authentik/env.template

# SETTINGS from env.template
# Misc configuration
PUBLIC_DOMAIN=sso.base23.de
COMPOSE_PROJECT_NAME=sso-base23-de

# Auhtentik version
AUTHENTIK_TAG=2024.10.2

# Error reporting & Logging
AUTHENTIK_ERROR_REPORTING__ENABLED=true
AUTHENTIK_LOG_LEVEL=warning

# Email configuration
# SMTP Host Emails are sent to
AUTHENTIK_EMAIL__HOST=mail.base23.de
AUTHENTIK_EMAIL__PORT=25
AUTHENTIK_EMAIL__USERNAME=sso@base23.de
# Use StartTLS
AUTHENTIK_EMAIL__USE_TLS=true
# Use SSL
AUTHENTIK_EMAIL__USE_SSL=false
AUTHENTIK_EMAIL__TIMEOUT=10
# Email address authentik will send from, should have a correct @domain
AUTHENTIK_EMAIL__FROM=sso@base23.de

# Exposed ports for Authentik -- Ports are note exposed due to traefik setup
# COMPOSE_PORT_HTTP=80
# COMPOSE_PORT_HTTPS=443

# Liste settings
AUTHENTIK_LISTEN__TRUSTED_PROXY_CIDRS="172.18.0.0/16"


# MaxMind GeoIP
GEOIPUPDATE_ACCOUNT_ID=765001


# PostgreSQL configuration
PG_USER=authentik
POSTGRES_DB=authentik


# Nginx configuration
NGINX_HTTP_PORT=8080
NGINX_HTTPS_PORT=8443
NGINX_RESOLVER=1.1.1.1
NGINX_SERVERNAME=sso.base23.de

# NGINX SSL Config for nginx 1.27.2, intermediate config, OpenSSL 3.0.14
NGINX_SSL_SESSION_TIMEOUT=1d
NGINX_SSL_SESSION_CACHE=shared:MozSSL:10m # about 40000 sessions
NGINX_SSL_PROTOCOLS=TLSv1.2 TLSv1.3
NGINX_SSL_CIPHERS=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
NGINX_SSL_PREFER_SERVER_CIPHERS=off
NGINX_HEADER_STRICT_TRANSPORT_SECURITY='"max-age=63072000" always'
NGINX_SSL_STAPLING=on
NGINX_SSL_STAPLING_VERIFY=on