ansible
/
xoxys.authelia
0
0
Fork 0
Code Issues Pull Requests Releases Activity
xoxys.authelia/index.md

749 lines
15 KiB
Markdown
Raw Blame History

---
title: authelia
type: docs
---
[![Source Code](https://img.shields.io/badge/gitea-source%20code-blue?logo=gitea&logoColor=white)](https://gitea.rknet.org/ansible/xoxys.authelia) [![Build Status](https://img.shields.io/drone/build/ansible/xoxys.authelia?logo=drone&server=https%3A%2F%2Fdrone.rknet.org)](https://drone.rknet.org/ansible/xoxys.authelia) [![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg?label=license)](https://gitea.rknet.org/ansible/xoxys.authelia/src/branch/master/LICENSE)
Setup Authelia authentication and authorization server.
* [Default Variables](#default-variables)
* [authelia_access_control_default_policy](#authelia_access_control_default_policy)
* [authelia_access_control_networks](#authelia_access_control_networks)
* [authelia_access_control_rules](#authelia_access_control_rules)
* [authelia_auth_backend](#authelia_auth_backend)
* [authelia_auth_backend_disable_reset_password](#authelia_auth_backend_disable_reset_password)
* [authelia_auth_ldap_additional_groups_dn](#authelia_auth_ldap_additional_groups_dn)
* [authelia_auth_ldap_additional_users_dn](#authelia_auth_ldap_additional_users_dn)
* [authelia_auth_ldap_base_dn](#authelia_auth_ldap_base_dn)
* [authelia_auth_ldap_bind_password](#authelia_auth_ldap_bind_password)
* [authelia_auth_ldap_bind_user](#authelia_auth_ldap_bind_user)
* [authelia_auth_ldap_display_name_attribute](#authelia_auth_ldap_display_name_attribute)
* [authelia_auth_ldap_group_name_attribute](#authelia_auth_ldap_group_name_attribute)
* [authelia_auth_ldap_groups_filter](#authelia_auth_ldap_groups_filter)
* [authelia_auth_ldap_mail_attribute](#authelia_auth_ldap_mail_attribute)
* [authelia_auth_ldap_start_tls](#authelia_auth_ldap_start_tls)
* [authelia_auth_ldap_tls_minimum_version](#authelia_auth_ldap_tls_minimum_version)
* [authelia_auth_ldap_tls_skip_verify](#authelia_auth_ldap_tls_skip_verify)
* [authelia_auth_ldap_url](#authelia_auth_ldap_url)
* [authelia_auth_ldap_username_attribute](#authelia_auth_ldap_username_attribute)
* [authelia_auth_ldap_users_filter](#authelia_auth_ldap_users_filter)
* [authelia_auth_local_users](#authelia_auth_local_users)
* [authelia_base_dir](#authelia_base_dir)
* [authelia_bind_ip](#authelia_bind_ip)
* [authelia_bind_port](#authelia_bind_port)
* [authelia_config_dir](#authelia_config_dir)
* [authelia_data_dir](#authelia_data_dir)
* [authelia_default_redirection_url](#authelia_default_redirection_url)
* [authelia_extra_groups](#authelia_extra_groups)
* [authelia_group](#authelia_group)
* [authelia_jwt_secret](#authelia_jwt_secret)
* [authelia_log_level](#authelia_log_level)
* [authelia_notifier_backend](#authelia_notifier_backend)
* [authelia_notifier_disable_startup_check](#authelia_notifier_disable_startup_check)
* [authelia_notifier_smtp_disable_html_emails](#authelia_notifier_smtp_disable_html_emails)
* [authelia_notifier_smtp_disable_require_tls](#authelia_notifier_smtp_disable_require_tls)
* [authelia_notifier_smtp_host](#authelia_notifier_smtp_host)
* [authelia_notifier_smtp_identifier](#authelia_notifier_smtp_identifier)
* [authelia_notifier_smtp_password](#authelia_notifier_smtp_password)
* [authelia_notifier_smtp_port](#authelia_notifier_smtp_port)
* [authelia_notifier_smtp_sender](#authelia_notifier_smtp_sender)
* [authelia_notifier_smtp_startup_check_address](#authelia_notifier_smtp_startup_check_address)
* [authelia_notifier_smtp_subject](#authelia_notifier_smtp_subject)
* [authelia_notifier_smtp_tls_minimum_version](#authelia_notifier_smtp_tls_minimum_version)
* [authelia_notifier_smtp_tls_skip_verify](#authelia_notifier_smtp_tls_skip_verify)
* [authelia_notifier_smtp_username](#authelia_notifier_smtp_username)
* [authelia_packages](#authelia_packages)
* [authelia_portal_url](#authelia_portal_url)
* [authelia_read_only_dirs](#authelia_read_only_dirs)
* [authelia_regulation_ban_time](#authelia_regulation_ban_time)
* [authelia_regulation_find_time](#authelia_regulation_find_time)
* [authelia_regulation_max_retries](#authelia_regulation_max_retries)
* [authelia_session_backend](#authelia_session_backend)
* [authelia_session_domain](#authelia_session_domain)
* [authelia_session_expiration](#authelia_session_expiration)
* [authelia_session_inactivity](#authelia_session_inactivity)
* [authelia_session_name](#authelia_session_name)
* [authelia_session_redis_database_index](#authelia_session_redis_database_index)
* [authelia_session_redis_host](#authelia_session_redis_host)
* [authelia_session_redis_maximum_active_connections](#authelia_session_redis_maximum_active_connections)
* [authelia_session_redis_minimum_idle_connections](#authelia_session_redis_minimum_idle_connections)
* [authelia_session_redis_port](#authelia_session_redis_port)
* [authelia_session_remember_me_duration](#authelia_session_remember_me_duration)
* [authelia_session_same_site](#authelia_session_same_site)
* [authelia_session_secret](#authelia_session_secret)
* [authelia_storage_backend](#authelia_storage_backend)
* [authelia_storage_db_host](#authelia_storage_db_host)
* [authelia_storage_db_name](#authelia_storage_db_name)
* [authelia_storage_db_password](#authelia_storage_db_password)
* [authelia_storage_db_port](#authelia_storage_db_port)
* [authelia_storage_db_sslmode](#authelia_storage_db_sslmode)
* [authelia_storage_db_username](#authelia_storage_db_username)
* [authelia_storage_encryption_key](#authelia_storage_encryption_key)
* [authelia_theme](#authelia_theme)
* [authelia_totp_issuer](#authelia_totp_issuer)
* [authelia_totp_period](#authelia_totp_period)
* [authelia_totp_skew](#authelia_totp_skew)
* [authelia_user](#authelia_user)
* [authelia_user_home](#authelia_user_home)
* [authelia_version](#authelia_version)
* [Dependencies](#dependencies)
---
## Default Variables
### authelia_access_control_default_policy
#### Default value
```YAML
authelia_access_control_default_policy: one_factor
```
### authelia_access_control_networks
#### Default value
```YAML
authelia_access_control_networks: []
```
### authelia_access_control_rules
#### Default value
```YAML
authelia_access_control_rules: []
```
### authelia_auth_backend
Set authentication backend. Available options are `local|ldap`. All `authelia_auth_ldap_` variables will only work while the LDAP auth backend is enabled.
#### Default value
```YAML
authelia_auth_backend: local
```
### authelia_auth_backend_disable_reset_password
#### Default value
```YAML
authelia_auth_backend_disable_reset_password: false
```
### authelia_auth_ldap_additional_groups_dn
#### Default value
```YAML
authelia_auth_ldap_additional_groups_dn: ou=groups
```
### authelia_auth_ldap_additional_users_dn
#### Default value
```YAML
authelia_auth_ldap_additional_users_dn: ou=users
```
### authelia_auth_ldap_base_dn
#### Default value
```YAML
authelia_auth_ldap_base_dn: dc=example,dc=com
```
### authelia_auth_ldap_bind_password
#### Default value
```YAML
authelia_auth_ldap_bind_password: password
```
### authelia_auth_ldap_bind_user
#### Default value
```YAML
authelia_auth_ldap_bind_user: cn=admin,dc=example,dc=com
```
### authelia_auth_ldap_display_name_attribute
#### Default value
```YAML
authelia_auth_ldap_display_name_attribute: displayname
```
### authelia_auth_ldap_group_name_attribute
#### Default value
```YAML
authelia_auth_ldap_group_name_attribute: cn
```
### authelia_auth_ldap_groups_filter
#### Default value
```YAML
authelia_auth_ldap_groups_filter: (&(member={dn})(objectclass=groupOfNames))
```
### authelia_auth_ldap_mail_attribute
#### Default value
```YAML
authelia_auth_ldap_mail_attribute: mail
```
### authelia_auth_ldap_start_tls
#### Default value
```YAML
authelia_auth_ldap_start_tls: false
```
### authelia_auth_ldap_tls_minimum_version
#### Default value
```YAML
authelia_auth_ldap_tls_minimum_version: TLS1.2
```
### authelia_auth_ldap_tls_skip_verify
#### Default value
```YAML
authelia_auth_ldap_tls_skip_verify: false
```
### authelia_auth_ldap_url
#### Default value
```YAML
authelia_auth_ldap_url: ldap://127.0.0.1
```
### authelia_auth_ldap_username_attribute
#### Default value
```YAML
authelia_auth_ldap_username_attribute: uid
```
### authelia_auth_ldap_users_filter
#### Default value
```YAML
authelia_auth_ldap_users_filter: (&({username_attribute}={input})(objectClass=person))
```
### authelia_auth_local_users
#### Default value
```YAML
authelia_auth_local_users: []
```
### authelia_base_dir
#### Default value
```YAML
authelia_base_dir: /opt/authelia
```
### authelia_bind_ip
#### Default value
```YAML
authelia_bind_ip: 127.0.0.1
```
### authelia_bind_port
#### Default value
```YAML
authelia_bind_port: 61000
```
### authelia_config_dir
#### Default value
```YAML
authelia_config_dir: '{{ authelia_base_dir }}/conf'
```
### authelia_data_dir
#### Default value
```YAML
authelia_data_dir: '{{ authelia_base_dir }}/data'
```
### authelia_default_redirection_url
Specifies the default redirection URL Authelia will use in case a referer is missing.
#### Default value
```YAML
authelia_default_redirection_url: _unset_
```
#### Example usage
```YAML
authelia_default_redirection_url: https://github.com
```
### authelia_extra_groups
#### Default value
```YAML
authelia_extra_groups: []
```
### authelia_group
#### Default value
```YAML
authelia_group: '{{ authelia_user }}'
```
### authelia_jwt_secret
#### Default value
```YAML
authelia_jwt_secret: a_very_important_secret
```
### authelia_log_level
#### Default value
```YAML
authelia_log_level: error
```
### authelia_notifier_backend
Set notifier backend. Available options are `local|smtp`. All `authelia_notifier_smtp_` variables will only work while the SMTP backend is enabled.
#### Default value
```YAML
authelia_notifier_backend: local
```
### authelia_notifier_disable_startup_check
#### Default value
```YAML
authelia_notifier_disable_startup_check: false
```
### authelia_notifier_smtp_disable_html_emails
#### Default value
```YAML
authelia_notifier_smtp_disable_html_emails: false
```
### authelia_notifier_smtp_disable_require_tls
#### Default value
```YAML
authelia_notifier_smtp_disable_require_tls: false
```
### authelia_notifier_smtp_host
#### Default value
```YAML
authelia_notifier_smtp_host: 127.0.0.1
```
### authelia_notifier_smtp_identifier
#### Default value
```YAML
authelia_notifier_smtp_identifier: localhost
```
### authelia_notifier_smtp_password
#### Default value
```YAML
authelia_notifier_smtp_password: password
```
### authelia_notifier_smtp_port
#### Default value
```YAML
authelia_notifier_smtp_port: 1025
```
### authelia_notifier_smtp_sender
#### Default value
```YAML
authelia_notifier_smtp_sender: admin@example.com
```
### authelia_notifier_smtp_startup_check_address
#### Default value
```YAML
authelia_notifier_smtp_startup_check_address: test@authelia.com
```
### authelia_notifier_smtp_subject
#### Default value
```YAML
authelia_notifier_smtp_subject: '[Authelia] {title}'
```
### authelia_notifier_smtp_tls_minimum_version
#### Default value
```YAML
authelia_notifier_smtp_tls_minimum_version: TLS1.2
```
### authelia_notifier_smtp_tls_skip_verify
#### Default value
```YAML
authelia_notifier_smtp_tls_skip_verify: false
```
### authelia_notifier_smtp_username
#### Default value
```YAML
authelia_notifier_smtp_username: test
```
### authelia_packages
#### Default value
```YAML
authelia_packages: []
```
### authelia_portal_url
#### Default value
```YAML
authelia_portal_url: http://localhost:61000/
```
### authelia_read_only_dirs
#### Default value
```YAML
authelia_read_only_dirs: []
```
### authelia_regulation_ban_time
#### Default value
```YAML
authelia_regulation_ban_time: 5m
```
### authelia_regulation_find_time
#### Default value
```YAML
authelia_regulation_find_time: 2m
```
### authelia_regulation_max_retries
#### Default value
```YAML
authelia_regulation_max_retries: 3
```
### authelia_session_backend
Set session backend. Available options are `local|redis`. All `authelia_session_redis_` variables will only work while the Redis backend is enabled.
#### Default value
```YAML
authelia_session_backend: local
```
### authelia_session_domain
#### Default value
```YAML
authelia_session_domain: example.com
```
### authelia_session_expiration
#### Default value
```YAML
authelia_session_expiration: 1h
```
### authelia_session_inactivity
#### Default value
```YAML
authelia_session_inactivity: 5m
```
### authelia_session_name
#### Default value
```YAML
authelia_session_name: authelia_session
```
### authelia_session_redis_database_index
#### Default value
```YAML
authelia_session_redis_database_index: 0
```
### authelia_session_redis_host
#### Default value
```YAML
authelia_session_redis_host: 127.0.0.1
```
### authelia_session_redis_maximum_active_connections
#### Default value
```YAML
authelia_session_redis_maximum_active_connections: 8
```
### authelia_session_redis_minimum_idle_connections
#### Default value
```YAML
authelia_session_redis_minimum_idle_connections: 0
```
### authelia_session_redis_port
#### Default value
```YAML
authelia_session_redis_port: 6379
```
### authelia_session_remember_me_duration
#### Default value
```YAML
authelia_session_remember_me_duration: 1M
```
### authelia_session_same_site
#### Default value
```YAML
authelia_session_same_site: lax
```
### authelia_session_secret
#### Default value
```YAML
authelia_session_secret: insecure_session_secret
```
### authelia_storage_backend
Set storage backend. Available options are `local|postgres`. All `authelia_storage_db_` variables will only work while the PostgreSQL backend is enabled.
#### Default value
```YAML
authelia_storage_backend: local
```
### authelia_storage_db_host
#### Default value
```YAML
authelia_storage_db_host: 127.0.0.1
```
### authelia_storage_db_name
#### Default value
```YAML
authelia_storage_db_name: authelia
```
### authelia_storage_db_password
#### Default value
```YAML
authelia_storage_db_password: mypassword
```
### authelia_storage_db_port
#### Default value
```YAML
authelia_storage_db_port: 5432
```
### authelia_storage_db_sslmode
#### Default value
```YAML
authelia_storage_db_sslmode: disable
```
### authelia_storage_db_username
#### Default value
```YAML
authelia_storage_db_username: authelia
```
### authelia_storage_encryption_key
The encryption key used to encrypt data in the database. The minimum length of this key is 20 characters, however we generally recommend above 64 characters. For security reasons, it's highly recommended to create a unique key.
#### Default value
```YAML
authelia_storage_encryption_key: bp33fh3cTswzdMndXrrVMrLd
```
### authelia_theme
#### Default value
```YAML
authelia_theme: light
```
### authelia_totp_issuer
#### Default value
```YAML
authelia_totp_issuer: "{{ authelia_portal_url | urlsplit('hostname') }}"
```
### authelia_totp_period
#### Default value
```YAML
authelia_totp_period: 30
```
### authelia_totp_skew
#### Default value
```YAML
authelia_totp_skew: 1
```
### authelia_user
#### Default value
```YAML
authelia_user: authelia_adm
```
### authelia_user_home
#### Default value
```YAML
authelia_user_home: /home/{{ authelia_user }}
```
### authelia_version
#### Default value
```YAML
authelia_version: 4.33.1
```
## Dependencies
None.
Reference in New Issue View Git Blame Copy Permalink