Authelia¶
| Description / name | Input element |
|---|---|
| Your domain name |
Overview¶
Authelia is an open-source authentication and authorization server and portal fulfilling the identity and access management (IAM) role of information security in providing multi-factor authentication and single sign-on (SSO) for your applications via a web portal.
Configuration¶
Saltbox offers several options to customize the configuration.yml via the inventory system. We recommend reviewing the configuration template and the default variables. It is highly recommended to review the upstream documentation for configuration options.
Some of the features that can be enabled are Two-Factor Authentication, Duo notifications and SMTP notifications.
LDAP Authentication¶
Saltbox offers an optional LDAP authentication backend for Authelia. This can be enabled by setting authelia_authentication_backend: "ldap" in your inventory file. The LDAP is provisioned via OpenLDAP and includes phpLDAPadmin.
Deployment¶
sb install authelia
Usage¶
To access Authelia, visit https://login.iYOUR_DOMAIN_NAMEi or the subdomain set for Authelia in settings.yml. This merely presents a simple login page where a user can configure Two Factor Authentication if Authelia is configured to accept/require 2FA.
Role Defaults¶
Use the Inventory to customize variables. (1)
-
Example override
authelia_name: "custom_value"Avoid overriding variables ending in
_defaultWhen overriding variables that end in
_default(likeauthelia_docker_envs_default), you replace the entire default configuration. Future updates that add new default values will not be applied to your setup, potentially breaking functionality.Instead, use the corresponding
_customvariable (likeauthelia_docker_envs_custom) to add your changes. Custom values are merged with defaults, ensuring you receive updates.
authelia_name
# Type: string
authelia_name: authelia
This section is organized into multiple subsections
authelia_role_theme
# Options are light, dark, grey or auto.
# Type: string
authelia_role_theme: "auto"
authelia_role_log_max_backups
# Logrotate configuration variable
# Type: string
authelia_role_log_max_backups: "3"
authelia_role_log_max_size
# Logrotate configuration variable
# Type: string
authelia_role_log_max_size: "10"
authelia_role_log_level
# Reference: https://www.authelia.com/configuration/miscellaneous/logging/
# Type: string
authelia_role_log_level: "info"
authelia_role_log_format
# Reference: https://www.authelia.com/configuration/miscellaneous/logging/
# Type: string
authelia_role_log_format: "text"
authelia_role_log_file_path
# Reference: https://www.authelia.com/configuration/miscellaneous/logging/
# Type: string
authelia_role_log_file_path: "/config/authelia.log"
authelia_role_log_keep_stdout
# Reference: https://www.authelia.com/configuration/miscellaneous/logging/
# Type: bool (true/false)
authelia_role_log_keep_stdout: true
authelia_role_authentication_backend
# Options are file or ldap
# Type: string
authelia_role_authentication_backend: "file"
authelia_role_authentication_backend_password_change_disable
# https://www.authelia.com/configuration/first-factor/introduction/
# https://www.authelia.com/configuration/first-factor/file/
# Type: bool (true/false)
authelia_role_authentication_backend_password_change_disable: false
authelia_role_authentication_backend_password_reset_disable
# https://www.authelia.com/configuration/first-factor/introduction/
# https://www.authelia.com/configuration/first-factor/file/
# Type: bool (true/false)
authelia_role_authentication_backend_password_reset_disable: false
authelia_role_authentication_backend_password_reset_custom_url
# https://www.authelia.com/configuration/first-factor/introduction/
# https://www.authelia.com/configuration/first-factor/file/
# Type: string
authelia_role_authentication_backend_password_reset_custom_url: ""
authelia_role_authentication_backend_refresh_interval
# https://www.authelia.com/configuration/first-factor/introduction/
# https://www.authelia.com/configuration/first-factor/file/
# Type: string
authelia_role_authentication_backend_refresh_interval: "5m"
authelia_role_authentication_backend_file_path
# https://www.authelia.com/configuration/first-factor/introduction/
# https://www.authelia.com/configuration/first-factor/file/
# Type: string
authelia_role_authentication_backend_file_path: "/config/users_database.yml"
authelia_role_authentication_backend_file_watch
# https://www.authelia.com/configuration/first-factor/introduction/
# https://www.authelia.com/configuration/first-factor/file/
# Type: bool (true/false)
authelia_role_authentication_backend_file_watch: true
authelia_role_authentication_backend_file_password_algorithm
# https://www.authelia.com/configuration/first-factor/introduction/
# https://www.authelia.com/configuration/first-factor/file/
# Type: string
authelia_role_authentication_backend_file_password_algorithm: "argon2"
authelia_role_authentication_backend_file_password_argon2_variant
# https://www.authelia.com/configuration/first-factor/introduction/
# https://www.authelia.com/configuration/first-factor/file/
# Type: string
authelia_role_authentication_backend_file_password_argon2_variant: "argon2id"
authelia_role_authentication_backend_file_password_argon2_iterations
# https://www.authelia.com/configuration/first-factor/introduction/
# https://www.authelia.com/configuration/first-factor/file/
# Type: string
authelia_role_authentication_backend_file_password_argon2_iterations: "3"
authelia_role_authentication_backend_file_password_argon2_memory
# https://www.authelia.com/configuration/first-factor/introduction/
# https://www.authelia.com/configuration/first-factor/file/
# Type: string
authelia_role_authentication_backend_file_password_argon2_memory: "65536"
authelia_role_authentication_backend_file_password_argon2_parallelism
# https://www.authelia.com/configuration/first-factor/introduction/
# https://www.authelia.com/configuration/first-factor/file/
# Type: string
authelia_role_authentication_backend_file_password_argon2_parallelism: "4"
authelia_role_authentication_backend_file_password_argon2_key_length
# https://www.authelia.com/configuration/first-factor/introduction/
# https://www.authelia.com/configuration/first-factor/file/
# Type: string
authelia_role_authentication_backend_file_password_argon2_key_length: "32"
authelia_role_authentication_backend_file_password_argon2_salt_length
# https://www.authelia.com/configuration/first-factor/introduction/
# https://www.authelia.com/configuration/first-factor/file/
# Type: string
authelia_role_authentication_backend_file_password_argon2_salt_length: "16"
authelia_role_access_control_policy
# Setting for default Access Control Policy - recommended options one_factor or two_factor
# Reference: https://www.authelia.com/configuration/security/access-control/#one_factor
# Type: string
authelia_role_access_control_policy: "one_factor"
authelia_role_access_control_whitelist_host
# Whitelists the host IPv4/IPv6 addresses depending on which are enabled
# Type: bool (true/false)
authelia_role_access_control_whitelist_host: false
authelia_role_access_control_whitelist_docker
# Whitelists the saltbox Docker network IP subnet
# Type: bool (true/false)
authelia_role_access_control_whitelist_docker: false
authelia_role_default_2fa_method
# Type: string
authelia_role_default_2fa_method: ""
authelia_role_duo_enabled
# Reference: https://www.authelia.com/configuration/second-factor/duo/
# Type: bool (true/false)
authelia_role_duo_enabled: false
authelia_role_duo_hostname
# Reference: https://www.authelia.com/configuration/second-factor/duo/
# Type: string
authelia_role_duo_hostname: ""
authelia_role_duo_integration_key
# Reference: https://www.authelia.com/configuration/second-factor/duo/
# Type: string
authelia_role_duo_integration_key: ""
authelia_role_duo_secret_key
# Reference: https://www.authelia.com/configuration/second-factor/duo/
# Type: string
authelia_role_duo_secret_key: ""
authelia_role_duo_self_enrollment
# Reference: https://www.authelia.com/configuration/second-factor/duo/
# Type: bool (true/false)
authelia_role_duo_self_enrollment: true
authelia_role_webauthn_disable
# Reference: https://www.authelia.com/configuration/second-factor/webauthn/
# Type: bool (true/false)
authelia_role_webauthn_disable: false
authelia_role_webauthn_enable_passkey_login
# Reference: https://www.authelia.com/configuration/second-factor/webauthn/
# Type: bool (true/false)
authelia_role_webauthn_enable_passkey_login: false
authelia_role_webauthn_display_name
# Reference: https://www.authelia.com/configuration/second-factor/webauthn/
# Type: string
authelia_role_webauthn_display_name: "Authelia"
authelia_role_webauthn_attestation_conveyance_preference
# Reference: https://www.authelia.com/configuration/second-factor/webauthn/
# Type: string
authelia_role_webauthn_attestation_conveyance_preference: "indirect"
authelia_role_webauthn_timeout
# Reference: https://www.authelia.com/configuration/second-factor/webauthn/
# Type: string
authelia_role_webauthn_timeout: "60s"
authelia_role_webauthn_filtering_prohibit_backup_eligibility
# Reference: https://www.authelia.com/configuration/second-factor/webauthn/
# Type: bool (true/false)
authelia_role_webauthn_filtering_prohibit_backup_eligibility: false
authelia_role_webauthn_filtering_permitted_aaguids
# Reference: https://www.authelia.com/configuration/second-factor/webauthn/
# Type: list
authelia_role_webauthn_filtering_permitted_aaguids: []
authelia_role_webauthn_filtering_prohibited_aaguids
# Reference: https://www.authelia.com/configuration/second-factor/webauthn/
# Type: list
authelia_role_webauthn_filtering_prohibited_aaguids: []
authelia_role_webauthn_selection_criteria_attachment
# Reference: https://www.authelia.com/configuration/second-factor/webauthn/
# Type: string
authelia_role_webauthn_selection_criteria_attachment: "cross-platform"
authelia_role_webauthn_selection_criteria_discoverability
# Reference: https://www.authelia.com/configuration/second-factor/webauthn/
# Type: string
authelia_role_webauthn_selection_criteria_discoverability: "discouraged"
authelia_role_webauthn_selection_criteria_user_verification
# Reference: https://www.authelia.com/configuration/second-factor/webauthn/
# Type: string
authelia_role_webauthn_selection_criteria_user_verification: "preferred"
authelia_role_webauthn_metadata_enabled
# Reference: https://www.authelia.com/configuration/second-factor/webauthn/
# Type: bool (true/false)
authelia_role_webauthn_metadata_enabled: false
authelia_role_webauthn_metadata_cache_policy
# Reference: https://www.authelia.com/configuration/second-factor/webauthn/
# Type: string
authelia_role_webauthn_metadata_cache_policy: "strict"
authelia_role_webauthn_metadata_validate_trust_anchor
# Reference: https://www.authelia.com/configuration/second-factor/webauthn/
# Type: bool (true/false)
authelia_role_webauthn_metadata_validate_trust_anchor: true
authelia_role_webauthn_metadata_validate_entry
# Reference: https://www.authelia.com/configuration/second-factor/webauthn/
# Type: bool (true/false)
authelia_role_webauthn_metadata_validate_entry: true
authelia_role_webauthn_metadata_validate_entry_permit_zero_aaguid
# Reference: https://www.authelia.com/configuration/second-factor/webauthn/
# Type: bool (true/false)
authelia_role_webauthn_metadata_validate_entry_permit_zero_aaguid: false
authelia_role_webauthn_metadata_validate_status
# Reference: https://www.authelia.com/configuration/second-factor/webauthn/
# Type: bool (true/false)
authelia_role_webauthn_metadata_validate_status: true
authelia_role_webauthn_metadata_validate_status_permitted
# Reference: https://www.authelia.com/configuration/second-factor/webauthn/
# Type: list
authelia_role_webauthn_metadata_validate_status_permitted: []
authelia_role_webauthn_metadata_validate_status_prohibited
# Reference: https://www.authelia.com/configuration/second-factor/webauthn/
# Type: list
authelia_role_webauthn_metadata_validate_status_prohibited: []
authelia_role_notifier
# Reference: https://www.authelia.com/configuration/notifications/introduction/
# Options are filesystem or smtp. Options specific to smtp prefixed with smtp
# Type: string
authelia_role_notifier: "filesystem"
authelia_role_notifier_disable_startup_check
# Reference: https://www.authelia.com/configuration/notifications/introduction/
# Type: bool (true/false)
authelia_role_notifier_disable_startup_check: false
authelia_role_notifier_smtp_host
# Reference: https://www.authelia.com/configuration/notifications/introduction/
# Type: string
authelia_role_notifier_smtp_host: ""
authelia_role_notifier_smtp_port
# Reference: https://www.authelia.com/configuration/notifications/introduction/
# Type: string
authelia_role_notifier_smtp_port: ""
authelia_role_notifier_smtp_timeout
# Reference: https://www.authelia.com/configuration/notifications/introduction/
# Type: string
authelia_role_notifier_smtp_timeout: ""
authelia_role_notifier_smtp_username
# Reference: https://www.authelia.com/configuration/notifications/introduction/
# Type: string
authelia_role_notifier_smtp_username: ""
authelia_role_notifier_smtp_password
# Reference: https://www.authelia.com/configuration/notifications/introduction/
# Type: string
authelia_role_notifier_smtp_password: ""
authelia_role_notifier_smtp_sender
# Reference: https://www.authelia.com/configuration/notifications/introduction/
# Type: string
authelia_role_notifier_smtp_sender: ""
authelia_role_notifier_smtp_identifier
# Reference: https://www.authelia.com/configuration/notifications/introduction/
# Type: string
authelia_role_notifier_smtp_identifier: ""
authelia_role_notifier_smtp_subject
# Reference: https://www.authelia.com/configuration/notifications/introduction/
# Type: string
authelia_role_notifier_smtp_subject: ""
authelia_role_notifier_smtp_startup_check_address
# Reference: https://www.authelia.com/configuration/notifications/introduction/
# Type: string
authelia_role_notifier_smtp_startup_check_address: ""
authelia_role_notifier_smtp_disable_require_tls
# Reference: https://www.authelia.com/configuration/notifications/introduction/
# Type: string
authelia_role_notifier_smtp_disable_require_tls: ""
authelia_role_notifier_smtp_disable_html_emails
# Reference: https://www.authelia.com/configuration/notifications/introduction/
# Type: string
authelia_role_notifier_smtp_disable_html_emails: ""
authelia_role_notifier_smtp_tls_server_name
# Reference: https://www.authelia.com/configuration/notifications/introduction/
# Type: string
authelia_role_notifier_smtp_tls_server_name: ""
authelia_role_notifier_smtp_tls_skip_verify
# Reference: https://www.authelia.com/configuration/notifications/introduction/
# Type: string
authelia_role_notifier_smtp_tls_skip_verify: ""
authelia_role_notifier_smtp_tls_minimum_version
# Reference: https://www.authelia.com/configuration/notifications/introduction/
# Type: string
authelia_role_notifier_smtp_tls_minimum_version: ""
authelia_role_server_address
# Reference: https://www.authelia.com/configuration/miscellaneous/server/
# Type: string
authelia_role_server_address: "0.0.0.0:9091"
authelia_role_server_asset_path
# Reference: https://www.authelia.com/configuration/miscellaneous/server/
# Type: string
authelia_role_server_asset_path: ""
authelia_role_server_disable_healthcheck
# Reference: https://www.authelia.com/configuration/miscellaneous/server/
# Type: bool (true/false)
authelia_role_server_disable_healthcheck: false
authelia_role_server_buffers_read
# Reference: https://www.authelia.com/configuration/miscellaneous/server/
# Type: string
authelia_role_server_buffers_read: "10485760"
authelia_role_server_buffers_write
# Reference: https://www.authelia.com/configuration/miscellaneous/server/
# Type: string
authelia_role_server_buffers_write: "10485760"
authelia_role_server_timeouts_read
# Reference: https://www.authelia.com/configuration/miscellaneous/server/
# Type: string
authelia_role_server_timeouts_read: "6s"
authelia_role_server_timeouts_write
# Reference: https://www.authelia.com/configuration/miscellaneous/server/
# Type: string
authelia_role_server_timeouts_write: "6s"
authelia_role_server_timeouts_idle
# Reference: https://www.authelia.com/configuration/miscellaneous/server/
# Type: string
authelia_role_server_timeouts_idle: "30s"
authelia_role_server_endpoints_enable_pprof
# Reference: https://www.authelia.com/configuration/miscellaneous/server/
# Type: bool (true/false)
authelia_role_server_endpoints_enable_pprof: false
authelia_role_server_endpoints_enable_expvars
# Reference: https://www.authelia.com/configuration/miscellaneous/server/
# Type: bool (true/false)
authelia_role_server_endpoints_enable_expvars: false
authelia_role_server_headers_csp_template
# Reference: https://www.authelia.com/configuration/miscellaneous/server/
# Type: string
authelia_role_server_headers_csp_template: "default-src 'self' *.{{ user.domain }} {{ user.domain }}; script-src 'self' *.{{ user.domain }} {{ user.domain }}; script-src-elem 'self' *.{{ user.domain }} {{ user.domain }}; script-src-attr 'self' *.{{ user.domain }} {{ user.domain }}; style-src 'self' *.{{ user.domain }} {{ user.domain }} 'nonce-${NONCE}'; style-src-elem 'self' *.{{ user.domain }} {{ user.domain }} 'nonce-${NONCE}'; style-src-attr 'self' *.{{ user.domain }} {{ user.domain }} 'nonce-${NONCE}'; img-src 'self' *.{{ user.domain }} {{ user.domain }}; font-src 'self' *.{{ user.domain }} {{ user.domain }}; connect-src 'self' *.{{ user.domain }} {{ user.domain }}; media-src 'self' *.{{ user.domain }} {{ user.domain }}; object-src 'self' *.{{ user.domain }} {{ user.domain }}; child-src 'self' *.{{ user.domain }} {{ user.domain }}; frame-src 'self' *.{{ user.domain }} {{ user.domain }}; worker-src 'self' *.{{ user.domain }} {{ user.domain }}; frame-ancestors 'self' *.{{ user.domain }} {{ user.domain }}; form-action 'self' *.{{ user.domain }} {{ user.domain }}; base-uri 'self'"
authelia_role_telemetry_metrics_enabled
# Reference: https://www.authelia.com/configuration/telemetry/metrics/
# Type: bool (true/false)
authelia_role_telemetry_metrics_enabled: false
authelia_role_telemetry_metrics_address
# Reference: https://www.authelia.com/configuration/telemetry/metrics/
# Type: string
authelia_role_telemetry_metrics_address: "tcp://0.0.0.0:9959"
authelia_role_telemetry_metrics_buffers_read
# Reference: https://www.authelia.com/configuration/telemetry/metrics/
# Type: string
authelia_role_telemetry_metrics_buffers_read: "4096"
authelia_role_telemetry_metrics_buffers_write
# Reference: https://www.authelia.com/configuration/telemetry/metrics/
# Type: string
authelia_role_telemetry_metrics_buffers_write: "4096"
authelia_role_telemetry_metrics_timeouts_read
# Reference: https://www.authelia.com/configuration/telemetry/metrics/
# Type: string
authelia_role_telemetry_metrics_timeouts_read: "6s"
authelia_role_telemetry_metrics_timeouts_write
# Reference: https://www.authelia.com/configuration/telemetry/metrics/
# Type: string
authelia_role_telemetry_metrics_timeouts_write: "6s"
authelia_role_telemetry_metrics_timeouts_idle
# Reference: https://www.authelia.com/configuration/telemetry/metrics/
# Type: string
authelia_role_telemetry_metrics_timeouts_idle: "30s"
authelia_role_identity_validation_reset_password_jwt_lifespan
# Type: string
authelia_role_identity_validation_reset_password_jwt_lifespan: "5m"
authelia_role_identity_validation_reset_password_jwt_algorithm
# Type: string
authelia_role_identity_validation_reset_password_jwt_algorithm: "HS256"
authelia_role_identity_validation_elevated_session_code_lifespan
# Type: string
authelia_role_identity_validation_elevated_session_code_lifespan: "5m"
authelia_role_identity_validation_elevated_session_elevation_lifespan
# Type: string
authelia_role_identity_validation_elevated_session_elevation_lifespan: "10m"
authelia_role_identity_validation_elevated_session_characters
# Type: string
authelia_role_identity_validation_elevated_session_characters: "8"
authelia_role_identity_validation_elevated_session_require_second_factor
# Type: bool (true/false)
authelia_role_identity_validation_elevated_session_require_second_factor: false
authelia_role_identity_validation_elevated_session_skip_second_factor
# Type: bool (true/false)
authelia_role_identity_validation_elevated_session_skip_second_factor: false
authelia_role_jwt_secret
# Type: string
authelia_role_jwt_secret: "{{ lookup('password', '/dev/null', chars=['ascii_letters', 'digits'], length=32) }}"
authelia_role_totp_disable
# Type: bool (true/false)
authelia_role_totp_disable: false
authelia_role_totp_issuer
# Type: string
authelia_role_totp_issuer: "{{ lookup('role_var', '_web_subdomain', role='authelia') + '.' + lookup('role_var', '_web_domain', role='authelia') }}"
authelia_role_totp_algorithm
# Type: string
authelia_role_totp_algorithm: "SHA1"
authelia_role_totp_digits
# Type: string
authelia_role_totp_digits: "6"
authelia_role_totp_period
# Type: string
authelia_role_totp_period: "30"
authelia_role_totp_skew
# Type: string
authelia_role_totp_skew: "1"
authelia_role_totp_secret_size
# Type: string
authelia_role_totp_secret_size: "32"
authelia_role_totp_allowed_algorithms
# Type: list
authelia_role_totp_allowed_algorithms: ["SHA1"]
authelia_role_totp_allowed_digits
# Type: list
authelia_role_totp_allowed_digits: ["6"]
authelia_role_totp_allowed_periods
# Type: list
authelia_role_totp_allowed_periods: ["30"]
authelia_role_totp_disable_reuse_security_policy
# Type: bool (true/false)
authelia_role_totp_disable_reuse_security_policy: false
authelia_role_default_redirection_url
# Type: string
authelia_role_default_redirection_url: ""
authelia_role_ntp_address
# Type: string
authelia_role_ntp_address: "time.cloudflare.com:123"
authelia_role_ntp_version
# Type: string
authelia_role_ntp_version: "3"
authelia_role_ntp_max_desync
# Type: string
authelia_role_ntp_max_desync: "3s"
authelia_role_ntp_disable_startup_check
# Type: bool (true/false)
authelia_role_ntp_disable_startup_check: false
authelia_role_ntp_disable_failure
# Type: bool (true/false)
authelia_role_ntp_disable_failure: false
authelia_role_password_policy_standard_enabled
# Type: bool (true/false)
authelia_role_password_policy_standard_enabled: false
authelia_role_password_policy_standard_min_length
# Type: string
authelia_role_password_policy_standard_min_length: "8"
authelia_role_password_policy_standard_max_length
# Type: string
authelia_role_password_policy_standard_max_length: "0"
authelia_role_password_policy_standard_require_uppercase
# Type: bool (true/false)
authelia_role_password_policy_standard_require_uppercase: true
authelia_role_password_policy_standard_require_lowercase
# Type: bool (true/false)
authelia_role_password_policy_standard_require_lowercase: true
authelia_role_password_policy_standard_require_number
# Type: bool (true/false)
authelia_role_password_policy_standard_require_number: true
authelia_role_password_policy_standard_require_special
# Type: bool (true/false)
authelia_role_password_policy_standard_require_special: true
authelia_role_password_policy_zxcvbn_enabled
# Type: bool (true/false)
authelia_role_password_policy_zxcvbn_enabled: false
authelia_role_password_policy_zxcvbn_min_score
# Type: string
authelia_role_password_policy_zxcvbn_min_score: "3"
authelia_role_web_subdomain
# Type: string
authelia_role_web_subdomain: "{{ authelia.subdomain }}"
authelia_role_web_domain
# Type: string
authelia_role_web_domain: "{{ user.domain }}"
authelia_role_web_port
# Type: string
authelia_role_web_port: "9091"
authelia_role_web_url
# Type: string
authelia_role_web_url: "{{ 'https://' + (lookup('role_var', '_web_subdomain', role='authelia') + '.' + lookup('role_var', '_web_domain', role='authelia')
if (lookup('role_var', '_web_subdomain', role='authelia') | length > 0)
else lookup('role_var', '_web_domain', role='authelia')) }}"
authelia_role_dns_record
# Type: string
authelia_role_dns_record: "{{ lookup('role_var', '_web_subdomain', role='authelia') }}"
authelia_role_dns_zone
# Type: string
authelia_role_dns_zone: "{{ lookup('role_var', '_web_domain', role='authelia') }}"
authelia_role_dns_proxy
# Type: bool (true/false)
authelia_role_dns_proxy: "{{ dns_proxied }}"
authelia_role_traefik_sso_middleware
# Type: string
authelia_role_traefik_sso_middleware: ""
authelia_role_traefik_middleware_default
# Type: string
authelia_role_traefik_middleware_default: "{{ traefik_default_middleware }}"
authelia_role_traefik_middleware_custom
# Type: string
authelia_role_traefik_middleware_custom: ""
authelia_role_traefik_certresolver
# Type: string
authelia_role_traefik_certresolver: "{{ traefik_default_certresolver }}"
authelia_role_traefik_enabled
# Type: bool (true/false)
authelia_role_traefik_enabled: true
authelia_role_traefik_api_enabled
# Type: bool (true/false)
authelia_role_traefik_api_enabled: false
authelia_role_traefik_api_endpoint
# Type: string
authelia_role_traefik_api_endpoint: ""
Container
authelia_role_docker_container
# Type: string
authelia_role_docker_container: "{{ authelia_name }}"
Image
authelia_role_docker_image_pull
# Type: bool (true/false)
authelia_role_docker_image_pull: true
authelia_role_docker_image_repo
# Type: string
authelia_role_docker_image_repo: "authelia/authelia"
authelia_role_docker_image_tag
# Type: string
authelia_role_docker_image_tag: "4.39"
authelia_role_docker_image
# Type: string
authelia_role_docker_image: "{{ lookup('role_var', '_docker_image_repo', role='authelia') }}:{{ lookup('role_var', '_docker_image_tag', role='authelia') }}"
Envs
authelia_role_docker_envs_default
# Type: dict
authelia_role_docker_envs_default:
TZ: "{{ tz }}"
PUID: "{{ uid }}"
PGID: "{{ gid }}"
authelia_role_docker_envs_custom
# Type: dict
authelia_role_docker_envs_custom: {}
Volumes
authelia_role_docker_volumes_default
# Type: list
authelia_role_docker_volumes_default:
- "{{ authelia_role_paths_location }}:/config"
authelia_role_docker_volumes_custom
# Type: list
authelia_role_docker_volumes_custom: []
Hostname
authelia_role_docker_hostname
# Type: string
authelia_role_docker_hostname: "{{ authelia_name }}"
Networks
authelia_role_docker_networks_alias
# Type: string
authelia_role_docker_networks_alias: "{{ authelia_name }}"
authelia_role_docker_networks_default
# Type: list
authelia_role_docker_networks_default: []
authelia_role_docker_networks_custom
# Type: list
authelia_role_docker_networks_custom: []
Restart Policy
authelia_role_docker_restart_policy
# Type: string
authelia_role_docker_restart_policy: unless-stopped
State
authelia_role_docker_state
# Type: string
authelia_role_docker_state: started
Dependencies
authelia_role_depends_on
# Type: string
authelia_role_depends_on: "{{ 'authelia-redis,lldap' if (lookup('role_var', '_authentication_backend', role='authelia') == 'ldap') else 'authelia-redis' }}"
authelia_role_depends_on_delay
# Type: string (quoted number)
authelia_role_depends_on_delay: "0"
authelia_role_depends_on_healthchecks
# Type: string ("true"/"false")
authelia_role_depends_on_healthchecks: "{{ 'true' if (lookup('role_var', '_authentication_backend', role='authelia') == 'ldap') else 'false' }}"
The following advanced options are available via create_docker_container but are not defined in the role. See: docker_container module
Resource Limits
authelia_role_docker_blkio_weight
# Type: int
authelia_role_docker_blkio_weight:
authelia_role_docker_cpu_period
# Type: int
authelia_role_docker_cpu_period:
authelia_role_docker_cpu_quota
# Type: int
authelia_role_docker_cpu_quota:
authelia_role_docker_cpu_shares
# Type: int
authelia_role_docker_cpu_shares:
authelia_role_docker_cpus
# Type: string
authelia_role_docker_cpus:
authelia_role_docker_cpuset_cpus
# Type: string
authelia_role_docker_cpuset_cpus:
authelia_role_docker_cpuset_mems
# Type: string
authelia_role_docker_cpuset_mems:
authelia_role_docker_kernel_memory
# Type: string
authelia_role_docker_kernel_memory:
authelia_role_docker_memory
# Type: string
authelia_role_docker_memory:
authelia_role_docker_memory_reservation
# Type: string
authelia_role_docker_memory_reservation:
authelia_role_docker_memory_swap
# Type: string
authelia_role_docker_memory_swap:
authelia_role_docker_memory_swappiness
# Type: int
authelia_role_docker_memory_swappiness:
authelia_role_docker_shm_size
# Type: string
authelia_role_docker_shm_size:
Security & Devices
authelia_role_docker_cap_drop
# Type: list
authelia_role_docker_cap_drop:
authelia_role_docker_cgroupns_mode
# Type: string
authelia_role_docker_cgroupns_mode:
authelia_role_docker_device_cgroup_rules
# Type: list
authelia_role_docker_device_cgroup_rules:
authelia_role_docker_device_read_bps
# Type: list
authelia_role_docker_device_read_bps:
authelia_role_docker_device_read_iops
# Type: list
authelia_role_docker_device_read_iops:
authelia_role_docker_device_requests
# Type: list
authelia_role_docker_device_requests:
authelia_role_docker_device_write_bps
# Type: list
authelia_role_docker_device_write_bps:
authelia_role_docker_device_write_iops
# Type: list
authelia_role_docker_device_write_iops:
authelia_role_docker_devices
# Type: list
authelia_role_docker_devices:
authelia_role_docker_devices_default
# Type: string
authelia_role_docker_devices_default:
authelia_role_docker_groups
# Type: list
authelia_role_docker_groups:
authelia_role_docker_privileged
# Type: bool (true/false)
authelia_role_docker_privileged:
authelia_role_docker_security_opts
# Type: list
authelia_role_docker_security_opts:
authelia_role_docker_user
# Type: string
authelia_role_docker_user:
authelia_role_docker_userns_mode
# Type: string
authelia_role_docker_userns_mode:
Networking
authelia_role_docker_dns_opts
# Type: list
authelia_role_docker_dns_opts:
authelia_role_docker_dns_search_domains
# Type: list
authelia_role_docker_dns_search_domains:
authelia_role_docker_dns_servers
# Type: list
authelia_role_docker_dns_servers:
authelia_role_docker_domainname
# Type: string
authelia_role_docker_domainname:
authelia_role_docker_exposed_ports
# Type: list
authelia_role_docker_exposed_ports:
authelia_role_docker_hosts
# Type: dict
authelia_role_docker_hosts:
authelia_role_docker_hosts_use_common
# Type: bool (true/false)
authelia_role_docker_hosts_use_common:
authelia_role_docker_ipc_mode
# Type: string
authelia_role_docker_ipc_mode:
authelia_role_docker_links
# Type: list
authelia_role_docker_links:
authelia_role_docker_network_mode
# Type: string
authelia_role_docker_network_mode:
authelia_role_docker_pid_mode
# Type: string
authelia_role_docker_pid_mode:
authelia_role_docker_ports
# Type: list
authelia_role_docker_ports:
authelia_role_docker_uts
# Type: string
authelia_role_docker_uts:
Storage
authelia_role_docker_keep_volumes
# Type: bool (true/false)
authelia_role_docker_keep_volumes:
authelia_role_docker_mounts
# Type: list
authelia_role_docker_mounts:
authelia_role_docker_storage_opts
# Type: dict
authelia_role_docker_storage_opts:
authelia_role_docker_tmpfs
# Type: list
authelia_role_docker_tmpfs:
authelia_role_docker_volume_driver
# Type: string
authelia_role_docker_volume_driver:
authelia_role_docker_volumes_from
# Type: list
authelia_role_docker_volumes_from:
authelia_role_docker_volumes_global
# Type: bool (true/false)
authelia_role_docker_volumes_global:
authelia_role_docker_working_dir
# Type: string
authelia_role_docker_working_dir:
Monitoring & Lifecycle
authelia_role_docker_auto_remove
# Type: bool (true/false)
authelia_role_docker_auto_remove:
authelia_role_docker_cleanup
# Type: bool (true/false)
authelia_role_docker_cleanup:
authelia_role_docker_force_kill
# Type: string
authelia_role_docker_force_kill:
authelia_role_docker_healthcheck
# Type: dict
authelia_role_docker_healthcheck:
authelia_role_docker_healthy_wait_timeout
# Type: int
authelia_role_docker_healthy_wait_timeout:
authelia_role_docker_init
# Type: bool (true/false)
authelia_role_docker_init:
authelia_role_docker_kill_signal
# Type: string
authelia_role_docker_kill_signal:
authelia_role_docker_log_driver
# Type: string
authelia_role_docker_log_driver:
authelia_role_docker_log_options
# Type: dict
authelia_role_docker_log_options:
authelia_role_docker_oom_killer
# Type: bool (true/false)
authelia_role_docker_oom_killer:
authelia_role_docker_oom_score_adj
# Type: int
authelia_role_docker_oom_score_adj:
authelia_role_docker_output_logs
# Type: bool (true/false)
authelia_role_docker_output_logs:
authelia_role_docker_paused
# Type: bool (true/false)
authelia_role_docker_paused:
authelia_role_docker_recreate
# Type: bool (true/false)
authelia_role_docker_recreate:
authelia_role_docker_restart_retries
# Type: int
authelia_role_docker_restart_retries:
authelia_role_docker_stop_timeout
# Type: int
authelia_role_docker_stop_timeout:
Other Options
authelia_role_docker_capabilities
# Type: list
authelia_role_docker_capabilities:
authelia_role_docker_cgroup_parent
# Type: string
authelia_role_docker_cgroup_parent:
authelia_role_docker_commands
# Type: list
authelia_role_docker_commands:
authelia_role_docker_create_timeout
# Type: int
authelia_role_docker_create_timeout:
authelia_role_docker_entrypoint
# Type: string
authelia_role_docker_entrypoint:
authelia_role_docker_env_file
# Type: string
authelia_role_docker_env_file:
authelia_role_docker_labels
# Type: dict
authelia_role_docker_labels:
authelia_role_docker_labels_use_common
# Type: bool (true/false)
authelia_role_docker_labels_use_common:
authelia_role_docker_read_only
# Type: bool (true/false)
authelia_role_docker_read_only:
authelia_role_docker_runtime
# Type: string
authelia_role_docker_runtime:
authelia_role_docker_sysctls
# Type: list
authelia_role_docker_sysctls:
authelia_role_docker_ulimits
# Type: list
authelia_role_docker_ulimits:
authelia_role_authentication_backend
# Type: string
authelia_role_authentication_backend:
authelia_role_autoheal_enabled
# Enable or disable Autoheal monitoring for the container created when deploying
# Type: bool (true/false)
authelia_role_autoheal_enabled: true
authelia_role_depends_on
# List of container dependencies that must be running before the container start
# Type: string
authelia_role_depends_on: ""
authelia_role_depends_on_delay
# Delay in seconds before starting the container after dependencies are ready
# Type: string (quoted number)
authelia_role_depends_on_delay: "0"
authelia_role_depends_on_healthchecks
# Enable healthcheck waiting for container dependencies
# Type: string ("true"/"false")
authelia_role_depends_on_healthchecks:
authelia_role_diun_enabled
# Enable or disable Diun update notifications for the container created when deploying
# Type: bool (true/false)
authelia_role_diun_enabled: true
authelia_role_dns_enabled
# Enable or disable automatic DNS record creation for the container
# Type: bool (true/false)
authelia_role_dns_enabled: true
authelia_role_docker_controller
# Enable or disable Saltbox Docker Controller management for the container
# Type: bool (true/false)
authelia_role_docker_controller: true
authelia_role_docker_image_repo
# Type: string
authelia_role_docker_image_repo:
authelia_role_docker_image_tag
# Type: string
authelia_role_docker_image_tag:
authelia_role_docker_volumes_download
# Type: bool (true/false)
authelia_role_docker_volumes_download:
authelia_role_themepark_addons
# Type: string
authelia_role_themepark_addons:
authelia_role_themepark_app
# Type: string
authelia_role_themepark_app:
authelia_role_themepark_theme
# Type: string
authelia_role_themepark_theme:
authelia_role_traefik_api_endpoint
# Type: dict/omit
authelia_role_traefik_api_endpoint:
authelia_role_traefik_api_middleware
# Type: string
authelia_role_traefik_api_middleware:
authelia_role_traefik_api_middleware_http
# Type: string
authelia_role_traefik_api_middleware_http:
authelia_role_traefik_autodetect_enabled
# Enable Traefik autodetect middleware for the container
# Type: bool (true/false)
authelia_role_traefik_autodetect_enabled: false
authelia_role_traefik_certresolver
# Type: string
authelia_role_traefik_certresolver:
authelia_role_traefik_crowdsec_enabled
# Enable CrowdSec middleware for the container
# Type: bool (true/false)
authelia_role_traefik_crowdsec_enabled: false
authelia_role_traefik_error_pages_enabled
# Enable custom error pages middleware for the container
# Type: bool (true/false)
authelia_role_traefik_error_pages_enabled: false
authelia_role_traefik_gzip_enabled
# Enable gzip compression middleware for the container
# Type: bool (true/false)
authelia_role_traefik_gzip_enabled: false
authelia_role_traefik_middleware_http
# Type: string
authelia_role_traefik_middleware_http:
authelia_role_traefik_middleware_http_api_insecure
# Type: bool (true/false)
authelia_role_traefik_middleware_http_api_insecure:
authelia_role_traefik_middleware_http_insecure
# Type: bool (true/false)
authelia_role_traefik_middleware_http_insecure:
authelia_role_traefik_priority
# Type: string
authelia_role_traefik_priority:
authelia_role_traefik_robot_enabled
# Enable robots.txt middleware for the container
# Type: bool (true/false)
authelia_role_traefik_robot_enabled: true
authelia_role_traefik_tailscale_enabled
# Enable Tailscale-specific Traefik configuration for the container
# Type: bool (true/false)
authelia_role_traefik_tailscale_enabled: false
authelia_role_traefik_wildcard_enabled
# Enable wildcard certificate for the container
# Type: bool (true/false)
authelia_role_traefik_wildcard_enabled: true
authelia_role_web_domain
# Type: string
authelia_role_web_domain:
authelia_role_web_fqdn_override
# Override the Traefik fully qualified domain name (FQDN) for the container
# Type: list
authelia_role_web_fqdn_override:
Example Override
authelia_role_web_fqdn_override:
- "{{ traefik_host }}"
- "authelia2.{{ user.domain }}"
- "authelia.otherdomain.tld"
Note: Include {{ traefik_host }} to preserve the default FQDN alongside your custom entries
authelia_role_web_host_override
# Override the Traefik web host configuration for the container
# Type: string
authelia_role_web_host_override:
Example Override
authelia_role_web_host_override: "Host(`{{ traefik_host }}`) || Host(`{{ 'authelia2.' + user.domain }}`)"
Note: Use {{ traefik_host }} to include the default host configuration in your custom rule
authelia_role_web_http_port
# Type: string (quoted number)
authelia_role_web_http_port:
authelia_role_web_http_scheme
# Type: string ("http"/"https")
authelia_role_web_http_scheme:
authelia_role_web_http_serverstransport
# Type: dict/omit
authelia_role_web_http_serverstransport:
authelia_role_web_scheme
# URL scheme to use for web access to the container
# Type: string ("http"/"https")
authelia_role_web_scheme:
authelia_role_web_serverstransport
# Type: dict/omit
authelia_role_web_serverstransport:
authelia_role_web_subdomain
# Type: string
authelia_role_web_subdomain: