docker-outline/authelia/configuration.yml

---
###############################################################
#                   Authelia configuration                    #
###############################################################

# This secret can also be set using the env variables AUTHELIA_JWT_SECRET_FILE
jwt_secret: Unicom#2023
default_redirection_url: https://sso.flyfish.group

server:
  host: 0.0.0.0
  port: 3001

log:
  level: debug

totp:
  issuer: flyfish.group

# duo_api:
#  hostname: api-123456789.example.com
#  integration_key: ABCDEF
#  # This secret can also be set using the env variables AUTHELIA_DUO_API_SECRET_KEY_FILE
#  secret_key: 1234567890abcdefghifjkl

authentication_backend:
  file:
    path: /config/users_database.yml

access_control:
  default_policy: deny
  rules:
    # Rules applied to everyone
    - domain: flyfish.group
      policy: bypass
    - domain: outline.mynatapp.cc
      policy: one_factor
    - domain: pri.flyfish.group
      policy: two_factor

session:
  # This secret can also be set using the env variables AUTHELIA_SESSION_SECRET_FILE
  secret: Unicom#2023@VeryNB#Wangyu
  name: authelia_session
  domain: sso.flyfish.group  # Should match whatever your root protected domain is
  expiration: 3600  # 1 hour
  inactivity: 300  # 5 minutes
  redis:
    host: redis
    port: 6379
    # This secret can also be set using the env variables AUTHELIA_SESSION_REDIS_PASSWORD_FILE
    # password: authelia

regulation:
  max_retries: 3
  find_time: 120
  ban_time: 300

storage:
  encryption_key: 4bfc40eef1a3df253473b4cf793e91712d15659474eafa6973219b555061a645
  local:
    path: /config/db.sqlite3

notifier:
  smtp:
    username: wybaby168@163.com
    # This secret can also be set using the env variables AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE
    password: TWNQBHMSQIGRBCYU
    host: smtp.163.com
    port: 25
    sender: wybaby168@163.com

identity_providers:
  oidc:
    hmac_secret: Unicom#2023@VeryNB#Wangyu
    issuer_private_key: |
      -----BEGIN RSA PRIVATE KEY-----
      MIIEpAIBAAKCAQEAz49nUOVaCPaa4O/fmGrSMMJyFfh2YYJKU9Gv6XIL9gaVC8Do
      G/N6v1O9+VOYehgoUwmo04nx19oLB5orEvM2QMrlbKz7GBhaBAOd8tMcGpK1Ohkf
      2O7/9z/XeYU07YTZzaFFikun0GL9TZvjP6QYMJATw3BlQ+ynb9HBiHUi+IdJY+f0
      /VNH/IG7MWTeYHCeQE2Pd6x+CmAP3+cPHm9dlmVPLFvhJGGIglpio52Ti8GW6t39
      1dtZuj0KYrui0TLt8lXcKiKlxZcjhECCXx9s+xCKsi3simAcEpMycoevNCkjZOWN
      DctHxcVVPrkHXCxYVbl/HXyfbP1pP/dG0tCntQIDAQABAoIBAAVcogGf+yRyImwf
      JjqMv+NMkp/orD42nG7v4sh4DsELSHxmPljCgHBC3Ix9UVoOF7SVckwMqze1RUWs
      AOLbb5Ja63RUP6ROtLyXz1O/imFRWucmUQFMo0Yi2xEjlMtx/CJowSAidjJW7E49
      8a/qMEnI3wnUdHk9utGTrJk21XFwGVQbgRWq2jTiVwSyLBHMdcheqDXQBajpS8Cm
      w9GV0x1crhjz47gADG3kt+Y/4XhQZIcsahBNS38WG+vCM9alzCePtKjqEaPW3yRi
      3X0OXSLiEpyOE0xlVUOT5KTbsApzzwWwSeoHdS36xgwUHgmJoh9mueILQLCnlXCP
      4ejUen0CgYEA8XGAZA/+aKDTZPH0l7hwpT8eeOV/V3g/V6Zt6j5VoVbOJ+0JJL6s
      mpuf/10+Y2MPHiHzpl4g0niRaEVPv/sAH++RmcevV98T6Zg0ssAep56XjEKK0C8A
      jljz9cVX1OdF5avSuFUA+4hwuvhVYxqHQvKKxlq7dBruSTfTJOZ9xHsCgYEA3BLw
      r3IarOS/ItSnp5Y6Z0NZCX7v/XOXBHFXznslRdJyfaTwWOrOuK8PZk3QfMseTx3A
      38BoJh8aUYofleSeWHc4Wxbi0GjHbNdUQo2i1wP7kLaaNiSKGGYhPq4LRmUaqeor
      idMLcClgsgmT3EGx1i0SZv2OGaSULSpEHi+0hY8CgYEAzOHw/nhn/edDm6yKT1kv
      FbrLI/IzrkkXD0zmhtkglwlvZYgKs0iudYBMNEmu0G3V/U74UBweJBw139K5SwM2
      5uLHnkRJ8foWDqqfRXQsTzcQCPDKlMDd6u1nEA7Hap5avPuik9NmQwxUBQUIiFGR
      qGjjBFEoMu1LeYxKu0xwOxMCgYBIAX50uS3XMgUD3XZ5k+LKFLQWMk1NrTtVPcyQ
      B6TbYo8JYyUswq8eqFCulXlIy6DAHCkWTLsG9hhDY6EQBzx0D5YF38gYjp/pkc7E
      89i651exMr3kRzJT516rRoDz6HK/85mJP983NKKpvg59+5S3Ugn6Xq3W4A2HdZPS
      GKPFKwKBgQCo57qnAdYdTkG2dCTQvOWVHMQ5uWhyBzOu/BW4wpk5+kXmySltqTQC
      M6An9K8skqBGr9D+4FvXrc+hjRd2NJmIVsIoUxA/N6ico8kSt0gnIGSzkaR6NSGU
      kHFdU/jUVi5DFQ3yLK3Scfl5RP3nX8M7DJI2Sqj3zPJQm+SLX6TU1w==
      -----END RSA PRIVATE KEY-----      
    access_token_lifespan: 1h
    authorize_code_lifespan: 1m
    id_token_lifespan: 1h
    refresh_token_lifespan: 90m
    enable_client_debug_messages: false
    enforce_pkce: public_clients_only
    cors:
      endpoints:
        - authorization
        - token
        - revocation
        - introspection
      allowed_origins:
        - https://outline.mynatapp.cc
      allowed_origins_from_client_redirect_uris: false
    clients:
      - id: outline
        description: 产互研发知识库
        secret: '542e9284a37c87ebc165e7e1106650d9a669503ce384e8df0496485a85663984'
        public: false
        authorization_policy: one_factor
        scopes:
          - openid
          - offline_access
          - profile
          - email
        redirect_uris:
          - https://outline.mynatapp.cc/auth/oidc.callback
        userinfo_signing_algorithm: none