Authelia Sample Configuration

configuration.yml

###############################################################
#                Authelia minimal configuration               #
###############################################################
port: 9091
logs_level: info
jwt_secret: insecure_secret
authentication_backend:
  file:
    path: /etc/authelia/users.yml
totp:
  issuer: example.com
session:
  secret: insecure_session_secret
  domain: example.com
  expiration: 3600 # 1 hour
  inactivity: 300 # 5 minutes
  redis:
    host: redis
    port: 6379
storage:
  local:
    path: /var/lib/authelia/db.sqlite
access_control:
  default_policy: bypass
  rules:
    - domain: "public.example.com"
      policy: bypass
    - domain: "traefik.example.com"
      policy: one_factor
notifier:
  filesystem:
    filename: /var/lib/authelia/emails.txt

docker-compose.yml

---
version: "3.4"
networks:
  net:
    driver: bridge
volumes:
  authelia-data:
    external: true
services:
  traefik:
    container_name: traefik
    image: traefik:2.1.3
    restart: always
    networks:
      - net
    command:
      - "--api"
      - "--providers.docker=true"
      - "--entrypoints.http=true"
      - "--entrypoints.http.address=:80"
      - "--entrypoints.https=true"
      - "--entrypoints.https.address=:443"
    labels:
    - "traefik.enable=true"
    - "traefik.http.routers.api.rule=Host(`traefik.example.com`)"
    - "traefik.http.routers.api.entrypoints=https"
    - "traefik.http.routers.api.tls=true"
    - "traefik.http.routers.api.service=api@internal"
    - "traefik.http.routers.api.middlewares=authelia"
    ports:
    - 80:80
    - 443:443
    volumes:
    - /var/run/docker.sock:/var/run/docker.sock
  redis:
    container_name: redis
    image: redis:4.0-alpine
    ports:
      - "6379:6379"
    networks:
      - net
  authelia:
    container_name: authelia
    image: authelia/authelia:4.2.0
    restart: always
    networks:
      - net
    expose:
    - 9091
    volumes:
    - ./authelia/config/configuration.yml:/etc/authelia/configuration.yml
    - ./authelia/config/users.yml:/etc/authelia/users.yml
    - authelia-data:/var/lib/authelia
    environment:
      TZ: Australia/Melbourne
    labels:
    - "traefik.enable=true"
    - "traefik.http.routers.authelia.rule=Host(`auth.example.com`)"
    - "traefik.http.routers.authelia.entrypoints=https"
    - "traefik.http.routers.authelia.tls=true"
    - "traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/verify?rd=https://auth.example.com"
    - "traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true"

users.yml

###############################################################
#                         Users Database                      #
###############################################################
# This file can be used if you do not have an LDAP set up. All users passwords are 'password'.
users:
  john:
    password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"
    email: john.doe@authelia.com
    groups:
      - admins
      - dev
  harry:
    password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"
    email: harry.potter@authelia.com
    groups: []
  bob:
    password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"
    email: bob.dylan@authelia.com
    groups:
      - dev
  james:
    password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"
    email: james.dean@authelia.com