--- title: authelia type: docs --- [![Source Code](https://img.shields.io/badge/gitea-source%20code-blue?logo=gitea&logoColor=white)](https://gitea.rknet.org/ansible/xoxys.authelia) [![Build Status](https://img.shields.io/drone/build/ansible/xoxys.authelia?logo=drone&server=https%3A%2F%2Fdrone.rknet.org)](https://drone.rknet.org/ansible/xoxys.authelia) [![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg?label=license)](https://gitea.rknet.org/ansible/xoxys.authelia/src/branch/main/LICENSE) Setup Authelia authentication and authorization server. - [Default Variables](#default-variables) - [authelia_access_control_default_policy](#authelia_access_control_default_policy) - [authelia_access_control_networks](#authelia_access_control_networks) - [authelia_access_control_rules](#authelia_access_control_rules) - [authelia_auth_backend](#authelia_auth_backend) - [authelia_auth_backend_disable_reset_password](#authelia_auth_backend_disable_reset_password) - [authelia_auth_ldap_additional_groups_dn](#authelia_auth_ldap_additional_groups_dn) - [authelia_auth_ldap_additional_users_dn](#authelia_auth_ldap_additional_users_dn) - [authelia_auth_ldap_base_dn](#authelia_auth_ldap_base_dn) - [authelia_auth_ldap_bind_password](#authelia_auth_ldap_bind_password) - [authelia_auth_ldap_bind_user](#authelia_auth_ldap_bind_user) - [authelia_auth_ldap_display_name_attribute](#authelia_auth_ldap_display_name_attribute) - [authelia_auth_ldap_group_name_attribute](#authelia_auth_ldap_group_name_attribute) - [authelia_auth_ldap_groups_filter](#authelia_auth_ldap_groups_filter) - [authelia_auth_ldap_mail_attribute](#authelia_auth_ldap_mail_attribute) - [authelia_auth_ldap_start_tls](#authelia_auth_ldap_start_tls) - [authelia_auth_ldap_tls_minimum_version](#authelia_auth_ldap_tls_minimum_version) - [authelia_auth_ldap_tls_skip_verify](#authelia_auth_ldap_tls_skip_verify) - [authelia_auth_ldap_url](#authelia_auth_ldap_url) - [authelia_auth_ldap_username_attribute](#authelia_auth_ldap_username_attribute) - [authelia_auth_ldap_users_filter](#authelia_auth_ldap_users_filter) - [authelia_auth_local_users](#authelia_auth_local_users) - [authelia_base_dir](#authelia_base_dir) - [authelia_bind_ip](#authelia_bind_ip) - [authelia_bind_port](#authelia_bind_port) - [authelia_config_dir](#authelia_config_dir) - [authelia_data_dir](#authelia_data_dir) - [authelia_default_redirection_url](#authelia_default_redirection_url) - [authelia_extra_groups](#authelia_extra_groups) - [authelia_group](#authelia_group) - [authelia_jwt_secret](#authelia_jwt_secret) - [authelia_log_level](#authelia_log_level) - [authelia_notifier_backend](#authelia_notifier_backend) - [authelia_notifier_disable_startup_check](#authelia_notifier_disable_startup_check) - [authelia_notifier_smtp_disable_html_emails](#authelia_notifier_smtp_disable_html_emails) - [authelia_notifier_smtp_disable_require_tls](#authelia_notifier_smtp_disable_require_tls) - [authelia_notifier_smtp_host](#authelia_notifier_smtp_host) - [authelia_notifier_smtp_identifier](#authelia_notifier_smtp_identifier) - [authelia_notifier_smtp_password](#authelia_notifier_smtp_password) - [authelia_notifier_smtp_port](#authelia_notifier_smtp_port) - [authelia_notifier_smtp_sender](#authelia_notifier_smtp_sender) - [authelia_notifier_smtp_startup_check_address](#authelia_notifier_smtp_startup_check_address) - [authelia_notifier_smtp_subject](#authelia_notifier_smtp_subject) - [authelia_notifier_smtp_tls_minimum_version](#authelia_notifier_smtp_tls_minimum_version) - [authelia_notifier_smtp_tls_skip_verify](#authelia_notifier_smtp_tls_skip_verify) - [authelia_notifier_smtp_username](#authelia_notifier_smtp_username) - [authelia_packages](#authelia_packages) - [authelia_portal_url](#authelia_portal_url) - [authelia_read_only_dirs](#authelia_read_only_dirs) - [authelia_regulation_ban_time](#authelia_regulation_ban_time) - [authelia_regulation_find_time](#authelia_regulation_find_time) - [authelia_regulation_max_retries](#authelia_regulation_max_retries) - [authelia_session_backend](#authelia_session_backend) - [authelia_session_domain](#authelia_session_domain) - [authelia_session_expiration](#authelia_session_expiration) - [authelia_session_inactivity](#authelia_session_inactivity) - [authelia_session_name](#authelia_session_name) - [authelia_session_redis_database_index](#authelia_session_redis_database_index) - [authelia_session_redis_host](#authelia_session_redis_host) - [authelia_session_redis_maximum_active_connections](#authelia_session_redis_maximum_active_connections) - [authelia_session_redis_minimum_idle_connections](#authelia_session_redis_minimum_idle_connections) - [authelia_session_redis_port](#authelia_session_redis_port) - [authelia_session_remember_me_duration](#authelia_session_remember_me_duration) - [authelia_session_same_site](#authelia_session_same_site) - [authelia_session_secret](#authelia_session_secret) - [authelia_storage_backend](#authelia_storage_backend) - [authelia_storage_db_host](#authelia_storage_db_host) - [authelia_storage_db_name](#authelia_storage_db_name) - [authelia_storage_db_password](#authelia_storage_db_password) - [authelia_storage_db_port](#authelia_storage_db_port) - [authelia_storage_db_sslmode](#authelia_storage_db_sslmode) - [authelia_storage_db_username](#authelia_storage_db_username) - [authelia_storage_encryption_key](#authelia_storage_encryption_key) - [authelia_theme](#authelia_theme) - [authelia_totp_issuer](#authelia_totp_issuer) - [authelia_totp_period](#authelia_totp_period) - [authelia_totp_skew](#authelia_totp_skew) - [authelia_user](#authelia_user) - [authelia_user_home](#authelia_user_home) - [authelia_version](#authelia_version) - [Dependencies](#dependencies) --- ## Default Variables ### authelia_access_control_default_policy #### Default value ```YAML authelia_access_control_default_policy: one_factor ``` ### authelia_access_control_networks #### Default value ```YAML authelia_access_control_networks: [] ``` ### authelia_access_control_rules #### Default value ```YAML authelia_access_control_rules: [] ``` ### authelia_auth_backend Set authentication backend. Available options are `local|ldap`. All `authelia_auth_ldap_` variables will only work while the LDAP auth backend is enabled. #### Default value ```YAML authelia_auth_backend: local ``` ### authelia_auth_backend_disable_reset_password #### Default value ```YAML authelia_auth_backend_disable_reset_password: false ``` ### authelia_auth_ldap_additional_groups_dn #### Default value ```YAML authelia_auth_ldap_additional_groups_dn: ou=groups ``` ### authelia_auth_ldap_additional_users_dn #### Default value ```YAML authelia_auth_ldap_additional_users_dn: ou=users ``` ### authelia_auth_ldap_base_dn #### Default value ```YAML authelia_auth_ldap_base_dn: dc=example,dc=com ``` ### authelia_auth_ldap_bind_password #### Default value ```YAML authelia_auth_ldap_bind_password: password ``` ### authelia_auth_ldap_bind_user #### Default value ```YAML authelia_auth_ldap_bind_user: cn=admin,dc=example,dc=com ``` ### authelia_auth_ldap_display_name_attribute #### Default value ```YAML authelia_auth_ldap_display_name_attribute: displayname ``` ### authelia_auth_ldap_group_name_attribute #### Default value ```YAML authelia_auth_ldap_group_name_attribute: cn ``` ### authelia_auth_ldap_groups_filter #### Default value ```YAML authelia_auth_ldap_groups_filter: (&(member={dn})(objectclass=groupOfNames)) ``` ### authelia_auth_ldap_mail_attribute #### Default value ```YAML authelia_auth_ldap_mail_attribute: mail ``` ### authelia_auth_ldap_start_tls #### Default value ```YAML authelia_auth_ldap_start_tls: false ``` ### authelia_auth_ldap_tls_minimum_version #### Default value ```YAML authelia_auth_ldap_tls_minimum_version: TLS1.2 ``` ### authelia_auth_ldap_tls_skip_verify #### Default value ```YAML authelia_auth_ldap_tls_skip_verify: false ``` ### authelia_auth_ldap_url #### Default value ```YAML authelia_auth_ldap_url: ldap://127.0.0.1 ``` ### authelia_auth_ldap_username_attribute #### Default value ```YAML authelia_auth_ldap_username_attribute: uid ``` ### authelia_auth_ldap_users_filter #### Default value ```YAML authelia_auth_ldap_users_filter: (&({username_attribute}={input})(objectClass=person)) ``` ### authelia_auth_local_users #### Default value ```YAML authelia_auth_local_users: [] ``` ### authelia_base_dir #### Default value ```YAML authelia_base_dir: /opt/authelia ``` ### authelia_bind_ip #### Default value ```YAML authelia_bind_ip: 127.0.0.1 ``` ### authelia_bind_port #### Default value ```YAML authelia_bind_port: 61000 ``` ### authelia_config_dir #### Default value ```YAML authelia_config_dir: '{{ authelia_base_dir }}/conf' ``` ### authelia_data_dir #### Default value ```YAML authelia_data_dir: '{{ authelia_base_dir }}/data' ``` ### authelia_default_redirection_url Specifies the default redirection URL Authelia will use in case a referer is missing. #### Default value ```YAML authelia_default_redirection_url: _unset_ ``` #### Example usage ```YAML authelia_default_redirection_url: https://github.com ``` ### authelia_extra_groups #### Default value ```YAML authelia_extra_groups: [] ``` ### authelia_group #### Default value ```YAML authelia_group: '{{ authelia_user }}' ``` ### authelia_jwt_secret #### Default value ```YAML authelia_jwt_secret: a_very_important_secret ``` ### authelia_log_level #### Default value ```YAML authelia_log_level: error ``` ### authelia_notifier_backend Set notifier backend. Available options are `local|smtp`. All `authelia_notifier_smtp_` variables will only work while the SMTP backend is enabled. #### Default value ```YAML authelia_notifier_backend: local ``` ### authelia_notifier_disable_startup_check #### Default value ```YAML authelia_notifier_disable_startup_check: false ``` ### authelia_notifier_smtp_disable_html_emails #### Default value ```YAML authelia_notifier_smtp_disable_html_emails: false ``` ### authelia_notifier_smtp_disable_require_tls #### Default value ```YAML authelia_notifier_smtp_disable_require_tls: false ``` ### authelia_notifier_smtp_host #### Default value ```YAML authelia_notifier_smtp_host: 127.0.0.1 ``` ### authelia_notifier_smtp_identifier #### Default value ```YAML authelia_notifier_smtp_identifier: localhost ``` ### authelia_notifier_smtp_password #### Default value ```YAML authelia_notifier_smtp_password: password ``` ### authelia_notifier_smtp_port #### Default value ```YAML authelia_notifier_smtp_port: 1025 ``` ### authelia_notifier_smtp_sender #### Default value ```YAML authelia_notifier_smtp_sender: admin@example.com ``` ### authelia_notifier_smtp_startup_check_address #### Default value ```YAML authelia_notifier_smtp_startup_check_address: test@authelia.com ``` ### authelia_notifier_smtp_subject #### Default value ```YAML authelia_notifier_smtp_subject: '[Authelia] {title}' ``` ### authelia_notifier_smtp_tls_minimum_version #### Default value ```YAML authelia_notifier_smtp_tls_minimum_version: TLS1.2 ``` ### authelia_notifier_smtp_tls_skip_verify #### Default value ```YAML authelia_notifier_smtp_tls_skip_verify: false ``` ### authelia_notifier_smtp_username #### Default value ```YAML authelia_notifier_smtp_username: test ``` ### authelia_packages #### Default value ```YAML authelia_packages: - tar ``` ### authelia_portal_url #### Default value ```YAML authelia_portal_url: http://localhost:61000/ ``` ### authelia_read_only_dirs #### Default value ```YAML authelia_read_only_dirs: [] ``` ### authelia_regulation_ban_time #### Default value ```YAML authelia_regulation_ban_time: 5m ``` ### authelia_regulation_find_time #### Default value ```YAML authelia_regulation_find_time: 2m ``` ### authelia_regulation_max_retries #### Default value ```YAML authelia_regulation_max_retries: 3 ``` ### authelia_session_backend Set session backend. Available options are `local|redis`. All `authelia_session_redis_` variables will only work while the Redis backend is enabled. #### Default value ```YAML authelia_session_backend: local ``` ### authelia_session_domain #### Default value ```YAML authelia_session_domain: example.com ``` ### authelia_session_expiration #### Default value ```YAML authelia_session_expiration: 1h ``` ### authelia_session_inactivity #### Default value ```YAML authelia_session_inactivity: 5m ``` ### authelia_session_name #### Default value ```YAML authelia_session_name: authelia_session ``` ### authelia_session_redis_database_index #### Default value ```YAML authelia_session_redis_database_index: 0 ``` ### authelia_session_redis_host #### Default value ```YAML authelia_session_redis_host: 127.0.0.1 ``` ### authelia_session_redis_maximum_active_connections #### Default value ```YAML authelia_session_redis_maximum_active_connections: 8 ``` ### authelia_session_redis_minimum_idle_connections #### Default value ```YAML authelia_session_redis_minimum_idle_connections: 0 ``` ### authelia_session_redis_port #### Default value ```YAML authelia_session_redis_port: 6379 ``` ### authelia_session_remember_me_duration #### Default value ```YAML authelia_session_remember_me_duration: 1M ``` ### authelia_session_same_site #### Default value ```YAML authelia_session_same_site: lax ``` ### authelia_session_secret #### Default value ```YAML authelia_session_secret: insecure_session_secret ``` ### authelia_storage_backend Set storage backend. Available options are `local|postgres`. All `authelia_storage_db_` variables will only work while the PostgreSQL backend is enabled. #### Default value ```YAML authelia_storage_backend: local ``` ### authelia_storage_db_host #### Default value ```YAML authelia_storage_db_host: 127.0.0.1 ``` ### authelia_storage_db_name #### Default value ```YAML authelia_storage_db_name: authelia ``` ### authelia_storage_db_password #### Default value ```YAML authelia_storage_db_password: mypassword ``` ### authelia_storage_db_port #### Default value ```YAML authelia_storage_db_port: 5432 ``` ### authelia_storage_db_sslmode #### Default value ```YAML authelia_storage_db_sslmode: disable ``` ### authelia_storage_db_username #### Default value ```YAML authelia_storage_db_username: authelia ``` ### authelia_storage_encryption_key The encryption key used to encrypt data in the database. The minimum length of this key is 20 characters, however we generally recommend above 64 characters. For security reasons, it's highly recommended to create a unique key. #### Default value ```YAML authelia_storage_encryption_key: bp33fh3cTswzdMndXrrVMrLd ``` ### authelia_theme #### Default value ```YAML authelia_theme: light ``` ### authelia_totp_issuer #### Default value ```YAML authelia_totp_issuer: "{{ authelia_portal_url | urlsplit('hostname') }}" ``` ### authelia_totp_period #### Default value ```YAML authelia_totp_period: 30 ``` ### authelia_totp_skew #### Default value ```YAML authelia_totp_skew: 1 ``` ### authelia_user #### Default value ```YAML authelia_user: authelia_adm ``` ### authelia_user_home #### Default value ```YAML authelia_user_home: /home/{{ authelia_user }} ``` ### authelia_version #### Default value ```YAML authelia_version: 4.33.1 ``` ## Dependencies None.