configuration.yml

Configuration Template

---
###############################################################################
#                           Authelia Configuration                            #
###############################################################################

theme: dark
jwt_secret: "YOUR_JWT_SECRET"
default_redirection_url: https://YOUR_DOMAIN.COM/

server:
  host: 0.0.0.0
  port: 9091
  path: ""
  read_buffer_size: 4096
  write_buffer_size: 4096
  enable_pprof: false
  enable_expvars: false
  disable_healthcheck: false
  tls:
    key: ""
    certificate: ""

log:
  level: info

totp:
  issuer: YOUR_DOMAIN.COM
  period: 30
  skew: 1

authentication_backend:
  password_reset:
    disable: false
  refresh_interval: 5m
  file:
    path: /config/users_database.yml
    password:
      algorithm: argon2id
      iterations: 1
      key_length: 32
      salt_length: 16
      memory: 1024
      parallelism: 8

access_control:
  default_policy: deny
  rules:
    ## bypass rule
    - domain: 
        - "auth.domain.com"
      policy: bypass
    ## catch-all
    - domain:
        - "*.domain.com"
      subject: 
        - "group:admins"
      policy: one_factor

session:
  name: authelia_session
  domain: YOUR_DOMAIN.COM
  same_site: lax
  secret: "YOUR_SESSION_SECRET"
  expiration: 1h
  inactivity: 5m
  remember_me_duration: 2M
  redis:
    host: redis
    port: 6379
    password: "YOUR_REDIS_PASSWORD"
    database_index: 0
    maximum_active_connections: 10
    minimum_idle_connections: 0

regulation:
  max_retries: 3
  find_time: 10m
  ban_time: 12h

storage:
  encryption_key: "YOUR_STORAGE_ENCRYPTION_KEY"
  mysql:
    host: mariadb
    port: 3306
    database: authelia
    username: authelia
    password: "YOUR_MYSQL_AUTHELIA_DB_PASSWORD"
  
notifier:
  disable_startup_check: false
  smtp:
    username: YOUR@EMAIL.HERE
    password: "YOUR_EMAIL_PASSWORD"
    host: YOUR_SMTP_HOST
    port: 587
    sender: YOUR@EMAIL.HERE
    identifier: localhost
    subject: "[Authelia] {title}"
    startup_check_address: test@authelia.com
    disable_require_tls: false
    disable_html_emails: false
    tls:
      skip_verify: false
      minimum_version: TLS1.2
...

Note: Host lines may need to be updated to match the exact name of your container if you do not have the same as whats in the example file. Alternatively you can also you the IP for the service instead. See below for examples of alternative setups.

  mysql:
    host: mariadb
    port: 3306

  mysql:
    host: MariaDB-Official
    port: 3306

mysql:
    host: YOURSERVERIP
    port: 3306

Rule Examples

For access control rule examples such as API request bypass, head to the Rules page.

pageRules

PreviousExtras Nextusers_database.yml

Last updated 1 year ago