---

listen:
  addr: "0.0.0.0"
  port: 8082

login:
  title: "yourdomain.com - Login"
  default_method: "simple"
  hide_mfa_field: true
  names:
    simple: "Username / Password"

cookie:
  domain: ".yourdomain.com"
  # To regenerate this key: cat /dev/urandom | tr -dc "A-Za-z0-9" | dd bs=1 count=60 2>/dev/null
  authentication_key: "5foFtWocwA3hq0tUztgMqn9xaagqNP1wFqfFyZDHTxhr154iQQ60eDI9z6oDVNHF7B"

audit_log:
  targets:
    - fd://stdout
    - file:///data/audit.jsonl
  events: ["access_denied", "login_success", "login_failure", "logout", "validate"]
  headers: ["x-origin-uri"]
  trusted_ip_headers: ["X-Forwarded-For", "RemoteAddr", "X-Real-IP"]

acl:
  rule_sets:
  - rules:
    - field: "X-Host"
      regexp: ".*"
    allow: ["@admins"]

providers:
  simple:
    enable_basic_auth: true
    users:
      # To generate a new password: htpasswd -nbBC 10 username password
      admin: "$2y$10$3aJxJ6ttJNPeky/bCdg1OOVvGU8pLVj9L.U9kN0F0JWLN.nt3b5WO"
    groups:
      admins: ["admin"]