# Base Configuration # The base URL where Tinyauth is accessible TINYAUTH_APPURL="https://auth.example.com" # Log level: trace, debug, info, warn, error TINYAUTH_LOGLEVEL="info" # Directory for static resources TINYAUTH_RESOURCESDIR="/data/resources" # Path to SQLite database file TINYAUTH_DATABASEPATH="/data/tinyauth.db" # Disable version heartbeat TINYAUTH_DISABLEANALYTICS="false" # Disable static resource serving TINYAUTH_DISABLERESOURCES="false" # Disable UI warning messages TINYAUTH_DISABLEUIWARNINGS="false" # Enable JSON formatted logs TINYAUTH_LOGJSON="false" # Server Configuration # Port to listen on TINYAUTH_SERVER_PORT="3000" # Interface to bind to (0.0.0.0 for all interfaces) TINYAUTH_SERVER_ADDRESS="0.0.0.0" # Unix socket path (optional, overrides port/address if set) TINYAUTH_SERVER_SOCKETPATH="" # Comma-separated list of trusted proxy IPs/CIDRs TINYAUTH_SERVER_TRUSTEDPROXIES="" # Authentication Configuration # Format: username:bcrypt_hash (use bcrypt to generate hash) TINYAUTH_AUTH_USERS="admin:$2a$10$example_bcrypt_hash_here" # Path to external users file (optional) TINYAUTH_USERSFILE="" # Enable secure cookies (requires HTTPS) TINYAUTH_SECURECOOKIE="true" # Session expiry in seconds (7200 = 2 hours) TINYAUTH_SESSIONEXPIRY="7200" # Login timeout in seconds (300 = 5 minutes) TINYAUTH_LOGINTIMEOUT="300" # Maximum login retries before lockout TINYAUTH_LOGINMAXRETRIES="5" # OAuth Configuration # Regex pattern for allowed email addresses (e.g., /@example\.com$/) TINYAUTH_OAUTH_WHITELIST="" # Provider ID to auto-redirect to (skips login page) TINYAUTH_OAUTH_AUTOREDIRECT="" # OAuth Provider Configuration (replace MYPROVIDER with your provider name) TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_CLIENTID="your_client_id_here" TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_CLIENTSECRET="your_client_secret_here" TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_AUTHURL="https://provider.example.com/oauth/authorize" TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_TOKENURL="https://provider.example.com/oauth/token" TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_USERINFOURL="https://provider.example.com/oauth/userinfo" TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_REDIRECTURL="https://auth.example.com/oauth/callback/myprovider" TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_SCOPES="openid email profile" TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_NAME="My OAuth Provider" # Allow self-signed certificates TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_INSECURE="false" # UI Customization # Custom title for login page TINYAUTH_UI_TITLE="Tinyauth" # Message shown on forgot password page TINYAUTH_UI_FORGOTPASSWORDMESSAGE="Contact your administrator to reset your password" # Background image URL for login page TINYAUTH_UI_BACKGROUNDIMAGE="" # LDAP Configuration # LDAP server address TINYAUTH_LDAP_ADDRESS="ldap://ldap.example.com:389" # DN for binding to LDAP server TINYAUTH_LDAP_BINDDN="cn=readonly,dc=example,dc=com" # Password for bind DN TINYAUTH_LDAP_BINDPASSWORD="your_bind_password" # Base DN for user searches TINYAUTH_LDAP_BASEDN="dc=example,dc=com" # Search filter (%s will be replaced with username) TINYAUTH_LDAP_SEARCHFILTER="(&(uid=%s)(memberOf=cn=users,ou=groups,dc=example,dc=com))" # Allow insecure LDAP connections TINYAUTH_LDAP_INSECURE="false"