tinyauth/.env.example

# Tinyauth example configuration

# The base URL where the app is hosted.
TINYAUTH_APPURL=
# The directory where resources are stored.
TINYAUTH_RESOURCESDIR="./resources"
# The path to the database file.
TINYAUTH_DATABASEPATH="./tinyauth.db"
# Disable analytics.
TINYAUTH_DISABLEANALYTICS=false
# Disable resources server.
TINYAUTH_DISABLERESOURCES=false

# server config

# The port on which the server listens.
TINYAUTH_SERVER_PORT=3000
# The address on which the server listens.
TINYAUTH_SERVER_ADDRESS="0.0.0.0"
# The path to the Unix socket.
TINYAUTH_SERVER_SOCKETPATH=

# auth config

# List of allowed IPs or CIDR ranges.
TINYAUTH_AUTH_IP_ALLOW=
# List of blocked IPs or CIDR ranges.
TINYAUTH_AUTH_IP_BLOCK=
# Comma-separated list of users (username:hashed_password).
TINYAUTH_AUTH_USERS=
# Path to the users file.
TINYAUTH_AUTH_USERSFILE=
# Enable secure cookies.
TINYAUTH_AUTH_SECURECOOKIE=false
# Session expiry time in seconds.
TINYAUTH_AUTH_SESSIONEXPIRY=86400
# Maximum session lifetime in seconds.
TINYAUTH_AUTH_SESSIONMAXLIFETIME=0
# Login timeout in seconds.
TINYAUTH_AUTH_LOGINTIMEOUT=300
# Maximum login retries.
TINYAUTH_AUTH_LOGINMAXRETRIES=3
# Comma-separated list of trusted proxy addresses.
TINYAUTH_AUTH_TRUSTEDPROXIES=

# apps config

# The domain of the app.
TINYAUTH_APPS_name_CONFIG_DOMAIN=
# Comma-separated list of allowed users.
TINYAUTH_APPS_name_USERS_ALLOW=
# Comma-separated list of blocked users.
TINYAUTH_APPS_name_USERS_BLOCK=
# Comma-separated list of allowed OAuth groups.
TINYAUTH_APPS_name_OAUTH_WHITELIST=
# Comma-separated list of required OAuth groups.
TINYAUTH_APPS_name_OAUTH_GROUPS=
# List of allowed IPs or CIDR ranges.
TINYAUTH_APPS_name_IP_ALLOW=
# List of blocked IPs or CIDR ranges.
TINYAUTH_APPS_name_IP_BLOCK=
# List of IPs or CIDR ranges that bypass authentication.
TINYAUTH_APPS_name_IP_BYPASS=
# Custom headers to add to the response.
TINYAUTH_APPS_name_RESPONSE_HEADERS=
# Basic auth username.
TINYAUTH_APPS_name_RESPONSE_BASICAUTH_USERNAME=
# Basic auth password.
TINYAUTH_APPS_name_RESPONSE_BASICAUTH_PASSWORD=
# Path to the file containing the basic auth password.
TINYAUTH_APPS_name_RESPONSE_BASICAUTH_PASSWORDFILE=
# Comma-separated list of allowed paths.
TINYAUTH_APPS_name_PATH_ALLOW=
# Comma-separated list of blocked paths.
TINYAUTH_APPS_name_PATH_BLOCK=
# Comma-separated list of required LDAP groups.
TINYAUTH_APPS_name_LDAP_GROUPS=

# oauth config

# Comma-separated list of allowed OAuth domains.
TINYAUTH_OAUTH_WHITELIST=
# The OAuth provider to use for automatic redirection.
TINYAUTH_OAUTH_AUTOREDIRECT=
# OAuth client ID.
TINYAUTH_OAUTH_PROVIDERS_name_CLIENTID=
# OAuth client secret.
TINYAUTH_OAUTH_PROVIDERS_name_CLIENTSECRET=
# Path to the file containing the OAuth client secret.
TINYAUTH_OAUTH_PROVIDERS_name_CLIENTSECRETFILE=
# OAuth scopes.
TINYAUTH_OAUTH_PROVIDERS_name_SCOPES=
# OAuth redirect URL.
TINYAUTH_OAUTH_PROVIDERS_name_REDIRECTURL=
# OAuth authorization URL.
TINYAUTH_OAUTH_PROVIDERS_name_AUTHURL=
# OAuth token URL.
TINYAUTH_OAUTH_PROVIDERS_name_TOKENURL=
# OAuth userinfo URL.
TINYAUTH_OAUTH_PROVIDERS_name_USERINFOURL=
# Allow insecure OAuth connections.
TINYAUTH_OAUTH_PROVIDERS_name_INSECURE=false
# Provider name in UI.
TINYAUTH_OAUTH_PROVIDERS_name_NAME=

# oidc config

# Path to the private key file.
TINYAUTH_OIDC_PRIVATEKEYPATH="./tinyauth_oidc_key"
# Path to the public key file.
TINYAUTH_OIDC_PUBLICKEYPATH="./tinyauth_oidc_key.pub"
# OIDC client ID.
TINYAUTH_OIDC_CLIENTS_name_CLIENTID=
# OIDC client secret.
TINYAUTH_OIDC_CLIENTS_name_CLIENTSECRET=
# Path to the file containing the OIDC client secret.
TINYAUTH_OIDC_CLIENTS_name_CLIENTSECRETFILE=
# List of trusted redirect URIs.
TINYAUTH_OIDC_CLIENTS_name_TRUSTEDREDIRECTURIS=
# Client name in UI.
TINYAUTH_OIDC_CLIENTS_name_NAME=

# ui config

# The title of the UI.
TINYAUTH_UI_TITLE="Tinyauth"
# Message displayed on the forgot password page.
TINYAUTH_UI_FORGOTPASSWORDMESSAGE="You can change your password by changing the configuration."
# Path to the background image.
TINYAUTH_UI_BACKGROUNDIMAGE="/background.jpg"
# Disable UI warnings.
TINYAUTH_UI_DISABLEWARNINGS=false

# ldap config

# LDAP server address.
TINYAUTH_LDAP_ADDRESS=
# Bind DN for LDAP authentication.
TINYAUTH_LDAP_BINDDN=
# Bind password for LDAP authentication.
TINYAUTH_LDAP_BINDPASSWORD=
# Base DN for LDAP searches.
TINYAUTH_LDAP_BASEDN=
# Allow insecure LDAP connections.
TINYAUTH_LDAP_INSECURE=false
# LDAP search filter.
TINYAUTH_LDAP_SEARCHFILTER="(uid=%s)"
# Certificate for mTLS authentication.
TINYAUTH_LDAP_AUTHCERT=
# Certificate key for mTLS authentication.
TINYAUTH_LDAP_AUTHKEY=
# Cache duration for LDAP group membership in seconds.
TINYAUTH_LDAP_GROUPCACHETTL=900

# log config

# Log level (trace, debug, info, warn, error).
TINYAUTH_LOG_LEVEL="info"
# Enable JSON formatted logs.
TINYAUTH_LOG_JSON=false
# Enable this log stream.
TINYAUTH_LOG_STREAMS_HTTP_ENABLED=true
# Log level for this stream. Use global if empty.
TINYAUTH_LOG_STREAMS_HTTP_LEVEL=
# Enable this log stream.
TINYAUTH_LOG_STREAMS_APP_ENABLED=true
# Log level for this stream. Use global if empty.
TINYAUTH_LOG_STREAMS_APP_LEVEL=
# Enable this log stream.
TINYAUTH_LOG_STREAMS_AUDIT_ENABLED=false
# Log level for this stream. Use global if empty.
TINYAUTH_LOG_STREAMS_AUDIT_LEVEL=