Authelia Config File
Use this as your template for the `configuration.yml`
# yamllint disable rule:comments-indentation
---
###############################################################################
# Authelia Configuration #
###############################################################################
theme: dark
jwt_secret: "1234567890abcdefghifjkl"
default_redirection_url: https://domain.com/
server:
host: 0.0.0.0
port: 9091
path: ""
read_buffer_size: 4096
write_buffer_size: 4096
enable_pprof: false
enable_expvars: false
disable_healthcheck: false
tls:
key: ""
certificate: ""
log:
level: debug
totp:
issuer: domain.com
period: 30
skew: 1
#duo_api:
# hostname: api-123456789.example.com
# integration_key: ABCDEF
# secret_key: 1234567890abcdefghifjkl
authentication_backend:
disable_reset_password: false
refresh_interval: 5m
ldap:
implementation: custom
url: ldap://192.168.0.3
start_tls: false
tls:
skip_verify: false
minimum_version: TLS1.2
base_dn: dc=domain,dc=com
username_attribute: uid
additional_users_dn: cn=users,cn=accounts
users_filter: (&({username_attribute}={input})(objectClass=person))
additional_groups_dn: cn=groups,cn=accounts
groups_filter: (&(member=uid={input},cn=users,cn=accounts,dc=domain,dc=com)(objectclass=groupofnames))
group_name_attribute: cn
mail_attribute: mail
display_name_attribute: givenName
user: uid=authelia,cn=users,cn=accounts,dc=domain,dc=com
password: "LDAPAdminUserPassword"
####################################
#file:
# path: /config/users_database.yml
# password:
# algorithm: argon2id
# iterations: 1
# key_length: 32
# salt_length: 16
# memory: 1024
# parallelism: 8
####################################
########## EXAMPLE RULES #############
access_control:
default_policy: deny
rules:
## bypass rule
- domain:
- "auth.domain.com"
policy: bypass
## bypass api / trigges
- domain: "*.domain.com"
resources:
- "^/api([/?].*)?$"
- "^/identity.*$"
- "^/triggers.*$"
- "^/meshagents.*$"
- "^/meshsettings.*$"
- "^/agent.*$"
- "^/control.*$"
- "^/meshrelay.*$"
- "^/wl.*$"
policy: bypass
## block admin
- domain: "bitwarden.domain.com"
resources:
- "^*/admin.*$"
policy: one_factor
## bypass rule
- domain:
- "bitwarden.domain.com"
policy: bypass
## two factor login - admin
- domain:
- "proxy.domain.com"
- "ipa.domain.com"
- "opn.domain.com"
subject:
- "group:admins"
policy: two_factor
## one factor login - moderators
- domain:
- "sonarr.domain.com"
- "radarr.domain.com"
- "nzbhydra.domain.com"
- "sabnzbd.domain.com"
- "torrent.domain.com"
- "domain.com"
subject:
- "group:moderators"
- "group:admins"
policy: one_factor
## one factor login - requesters
- domain:
- "petio.domain.com"
- "overseerr.domain.com"
subject:
- "group:requesters"
- "group:admins"
policy: one_factor
## one factor login - catch all
- domain: "*.domain.com"
subject:
- "group:admins"
policy: one_factor
session:
name: authelia_session
domain: domain.com
same_site: lax
secret: "1234567890abcdefghifjkl"
expiration: 1h
inactivity: 5m
remember_me_duration: 1M
redis:
host: 192.168.0.2
port: 6379
password: "REDISPassword"
database_index: 0
maximum_active_connections: 10
minimum_idle_connections: 0
regulation:
max_retries: 3
find_time: 10m
ban_time: 12h
storage:
encryption_key: "you_must_generate_a_random_string_of_more_than_twenty_chars_and_configure_this"
mysql:
host: 192.168.0.2
port: 3306
database: authelia
username: authelia
password: "SQLPassword"
notifier:
disable_startup_check: false
smtp:
username: username
password: "password"
host: 127.0.0.1
port: 587
sender: noreply@domain.com
identifier: localhost
subject: "[Authelia] {title}"
startup_check_address: test@authelia.com
disable_require_tls: false
disable_html_emails: false
tls:
skip_verify: false
minimum_version: TLS1.2
...
Last updated
Was this helpful?