mirror of
https://github.com/steveiliop56/tinyauth.git
synced 2025-12-18 14:12:28 +00:00
85 lines
3.0 KiB
Plaintext
85 lines
3.0 KiB
Plaintext
# Base Configuration
|
|
|
|
# The base URL where Tinyauth is accessible
|
|
TINYAUTH_APPURL=https://auth.example.com
|
|
# Log level: trace, debug, info, warn, error
|
|
TINYAUTH_LOGLEVEL=info
|
|
# Directory for static resources
|
|
TINYAUTH_RESOURCESDIR=/data/resources
|
|
# Path to SQLite database file
|
|
TINYAUTH_DATABASEPATH=/data/tinyauth.db
|
|
# Disable version heartbeat
|
|
TINYAUTH_DISABLEANALYTICS=false
|
|
# Disable static resource serving
|
|
TINYAUTH_DISABLERESOURCES=false
|
|
# Disable UI warning messages
|
|
TINYAUTH_DISABLEUIWARNINGS=false
|
|
|
|
# Server Configuration
|
|
|
|
# Port to listen on
|
|
TINYAUTH_SERVER_PORT=3000
|
|
# Interface to bind to (0.0.0.0 for all interfaces)
|
|
TINYAUTH_SERVER_ADDRESS=0.0.0.0
|
|
# Unix socket path (optional, overrides port/address if set)
|
|
TINYAUTH_SERVER_SOCKETPATH=
|
|
# Comma-separated list of trusted proxy IPs/CIDRs
|
|
TINYAUTH_SERVER_TRUSTEDPROXIES=
|
|
|
|
# Authentication Configuration
|
|
|
|
# Format: username:bcrypt_hash (use bcrypt to generate hash)
|
|
TINYAUTH_AUTH_USERS=admin:$2a$10$example_bcrypt_hash_here
|
|
# Path to external users file (optional)
|
|
TINYAUTH_USERSFILE=
|
|
# Enable secure cookies (requires HTTPS)
|
|
TINYAUTH_SECURECOOKIE=true
|
|
# Session expiry in seconds (7200 = 2 hours)
|
|
TINYAUTH_SESSIONEXPIRY=7200
|
|
# Login timeout in seconds (300 = 5 minutes)
|
|
TINYAUTH_LOGINTIMEOUT=300
|
|
# Maximum login retries before lockout
|
|
TINYAUTH_LOGINMAXRETRIES=5
|
|
|
|
# OAuth Configuration
|
|
|
|
# Regex pattern for allowed email addresses (e.g., /@example\.com$/)
|
|
TINYAUTH_OAUTH_WHITELIST=
|
|
# Provider ID to auto-redirect to (skips login page)
|
|
TINYAUTH_OAUTH_AUTOREDIRECT=
|
|
# OAuth Provider Configuration (replace MYPROVIDER with your provider name)
|
|
TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_CLIENTID=your_client_id_here
|
|
TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_CLIENTSECRET=your_client_secret_here
|
|
TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_AUTHURL=https://provider.example.com/oauth/authorize
|
|
TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_TOKENURL=https://provider.example.com/oauth/token
|
|
TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_USERINFOURL=https://provider.example.com/oauth/userinfo
|
|
TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_REDIRECTURL=https://auth.example.com/oauth/callback/myprovider
|
|
TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_SCOPES=openid email profile
|
|
TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_NAME=My OAuth Provider
|
|
# Allow self-signed certificates
|
|
TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_INSECURE=false
|
|
|
|
# UI Customization
|
|
|
|
# Custom title for login page
|
|
TINYAUTH_UI_TITLE=Tinyauth
|
|
# Message shown on forgot password page
|
|
TINYAUTH_UI_FORGOTPASSWORDMESSAGE="Contact your administrator to reset your password"
|
|
# Background image URL for login page
|
|
TINYAUTH_UI_BACKGROUNDIMAGE=
|
|
|
|
# LDAP Configuration
|
|
|
|
# LDAP server address
|
|
TINYAUTH_LDAP_ADDRESS=ldap://ldap.example.com:389
|
|
# DN for binding to LDAP server
|
|
TINYAUTH_LDAP_BINDDN=cn=readonly,dc=example,dc=com
|
|
# Password for bind DN
|
|
TINYAUTH_LDAP_BINDPASSWORD=your_bind_password
|
|
# Base DN for user searches
|
|
TINYAUTH_LDAP_BASEDN=dc=example,dc=com
|
|
# Search filter (%s will be replaced with username)
|
|
TINYAUTH_LDAP_SEARCHFILTER=(&(uid=%s)(memberOf=cn=users,ou=groups,dc=example,dc=com))
|
|
# Allow insecure LDAP connections
|
|
TINYAUTH_LDAP_INSECURE=false
|