# authelia/config/configuration.yml # run `openssl rand -hex 20` three times and update `jwt_secret`, `session.secret` and `storage.encryption_key` server: host: 0.0.0.0 port: 9091 log: level: info jwt_secret: TODO default_redirection_url: https://auth.example.com totp: issuer: example.com period: 30 skew: 1 #duo_api: ## If you want push notifictions of login attempts you can pay for this feature # hostname: api-123456789.example.com # integration_key: ABCDEF # secret_key: yet-another-long-string-of-characters-and-numbers-and-symbols authentication_backend: password_reset: disable: false file: path: /config/users_database.yml # Make sure this file exists password: algorithm: argon2 argon2: variant: argon2id iterations: 3 salt_length: 16 parallelism: 4 memory: 65536 key_length: 32 access_control: default_policy: deny rules: # Rules applied to everyone - domain: - "auth.example.com" - "nextcloud.home.example.com" - "plex.home.example.com" policy: bypass - domain: # Proxies only requiring username and password - "*.example.com" - "*.*.example.com" policy: two_factor # networks: # - 192.168.1.0/24 session: name: authelia_session # This secret can also be set using the env variables AUTHELIA_SESSION_SECRET_FILE secret: TODO expiration: 3600 # 1 hour inactivity: 7200 # 2 hours remember_me_duration: 1M domain: example.com # Needs to be your root domain redis: host: redis port: 6379 # This secret can also be set using the env variables AUTHELIA_SESSION_REDIS_PASSWORD_FILE # password: authelia regulation: max_retries: 5 find_time: 2m ban_time: 10m theme: dark # options: dark, light storage: encryption_key: TODO local: path: /config/db.sqlite3 notifier: disable_startup_check: false #filesystem: # filename: /config/notification.txt smtp: username: APIKEY password: SECRET host: in-v3.mailjet.com port: 587 sender: auth@example.com subject: "[Authelia] {title}" startup_check_address: admin@example.com