131 lines
2.8 KiB
YAML
Executable File
131 lines
2.8 KiB
YAML
Executable File
---
|
|
theme: dark
|
|
jwt_secret: tHJQyNgBaULdQDQEAMFeduKa
|
|
default_redirection_url: https://ceskatelevize.cz/
|
|
default_2fa_method: "totp"
|
|
server:
|
|
host: 0.0.0.0
|
|
# port: 9091
|
|
port: 443
|
|
tls:
|
|
key: "/home/ct/CT.key"
|
|
certificate: "/home/ct/CT.pem"
|
|
client_certificates: []
|
|
log:
|
|
level: info
|
|
file_path: /var/log/authelia.log
|
|
telemetry:
|
|
metrics:
|
|
enabled: true
|
|
address: tcp://172.30.29.119:9902
|
|
totp:
|
|
disable: false
|
|
issuer: authelia.com
|
|
algorithm: sha1
|
|
digits: 6
|
|
period: 30
|
|
skew: 1
|
|
secret_size: 32
|
|
webauthn:
|
|
disable: false
|
|
timeout: 60s
|
|
display_name: Authelia
|
|
attestation_conveyance_preference: indirect
|
|
user_verification: preferred
|
|
ntp:
|
|
address: "time.czech-tv.cz:123"
|
|
version: 4
|
|
max_desync: 3s
|
|
disable_startup_check: false
|
|
disable_failure: false
|
|
authentication_backend:
|
|
password_reset:
|
|
disable: true
|
|
refresh_interval: 5m
|
|
ldap:
|
|
implementation: custom
|
|
url: ldap://ct.czech-tv.cz
|
|
timeout: 5s
|
|
start_tls: false
|
|
base_dn: DC=ct,DC=czech-tv,DC=cz
|
|
username_attribute: sAMAccountName
|
|
users_filter: (&({username_attribute}={input})(objectClass=person))
|
|
groups_filter: (&(member={dn})(objectClass=groupOfNames))
|
|
group_name_attribute: cn
|
|
mail_attribute: mail
|
|
display_name_attribute: displayName
|
|
user: "CN=Ldap ADReader,OU=ServisniUzivatele,OU=Admins,DC=ct,DC=czech-tv,DC=cz"
|
|
password: Buchtickyses0do
|
|
password_policy:
|
|
standard:
|
|
enabled: false
|
|
min_length: 8
|
|
max_length: 0
|
|
require_uppercase: true
|
|
require_lowercase: true
|
|
require_number: true
|
|
require_special: true
|
|
zxcvbn:
|
|
enabled: false
|
|
min_score: 3
|
|
access_control:
|
|
default_policy: deny
|
|
rules:
|
|
- domain: 'authelia.czech-tv.cz'
|
|
policy: bypass
|
|
- domain:
|
|
- 'ctcloud1.czech-tv.cz'
|
|
policy: two_factor
|
|
- domain:
|
|
- 'secure.czech-tv.cz'
|
|
policy: two_factor
|
|
- domain:
|
|
- 'ctcloud2.czech-tv.cz'
|
|
policy: two_factor
|
|
- domain:
|
|
- 'zabbix.czech-tv.cz'
|
|
policy: two_factor
|
|
- domain:
|
|
- 'public.czech-tv.cz'
|
|
policy: one_factor
|
|
- domain:
|
|
- 'ctclouduit.czech-tv.cz'
|
|
policy: two_factor
|
|
- domain:
|
|
- 'pha-mail1.ct.czech-tv.cz'
|
|
policy: two_factor
|
|
|
|
session:
|
|
name: authelia_session
|
|
domain: czech-tv.cz
|
|
same_site: lax
|
|
secret: dCdvLKWytdP66qqHpycVk6TuGK5m
|
|
expiration: 1h
|
|
inactivity: 1m
|
|
remember_me_duration: 1M
|
|
|
|
regulation:
|
|
max_retries: 3
|
|
find_time: 2m
|
|
ban_time: 10m
|
|
|
|
storage:
|
|
encryption_key: dCdvLKWytdP66qqHpycVk6TuGK5m
|
|
mysql:
|
|
host: 172.30.29.119
|
|
port: 3306
|
|
database: authelia
|
|
username: authelia
|
|
password: sojka123
|
|
timeout: 5s
|
|
|
|
notifier:
|
|
disable_startup_check: false
|
|
smtp:
|
|
host: mail.czech-tv.cz
|
|
port: 25
|
|
sender: "Authelia <authelia@czech-tv.cz>"
|
|
subject: "[Authelia] {title}"
|
|
disable_require_tls: true
|
|
...
|