initial commit
This commit is contained in:
105
files/config.minimal.yml
Normal file
105
files/config.minimal.yml
Normal file
@@ -0,0 +1,105 @@
|
||||
###############################################################
|
||||
# Authelia minimal configuration #
|
||||
###############################################################
|
||||
|
||||
#logs_level: debug
|
||||
|
||||
authentication_backend:
|
||||
file:
|
||||
path: /etc/authelia/users_database.yml
|
||||
|
||||
session:
|
||||
secret: change_this_for_your_server
|
||||
domain: personal.domain
|
||||
|
||||
# Configuration of the storage backend used to store data and secrets. i.e. totp data
|
||||
storage:
|
||||
local:
|
||||
path: /etc/authelia/storage
|
||||
|
||||
# TOTP Issuer Name
|
||||
#
|
||||
# This will be the issuer name displayed in Google Authenticator
|
||||
# See: https://github.com/google/google-authenticator/wiki/Key-Uri-Format for more info on issuer names
|
||||
totp:
|
||||
issuer: personal.domain
|
||||
|
||||
# Access Control
|
||||
#
|
||||
# Access control is a set of rules you can use to restrict user access to certain
|
||||
# resources.
|
||||
access_control:
|
||||
# Default policy can either be `bypass`, `one_factor`, `two_factor` or `deny`.
|
||||
default_policy: one_factor
|
||||
|
||||
rules:
|
||||
- domain: public.personal.domain
|
||||
policy: bypass
|
||||
- domain: httpbin.personal.domain
|
||||
policy: bypass
|
||||
- domain: auth.cusack.cloud
|
||||
policy: bypass
|
||||
- domain: firewall.personal.domain
|
||||
policy: two_factor
|
||||
- domain: proxmox.personal.domain
|
||||
policy: two_factor
|
||||
# resources:
|
||||
# - '^/api/.*$'
|
||||
# - '^/notifications/.*$'
|
||||
policy: bypass
|
||||
|
||||
# - domain: who.example.com
|
||||
# policy: two_factor
|
||||
|
||||
# Configuration of the authentication regulation mechanism.
|
||||
regulation:
|
||||
# Set it to 0 to disable max_retries.
|
||||
max_retries: 5
|
||||
|
||||
# The user is banned if the authenticaction failed `max_retries` times in a `find_time` seconds window.
|
||||
find_time: 120
|
||||
|
||||
# The length of time before a banned user can login again.
|
||||
ban_time: 180
|
||||
|
||||
# Configuration of session cookies
|
||||
#
|
||||
# The session cookies identify the user once logged in.
|
||||
session:
|
||||
# The name of the session cookie. (default: authelia_session).
|
||||
name: authelia_session
|
||||
|
||||
# The secret to encrypt the session cookie.
|
||||
secret: change_this_for_your_server
|
||||
|
||||
# The time in ms before the cookie expires and session is reset.
|
||||
expiration: 604800000 # 1 week
|
||||
|
||||
# The inactivity time in ms before the session is reset.
|
||||
inactivity: 300000 # 5 minutes
|
||||
|
||||
# The domain to protect.
|
||||
# Note: the authenticator must also be in that domain. If empty, the cookie
|
||||
# is restricted to the subdomain on the issuer.
|
||||
domain: personal.domain
|
||||
|
||||
|
||||
# Default redirection URL
|
||||
#
|
||||
# Note: this parameter is optional. If not provided, user won't
|
||||
# be redirected upon successful authentication.
|
||||
#default_redirection_url: https://authelia.example.domain
|
||||
|
||||
#notifier:
|
||||
# For testing purpose, notifications can be sent in a file
|
||||
# filesystem:
|
||||
# filename: /tmp/authelia/notification.txt
|
||||
|
||||
notifier:
|
||||
smtp:
|
||||
# username:
|
||||
# password:
|
||||
secure: false
|
||||
host: mail
|
||||
port: 25
|
||||
sender: docker@your-mail-server
|
||||
Reference in New Issue
Block a user