Add Authelia config
This commit is contained in:
tommy
57
authelia/configuration.yml
Normal file
57
authelia/configuration.yml
Normal file
@@ -0,0 +1,57 @@
|
|||||||
|
server:
|
||||||
|
address: 'tcp://:9091/'
|
||||||
|
|
||||||
|
log:
|
||||||
|
level: 'debug'
|
||||||
|
|
||||||
|
identity_validation:
|
||||||
|
reset_password:
|
||||||
|
jwt_secret: '0fff6f12d0d727a74ca813e107ee873d82bef7b8450d55a03158006a6fbbe78f58e8db90c9f41dfc38d53debddba132f53185d6'
|
||||||
|
|
||||||
|
authentication_backend:
|
||||||
|
file:
|
||||||
|
path: '/config/users_database.yml'
|
||||||
|
|
||||||
|
session:
|
||||||
|
name: 'authelia_session'
|
||||||
|
same_site: 'lax'
|
||||||
|
secret: 'd2577b2d4b5f7b6320c1ca5a77dfa53a78b870c1b8bb6f3929216c527b0a8f59033499c3ac0fcdfc6f4547c96fe731b8f954441f5'
|
||||||
|
expiration: '1h'
|
||||||
|
inactivity: '5m'
|
||||||
|
cookies:
|
||||||
|
- domain: 'goattw.net'
|
||||||
|
authelia_url: 'https://auth.goattw.net'
|
||||||
|
default_redirection_url: 'https://traefik.goattw.net'
|
||||||
|
|
||||||
|
storage:
|
||||||
|
encryption_key: '683456fac1b8a8c71f075b0211307f010e24dece4f2c180ed940ef38d6ac32e866e26f72fb9e9f77e34a5bb7647f40b13'
|
||||||
|
local:
|
||||||
|
path: '/config/db.sqlite3'
|
||||||
|
|
||||||
|
totp:
|
||||||
|
issuer: 'Authelia'
|
||||||
|
period: 30
|
||||||
|
skew: 1
|
||||||
|
|
||||||
|
notifier:
|
||||||
|
filesystem:
|
||||||
|
filename: '/config/notification.txt'
|
||||||
|
|
||||||
|
access_control:
|
||||||
|
default_policy: deny
|
||||||
|
rules:
|
||||||
|
# Rule 1: Allow Immich API (Bypass)
|
||||||
|
- domain: "immich.goattw.net"
|
||||||
|
policy: bypass
|
||||||
|
resources:
|
||||||
|
- "^/api/.*"
|
||||||
|
|
||||||
|
# --- HOME BYPASS (ENABLED) ---
|
||||||
|
- domain: "*.goattw.net"
|
||||||
|
policy: bypass
|
||||||
|
networks:
|
||||||
|
- 192.168.99.0/24
|
||||||
|
|
||||||
|
# Rule 2: Require Login for Everyone Else
|
||||||
|
- domain: "*.goattw.net"
|
||||||
|
policy: two_factor
|
||||||
Reference in New Issue
Block a user