groups: - name: 2FAuth Configuration description: Configure 2FAuth - name: User and Group Configuration description: Configure User and Group for 2FAuth - name: Network Configuration description: Configure Network for 2FAuth - name: Storage Configuration description: Configure Storage for 2FAuth - name: Labels Configuration description: Configure Labels for 2FAuth - name: Resources Configuration description: Configure Resources for 2FAuth questions: - variable: TZ group: 2FAuth Configuration label: Timezone schema: type: string default: "Etc/UTC" required: true $ref: - "definitions/timezone" - variable: twofactor_auth label: "" group: 2FAuth Configuration schema: type: dict attrs: - variable: app_key label: App Key description: The app key for 2FAuth. schema: type: string required: true private: true min_length: 32 max_length: 32 default: "" - variable: app_name label: App Name description: The app name for 2FAuth. schema: type: string required: true default: 2FAuth - variable: app_url label: App URL description: | The app URL for 2FAuth.
Setting this wrong will show a blank page.
Examples:
https://2fauth.example.com
http://192.168.1.100:30081 schema: type: uri required: true default: "" - variable: site_owner_email label: Site Owner Email description: The email address of the site owner. schema: type: string required: true default: "" - variable: authentication_guard label: Authentication Guard description: | When using 'reverse-proxy-guard' 2FAuth only look for the dedicated headers and skip all other built-in authentication checks. That means your proxy is fully responsible of the authentication process, 2FAuth will trust him as long as headers are presents. schema: type: string default: "web-guard" required: true enum: - value: "web-guard" description: Web Guard - value: "reverse-proxy-guard" description: Reverse Proxy Guard - variable: authentication_header_user label: Authentication Proxy Header User description: | Name of the HTTP headers sent by the reverse proxy that identifies the authenticated user at proxy level. Check your proxy documentation to find out how these headers are named. schema: type: string default: "" show_if: [["authentication_guard", "=", "reverse-proxy-guard"]] required: true - variable: authentication_header_email label: Authentication Proxy Header Email description: | Name of the HTTP headers sent by the reverse proxy that identifies the authenticated user at proxy level. Check your proxy documentation to find out how these headers are named. schema: type: string default: "" show_if: [["authentication_guard", "=", "reverse-proxy-guard"]] required: true - variable: webauthn_user_verification label: WebAuthn User Verification description: | Most authenticators and smartphones will ask the user to actively verify themselves for log in. For example, through a touch plus pin code, password entry, or biometric recognition (e.g., presenting a fingerprint). The intent is to distinguish one user from any other. schema: type: string default: "preferred" required: true enum: - value: "preferred" description: Preferred - value: "required" description: Required - value: "discouraged" description: Discouraged - variable: trusted_proxies label: Trusted Proxies description: The list of proxies IP to trust schema: type: list default: [] items: - variable: trustedProxy label: Trusted Proxy schema: type: string required: true - variable: additional_envs label: Additional Environment Variables schema: type: list default: [] items: - variable: env label: Environment Variable schema: type: dict attrs: - variable: name label: Name schema: type: string required: true - variable: value label: Value schema: type: string - variable: run_as label: "" group: User and Group Configuration schema: type: dict attrs: - variable: user label: User ID description: The user id that 2FAuth files will be owned by. schema: type: int min: 568 default: 568 required: true - variable: group label: Group ID description: The group id that 2FAuth files will be owned by. schema: type: int min: 568 default: 568 required: true - variable: network label: "" group: Network Configuration schema: type: dict attrs: - variable: host_network label: Host Network description: | Bind to the host network. It's recommended to keep this disabled. schema: type: boolean default: false - variable: web_port label: WebUI Port schema: type: dict show_if: [["host_network", "=", false]] attrs: - variable: bind_mode label: Port Bind Mode description: | The port bind mode.
- Publish: The port will be published on the host for external access.
- Expose: The port will be exposed for inter-container communication.
- None: The port will not be exposed or published.
Note: If the Dockerfile defines an EXPOSE directive, the port will still be exposed for inter-container communication regardless of this setting. schema: type: string default: "published" enum: - value: "published" description: Publish port on the host for external access - value: "exposed" description: Expose port for inter-container communication - value: "" description: None - variable: port_number label: Port Number schema: type: int show_if: [["bind_mode", "=", "published"]] default: 30081 min: 1 max: 65535 required: true - variable: host_ips label: Host IPs description: IPs on the host to bind this port schema: type: list show_if: [["bind_mode", "=", "published"]] default: [] items: - variable: host_ip label: Host IP schema: type: string required: true $ref: - definitions/node_bind_ip - variable: storage label: "" group: Storage Configuration schema: type: dict attrs: - variable: config label: 2FAuth Config Storage description: The path to store 2FAuth Config. schema: type: dict attrs: - variable: type label: Type description: | ixVolume: Is dataset created automatically by the system.
Host Path: Is a path that already exists on the system. schema: type: string required: true default: "ix_volume" enum: - value: "host_path" description: Host Path (Path that already exists on the system) - value: "ix_volume" description: ixVolume (Dataset created automatically by the system) - variable: ix_volume_config label: ixVolume Configuration description: The configuration for the ixVolume dataset. schema: type: dict show_if: [["type", "=", "ix_volume"]] $ref: - "normalize/ix_volume" attrs: - variable: acl_enable label: Enable ACL description: Enable ACL for the storage. schema: type: boolean default: false - variable: dataset_name label: Dataset Name description: The name of the dataset to use for storage. schema: type: string required: true hidden: true default: "config" - variable: acl_entries label: ACL Configuration schema: type: dict show_if: [["acl_enable", "=", true]] attrs: [] - variable: host_path_config label: Host Path Configuration schema: type: dict show_if: [["type", "=", "host_path"]] attrs: - variable: acl_enable label: Enable ACL description: Enable ACL for the storage. schema: type: boolean default: false - variable: acl label: ACL Configuration schema: type: dict show_if: [["acl_enable", "=", true]] attrs: [] $ref: - "normalize/acl" - variable: path label: Host Path description: The host path to use for storage. schema: type: hostpath show_if: [["acl_enable", "=", false]] required: true - variable: additional_storage label: Additional Storage schema: type: list default: [] items: - variable: storageEntry label: Storage Entry schema: type: dict attrs: - variable: type label: Type description: | ixVolume: Is dataset created automatically by the system.
Host Path: Is a path that already exists on the system.
SMB Share: Is a SMB share that is mounted to as a volume. schema: type: string required: true default: "ix_volume" enum: - value: "host_path" description: Host Path (Path that already exists on the system) - value: "ix_volume" description: ixVolume (Dataset created automatically by the system) - value: "cifs" description: SMB/CIFS Share (Mounts a volume to a SMB share) - variable: read_only label: Read Only description: Mount the volume as read only. schema: type: boolean default: false - variable: mount_path label: Mount Path description: The path inside the container to mount the storage. schema: type: path required: true - variable: host_path_config label: Host Path Configuration schema: type: dict show_if: [["type", "=", "host_path"]] attrs: - variable: acl_enable label: Enable ACL description: Enable ACL for the storage. schema: type: boolean default: false - variable: acl label: ACL Configuration schema: type: dict show_if: [["acl_enable", "=", true]] attrs: [] $ref: - "normalize/acl" - variable: path label: Host Path description: The host path to use for storage. schema: type: hostpath show_if: [["acl_enable", "=", false]] required: true - variable: ix_volume_config label: ixVolume Configuration description: The configuration for the ixVolume dataset. schema: type: dict show_if: [["type", "=", "ix_volume"]] $ref: - "normalize/ix_volume" attrs: - variable: acl_enable label: Enable ACL description: Enable ACL for the storage. schema: type: boolean default: false - variable: dataset_name label: Dataset Name description: The name of the dataset to use for storage. schema: type: string required: true default: "storage_entry" - variable: acl_entries label: ACL Configuration schema: type: dict show_if: [["acl_enable", "=", true]] attrs: [] $ref: - "normalize/acl" - variable: cifs_config label: SMB Configuration description: The configuration for the SMB dataset. schema: type: dict show_if: [["type", "=", "cifs"]] attrs: - variable: server label: Server description: The server to mount the SMB share. schema: type: string required: true - variable: path label: Path description: The path to mount the SMB share. schema: type: string required: true - variable: username label: Username description: The username to use for the SMB share. schema: type: string required: true - variable: password label: Password description: The password to use for the SMB share. schema: type: string required: true private: true - variable: domain label: Domain description: The domain to use for the SMB share. schema: type: string - variable: labels label: "" group: Labels Configuration schema: type: list default: [] items: - variable: label label: Label schema: type: dict attrs: - variable: key label: Key schema: type: string required: true - variable: value label: Value schema: type: string required: true - variable: containers label: Containers description: Containers where the label should be applied schema: type: list items: - variable: container label: Container schema: type: string required: true enum: - value: twofactor-auth description: twofactor-auth - variable: resources label: "" group: Resources Configuration schema: type: dict attrs: - variable: limits label: Limits schema: type: dict attrs: - variable: cpus label: CPUs description: CPUs limit for 2FAuth. schema: type: int default: 2 required: true - variable: memory label: Memory (in MB) description: Memory limit for 2FAuth. schema: type: int default: 4096 required: true