traefik-authelia/authelia/configuration.yml.dist

###############################################################
#                   Authelia configuration                    #
###############################################################

# config setup following https://www.smarthomebeginner.com/docker-authelia-tutorial/

theme: auto

server:
  host: 0.0.0.0
  port: 9091

log:
  level: warn

# This secret can also be set using the env variables AUTHELIA_JWT_SECRET_FILE
jwt_secret: CHANGEME

# https://docs.authelia.com/configuration/miscellaneous.html#default-redirection-url
default_redirection_url: https://CHANGEME

totp:
  issuer: authelia.com
  period: 30
  skew: 1

authentication_backend:
  file:
    path: /config/users_database.yml
    password:
      algorithm: argon2id
      iterations: 1
      salt_length: 16
      parallelism: 8
      memory: 1024 # blocks this much of the RAM. Tune this.

access_control:
  default_policy: deny
  rules:
    - domain: CHANGEME
      policy: bypass
    - domain:
        - '*.CHANGEME'
      policy: two_factor

session:
  name: authelia_session
  # This secret can also be set using the env variables AUTHELIA_SESSION_SECRET_FILE
  secret: CHANGEME
  expiration: 3600 # 1 hour
  inactivity: 300 # 5 minutes
  domain: CHANGEME # Should match whatever your root protected domain is
  redis:
    host: redis
    port: 6379
    # This secret can also be set using the env variables AUTHELIA_SESSION_REDIS_PASSWORD_FILE
    # password: authelia

regulation:
  max_retries: 3
  find_time: 120
  ban_time: 300

notifier:
  # For testing purposes, notifications can be sent in a file. Be sure to map the volume in docker-compose.
  #  filesystem:
  #    filename: /config/notification.txt
  smtp:
    ## The SMTP host to connect to.
    host: CHANGEME

    ## The port to connect to the SMTP host on.
    port: 465

    ## The connection timeout.
    timeout: 5s

    ## The username used for SMTP authentication.
    username: CHANGEME

    ## The password used for SMTP authentication.
    ## Can also be set using a secret: https://www.authelia.com/c/secrets
    password: CHANGEME

      ## The sender is used to is used for the MAIL FROM command and the FROM header.
    ## If this is not defined and the username is an email, we use the username as this value. This can either be just
    ## an email address or the RFC5322 'Name <email address>' format.
    sender: "Authelia <noreply@CHANGEME>"

    ## HELO/EHLO Identifier. Some SMTP Servers may reject the default of localhost.
    identifier: CHANGEME

    ## Subject configuration of the emails sent. {title} is replaced by the text from the notifier.
    subject: "[Authelia] {title}"

    ## This address is used during the startup check to verify the email configuration is correct.
    ## It's not important what it is except if your email server only allows local delivery.
    startup_check_address: CHANGEME

    ## By default we require some form of TLS. This disables this check though is not advised.
    disable_require_tls: false

    ## Disables sending HTML formatted emails.
    disable_html_emails: false

    tls:
      ## The server subject name to check the servers certificate against during the validation process.
      ## This option is not required if the certificate has a SAN which matches the host option.
      server_name: CHANGEME

      ## Minimum TLS version for the connection.
      minimum_version: TLS1.2

      ## Maximum TLS version for the connection.
      maximum_version: TLS1.3

storage:
  encryption_key: CHANGEME
  mysql:
    host: mariadb-service
    port: 3306
    database: authelia
    username: root
    # Password can also be set using the env variables AUTHELIA_STORAGE_MYSQL_PASSWORD_FILE
    password: CHANGEME # use docker secret file instead AUTHELIA_STORAGE_MYSQL_PASSWORD_FILE