# Authelia Configuration # Copy to /opt/stacks/authelia/configuration.yml # IMPORTANT: Replace 'kelinreij.duckdns.org' with your actual DuckDNS domain server: host: 0.0.0.0 port: 9091 log: level: info theme: dark jwt_secret: generate-with-openssl-rand-hex-64 default_redirection_url: https://auth.kelinreij.duckdns.org totp: issuer: kelinreij.duckdns.org period: 30 skew: 1 authentication_backend: file: path: /config/users_database.yml password: algorithm: argon2id iterations: 1 key_length: 32 salt_length: 16 memory: 1024 parallelism: 8 access_control: default_policy: deny rules: # Bypass Authelia for Jellyfin (allow app access) - domain: jellyfin.kelinreij.duckdns.org policy: bypass # Bypass for Plex (allow app access) - domain: plex.kelinreij.duckdns.org policy: bypass # Bypass for Home Assistant (has its own auth) - domain: ha.kelinreij.duckdns.org policy: bypass # Bypass for development services (they have their own auth or setup) - domain: pgadmin.kelinreij.duckdns.org policy: bypass - domain: gitlab.kelinreij.duckdns.org policy: bypass # Protected: All other services require authentication - domain: "*.kelinreij.duckdns.org" policy: one_factor # Two-factor for admin services (optional) # - domain: # - "admin.kelinreij.duckdns.org" # - "portainer.kelinreij.duckdns.org" # policy: two_factor session: name: authelia_session secret: generate-with-openssl-rand-hex-64 expiration: 24h # Session expires after 24 hours inactivity: 24h # Session expires after 24 hours of inactivity remember_me_duration: 1M domain: kelinreij.duckdns.org regulation: max_retries: 3 find_time: 2m ban_time: 5m storage: encryption_key: generate-with-openssl-rand-hex-64 local: path: /data/db.sqlite3 notifier: # File-based notifications (for development/testing) filesystem: filename: /data/notification.txt