LogoLogo
HomeDiscordYouTubeDisclaimer
  • Authelia (Archived)
    • v4.33.0+ Upgrade
  • Configuration Files
    • Authelia Config File
    • Authelia Portal
    • Protected Endpoint
    • Users Database
    • AD Config
  • 🎯DO I NEED AN UPDATE?
    • Update Me!
  • ❗DISCLAIMER
    • Read Our Disclaimer
Powered by GitBook
On this page

Was this helpful?

Export as PDF
  1. Configuration Files

Authelia Config File

Use this as your template for the `configuration.yml`

# yamllint disable rule:comments-indentation
---
###############################################################################
#                           Authelia Configuration                            #
###############################################################################

theme: dark
jwt_secret: "1234567890abcdefghifjkl"

default_redirection_url: https://domain.com/

server:
  host: 0.0.0.0
  port: 9091
  path: ""
  read_buffer_size: 4096
  write_buffer_size: 4096
  enable_pprof: false
  enable_expvars: false
  disable_healthcheck: false
  tls:
    key: ""
    certificate: ""

log:
  level: debug

totp:
  issuer: domain.com
  period: 30
  skew: 1

#duo_api:
#  hostname: api-123456789.example.com
#  integration_key: ABCDEF
#  secret_key: 1234567890abcdefghifjkl

authentication_backend:
  disable_reset_password: false
  refresh_interval: 5m
  ldap:
    implementation: custom
    url: ldap://192.168.0.3
    start_tls: false
    tls:
      skip_verify: false
      minimum_version: TLS1.2
    base_dn: dc=domain,dc=com
    username_attribute: uid
    additional_users_dn: cn=users,cn=accounts
    users_filter: (&({username_attribute}={input})(objectClass=person))
    additional_groups_dn: cn=groups,cn=accounts
    groups_filter: (&(member=uid={input},cn=users,cn=accounts,dc=domain,dc=com)(objectclass=groupofnames))
    group_name_attribute: cn
    mail_attribute: mail
    display_name_attribute: givenName
    user: uid=authelia,cn=users,cn=accounts,dc=domain,dc=com
    password: "LDAPAdminUserPassword"

  ####################################
  #file:
  #  path: /config/users_database.yml
  #  password:
  #    algorithm: argon2id
  #    iterations: 1
  #    key_length: 32
  #    salt_length: 16
  #    memory: 1024
  #    parallelism: 8
  ####################################

########## EXAMPLE RULES #############

access_control:
  default_policy: deny
  rules:
    ## bypass rule
    - domain: 
        - "auth.domain.com"
      policy: bypass
    ## bypass api / trigges
    - domain: "*.domain.com"
      resources:
        - "^/api([/?].*)?$"
        - "^/identity.*$"
        - "^/triggers.*$"
        - "^/meshagents.*$"
        - "^/meshsettings.*$"
        - "^/agent.*$"
        - "^/control.*$"
        - "^/meshrelay.*$"
        - "^/wl.*$"
      policy: bypass
    ## block admin
    - domain: "bitwarden.domain.com"
      resources:
        - "^*/admin.*$"
      policy: one_factor
    ## bypass rule
    - domain:
        - "bitwarden.domain.com"
      policy: bypass
    ## two factor login - admin
    - domain: 
        - "proxy.domain.com"
        - "ipa.domain.com"
        - "opn.domain.com"
      subject: 
        - "group:admins"
      policy: two_factor
    ## one factor login - moderators
    - domain:
        - "sonarr.domain.com"
        - "radarr.domain.com"
        - "nzbhydra.domain.com"
        - "sabnzbd.domain.com"
        - "torrent.domain.com"
        - "domain.com"
      subject: 
        - "group:moderators"
        - "group:admins"
      policy: one_factor
    ## one factor login - requesters
    - domain:
        - "petio.domain.com"
        - "overseerr.domain.com"
      subject: 
        - "group:requesters"
        - "group:admins"
      policy: one_factor
    ## one factor login - catch all 
    - domain: "*.domain.com"
      subject: 
        - "group:admins"
      policy: one_factor

session:
  name: authelia_session
  domain: domain.com
  same_site: lax
  secret: "1234567890abcdefghifjkl"
  expiration: 1h
  inactivity: 5m
  remember_me_duration: 1M
  redis:
    host: 192.168.0.2
    port: 6379
    password: "REDISPassword"
    database_index: 0
    maximum_active_connections: 10
    minimum_idle_connections: 0

regulation:
  max_retries: 3
  find_time: 10m
  ban_time: 12h

storage:
  encryption_key: "you_must_generate_a_random_string_of_more_than_twenty_chars_and_configure_this"
  mysql:
    host: 192.168.0.2
    port: 3306
    database: authelia
    username: authelia
    password: "SQLPassword"
  
notifier:
  disable_startup_check: false
  smtp:
    username: username
    password: "password"
    host: 127.0.0.1
    port: 587
    sender: noreply@domain.com
    identifier: localhost
    subject: "[Authelia] {title}"
    startup_check_address: test@authelia.com
    disable_require_tls: false
    disable_html_emails: false
    tls:
      skip_verify: false
      minimum_version: TLS1.2
...
Previousv4.33.0+ UpgradeNextAuthelia Portal

Last updated 3 years ago

Was this helpful?