749 lines
15 KiB
Markdown
749 lines
15 KiB
Markdown
---
|
|
title: authelia
|
|
type: docs
|
|
---
|
|
|
|
[![Source Code](https://img.shields.io/badge/gitea-source%20code-blue?logo=gitea&logoColor=white)](https://gitea.rknet.org/ansible/xoxys.authelia) [![Build Status](https://img.shields.io/drone/build/ansible/xoxys.authelia?logo=drone&server=https%3A%2F%2Fdrone.rknet.org)](https://drone.rknet.org/ansible/xoxys.authelia) [![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg?label=license)](https://gitea.rknet.org/ansible/xoxys.authelia/src/branch/master/LICENSE)
|
|
|
|
Setup Authelia authentication and authorization server.
|
|
|
|
* [Default Variables](#default-variables)
|
|
* [authelia_access_control_default_policy](#authelia_access_control_default_policy)
|
|
* [authelia_access_control_networks](#authelia_access_control_networks)
|
|
* [authelia_access_control_rules](#authelia_access_control_rules)
|
|
* [authelia_auth_backend](#authelia_auth_backend)
|
|
* [authelia_auth_backend_disable_reset_password](#authelia_auth_backend_disable_reset_password)
|
|
* [authelia_auth_ldap_additional_groups_dn](#authelia_auth_ldap_additional_groups_dn)
|
|
* [authelia_auth_ldap_additional_users_dn](#authelia_auth_ldap_additional_users_dn)
|
|
* [authelia_auth_ldap_base_dn](#authelia_auth_ldap_base_dn)
|
|
* [authelia_auth_ldap_bind_password](#authelia_auth_ldap_bind_password)
|
|
* [authelia_auth_ldap_bind_user](#authelia_auth_ldap_bind_user)
|
|
* [authelia_auth_ldap_display_name_attribute](#authelia_auth_ldap_display_name_attribute)
|
|
* [authelia_auth_ldap_group_name_attribute](#authelia_auth_ldap_group_name_attribute)
|
|
* [authelia_auth_ldap_groups_filter](#authelia_auth_ldap_groups_filter)
|
|
* [authelia_auth_ldap_mail_attribute](#authelia_auth_ldap_mail_attribute)
|
|
* [authelia_auth_ldap_start_tls](#authelia_auth_ldap_start_tls)
|
|
* [authelia_auth_ldap_tls_minimum_version](#authelia_auth_ldap_tls_minimum_version)
|
|
* [authelia_auth_ldap_tls_skip_verify](#authelia_auth_ldap_tls_skip_verify)
|
|
* [authelia_auth_ldap_url](#authelia_auth_ldap_url)
|
|
* [authelia_auth_ldap_username_attribute](#authelia_auth_ldap_username_attribute)
|
|
* [authelia_auth_ldap_users_filter](#authelia_auth_ldap_users_filter)
|
|
* [authelia_auth_local_users](#authelia_auth_local_users)
|
|
* [authelia_base_dir](#authelia_base_dir)
|
|
* [authelia_bind_ip](#authelia_bind_ip)
|
|
* [authelia_bind_port](#authelia_bind_port)
|
|
* [authelia_config_dir](#authelia_config_dir)
|
|
* [authelia_data_dir](#authelia_data_dir)
|
|
* [authelia_default_redirection_url](#authelia_default_redirection_url)
|
|
* [authelia_extra_groups](#authelia_extra_groups)
|
|
* [authelia_group](#authelia_group)
|
|
* [authelia_jwt_secret](#authelia_jwt_secret)
|
|
* [authelia_log_level](#authelia_log_level)
|
|
* [authelia_notifier_backend](#authelia_notifier_backend)
|
|
* [authelia_notifier_disable_startup_check](#authelia_notifier_disable_startup_check)
|
|
* [authelia_notifier_smtp_disable_html_emails](#authelia_notifier_smtp_disable_html_emails)
|
|
* [authelia_notifier_smtp_disable_require_tls](#authelia_notifier_smtp_disable_require_tls)
|
|
* [authelia_notifier_smtp_host](#authelia_notifier_smtp_host)
|
|
* [authelia_notifier_smtp_identifier](#authelia_notifier_smtp_identifier)
|
|
* [authelia_notifier_smtp_password](#authelia_notifier_smtp_password)
|
|
* [authelia_notifier_smtp_port](#authelia_notifier_smtp_port)
|
|
* [authelia_notifier_smtp_sender](#authelia_notifier_smtp_sender)
|
|
* [authelia_notifier_smtp_startup_check_address](#authelia_notifier_smtp_startup_check_address)
|
|
* [authelia_notifier_smtp_subject](#authelia_notifier_smtp_subject)
|
|
* [authelia_notifier_smtp_tls_minimum_version](#authelia_notifier_smtp_tls_minimum_version)
|
|
* [authelia_notifier_smtp_tls_skip_verify](#authelia_notifier_smtp_tls_skip_verify)
|
|
* [authelia_notifier_smtp_username](#authelia_notifier_smtp_username)
|
|
* [authelia_packages](#authelia_packages)
|
|
* [authelia_portal_url](#authelia_portal_url)
|
|
* [authelia_read_only_dirs](#authelia_read_only_dirs)
|
|
* [authelia_regulation_ban_time](#authelia_regulation_ban_time)
|
|
* [authelia_regulation_find_time](#authelia_regulation_find_time)
|
|
* [authelia_regulation_max_retries](#authelia_regulation_max_retries)
|
|
* [authelia_session_backend](#authelia_session_backend)
|
|
* [authelia_session_domain](#authelia_session_domain)
|
|
* [authelia_session_expiration](#authelia_session_expiration)
|
|
* [authelia_session_inactivity](#authelia_session_inactivity)
|
|
* [authelia_session_name](#authelia_session_name)
|
|
* [authelia_session_redis_database_index](#authelia_session_redis_database_index)
|
|
* [authelia_session_redis_host](#authelia_session_redis_host)
|
|
* [authelia_session_redis_maximum_active_connections](#authelia_session_redis_maximum_active_connections)
|
|
* [authelia_session_redis_minimum_idle_connections](#authelia_session_redis_minimum_idle_connections)
|
|
* [authelia_session_redis_port](#authelia_session_redis_port)
|
|
* [authelia_session_remember_me_duration](#authelia_session_remember_me_duration)
|
|
* [authelia_session_same_site](#authelia_session_same_site)
|
|
* [authelia_session_secret](#authelia_session_secret)
|
|
* [authelia_storage_backend](#authelia_storage_backend)
|
|
* [authelia_storage_db_host](#authelia_storage_db_host)
|
|
* [authelia_storage_db_name](#authelia_storage_db_name)
|
|
* [authelia_storage_db_password](#authelia_storage_db_password)
|
|
* [authelia_storage_db_port](#authelia_storage_db_port)
|
|
* [authelia_storage_db_sslmode](#authelia_storage_db_sslmode)
|
|
* [authelia_storage_db_username](#authelia_storage_db_username)
|
|
* [authelia_storage_encryption_key](#authelia_storage_encryption_key)
|
|
* [authelia_theme](#authelia_theme)
|
|
* [authelia_totp_issuer](#authelia_totp_issuer)
|
|
* [authelia_totp_period](#authelia_totp_period)
|
|
* [authelia_totp_skew](#authelia_totp_skew)
|
|
* [authelia_user](#authelia_user)
|
|
* [authelia_user_home](#authelia_user_home)
|
|
* [authelia_version](#authelia_version)
|
|
* [Dependencies](#dependencies)
|
|
|
|
---
|
|
|
|
## Default Variables
|
|
|
|
### authelia_access_control_default_policy
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_access_control_default_policy: one_factor
|
|
```
|
|
|
|
### authelia_access_control_networks
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_access_control_networks: []
|
|
```
|
|
|
|
### authelia_access_control_rules
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_access_control_rules: []
|
|
```
|
|
|
|
### authelia_auth_backend
|
|
|
|
Set authentication backend. Available options are `local|ldap`. All `authelia_auth_ldap_` variables will only work while the LDAP auth backend is enabled.
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_auth_backend: local
|
|
```
|
|
|
|
### authelia_auth_backend_disable_reset_password
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_auth_backend_disable_reset_password: false
|
|
```
|
|
|
|
### authelia_auth_ldap_additional_groups_dn
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_auth_ldap_additional_groups_dn: ou=groups
|
|
```
|
|
|
|
### authelia_auth_ldap_additional_users_dn
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_auth_ldap_additional_users_dn: ou=users
|
|
```
|
|
|
|
### authelia_auth_ldap_base_dn
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_auth_ldap_base_dn: dc=example,dc=com
|
|
```
|
|
|
|
### authelia_auth_ldap_bind_password
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_auth_ldap_bind_password: password
|
|
```
|
|
|
|
### authelia_auth_ldap_bind_user
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_auth_ldap_bind_user: cn=admin,dc=example,dc=com
|
|
```
|
|
|
|
### authelia_auth_ldap_display_name_attribute
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_auth_ldap_display_name_attribute: displayname
|
|
```
|
|
|
|
### authelia_auth_ldap_group_name_attribute
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_auth_ldap_group_name_attribute: cn
|
|
```
|
|
|
|
### authelia_auth_ldap_groups_filter
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_auth_ldap_groups_filter: (&(member={dn})(objectclass=groupOfNames))
|
|
```
|
|
|
|
### authelia_auth_ldap_mail_attribute
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_auth_ldap_mail_attribute: mail
|
|
```
|
|
|
|
### authelia_auth_ldap_start_tls
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_auth_ldap_start_tls: false
|
|
```
|
|
|
|
### authelia_auth_ldap_tls_minimum_version
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_auth_ldap_tls_minimum_version: TLS1.2
|
|
```
|
|
|
|
### authelia_auth_ldap_tls_skip_verify
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_auth_ldap_tls_skip_verify: false
|
|
```
|
|
|
|
### authelia_auth_ldap_url
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_auth_ldap_url: ldap://127.0.0.1
|
|
```
|
|
|
|
### authelia_auth_ldap_username_attribute
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_auth_ldap_username_attribute: uid
|
|
```
|
|
|
|
### authelia_auth_ldap_users_filter
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_auth_ldap_users_filter: (&({username_attribute}={input})(objectClass=person))
|
|
```
|
|
|
|
### authelia_auth_local_users
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_auth_local_users: []
|
|
```
|
|
|
|
### authelia_base_dir
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_base_dir: /opt/authelia
|
|
```
|
|
|
|
### authelia_bind_ip
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_bind_ip: 127.0.0.1
|
|
```
|
|
|
|
### authelia_bind_port
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_bind_port: 61000
|
|
```
|
|
|
|
### authelia_config_dir
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_config_dir: '{{ authelia_base_dir }}/conf'
|
|
```
|
|
|
|
### authelia_data_dir
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_data_dir: '{{ authelia_base_dir }}/data'
|
|
```
|
|
|
|
### authelia_default_redirection_url
|
|
|
|
Specifies the default redirection URL Authelia will use in case a referer is missing.
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_default_redirection_url: _unset_
|
|
```
|
|
|
|
#### Example usage
|
|
|
|
```YAML
|
|
authelia_default_redirection_url: https://github.com
|
|
```
|
|
|
|
### authelia_extra_groups
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_extra_groups: []
|
|
```
|
|
|
|
### authelia_group
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_group: '{{ authelia_user }}'
|
|
```
|
|
|
|
### authelia_jwt_secret
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_jwt_secret: a_very_important_secret
|
|
```
|
|
|
|
### authelia_log_level
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_log_level: error
|
|
```
|
|
|
|
### authelia_notifier_backend
|
|
|
|
Set notifier backend. Available options are `local|smtp`. All `authelia_notifier_smtp_` variables will only work while the SMTP backend is enabled.
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_notifier_backend: local
|
|
```
|
|
|
|
### authelia_notifier_disable_startup_check
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_notifier_disable_startup_check: false
|
|
```
|
|
|
|
### authelia_notifier_smtp_disable_html_emails
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_notifier_smtp_disable_html_emails: false
|
|
```
|
|
|
|
### authelia_notifier_smtp_disable_require_tls
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_notifier_smtp_disable_require_tls: false
|
|
```
|
|
|
|
### authelia_notifier_smtp_host
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_notifier_smtp_host: 127.0.0.1
|
|
```
|
|
|
|
### authelia_notifier_smtp_identifier
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_notifier_smtp_identifier: localhost
|
|
```
|
|
|
|
### authelia_notifier_smtp_password
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_notifier_smtp_password: password
|
|
```
|
|
|
|
### authelia_notifier_smtp_port
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_notifier_smtp_port: 1025
|
|
```
|
|
|
|
### authelia_notifier_smtp_sender
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_notifier_smtp_sender: admin@example.com
|
|
```
|
|
|
|
### authelia_notifier_smtp_startup_check_address
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_notifier_smtp_startup_check_address: test@authelia.com
|
|
```
|
|
|
|
### authelia_notifier_smtp_subject
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_notifier_smtp_subject: '[Authelia] {title}'
|
|
```
|
|
|
|
### authelia_notifier_smtp_tls_minimum_version
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_notifier_smtp_tls_minimum_version: TLS1.2
|
|
```
|
|
|
|
### authelia_notifier_smtp_tls_skip_verify
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_notifier_smtp_tls_skip_verify: false
|
|
```
|
|
|
|
### authelia_notifier_smtp_username
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_notifier_smtp_username: test
|
|
```
|
|
|
|
### authelia_packages
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_packages: []
|
|
```
|
|
|
|
### authelia_portal_url
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_portal_url: http://localhost:61000/
|
|
```
|
|
|
|
### authelia_read_only_dirs
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_read_only_dirs: []
|
|
```
|
|
|
|
### authelia_regulation_ban_time
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_regulation_ban_time: 5m
|
|
```
|
|
|
|
### authelia_regulation_find_time
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_regulation_find_time: 2m
|
|
```
|
|
|
|
### authelia_regulation_max_retries
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_regulation_max_retries: 3
|
|
```
|
|
|
|
### authelia_session_backend
|
|
|
|
Set session backend. Available options are `local|redis`. All `authelia_session_redis_` variables will only work while the Redis backend is enabled.
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_session_backend: local
|
|
```
|
|
|
|
### authelia_session_domain
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_session_domain: example.com
|
|
```
|
|
|
|
### authelia_session_expiration
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_session_expiration: 1h
|
|
```
|
|
|
|
### authelia_session_inactivity
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_session_inactivity: 5m
|
|
```
|
|
|
|
### authelia_session_name
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_session_name: authelia_session
|
|
```
|
|
|
|
### authelia_session_redis_database_index
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_session_redis_database_index: 0
|
|
```
|
|
|
|
### authelia_session_redis_host
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_session_redis_host: 127.0.0.1
|
|
```
|
|
|
|
### authelia_session_redis_maximum_active_connections
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_session_redis_maximum_active_connections: 8
|
|
```
|
|
|
|
### authelia_session_redis_minimum_idle_connections
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_session_redis_minimum_idle_connections: 0
|
|
```
|
|
|
|
### authelia_session_redis_port
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_session_redis_port: 6379
|
|
```
|
|
|
|
### authelia_session_remember_me_duration
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_session_remember_me_duration: 1M
|
|
```
|
|
|
|
### authelia_session_same_site
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_session_same_site: lax
|
|
```
|
|
|
|
### authelia_session_secret
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_session_secret: insecure_session_secret
|
|
```
|
|
|
|
### authelia_storage_backend
|
|
|
|
Set storage backend. Available options are `local|postgres`. All `authelia_storage_db_` variables will only work while the PostgreSQL backend is enabled.
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_storage_backend: local
|
|
```
|
|
|
|
### authelia_storage_db_host
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_storage_db_host: 127.0.0.1
|
|
```
|
|
|
|
### authelia_storage_db_name
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_storage_db_name: authelia
|
|
```
|
|
|
|
### authelia_storage_db_password
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_storage_db_password: mypassword
|
|
```
|
|
|
|
### authelia_storage_db_port
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_storage_db_port: 5432
|
|
```
|
|
|
|
### authelia_storage_db_sslmode
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_storage_db_sslmode: disable
|
|
```
|
|
|
|
### authelia_storage_db_username
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_storage_db_username: authelia
|
|
```
|
|
|
|
### authelia_storage_encryption_key
|
|
|
|
The encryption key used to encrypt data in the database. The minimum length of this key is 20 characters, however we generally recommend above 64 characters. For security reasons, it's highly recommended to create a unique key.
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_storage_encryption_key: bp33fh3cTswzdMndXrrVMrLd
|
|
```
|
|
|
|
### authelia_theme
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_theme: light
|
|
```
|
|
|
|
### authelia_totp_issuer
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_totp_issuer: "{{ authelia_portal_url | urlsplit('hostname') }}"
|
|
```
|
|
|
|
### authelia_totp_period
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_totp_period: 30
|
|
```
|
|
|
|
### authelia_totp_skew
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_totp_skew: 1
|
|
```
|
|
|
|
### authelia_user
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_user: authelia_adm
|
|
```
|
|
|
|
### authelia_user_home
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_user_home: /home/{{ authelia_user }}
|
|
```
|
|
|
|
### authelia_version
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_version: 4.33.1
|
|
```
|
|
|
|
## Dependencies
|
|
|
|
None.
|