poprhythm
9f98a4081e
- Add authelia/ stack: Authelia 4.38 + Redis 7-alpine on isolated authelia-internal bridge; Authelia also on npm-network for NPM forward-auth. Secrets via env vars (not committed). - Add authelia/config/configuration.yaml: file-based users, SQLite storage, one_factor policy for *.kolpacksoftware.com - Add **/users_database.yaml to .gitignore (host-only secret) - Remove authentik/ (non-functional leftover) - ultralytics: bind port 8501 to 127.0.0.1 only (auth enforced via NPM)
51 lines
865 B
YAML
51 lines
865 B
YAML
server:
|
|
address: 0.0.0.0:9091
|
|
|
|
log:
|
|
level: info
|
|
|
|
totp:
|
|
issuer: kolpacksoftware.com
|
|
|
|
webauthn:
|
|
disable: true
|
|
|
|
authentication_backend:
|
|
file:
|
|
path: /config/users_database.yaml
|
|
password:
|
|
algorithm: argon2id
|
|
|
|
access_control:
|
|
default_policy: deny
|
|
rules:
|
|
- domain: auth.kolpacksoftware.com
|
|
policy: bypass
|
|
- domain: "*.kolpacksoftware.com"
|
|
policy: one_factor
|
|
|
|
session:
|
|
cookies:
|
|
- domain: kolpacksoftware.com
|
|
authelia_url: https://auth.kolpacksoftware.com
|
|
default_redirection_url: https://auth.kolpacksoftware.com
|
|
name: authelia_session
|
|
expiration: 1h
|
|
inactivity: 5m
|
|
redis:
|
|
host: authelia-redis
|
|
port: 6379
|
|
|
|
storage:
|
|
local:
|
|
path: /config/db.sqlite3
|
|
|
|
notifier:
|
|
filesystem:
|
|
filename: /config/notifications.txt
|
|
|
|
regulation:
|
|
max_retries: 3
|
|
find_time: 2m
|
|
ban_time: 5m
|