forked from Nixius/authelia
24 lines
552 B
YAML
24 lines
552 B
YAML
access_control:
|
|
default_policy: deny
|
|
rules:
|
|
|
|
# Allow free access from local network
|
|
- domain: "*.{{ env "TRAEFIK_DOMAIN" }}"
|
|
policy: bypass
|
|
networks:
|
|
- 192.168.0.0/16
|
|
- 172.16.0.0/12
|
|
- 10.0.0.0/8
|
|
|
|
# Put WAN Access rules here
|
|
- domain: {{ env "TRAEFIK_DOMAIN" }}
|
|
resources:
|
|
- "^/.well-known([/?].*)?$"
|
|
policy: bypass
|
|
|
|
- domain: {{ env "TRAEFIK_DOMAIN" }}
|
|
subject: "group:admin"
|
|
policy: two_factor
|
|
|
|
- domain: headscale.{{ env "TRAEFIK_DOMAIN" }}
|
|
policy: bypass |