authelia

Setup Authelia authentication and authorization server.

Default Variables
Dependencies

Default Variables

authelia_access_control_default_policy

Default value

authelia_access_control_default_policy: one_factor

authelia_access_control_networks

Default value

authelia_access_control_networks: []

authelia_access_control_rules

Default value

authelia_access_control_rules: []

authelia_auth_backend

Set authentication backend. Available options are local|ldap. All authelia_auth_ldap_ variables will only work while the LDAP auth backend is enabled.

Default value

authelia_auth_backend: local

authelia_auth_backend_disable_reset_password

Default value

authelia_auth_backend_disable_reset_password: false

authelia_auth_ldap_additional_groups_dn

Default value

authelia_auth_ldap_additional_groups_dn: ou=groups

authelia_auth_ldap_additional_users_dn

Default value

authelia_auth_ldap_additional_users_dn: ou=users

authelia_auth_ldap_base_dn

Default value

authelia_auth_ldap_base_dn: dc=example,dc=com

authelia_auth_ldap_bind_password

Default value

authelia_auth_ldap_bind_password: password

authelia_auth_ldap_bind_user

Default value

authelia_auth_ldap_bind_user: cn=admin,dc=example,dc=com

authelia_auth_ldap_display_name_attribute

Default value

authelia_auth_ldap_display_name_attribute: displayname

authelia_auth_ldap_group_name_attribute

Default value

authelia_auth_ldap_group_name_attribute: cn

authelia_auth_ldap_groups_filter

Default value

authelia_auth_ldap_groups_filter: (&(member={dn})(objectclass=groupOfNames))

authelia_auth_ldap_mail_attribute

Default value

authelia_auth_ldap_mail_attribute: mail

authelia_auth_ldap_start_tls

Default value

authelia_auth_ldap_start_tls: false

authelia_auth_ldap_tls_minimum_version

Default value

authelia_auth_ldap_tls_minimum_version: TLS1.2

authelia_auth_ldap_tls_skip_verify

Default value

authelia_auth_ldap_tls_skip_verify: false

authelia_auth_ldap_url

Default value

authelia_auth_ldap_url: ldap://127.0.0.1

authelia_auth_ldap_username_attribute

Default value

authelia_auth_ldap_username_attribute: uid

authelia_auth_ldap_users_filter

Default value

authelia_auth_ldap_users_filter: (&({username_attribute}={input})(objectClass=person))

authelia_auth_local_users

Default value

authelia_auth_local_users: []

authelia_base_dir

Default value

authelia_base_dir: /opt/authelia

authelia_bind_ip

Default value

authelia_bind_ip: 127.0.0.1

authelia_bind_port

Default value

authelia_bind_port: 61000

authelia_config_dir

Default value

authelia_config_dir: '{{ authelia_base_dir }}/conf'

authelia_data_dir

Default value

authelia_data_dir: '{{ authelia_base_dir }}/data'

authelia_default_redirection_url

Specifies the default redirection URL Authelia will use in case a referer is missing.

Default value

authelia_default_redirection_url: _unset_

Example usage

authelia_default_redirection_url: https://github.com

authelia_extra_groups

Default value

authelia_extra_groups: []

authelia_group

Default value

authelia_group: '{{ authelia_user }}'

authelia_jwt_secret

Default value

authelia_jwt_secret: a_very_important_secret

authelia_log_level

Default value

authelia_log_level: error

authelia_notifier_backend

Set notifier backend. Available options are local|smtp. All authelia_notifier_smtp_ variables will only work while the SMTP backend is enabled.

Default value

authelia_notifier_backend: local

authelia_notifier_disable_startup_check

Default value

authelia_notifier_disable_startup_check: false

authelia_notifier_smtp_disable_html_emails

Default value

authelia_notifier_smtp_disable_html_emails: false

authelia_notifier_smtp_disable_require_tls

Default value

authelia_notifier_smtp_disable_require_tls: false

authelia_notifier_smtp_host

Default value

authelia_notifier_smtp_host: 127.0.0.1

authelia_notifier_smtp_identifier

Default value

authelia_notifier_smtp_identifier: localhost

authelia_notifier_smtp_password

Default value

authelia_notifier_smtp_password: password

authelia_notifier_smtp_port

Default value

authelia_notifier_smtp_port: 1025

authelia_notifier_smtp_sender

Default value

authelia_notifier_smtp_sender: admin@example.com

authelia_notifier_smtp_startup_check_address

Default value

authelia_notifier_smtp_startup_check_address: test@authelia.com

authelia_notifier_smtp_subject

Default value

authelia_notifier_smtp_subject: '[Authelia] {title}'

authelia_notifier_smtp_tls_minimum_version

Default value

authelia_notifier_smtp_tls_minimum_version: TLS1.2

authelia_notifier_smtp_tls_skip_verify

Default value

authelia_notifier_smtp_tls_skip_verify: false

authelia_notifier_smtp_username

Default value

authelia_notifier_smtp_username: test

authelia_packages

Default value

authelia_packages:
  - tar

authelia_portal_url

Default value

authelia_portal_url: http://localhost:61000/

authelia_read_only_dirs

Default value

authelia_read_only_dirs: []

authelia_regulation_ban_time

Default value

authelia_regulation_ban_time: 5m

authelia_regulation_find_time

Default value

authelia_regulation_find_time: 2m

authelia_regulation_max_retries

Default value

authelia_regulation_max_retries: 3

authelia_session_backend

Set session backend. Available options are local|redis. All authelia_session_redis_ variables will only work while the Redis backend is enabled.

Default value

authelia_session_backend: local

authelia_session_domain

Default value

authelia_session_domain: example.com

authelia_session_expiration

Default value

authelia_session_expiration: 1h

authelia_session_inactivity

Default value

authelia_session_inactivity: 5m

authelia_session_name

Default value

authelia_session_name: authelia_session

authelia_session_redis_database_index

Default value

authelia_session_redis_database_index: 0

authelia_session_redis_host

Default value

authelia_session_redis_host: 127.0.0.1

authelia_session_redis_maximum_active_connections

Default value

authelia_session_redis_maximum_active_connections: 8

authelia_session_redis_minimum_idle_connections

Default value

authelia_session_redis_minimum_idle_connections: 0

authelia_session_redis_port

Default value

authelia_session_redis_port: 6379

authelia_session_remember_me_duration

Default value

authelia_session_remember_me_duration: 1M

authelia_session_same_site

Default value

authelia_session_same_site: lax

authelia_session_secret

Default value

authelia_session_secret: insecure_session_secret

authelia_storage_backend

Set storage backend. Available options are local|postgres. All authelia_storage_db_ variables will only work while the PostgreSQL backend is enabled.

Default value

authelia_storage_backend: local

authelia_storage_db_host

Default value

authelia_storage_db_host: 127.0.0.1

authelia_storage_db_name

Default value

authelia_storage_db_name: authelia

authelia_storage_db_password

Default value

authelia_storage_db_password: mypassword

authelia_storage_db_port

Default value

authelia_storage_db_port: 5432

authelia_storage_db_sslmode

Default value

authelia_storage_db_sslmode: disable

authelia_storage_db_username

Default value

authelia_storage_db_username: authelia

authelia_storage_encryption_key

The encryption key used to encrypt data in the database. The minimum length of this key is 20 characters, however we generally recommend above 64 characters. For security reasons, it’s highly recommended to create a unique key.

Default value

authelia_storage_encryption_key: bp33fh3cTswzdMndXrrVMrLd

authelia_theme

Default value

authelia_theme: light

authelia_totp_issuer

Default value

authelia_totp_issuer: "{{ authelia_portal_url | urlsplit('hostname') }}"

authelia_totp_period

Default value

authelia_totp_period: 30

authelia_totp_skew

Default value

authelia_totp_skew: 1

authelia_user

Default value

authelia_user: authelia_adm

authelia_user_home

Default value

authelia_user_home: /home/{{ authelia_user }}

authelia_version

Default value

authelia_version: 4.33.1

Dependencies

None.