Robert Kaussow
e77b2ffb23
Author: Robert Kaussow <mail@thegeeklab.de> Date: Sun May 30 23:42:39 2021 +0200 first commit
729 lines
14 KiB
Markdown
729 lines
14 KiB
Markdown
---
|
|
title: authelia
|
|
type: docs
|
|
---
|
|
|
|
[![Source Code](https://img.shields.io/badge/gitea-source%20code-blue?logo=gitea&logoColor=white)](https://gitea.rknet.org/ansible/xoxys.authelia) [![Build Status](https://img.shields.io/drone/build/ansible/xoxys.authelia?logo=drone&server=https%3A%2F%2Fdrone.rknet.org)](https://drone.rknet.org/ansible/xoxys.authelia) [![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg?label=license)](https://gitea.rknet.org/ansible/xoxys.authelia/src/branch/master/LICENSE)
|
|
|
|
Setup Authelia authentication and authorization server.
|
|
|
|
* [Default Variables](#default-variables)
|
|
* [authelia_access_control_default_policy](#authelia_access_control_default_policy)
|
|
* [authelia_access_control_networks](#authelia_access_control_networks)
|
|
* [authelia_access_control_rules](#authelia_access_control_rules)
|
|
* [authelia_auth_backend](#authelia_auth_backend)
|
|
* [authelia_auth_ldap_additional_groups_dn](#authelia_auth_ldap_additional_groups_dn)
|
|
* [authelia_auth_ldap_additional_users_dn](#authelia_auth_ldap_additional_users_dn)
|
|
* [authelia_auth_ldap_base_dn](#authelia_auth_ldap_base_dn)
|
|
* [authelia_auth_ldap_bind_password](#authelia_auth_ldap_bind_password)
|
|
* [authelia_auth_ldap_bind_user](#authelia_auth_ldap_bind_user)
|
|
* [authelia_auth_ldap_display_name_attribute](#authelia_auth_ldap_display_name_attribute)
|
|
* [authelia_auth_ldap_group_name_attribute](#authelia_auth_ldap_group_name_attribute)
|
|
* [authelia_auth_ldap_groups_filter](#authelia_auth_ldap_groups_filter)
|
|
* [authelia_auth_ldap_mail_attribute](#authelia_auth_ldap_mail_attribute)
|
|
* [authelia_auth_ldap_start_tls](#authelia_auth_ldap_start_tls)
|
|
* [authelia_auth_ldap_tls_minimum_version](#authelia_auth_ldap_tls_minimum_version)
|
|
* [authelia_auth_ldap_tls_skip_verify](#authelia_auth_ldap_tls_skip_verify)
|
|
* [authelia_auth_ldap_url](#authelia_auth_ldap_url)
|
|
* [authelia_auth_ldap_username_attribute](#authelia_auth_ldap_username_attribute)
|
|
* [authelia_auth_ldap_users_filter](#authelia_auth_ldap_users_filter)
|
|
* [authelia_auth_local_users](#authelia_auth_local_users)
|
|
* [authelia_base_dir](#authelia_base_dir)
|
|
* [authelia_bind_ip](#authelia_bind_ip)
|
|
* [authelia_bind_port](#authelia_bind_port)
|
|
* [authelia_config_dir](#authelia_config_dir)
|
|
* [authelia_data_dir](#authelia_data_dir)
|
|
* [authelia_default_redirection_url](#authelia_default_redirection_url)
|
|
* [authelia_extra_groups](#authelia_extra_groups)
|
|
* [authelia_group](#authelia_group)
|
|
* [authelia_jwt_secret](#authelia_jwt_secret)
|
|
* [authelia_log_level](#authelia_log_level)
|
|
* [authelia_notifier_backend](#authelia_notifier_backend)
|
|
* [authelia_notifier_disable_startup_check](#authelia_notifier_disable_startup_check)
|
|
* [authelia_notifier_smtp_disable_html_emails](#authelia_notifier_smtp_disable_html_emails)
|
|
* [authelia_notifier_smtp_disable_require_tls](#authelia_notifier_smtp_disable_require_tls)
|
|
* [authelia_notifier_smtp_host](#authelia_notifier_smtp_host)
|
|
* [authelia_notifier_smtp_identifier](#authelia_notifier_smtp_identifier)
|
|
* [authelia_notifier_smtp_password](#authelia_notifier_smtp_password)
|
|
* [authelia_notifier_smtp_port](#authelia_notifier_smtp_port)
|
|
* [authelia_notifier_smtp_sender](#authelia_notifier_smtp_sender)
|
|
* [authelia_notifier_smtp_startup_check_address](#authelia_notifier_smtp_startup_check_address)
|
|
* [authelia_notifier_smtp_subject](#authelia_notifier_smtp_subject)
|
|
* [authelia_notifier_smtp_tls_minimum_version](#authelia_notifier_smtp_tls_minimum_version)
|
|
* [authelia_notifier_smtp_tls_skip_verify](#authelia_notifier_smtp_tls_skip_verify)
|
|
* [authelia_notifier_smtp_username](#authelia_notifier_smtp_username)
|
|
* [authelia_packages](#authelia_packages)
|
|
* [authelia_portal_url](#authelia_portal_url)
|
|
* [authelia_read_only_dirs](#authelia_read_only_dirs)
|
|
* [authelia_regulation_ban_time](#authelia_regulation_ban_time)
|
|
* [authelia_regulation_find_time](#authelia_regulation_find_time)
|
|
* [authelia_regulation_max_retries](#authelia_regulation_max_retries)
|
|
* [authelia_session_backend](#authelia_session_backend)
|
|
* [authelia_session_domain](#authelia_session_domain)
|
|
* [authelia_session_expiration](#authelia_session_expiration)
|
|
* [authelia_session_inactivity](#authelia_session_inactivity)
|
|
* [authelia_session_name](#authelia_session_name)
|
|
* [authelia_session_redis_database_index](#authelia_session_redis_database_index)
|
|
* [authelia_session_redis_host](#authelia_session_redis_host)
|
|
* [authelia_session_redis_maximum_active_connections](#authelia_session_redis_maximum_active_connections)
|
|
* [authelia_session_redis_minimum_idle_connections](#authelia_session_redis_minimum_idle_connections)
|
|
* [authelia_session_redis_port](#authelia_session_redis_port)
|
|
* [authelia_session_remember_me_duration](#authelia_session_remember_me_duration)
|
|
* [authelia_session_same_site](#authelia_session_same_site)
|
|
* [authelia_session_secret](#authelia_session_secret)
|
|
* [authelia_storage_backend](#authelia_storage_backend)
|
|
* [authelia_storage_db_host](#authelia_storage_db_host)
|
|
* [authelia_storage_db_name](#authelia_storage_db_name)
|
|
* [authelia_storage_db_password](#authelia_storage_db_password)
|
|
* [authelia_storage_db_port](#authelia_storage_db_port)
|
|
* [authelia_storage_db_sslmode](#authelia_storage_db_sslmode)
|
|
* [authelia_storage_db_username](#authelia_storage_db_username)
|
|
* [authelia_theme](#authelia_theme)
|
|
* [authelia_totp_issuer](#authelia_totp_issuer)
|
|
* [authelia_totp_period](#authelia_totp_period)
|
|
* [authelia_totp_skew](#authelia_totp_skew)
|
|
* [authelia_user](#authelia_user)
|
|
* [authelia_user_home](#authelia_user_home)
|
|
* [authelia_version](#authelia_version)
|
|
* [Dependencies](#dependencies)
|
|
|
|
---
|
|
|
|
## Default Variables
|
|
|
|
### authelia_access_control_default_policy
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_access_control_default_policy: one_factor
|
|
```
|
|
|
|
### authelia_access_control_networks
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_access_control_networks: []
|
|
```
|
|
|
|
### authelia_access_control_rules
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_access_control_rules: []
|
|
```
|
|
|
|
### authelia_auth_backend
|
|
|
|
Set authentication backend. Available options are `local|ldap`. All `authelia_auth_ldap_` variables will only work while the LDAP auth backend is enabled.
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_auth_backend: local
|
|
```
|
|
|
|
### authelia_auth_ldap_additional_groups_dn
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_auth_ldap_additional_groups_dn: ou=groups
|
|
```
|
|
|
|
### authelia_auth_ldap_additional_users_dn
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_auth_ldap_additional_users_dn: ou=users
|
|
```
|
|
|
|
### authelia_auth_ldap_base_dn
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_auth_ldap_base_dn: dc=example,dc=com
|
|
```
|
|
|
|
### authelia_auth_ldap_bind_password
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_auth_ldap_bind_password: password
|
|
```
|
|
|
|
### authelia_auth_ldap_bind_user
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_auth_ldap_bind_user: cn=admin,dc=example,dc=com
|
|
```
|
|
|
|
### authelia_auth_ldap_display_name_attribute
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_auth_ldap_display_name_attribute: displayname
|
|
```
|
|
|
|
### authelia_auth_ldap_group_name_attribute
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_auth_ldap_group_name_attribute: cn
|
|
```
|
|
|
|
### authelia_auth_ldap_groups_filter
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_auth_ldap_groups_filter: (&(member={dn})(objectclass=groupOfNames))
|
|
```
|
|
|
|
### authelia_auth_ldap_mail_attribute
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_auth_ldap_mail_attribute: mail
|
|
```
|
|
|
|
### authelia_auth_ldap_start_tls
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_auth_ldap_start_tls: false
|
|
```
|
|
|
|
### authelia_auth_ldap_tls_minimum_version
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_auth_ldap_tls_minimum_version: TLS1.2
|
|
```
|
|
|
|
### authelia_auth_ldap_tls_skip_verify
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_auth_ldap_tls_skip_verify: false
|
|
```
|
|
|
|
### authelia_auth_ldap_url
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_auth_ldap_url: ldap://127.0.0.1
|
|
```
|
|
|
|
### authelia_auth_ldap_username_attribute
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_auth_ldap_username_attribute: uid
|
|
```
|
|
|
|
### authelia_auth_ldap_users_filter
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_auth_ldap_users_filter: (&({username_attribute}={input})(objectClass=person))
|
|
```
|
|
|
|
### authelia_auth_local_users
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_auth_local_users: []
|
|
```
|
|
|
|
### authelia_base_dir
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_base_dir: /opt/authelia
|
|
```
|
|
|
|
### authelia_bind_ip
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_bind_ip: 127.0.0.1
|
|
```
|
|
|
|
### authelia_bind_port
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_bind_port: 61000
|
|
```
|
|
|
|
### authelia_config_dir
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_config_dir: '{{ authelia_base_dir }}/conf'
|
|
```
|
|
|
|
### authelia_data_dir
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_data_dir: '{{ authelia_base_dir }}/data'
|
|
```
|
|
|
|
### authelia_default_redirection_url
|
|
|
|
Specifies the default redirection URL Authelia will use in case a referer is missing.
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_default_redirection_url: _unset_
|
|
```
|
|
|
|
#### Example usage
|
|
|
|
```YAML
|
|
authelia_default_redirection_url: https://github.com
|
|
```
|
|
|
|
### authelia_extra_groups
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_extra_groups: []
|
|
```
|
|
|
|
### authelia_group
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_group: '{{ authelia_user }}'
|
|
```
|
|
|
|
### authelia_jwt_secret
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_jwt_secret: a_very_important_secret
|
|
```
|
|
|
|
### authelia_log_level
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_log_level: error
|
|
```
|
|
|
|
### authelia_notifier_backend
|
|
|
|
Set notifier backend. Available options are `local|smtp`. All `authelia_notifier_smtp_` variables will only work while the SMTP backend is enabled.
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_notifier_backend: local
|
|
```
|
|
|
|
### authelia_notifier_disable_startup_check
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_notifier_disable_startup_check: false
|
|
```
|
|
|
|
### authelia_notifier_smtp_disable_html_emails
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_notifier_smtp_disable_html_emails: false
|
|
```
|
|
|
|
### authelia_notifier_smtp_disable_require_tls
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_notifier_smtp_disable_require_tls: false
|
|
```
|
|
|
|
### authelia_notifier_smtp_host
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_notifier_smtp_host: 127.0.0.1
|
|
```
|
|
|
|
### authelia_notifier_smtp_identifier
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_notifier_smtp_identifier: localhost
|
|
```
|
|
|
|
### authelia_notifier_smtp_password
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_notifier_smtp_password: password
|
|
```
|
|
|
|
### authelia_notifier_smtp_port
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_notifier_smtp_port: 1025
|
|
```
|
|
|
|
### authelia_notifier_smtp_sender
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_notifier_smtp_sender: admin@example.com
|
|
```
|
|
|
|
### authelia_notifier_smtp_startup_check_address
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_notifier_smtp_startup_check_address: test@authelia.com
|
|
```
|
|
|
|
### authelia_notifier_smtp_subject
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_notifier_smtp_subject: '[Authelia] {title}'
|
|
```
|
|
|
|
### authelia_notifier_smtp_tls_minimum_version
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_notifier_smtp_tls_minimum_version: TLS1.2
|
|
```
|
|
|
|
### authelia_notifier_smtp_tls_skip_verify
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_notifier_smtp_tls_skip_verify: false
|
|
```
|
|
|
|
### authelia_notifier_smtp_username
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_notifier_smtp_username: test
|
|
```
|
|
|
|
### authelia_packages
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_packages: []
|
|
```
|
|
|
|
### authelia_portal_url
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_portal_url: http://localhost:61000/
|
|
```
|
|
|
|
### authelia_read_only_dirs
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_read_only_dirs: []
|
|
```
|
|
|
|
### authelia_regulation_ban_time
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_regulation_ban_time: 5m
|
|
```
|
|
|
|
### authelia_regulation_find_time
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_regulation_find_time: 2m
|
|
```
|
|
|
|
### authelia_regulation_max_retries
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_regulation_max_retries: 3
|
|
```
|
|
|
|
### authelia_session_backend
|
|
|
|
Set session backend. Available options are `local|redis`. All `authelia_session_redis_` variables will only work while the Redis backend is enabled.
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_session_backend: local
|
|
```
|
|
|
|
### authelia_session_domain
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_session_domain: example.com
|
|
```
|
|
|
|
### authelia_session_expiration
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_session_expiration: 1h
|
|
```
|
|
|
|
### authelia_session_inactivity
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_session_inactivity: 5m
|
|
```
|
|
|
|
### authelia_session_name
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_session_name: authelia_session
|
|
```
|
|
|
|
### authelia_session_redis_database_index
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_session_redis_database_index: 0
|
|
```
|
|
|
|
### authelia_session_redis_host
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_session_redis_host: 127.0.0.1
|
|
```
|
|
|
|
### authelia_session_redis_maximum_active_connections
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_session_redis_maximum_active_connections: 8
|
|
```
|
|
|
|
### authelia_session_redis_minimum_idle_connections
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_session_redis_minimum_idle_connections: 0
|
|
```
|
|
|
|
### authelia_session_redis_port
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_session_redis_port: 6379
|
|
```
|
|
|
|
### authelia_session_remember_me_duration
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_session_remember_me_duration: 1M
|
|
```
|
|
|
|
### authelia_session_same_site
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_session_same_site: lax
|
|
```
|
|
|
|
### authelia_session_secret
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_session_secret: insecure_session_secret
|
|
```
|
|
|
|
### authelia_storage_backend
|
|
|
|
Set storage backend. Available options are `local|postgres`. All `authelia_storage_db_` variables will only work while the PostgreSQL backend is enabled.
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_storage_backend: local
|
|
```
|
|
|
|
### authelia_storage_db_host
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_storage_db_host: 127.0.0.1
|
|
```
|
|
|
|
### authelia_storage_db_name
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_storage_db_name: authelia
|
|
```
|
|
|
|
### authelia_storage_db_password
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_storage_db_password: mypassword
|
|
```
|
|
|
|
### authelia_storage_db_port
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_storage_db_port: 5432
|
|
```
|
|
|
|
### authelia_storage_db_sslmode
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_storage_db_sslmode: disable
|
|
```
|
|
|
|
### authelia_storage_db_username
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_storage_db_username: authelia
|
|
```
|
|
|
|
### authelia_theme
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_theme: light
|
|
```
|
|
|
|
### authelia_totp_issuer
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_totp_issuer: "{{ authelia_portal_url | urlsplit('hostname') }}"
|
|
```
|
|
|
|
### authelia_totp_period
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_totp_period: 30
|
|
```
|
|
|
|
### authelia_totp_skew
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_totp_skew: 1
|
|
```
|
|
|
|
### authelia_user
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_user: authelia_adm
|
|
```
|
|
|
|
### authelia_user_home
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_user_home: /home/{{ authelia_user }}
|
|
```
|
|
|
|
### authelia_version
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
authelia_version: 4.29.4
|
|
```
|
|
|
|
## Dependencies
|
|
|
|
None.
|