# Tinyauth example configuration # The base URL where the app is hosted. TINYAUTH_APPURL= # The directory where resources are stored. TINYAUTH_RESOURCESDIR="./resources" # The path to the database file. TINYAUTH_DATABASEPATH="./tinyauth.db" # Disable analytics. TINYAUTH_DISABLEANALYTICS=false # Disable resources server. TINYAUTH_DISABLERESOURCES=false # server config # The port on which the server listens. TINYAUTH_SERVER_PORT=3000 # The address on which the server listens. TINYAUTH_SERVER_ADDRESS="0.0.0.0" # The path to the Unix socket. TINYAUTH_SERVER_SOCKETPATH= # auth config # List of allowed IPs or CIDR ranges. TINYAUTH_AUTH_IP_ALLOW= # List of blocked IPs or CIDR ranges. TINYAUTH_AUTH_IP_BLOCK= # Comma-separated list of users (username:hashed_password). TINYAUTH_AUTH_USERS= # Path to the users file. TINYAUTH_AUTH_USERSFILE= # Enable secure cookies. TINYAUTH_AUTH_SECURECOOKIE=false # Session expiry time in seconds. TINYAUTH_AUTH_SESSIONEXPIRY=86400 # Maximum session lifetime in seconds. TINYAUTH_AUTH_SESSIONMAXLIFETIME=0 # Login timeout in seconds. TINYAUTH_AUTH_LOGINTIMEOUT=300 # Maximum login retries. TINYAUTH_AUTH_LOGINMAXRETRIES=3 # Comma-separated list of trusted proxy addresses. TINYAUTH_AUTH_TRUSTEDPROXIES= # apps config # The domain of the app. TINYAUTH_APPS_name_CONFIG_DOMAIN= # Comma-separated list of allowed users. TINYAUTH_APPS_name_USERS_ALLOW= # Comma-separated list of blocked users. TINYAUTH_APPS_name_USERS_BLOCK= # Comma-separated list of allowed OAuth groups. TINYAUTH_APPS_name_OAUTH_WHITELIST= # Comma-separated list of required OAuth groups. TINYAUTH_APPS_name_OAUTH_GROUPS= # List of allowed IPs or CIDR ranges. TINYAUTH_APPS_name_IP_ALLOW= # List of blocked IPs or CIDR ranges. TINYAUTH_APPS_name_IP_BLOCK= # List of IPs or CIDR ranges that bypass authentication. TINYAUTH_APPS_name_IP_BYPASS= # Custom headers to add to the response. TINYAUTH_APPS_name_RESPONSE_HEADERS= # Basic auth username. TINYAUTH_APPS_name_RESPONSE_BASICAUTH_USERNAME= # Basic auth password. TINYAUTH_APPS_name_RESPONSE_BASICAUTH_PASSWORD= # Path to the file containing the basic auth password. TINYAUTH_APPS_name_RESPONSE_BASICAUTH_PASSWORDFILE= # Comma-separated list of allowed paths. TINYAUTH_APPS_name_PATH_ALLOW= # Comma-separated list of blocked paths. TINYAUTH_APPS_name_PATH_BLOCK= # Comma-separated list of required LDAP groups. TINYAUTH_APPS_name_LDAP_GROUPS= # oauth config # Comma-separated list of allowed OAuth domains. TINYAUTH_OAUTH_WHITELIST= # The OAuth provider to use for automatic redirection. TINYAUTH_OAUTH_AUTOREDIRECT= # OAuth client ID. TINYAUTH_OAUTH_PROVIDERS_name_CLIENTID= # OAuth client secret. TINYAUTH_OAUTH_PROVIDERS_name_CLIENTSECRET= # Path to the file containing the OAuth client secret. TINYAUTH_OAUTH_PROVIDERS_name_CLIENTSECRETFILE= # OAuth scopes. TINYAUTH_OAUTH_PROVIDERS_name_SCOPES= # OAuth redirect URL. TINYAUTH_OAUTH_PROVIDERS_name_REDIRECTURL= # OAuth authorization URL. TINYAUTH_OAUTH_PROVIDERS_name_AUTHURL= # OAuth token URL. TINYAUTH_OAUTH_PROVIDERS_name_TOKENURL= # OAuth userinfo URL. TINYAUTH_OAUTH_PROVIDERS_name_USERINFOURL= # Allow insecure OAuth connections. TINYAUTH_OAUTH_PROVIDERS_name_INSECURE=false # Provider name in UI. TINYAUTH_OAUTH_PROVIDERS_name_NAME= # oidc config # Path to the private key file. TINYAUTH_OIDC_PRIVATEKEYPATH="./tinyauth_oidc_key" # Path to the public key file. TINYAUTH_OIDC_PUBLICKEYPATH="./tinyauth_oidc_key.pub" # OIDC client ID. TINYAUTH_OIDC_CLIENTS_name_CLIENTID= # OIDC client secret. TINYAUTH_OIDC_CLIENTS_name_CLIENTSECRET= # Path to the file containing the OIDC client secret. TINYAUTH_OIDC_CLIENTS_name_CLIENTSECRETFILE= # List of trusted redirect URIs. TINYAUTH_OIDC_CLIENTS_name_TRUSTEDREDIRECTURIS= # Client name in UI. TINYAUTH_OIDC_CLIENTS_name_NAME= # ui config # The title of the UI. TINYAUTH_UI_TITLE="Tinyauth" # Message displayed on the forgot password page. TINYAUTH_UI_FORGOTPASSWORDMESSAGE="You can change your password by changing the configuration." # Path to the background image. TINYAUTH_UI_BACKGROUNDIMAGE="/background.jpg" # Disable UI warnings. TINYAUTH_UI_DISABLEWARNINGS=false # ldap config # LDAP server address. TINYAUTH_LDAP_ADDRESS= # Bind DN for LDAP authentication. TINYAUTH_LDAP_BINDDN= # Bind password for LDAP authentication. TINYAUTH_LDAP_BINDPASSWORD= # Base DN for LDAP searches. TINYAUTH_LDAP_BASEDN= # Allow insecure LDAP connections. TINYAUTH_LDAP_INSECURE=false # LDAP search filter. TINYAUTH_LDAP_SEARCHFILTER="(uid=%s)" # Certificate for mTLS authentication. TINYAUTH_LDAP_AUTHCERT= # Certificate key for mTLS authentication. TINYAUTH_LDAP_AUTHKEY= # Cache duration for LDAP group membership in seconds. TINYAUTH_LDAP_GROUPCACHETTL=900 # log config # Log level (trace, debug, info, warn, error). TINYAUTH_LOG_LEVEL="info" # Enable JSON formatted logs. TINYAUTH_LOG_JSON=false # Enable this log stream. TINYAUTH_LOG_STREAMS_HTTP_ENABLED=true # Log level for this stream. Use global if empty. TINYAUTH_LOG_STREAMS_HTTP_LEVEL= # Enable this log stream. TINYAUTH_LOG_STREAMS_APP_ENABLED=true # Log level for this stream. Use global if empty. TINYAUTH_LOG_STREAMS_APP_LEVEL= # Enable this log stream. TINYAUTH_LOG_STREAMS_AUDIT_ENABLED=false # Log level for this stream. Use global if empty. TINYAUTH_LOG_STREAMS_AUDIT_LEVEL=