mirror of
https://github.com/steveiliop56/tinyauth.git
synced 2025-12-23 08:32:30 +00:00
feat: unified config (#533)
* chore: add yaml config ref * feat: add initial implementation of a traefik like cli * refactor: remove dependency on traefik * chore: update example env * refactor: update build * chore: remove unused code * fix: fix translations not loading * feat: add experimental config file support * chore: mod tidy * fix: review comments * refactor: move tinyauth to separate package * chore: add quotes to all env variables * chore: resolve go mod and sum conflicts * chore: go mod tidy * fix: review comments
This commit is contained in:
Stavros
108
.env.example
108
.env.example
@@ -1,22 +1,86 @@
|
||||
PORT=3000
|
||||
ADDRESS=0.0.0.0
|
||||
APP_URL=http://localhost:3000
|
||||
USERS=your_user_password_hash
|
||||
USERS_FILE=users_file
|
||||
SECURE_COOKIE=false
|
||||
OAUTH_WHITELIST=
|
||||
GENERIC_NAME=My OAuth
|
||||
SESSION_EXPIRY=7200
|
||||
LOGIN_TIMEOUT=300
|
||||
LOGIN_MAX_RETRIES=5
|
||||
LOG_LEVEL=debug
|
||||
APP_TITLE=Tinyauth SSO
|
||||
FORGOT_PASSWORD_MESSAGE=Some message about resetting the password
|
||||
OAUTH_AUTO_REDIRECT=none
|
||||
BACKGROUND_IMAGE=some_image_url
|
||||
GENERIC_SKIP_SSL=false
|
||||
RESOURCES_DIR=/data/resources
|
||||
DATABASE_PATH=/data/tinyauth.db
|
||||
DISABLE_ANALYTICS=false
|
||||
DISABLE_RESOURCES=false
|
||||
TRUSTED_PROXIES=
|
||||
# Base Configuration
|
||||
|
||||
# The base URL where Tinyauth is accessible
|
||||
TINYAUTH_APPURL="https://auth.example.com"
|
||||
# Log level: trace, debug, info, warn, error
|
||||
TINYAUTH_LOGLEVEL="info"
|
||||
# Directory for static resources
|
||||
TINYAUTH_RESOURCESDIR="/data/resources"
|
||||
# Path to SQLite database file
|
||||
TINYAUTH_DATABASEPATH="/data/tinyauth.db"
|
||||
# Disable version heartbeat
|
||||
TINYAUTH_DISABLEANALYTICS="false"
|
||||
# Disable static resource serving
|
||||
TINYAUTH_DISABLERESOURCES="false"
|
||||
# Disable UI warning messages
|
||||
TINYAUTH_DISABLEUIWARNINGS="false"
|
||||
# Enable JSON formatted logs
|
||||
TINYAUTH_LOGJSON="false"
|
||||
|
||||
# Server Configuration
|
||||
|
||||
# Port to listen on
|
||||
TINYAUTH_SERVER_PORT="3000"
|
||||
# Interface to bind to (0.0.0.0 for all interfaces)
|
||||
TINYAUTH_SERVER_ADDRESS="0.0.0.0"
|
||||
# Unix socket path (optional, overrides port/address if set)
|
||||
TINYAUTH_SERVER_SOCKETPATH=""
|
||||
# Comma-separated list of trusted proxy IPs/CIDRs
|
||||
TINYAUTH_SERVER_TRUSTEDPROXIES=""
|
||||
|
||||
# Authentication Configuration
|
||||
|
||||
# Format: username:bcrypt_hash (use bcrypt to generate hash)
|
||||
TINYAUTH_AUTH_USERS="admin:$2a$10$example_bcrypt_hash_here"
|
||||
# Path to external users file (optional)
|
||||
TINYAUTH_USERSFILE=""
|
||||
# Enable secure cookies (requires HTTPS)
|
||||
TINYAUTH_SECURECOOKIE="true"
|
||||
# Session expiry in seconds (7200 = 2 hours)
|
||||
TINYAUTH_SESSIONEXPIRY="7200"
|
||||
# Login timeout in seconds (300 = 5 minutes)
|
||||
TINYAUTH_LOGINTIMEOUT="300"
|
||||
# Maximum login retries before lockout
|
||||
TINYAUTH_LOGINMAXRETRIES="5"
|
||||
|
||||
# OAuth Configuration
|
||||
|
||||
# Regex pattern for allowed email addresses (e.g., /@example\.com$/)
|
||||
TINYAUTH_OAUTH_WHITELIST=""
|
||||
# Provider ID to auto-redirect to (skips login page)
|
||||
TINYAUTH_OAUTH_AUTOREDIRECT=""
|
||||
# OAuth Provider Configuration (replace MYPROVIDER with your provider name)
|
||||
TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_CLIENTID="your_client_id_here"
|
||||
TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_CLIENTSECRET="your_client_secret_here"
|
||||
TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_AUTHURL="https://provider.example.com/oauth/authorize"
|
||||
TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_TOKENURL="https://provider.example.com/oauth/token"
|
||||
TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_USERINFOURL="https://provider.example.com/oauth/userinfo"
|
||||
TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_REDIRECTURL="https://auth.example.com/oauth/callback/myprovider"
|
||||
TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_SCOPES="openid email profile"
|
||||
TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_NAME="My OAuth Provider"
|
||||
# Allow self-signed certificates
|
||||
TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_INSECURE="false"
|
||||
|
||||
# UI Customization
|
||||
|
||||
# Custom title for login page
|
||||
TINYAUTH_UI_TITLE="Tinyauth"
|
||||
# Message shown on forgot password page
|
||||
TINYAUTH_UI_FORGOTPASSWORDMESSAGE="Contact your administrator to reset your password"
|
||||
# Background image URL for login page
|
||||
TINYAUTH_UI_BACKGROUNDIMAGE=""
|
||||
|
||||
# LDAP Configuration
|
||||
|
||||
# LDAP server address
|
||||
TINYAUTH_LDAP_ADDRESS="ldap://ldap.example.com:389"
|
||||
# DN for binding to LDAP server
|
||||
TINYAUTH_LDAP_BINDDN="cn=readonly,dc=example,dc=com"
|
||||
# Password for bind DN
|
||||
TINYAUTH_LDAP_BINDPASSWORD="your_bind_password"
|
||||
# Base DN for user searches
|
||||
TINYAUTH_LDAP_BASEDN="dc=example,dc=com"
|
||||
# Search filter (%s will be replaced with username)
|
||||
TINYAUTH_LDAP_SEARCHFILTER="(&(uid=%s)(memberOf=cn=users,ou=groups,dc=example,dc=com))"
|
||||
# Allow insecure LDAP connections
|
||||
TINYAUTH_LDAP_INSECURE="false"
|
||||
|
||||
Reference in New Issue
Block a user