Adding lldap and authelia.
This commit is contained in:
118
all-apps/authelia/4/authelia-config/configuration.yml.tmpl
Normal file
118
all-apps/authelia/4/authelia-config/configuration.yml.tmpl
Normal file
@@ -0,0 +1,118 @@
|
||||
---
|
||||
###############################################################
|
||||
# Authelia configuration #
|
||||
###############################################################
|
||||
|
||||
server:
|
||||
address: 'tcp://:9091/authelia'
|
||||
endpoints:
|
||||
authz:
|
||||
forward-auth:
|
||||
implementation: 'ForwardAuth'
|
||||
|
||||
log:
|
||||
level: 'debug'
|
||||
|
||||
totp:
|
||||
issuer: 'authelia.com'
|
||||
|
||||
identity_validation:
|
||||
reset_password:
|
||||
jwt_secret: '$AUTHELIA_JWT_SECRET'
|
||||
|
||||
# lldap service account user should instead
|
||||
# use an account with lldap_password_manager group
|
||||
# since that can't be used to change an admin password
|
||||
authentication_backend:
|
||||
ldap:
|
||||
address: 'ldap://lldap:3890'
|
||||
implementation: 'lldap'
|
||||
timeout: '5s'
|
||||
pooling:
|
||||
enable: false
|
||||
count: 5
|
||||
retries: 2
|
||||
timeout: '10 seconds'
|
||||
base_dn: 'DC=nassella,DC=org'
|
||||
# additional_users_dn: 'OU=users'
|
||||
# additional_groups_dn: 'OU=groups'
|
||||
# group_search_mode: 'filter'
|
||||
# permit_referrals: false
|
||||
permit_unauthenticated_bind: false
|
||||
permit_feature_detection_failure: false
|
||||
user: 'uid=admin,ou=people,dc=nassella,dc=org'
|
||||
password: '$LLDAP_ADMIN_PASSWORD'
|
||||
# attributes:
|
||||
# distinguished_name: 'distinguishedName'
|
||||
# username: 'uid'
|
||||
# display_name: 'displayName'
|
||||
# family_name: 'sn'
|
||||
# given_name: 'givenName'
|
||||
# middle_name: 'middleName'
|
||||
# nickname: ''
|
||||
# gender: ''
|
||||
# birthdate: ''
|
||||
# website: 'wWWHomePage'
|
||||
# profile: ''
|
||||
# picture: ''
|
||||
# zoneinfo: ''
|
||||
# locale: ''
|
||||
# phone_number: 'telephoneNumber'
|
||||
# phone_extension: ''
|
||||
# street_address: 'streetAddress'
|
||||
# locality: 'l'
|
||||
# region: 'st'
|
||||
# postal_code: 'postalCode'
|
||||
# country: 'c'
|
||||
# mail: 'mail'
|
||||
# member_of: 'memberOf'
|
||||
# group_name: 'cn'
|
||||
# extra:
|
||||
# extra_example:
|
||||
# name: ''
|
||||
# multi_valued: false
|
||||
# value_type: 'string'
|
||||
|
||||
access_control:
|
||||
default_policy: 'deny'
|
||||
rules:
|
||||
# - domain: 'public.x.localhost'
|
||||
# policy: 'bypass'
|
||||
# - domain: 'app.nassella.org'
|
||||
# policy: 'one_factor'
|
||||
- domain: '$DOZZLE_FULL_DOMAIN'
|
||||
policy: 'two_factor'
|
||||
|
||||
session:
|
||||
secret: '$AUTHELIA_SESSION_SECRET'
|
||||
|
||||
cookies:
|
||||
- name: 'authelia_session'
|
||||
domain: '$ROOT_DOMAIN' # Should match whatever your root protected domain is
|
||||
authelia_url: 'https://$AUTHELIA_FULL_DOMAIN'
|
||||
expiration: '1 hour' # 1 hour
|
||||
inactivity: '5 minutes' # 5 minutes
|
||||
|
||||
regulation:
|
||||
max_retries: 3
|
||||
find_time: '2 minutes'
|
||||
ban_time: '5 minutes'
|
||||
|
||||
storage:
|
||||
encryption_key: '$AUTHELIA_ENCRYPTION_KEY'
|
||||
postgres:
|
||||
address: 'tcp://authelia_db:5432'
|
||||
servers: []
|
||||
database: '$AUTHELIA_POSTGRES_DB'
|
||||
schema: 'public'
|
||||
username: '$AUTHELIA_POSTGRES_USER'
|
||||
password: '$AUTHELIA_POSTGRES_PASSWORD'
|
||||
timeout: '5s'
|
||||
|
||||
notifier:
|
||||
smtp:
|
||||
address: 'submission://$SMTP_HOST:$SMTP_PORT'
|
||||
username: '$SMTP_AUTH_USER'
|
||||
password: '$SMTP_AUTH_PASSWORD'
|
||||
sender: '$SMTP_FROM'
|
||||
...
|
||||
Reference in New Issue
Block a user