--- title: authelia type: docs --- [![Source Code](https://img.shields.io/badge/gitea-source%20code-blue?logo=gitea&logoColor=white)](https://gitea.rknet.org/ansible/xoxys.authelia) [![Build Status](https://img.shields.io/drone/build/ansible/xoxys.authelia?logo=drone&server=https%3A%2F%2Fdrone.rknet.org)](https://drone.rknet.org/ansible/xoxys.authelia) [![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg?label=license)](https://gitea.rknet.org/ansible/xoxys.authelia/src/branch/master/LICENSE) Setup Authelia authentication and authorization server. * [Default Variables](#default-variables) * [authelia_access_control_default_policy](#authelia_access_control_default_policy) * [authelia_access_control_networks](#authelia_access_control_networks) * [authelia_access_control_rules](#authelia_access_control_rules) * [authelia_auth_backend](#authelia_auth_backend) * [authelia_auth_backend_disable_reset_password](#authelia_auth_backend_disable_reset_password) * [authelia_auth_ldap_additional_groups_dn](#authelia_auth_ldap_additional_groups_dn) * [authelia_auth_ldap_additional_users_dn](#authelia_auth_ldap_additional_users_dn) * [authelia_auth_ldap_base_dn](#authelia_auth_ldap_base_dn) * [authelia_auth_ldap_bind_password](#authelia_auth_ldap_bind_password) * [authelia_auth_ldap_bind_user](#authelia_auth_ldap_bind_user) * [authelia_auth_ldap_display_name_attribute](#authelia_auth_ldap_display_name_attribute) * [authelia_auth_ldap_group_name_attribute](#authelia_auth_ldap_group_name_attribute) * [authelia_auth_ldap_groups_filter](#authelia_auth_ldap_groups_filter) * [authelia_auth_ldap_mail_attribute](#authelia_auth_ldap_mail_attribute) * [authelia_auth_ldap_start_tls](#authelia_auth_ldap_start_tls) * [authelia_auth_ldap_tls_minimum_version](#authelia_auth_ldap_tls_minimum_version) * [authelia_auth_ldap_tls_skip_verify](#authelia_auth_ldap_tls_skip_verify) * [authelia_auth_ldap_url](#authelia_auth_ldap_url) * [authelia_auth_ldap_username_attribute](#authelia_auth_ldap_username_attribute) * [authelia_auth_ldap_users_filter](#authelia_auth_ldap_users_filter) * [authelia_auth_local_users](#authelia_auth_local_users) * [authelia_base_dir](#authelia_base_dir) * [authelia_bind_ip](#authelia_bind_ip) * [authelia_bind_port](#authelia_bind_port) * [authelia_config_dir](#authelia_config_dir) * [authelia_data_dir](#authelia_data_dir) * [authelia_default_redirection_url](#authelia_default_redirection_url) * [authelia_extra_groups](#authelia_extra_groups) * [authelia_group](#authelia_group) * [authelia_jwt_secret](#authelia_jwt_secret) * [authelia_log_level](#authelia_log_level) * [authelia_notifier_backend](#authelia_notifier_backend) * [authelia_notifier_disable_startup_check](#authelia_notifier_disable_startup_check) * [authelia_notifier_smtp_disable_html_emails](#authelia_notifier_smtp_disable_html_emails) * [authelia_notifier_smtp_disable_require_tls](#authelia_notifier_smtp_disable_require_tls) * [authelia_notifier_smtp_host](#authelia_notifier_smtp_host) * [authelia_notifier_smtp_identifier](#authelia_notifier_smtp_identifier) * [authelia_notifier_smtp_password](#authelia_notifier_smtp_password) * [authelia_notifier_smtp_port](#authelia_notifier_smtp_port) * [authelia_notifier_smtp_sender](#authelia_notifier_smtp_sender) * [authelia_notifier_smtp_startup_check_address](#authelia_notifier_smtp_startup_check_address) * [authelia_notifier_smtp_subject](#authelia_notifier_smtp_subject) * [authelia_notifier_smtp_tls_minimum_version](#authelia_notifier_smtp_tls_minimum_version) * [authelia_notifier_smtp_tls_skip_verify](#authelia_notifier_smtp_tls_skip_verify) * [authelia_notifier_smtp_username](#authelia_notifier_smtp_username) * [authelia_packages](#authelia_packages) * [authelia_portal_url](#authelia_portal_url) * [authelia_read_only_dirs](#authelia_read_only_dirs) * [authelia_regulation_ban_time](#authelia_regulation_ban_time) * [authelia_regulation_find_time](#authelia_regulation_find_time) * [authelia_regulation_max_retries](#authelia_regulation_max_retries) * [authelia_session_backend](#authelia_session_backend) * [authelia_session_domain](#authelia_session_domain) * [authelia_session_expiration](#authelia_session_expiration) * [authelia_session_inactivity](#authelia_session_inactivity) * [authelia_session_name](#authelia_session_name) * [authelia_session_redis_database_index](#authelia_session_redis_database_index) * [authelia_session_redis_host](#authelia_session_redis_host) * [authelia_session_redis_maximum_active_connections](#authelia_session_redis_maximum_active_connections) * [authelia_session_redis_minimum_idle_connections](#authelia_session_redis_minimum_idle_connections) * [authelia_session_redis_port](#authelia_session_redis_port) * [authelia_session_remember_me_duration](#authelia_session_remember_me_duration) * [authelia_session_same_site](#authelia_session_same_site) * [authelia_session_secret](#authelia_session_secret) * [authelia_storage_backend](#authelia_storage_backend) * [authelia_storage_db_host](#authelia_storage_db_host) * [authelia_storage_db_name](#authelia_storage_db_name) * [authelia_storage_db_password](#authelia_storage_db_password) * [authelia_storage_db_port](#authelia_storage_db_port) * [authelia_storage_db_sslmode](#authelia_storage_db_sslmode) * [authelia_storage_db_username](#authelia_storage_db_username) * [authelia_theme](#authelia_theme) * [authelia_totp_issuer](#authelia_totp_issuer) * [authelia_totp_period](#authelia_totp_period) * [authelia_totp_skew](#authelia_totp_skew) * [authelia_user](#authelia_user) * [authelia_user_home](#authelia_user_home) * [authelia_version](#authelia_version) * [Dependencies](#dependencies) --- ## Default Variables ### authelia_access_control_default_policy #### Default value ```YAML authelia_access_control_default_policy: one_factor ``` ### authelia_access_control_networks #### Default value ```YAML authelia_access_control_networks: [] ``` ### authelia_access_control_rules #### Default value ```YAML authelia_access_control_rules: [] ``` ### authelia_auth_backend Set authentication backend. Available options are `local|ldap`. All `authelia_auth_ldap_` variables will only work while the LDAP auth backend is enabled. #### Default value ```YAML authelia_auth_backend: local ``` ### authelia_auth_backend_disable_reset_password #### Default value ```YAML authelia_auth_backend_disable_reset_password: false ``` ### authelia_auth_ldap_additional_groups_dn #### Default value ```YAML authelia_auth_ldap_additional_groups_dn: ou=groups ``` ### authelia_auth_ldap_additional_users_dn #### Default value ```YAML authelia_auth_ldap_additional_users_dn: ou=users ``` ### authelia_auth_ldap_base_dn #### Default value ```YAML authelia_auth_ldap_base_dn: dc=example,dc=com ``` ### authelia_auth_ldap_bind_password #### Default value ```YAML authelia_auth_ldap_bind_password: password ``` ### authelia_auth_ldap_bind_user #### Default value ```YAML authelia_auth_ldap_bind_user: cn=admin,dc=example,dc=com ``` ### authelia_auth_ldap_display_name_attribute #### Default value ```YAML authelia_auth_ldap_display_name_attribute: displayname ``` ### authelia_auth_ldap_group_name_attribute #### Default value ```YAML authelia_auth_ldap_group_name_attribute: cn ``` ### authelia_auth_ldap_groups_filter #### Default value ```YAML authelia_auth_ldap_groups_filter: (&(member={dn})(objectclass=groupOfNames)) ``` ### authelia_auth_ldap_mail_attribute #### Default value ```YAML authelia_auth_ldap_mail_attribute: mail ``` ### authelia_auth_ldap_start_tls #### Default value ```YAML authelia_auth_ldap_start_tls: false ``` ### authelia_auth_ldap_tls_minimum_version #### Default value ```YAML authelia_auth_ldap_tls_minimum_version: TLS1.2 ``` ### authelia_auth_ldap_tls_skip_verify #### Default value ```YAML authelia_auth_ldap_tls_skip_verify: false ``` ### authelia_auth_ldap_url #### Default value ```YAML authelia_auth_ldap_url: ldap://127.0.0.1 ``` ### authelia_auth_ldap_username_attribute #### Default value ```YAML authelia_auth_ldap_username_attribute: uid ``` ### authelia_auth_ldap_users_filter #### Default value ```YAML authelia_auth_ldap_users_filter: (&({username_attribute}={input})(objectClass=person)) ``` ### authelia_auth_local_users #### Default value ```YAML authelia_auth_local_users: [] ``` ### authelia_base_dir #### Default value ```YAML authelia_base_dir: /opt/authelia ``` ### authelia_bind_ip #### Default value ```YAML authelia_bind_ip: 127.0.0.1 ``` ### authelia_bind_port #### Default value ```YAML authelia_bind_port: 61000 ``` ### authelia_config_dir #### Default value ```YAML authelia_config_dir: '{{ authelia_base_dir }}/conf' ``` ### authelia_data_dir #### Default value ```YAML authelia_data_dir: '{{ authelia_base_dir }}/data' ``` ### authelia_default_redirection_url Specifies the default redirection URL Authelia will use in case a referer is missing. #### Default value ```YAML authelia_default_redirection_url: _unset_ ``` #### Example usage ```YAML authelia_default_redirection_url: https://github.com ``` ### authelia_extra_groups #### Default value ```YAML authelia_extra_groups: [] ``` ### authelia_group #### Default value ```YAML authelia_group: '{{ authelia_user }}' ``` ### authelia_jwt_secret #### Default value ```YAML authelia_jwt_secret: a_very_important_secret ``` ### authelia_log_level #### Default value ```YAML authelia_log_level: error ``` ### authelia_notifier_backend Set notifier backend. Available options are `local|smtp`. All `authelia_notifier_smtp_` variables will only work while the SMTP backend is enabled. #### Default value ```YAML authelia_notifier_backend: local ``` ### authelia_notifier_disable_startup_check #### Default value ```YAML authelia_notifier_disable_startup_check: false ``` ### authelia_notifier_smtp_disable_html_emails #### Default value ```YAML authelia_notifier_smtp_disable_html_emails: false ``` ### authelia_notifier_smtp_disable_require_tls #### Default value ```YAML authelia_notifier_smtp_disable_require_tls: false ``` ### authelia_notifier_smtp_host #### Default value ```YAML authelia_notifier_smtp_host: 127.0.0.1 ``` ### authelia_notifier_smtp_identifier #### Default value ```YAML authelia_notifier_smtp_identifier: localhost ``` ### authelia_notifier_smtp_password #### Default value ```YAML authelia_notifier_smtp_password: password ``` ### authelia_notifier_smtp_port #### Default value ```YAML authelia_notifier_smtp_port: 1025 ``` ### authelia_notifier_smtp_sender #### Default value ```YAML authelia_notifier_smtp_sender: admin@example.com ``` ### authelia_notifier_smtp_startup_check_address #### Default value ```YAML authelia_notifier_smtp_startup_check_address: test@authelia.com ``` ### authelia_notifier_smtp_subject #### Default value ```YAML authelia_notifier_smtp_subject: '[Authelia] {title}' ``` ### authelia_notifier_smtp_tls_minimum_version #### Default value ```YAML authelia_notifier_smtp_tls_minimum_version: TLS1.2 ``` ### authelia_notifier_smtp_tls_skip_verify #### Default value ```YAML authelia_notifier_smtp_tls_skip_verify: false ``` ### authelia_notifier_smtp_username #### Default value ```YAML authelia_notifier_smtp_username: test ``` ### authelia_packages #### Default value ```YAML authelia_packages: [] ``` ### authelia_portal_url #### Default value ```YAML authelia_portal_url: http://localhost:61000/ ``` ### authelia_read_only_dirs #### Default value ```YAML authelia_read_only_dirs: [] ``` ### authelia_regulation_ban_time #### Default value ```YAML authelia_regulation_ban_time: 5m ``` ### authelia_regulation_find_time #### Default value ```YAML authelia_regulation_find_time: 2m ``` ### authelia_regulation_max_retries #### Default value ```YAML authelia_regulation_max_retries: 3 ``` ### authelia_session_backend Set session backend. Available options are `local|redis`. All `authelia_session_redis_` variables will only work while the Redis backend is enabled. #### Default value ```YAML authelia_session_backend: local ``` ### authelia_session_domain #### Default value ```YAML authelia_session_domain: example.com ``` ### authelia_session_expiration #### Default value ```YAML authelia_session_expiration: 1h ``` ### authelia_session_inactivity #### Default value ```YAML authelia_session_inactivity: 5m ``` ### authelia_session_name #### Default value ```YAML authelia_session_name: authelia_session ``` ### authelia_session_redis_database_index #### Default value ```YAML authelia_session_redis_database_index: 0 ``` ### authelia_session_redis_host #### Default value ```YAML authelia_session_redis_host: 127.0.0.1 ``` ### authelia_session_redis_maximum_active_connections #### Default value ```YAML authelia_session_redis_maximum_active_connections: 8 ``` ### authelia_session_redis_minimum_idle_connections #### Default value ```YAML authelia_session_redis_minimum_idle_connections: 0 ``` ### authelia_session_redis_port #### Default value ```YAML authelia_session_redis_port: 6379 ``` ### authelia_session_remember_me_duration #### Default value ```YAML authelia_session_remember_me_duration: 1M ``` ### authelia_session_same_site #### Default value ```YAML authelia_session_same_site: lax ``` ### authelia_session_secret #### Default value ```YAML authelia_session_secret: insecure_session_secret ``` ### authelia_storage_backend Set storage backend. Available options are `local|postgres`. All `authelia_storage_db_` variables will only work while the PostgreSQL backend is enabled. #### Default value ```YAML authelia_storage_backend: local ``` ### authelia_storage_db_host #### Default value ```YAML authelia_storage_db_host: 127.0.0.1 ``` ### authelia_storage_db_name #### Default value ```YAML authelia_storage_db_name: authelia ``` ### authelia_storage_db_password #### Default value ```YAML authelia_storage_db_password: mypassword ``` ### authelia_storage_db_port #### Default value ```YAML authelia_storage_db_port: 5432 ``` ### authelia_storage_db_sslmode #### Default value ```YAML authelia_storage_db_sslmode: disable ``` ### authelia_storage_db_username #### Default value ```YAML authelia_storage_db_username: authelia ``` ### authelia_theme #### Default value ```YAML authelia_theme: light ``` ### authelia_totp_issuer #### Default value ```YAML authelia_totp_issuer: "{{ authelia_portal_url | urlsplit('hostname') }}" ``` ### authelia_totp_period #### Default value ```YAML authelia_totp_period: 30 ``` ### authelia_totp_skew #### Default value ```YAML authelia_totp_skew: 1 ``` ### authelia_user #### Default value ```YAML authelia_user: authelia_adm ``` ### authelia_user_home #### Default value ```YAML authelia_user_home: /home/{{ authelia_user }} ``` ### authelia_version #### Default value ```YAML authelia_version: 4.30.1 ``` ## Dependencies None.