagVxSi3DO6dSJfSEHyemd5j9mBAoGAX8Hv+0gOQZQCSOTAq8Nx
|
||||
# 6dZcp9gHlNaXnMsP9eTDckOSzh636JPGvj6m+GPJSSbkURUIQ3oyokMNwFqvlNos
|
||||
# fTaLhAOfjBZI9WnDTTQxpugWjphJ4HqbC67JC/qIiw5S6FdaEvGLEEoD4zoChywZ
|
||||
# 9oGAn+fz2d/0/JAH/FpFPgsCgYEAp/ipZgPzziiZ9ov1wbdAQcWRj7RaWnssPFpX
|
||||
# jXwEiXT3CgEMO4MJ4+KWIWOChrti3qFBg6i6lDyyS6Qyls7sLFbUdC7HlTcrOEMe
|
||||
# rBoTcCI1GqZNlqWOVQ65ZIEiaI7o1vPBZo2GMQEZuq8mDKFsOMThvvTrM5cAep84
|
||||
# n6HJR4ECgYABWcbsSnr0MKvVth/inxjbKapbZnp2HUCuw87Ie5zK2Of/tbC20wwk
|
||||
# yKw3vrGoE3O1t1g2m2tn8UGGASeZ842jZWjIODdSi5+icysQGuULKt86h/woz2SQ
|
||||
# 27GoE2i5mh6Yez6VAYbUuns3FcwIsMyWLq043Tu2DNkx9ijOOAuQzw^invalid..
|
||||
# DO NOT USE==
|
||||
# -----END RSA PRIVATE KEY-----
|
||||
|
||||
##
|
||||
## Identity Providers
|
||||
|
|
|
@ -48,13 +48,13 @@ var ErrTLSVersionNotSupported = errors.New("supplied tls version isn't supported
|
|||
const ProfileRefreshDisabled = "disable"
|
||||
|
||||
const (
|
||||
// ProfileRefreshAlways represents a Value for refresh_interval that's the same as 0ms.
|
||||
// ProfileRefreshAlways represents a value for refresh_interval that's the same as 0ms.
|
||||
ProfileRefreshAlways = "always"
|
||||
|
||||
// RefreshIntervalDefault represents the default Value of refresh_interval.
|
||||
// RefreshIntervalDefault represents the default value of refresh_interval.
|
||||
RefreshIntervalDefault = "5m"
|
||||
|
||||
// RefreshIntervalAlways represents the duration Value refresh interval should have if set to always.
|
||||
// RefreshIntervalAlways represents the duration value refresh interval should have if set to always.
|
||||
RefreshIntervalAlways = 0 * time.Millisecond
|
||||
)
|
||||
|
||||
|
|
Loading…
Reference in New Issue