configuration.yml

Configuration Template
---
###############################################################################
#                           Authelia Configuration                            #
###############################################################################
​
theme: dark
jwt_secret: "YOUR_JWT_SECRET"
default_redirection_url: https://YOUR_DOMAIN.COM/
​
server:
  host: 0.0.0.0
  port: 9091
  path: ""
  read_buffer_size: 4096
  write_buffer_size: 4096
  enable_pprof: false
  enable_expvars: false
  disable_healthcheck: false
  tls:
    key: ""
    certificate: ""
​
log:
  level: info
​
totp:
  issuer: YOUR_DOMAIN.COM
  period: 30
  skew: 1
​
authentication_backend:
  password_reset:
    disable: false
  refresh_interval: 5m
  file:
    path: /config/users_database.yml
    password:
      algorithm: argon2id
      iterations: 1
      key_length: 32
      salt_length: 16
      memory: 1024
      parallelism: 8
​
access_control:
  default_policy: deny
  rules:
    ## bypass rule
    - domain: 
        - "auth.domain.com"
      policy: bypass
    ## catch-all
    - domain:
        - "*.domain.com"
      subject: 
        - "group:admins"
      policy: one_factor
​
session:
  name: authelia_session
  domain: YOUR_DOMAIN.COM
  same_site: lax
  secret: "YOUR_SESSION_SECRET"
  expiration: 1h
  inactivity: 5m
  remember_me_duration: 2M
  redis:
    host: redis
    port: 6379
    password: "YOUR_REDIS_PASSWORD"
    database_index: 0
    maximum_active_connections: 10
    minimum_idle_connections: 0
​
regulation:
  max_retries: 3
  find_time: 10m
  ban_time: 12h
​
storage:
  encryption_key: "YOUR_STORAGE_ENCRYPTION_KEY"
  mysql:
    host: mariadb
    port: 3306
    database: authelia
    username: authelia
    password: "YOUR_MYSQL_AUTHELIA_DB_PASSWORD"
  
notifier:
  disable_startup_check: false
  smtp:
    username: [email protected]
    password: "YOUR_EMAIL_PASSWORD"
    host: YOUR_SMTP_HOST
    port: 587
    sender: [email protected]
    identifier: localhost
    subject: "[Authelia] {title}"
    startup_check_address: [email protected]
    disable_require_tls: false
    disable_html_emails: false
    tls:
      skip_verify: false
      minimum_version: TLS1.2
...
Note: Host lines may need to be updated to match the exact name of your container if you do not have the same as whats in the example file.  Alternatively you can also you the IP for the service instead. See below for examples of alternative setups. 
  mysql:
    host: mariadb
    port: 3306
  mysql:
    host: MariaDB-Official
    port: 3306
mysql:
    host: YOURSERVERIP
    port: 3306
Rule Examples
For access control rule examples such as API request bypass, head to the Rules page.
Rules
Last modified 8mo ago