############################################################### # Authelia configuration # ############################################################### # The port to listen on port: 8080 # Log level # # Level of verbosity for logs logs_level: debug # LDAP configuration # # Example: for user john, the DN will be cn=john,ou=users,dc=example,dc=com ldap: # The url of the ldap server url: ldap://ipa.actcur.com # The base dn for every entries base_dn: dc=actcur,dc=com # An additional dn to define the scope to all users additional_users_dn: cn=users,cn=accounts # The users filter. # {0} is the matcher replaced by username. # 'cn={0}' by default. users_filter: uid={0} # An additional dn to define the scope of groups additional_groups_dn: cn=groups,cn=accounts # The groups filter. # {0} is the matcher replaced by user dn. # 'member={0}' by default. groups_filter: (&(member=uid={0},cn=users,cn=accounts,dc=actcur,dc=com)(objectclass=groupofnames)) # The attribute holding the name of the group group_name_attribute: cn # The attribute holding the mail address of the user mail_attribute: mail # The username and password of the admin user. user: uid=authelia_admin,cn=users,cn=accounts,dc=actcur,dc=com password: "{%- include 'secure/passwords/authelia_admin_password.txt' -%}" # Authentication methods # # Authentication methods can be defined per subdomain. # There are currently two available methods: "single_factor" and "two_factor" # # Note: by default a domain uses "two_factor" method. # # Note: 'per_subdomain_methods' is a dictionary where keys must be subdomains and # values must be one of the two possible methods. # # Note: 'per_subdomain_methods' is optional. # # Note: authentication_methods is optional. If it is not set all sub-domains # are protected by two factors. authentication_methods: default_method: two_factor # Access Control # # Access control is a set of rules you can use to restrict user access to certain # resources. # Any (apply to anyone), per-user or per-group rules can be defined. # # If 'access_control' is not defined, ACL rules are disabled and the `allow` default # policy is applied, i.e., access is allowed to anyone. Otherwise restrictions follow # the rules defined. # # Note: One can use the wildcard * to match any subdomain. # It must stand at the beginning of the pattern. (example: *.mydomain.com) # # Note: You must put the pattern in simple quotes when using the wildcard for the YAML # to be syntaxically correct. # # Definition: A `rule` is an object with the following keys: `domain`, `policy` # and `resources`. # - `domain` defines which domain or set of domains the rule applies to. # - `policy` is the policy to apply to resources. It must be either `allow` or `deny`. # - `resources` is a list of regular expressions that matches a set of resources to # apply the policy to. # # Note: Rules follow an order of priority defined as follows: # In each category (`any`, `groups`, `users`), the latest rules have the highest # priority. In other words, it means that if a given resource matches two rules in the # same category, the latest one overrides the first one. # Each category has also its own priority. That is, `users` has the highest priority, then # `groups` and `any` has the lowest priority. It means if two rules in different categories # match a given resource, the one in the category with the highest priority overrides the # other one. # access_control: # Default policy can either be `allow` or `deny`. # It is the policy applied to any resource if it has not been overriden # in the `any`, `groups` or `users` category. default_policy: deny # The rules that apply to anyone. # The value is a list of rules. any: - domain: 'x' policy: deny # Group-based rules. The key is a group name and the value # is a list of rules. groups: domain_admins: # All resources in all domains - domain: '*.actcur.com' policy: allow video_admins: # All resources in all domains - domain: 'sonarr.actcur.com' policy: allow - domain: 'radarr.actcur.com' policy: allow - domain: 'rtorrent.actcur.com' policy: allow - domain: 'jackett.actcur.com' policy: allow users: none: - domain: 'none' policy: deny # Configuration of session cookies # # The session cookies identify the user once logged in. session: # The secret to encrypt the session cookie. secret: "{%- include 'secure/passwords/authelia_secret_password.txt' -%}" # The time before the cookie expires. expiration: 3600000 # The domain to protect. # Note: the authenticator must also be in that domain. If empty, the cookie # is restricted to the subdomain of the issuer. domain: actcur.com # The redis connection details redis: host: 127.0.0.1 port: 6379 # Configuration of the authentication regulation mechanism. # # This mechanism prevents attackers from brute forcing the first factor. # It bans the user if too many attempts are done in a short period of # time. regulation: # The number of failed login attempts before user is banned. # Set it to 0 for disabling regulation. max_retries: 3 # The length of time between login attempts before user is banned. find_time: 120 # The length of time before a banned user can login again. ban_time: 300 # Configuration of the storage backend used to store data and secrets. # # You must use only an available configuration: local, mongo storage: # The directory where the DB files will be saved #local: /var/lib/authelia/store # Settings to connect to mongo server mongo: url: mongodb://127.0.0.1/ database: authelia # Configuration of the notification system. # # Notifications are sent to users when they require a password reset, a u2f # registration or a TOTP registration. # Use only an available configuration: filesystem, gmail notifier: # Use your gmail account to send the notifications. You can use an app password. #gmail: # username: username@gmail.com # password: password # Use a SMTP server for sending notifications #smtp: # username: test # password: test # secure: false # host: 'smtp.zoho.com' # port: 1025 smtp: username: notifications@actcur.com password: "{%- include 'secure/passwords/authelia_notifications_password.txt' -%}" secure: true host: 'smtp.zoho.com' port: 465 sender: 'Actcur Authelia '