2FAuth
2FAuth
Get Started with Apps!
Get Started with Apps!
App Version: 5.5.2
(Changelog)
Keywords: security, 2fa, otp
Train: Community
Home Page: https://docs.2fauth.app/
Keywords: security, 2fa, otp
Train: Community
Home Page: https://docs.2fauth.app/
2FAuth Details
Added: 2024-09-18
Last Updated: 2025-04-23
Added: 2024-09-18
Last Updated: 2025-04-23
2FAuth is a web based self-hosted alternative to One Time Passcode (OTP) generators like Google Authenticator, designed for both mobile and desktop.
Run as Context- 2FAuth runs as non-root user.
Group: 1000 / 2fauth
User: 1000 / 2fauth
Screenshots
×
![Full Screenshot]()
App Metadata (Raw File)
{
"1.1.12": {
"healthy": true,
"supported": true,
"healthy_error": null,
"location": "/__w/apps/apps/trains/community/twofactor-auth/1.1.12",
"last_update": "2025-04-23 17:43:28",
"required_features": [],
"human_version": "5.5.2_1.1.12",
"version": "1.1.12",
"app_metadata": {
"app_version": "5.5.2",
"capabilities": [],
"categories": [
"security"
],
"changelog_url": "https://github.com/Bubka/2FAuth/blob/master/changelog.md",
"date_added": "2024-09-18",
"description": "2FAuth is a web based self-hosted alternative to One Time Passcode (OTP) generators like Google Authenticator, designed for both mobile and desktop.",
"home": "https://docs.2fauth.app/",
"host_mounts": [],
"icon": "https://media.sys.truenas.net/apps/twofactor-auth/icons/icon.png",
"keywords": [
"security",
"2fa",
"otp"
],
"lib_version": "2.1.16",
"lib_version_hash": "dac15686f882b9ce65b8549a3d5c0ed7bafe2df7a9028880d1a99b0ff4af1eff",
"maintainers": [
{
"email": "dev@ixsystems.com",
"name": "truenas",
"url": "https://www.truenas.com/"
}
],
"name": "twofactor-auth",
"run_as_context": [
{
"description": "2FAuth runs as non-root user.",
"gid": 1000,
"group_name": "2fauth",
"uid": 1000,
"user_name": "2fauth"
}
],
"screenshots": [
"https://media.sys.truenas.net/apps/twofactor-auth/screenshots/screenshot1.png"
],
"sources": [
"https://github.com/Bubka/2FAuth",
"https://hub.docker.com/r/2fauth/2fauth/"
],
"title": "2FAuth",
"train": "community",
"version": "1.1.12"
},
"schema": {
"groups": [
{
"name": "2FAuth Configuration",
"description": "Configure 2FAuth"
},
{
"name": "User and Group Configuration",
"description": "Configure User and Group for 2FAuth"
},
{
"name": "Network Configuration",
"description": "Configure Network for 2FAuth"
},
{
"name": "Storage Configuration",
"description": "Configure Storage for 2FAuth"
},
{
"name": "Labels Configuration",
"description": "Configure Labels for 2FAuth"
},
{
"name": "Resources Configuration",
"description": "Configure Resources for 2FAuth"
}
],
"questions": [
{
"variable": "TZ",
"group": "2FAuth Configuration",
"label": "Timezone",
"schema": {
"type": "string",
"default": "Etc/UTC",
"required": true,
"$ref": [
"definitions/timezone"
]
}
},
{
"variable": "twofactor_auth",
"label": "",
"group": "2FAuth Configuration",
"schema": {
"type": "dict",
"attrs": [
{
"variable": "app_key",
"label": "App Key",
"description": "The app key for 2FAuth.",
"schema": {
"type": "string",
"required": true,
"private": true,
"min_length": 32,
"max_length": 32,
"default": ""
}
},
{
"variable": "app_name",
"label": "App Name",
"description": "The app name for 2FAuth.",
"schema": {
"type": "string",
"required": true,
"default": "2FAuth"
}
},
{
"variable": "app_url",
"label": "App URL",
"description": "The app URL for 2FAuth.</br>\nSetting this wrong will show a blank page.</br>\nExamples:</br>\nhttps://2fauth.example.com </br>\nhttp://192.168.1.100:30081\n",
"schema": {
"type": "uri",
"required": true,
"default": ""
}
},
{
"variable": "site_owner_email",
"label": "Site Owner Email",
"description": "The email address of the site owner.",
"schema": {
"type": "string",
"required": true,
"default": ""
}
},
{
"variable": "authentication_guard",
"label": "Authentication Guard",
"description": "When using 'reverse-proxy-guard' 2FAuth only look for the dedicated headers and skip all\nother built-in authentication checks. That means your proxy is fully responsible of the\nauthentication process, 2FAuth will trust him as long as headers are presents.\n",
"schema": {
"type": "string",
"default": "web-guard",
"required": true,
"enum": [
{
"value": "web-guard",
"description": "Web Guard"
},
{
"value": "reverse-proxy-guard",
"description": "Reverse Proxy Guard"
}
]
}
},
{
"variable": "authentication_header_user",
"label": "Authentication Proxy Header User",
"description": "Name of the HTTP headers sent by the reverse proxy that identifies the authenticated\nuser at proxy level. Check your proxy documentation to find out how these headers are named.\n",
"schema": {
"type": "string",
"default": "",
"show_if": [
[
"authentication_guard",
"=",
"reverse-proxy-guard"
]
],
"required": true
}
},
{
"variable": "authentication_header_email",
"label": "Authentication Proxy Header Email",
"description": "Name of the HTTP headers sent by the reverse proxy that identifies the authenticated\nuser at proxy level. Check your proxy documentation to find out how these headers are named.\n",
"schema": {
"type": "string",
"default": "",
"show_if": [
[
"authentication_guard",
"=",
"reverse-proxy-guard"
]
],
"required": true
}
},
{
"variable": "webauthn_user_verification",
"label": "WebAuthn User Verification",
"description": "Most authenticators and smartphones will ask the user to actively verify\nthemselves for log in. For example, through a touch plus pin code,\npassword entry, or biometric recognition (e.g., presenting a fingerprint).\nThe intent is to distinguish one user from any other.\n",
"schema": {
"type": "string",
"default": "preferred",
"required": true,
"enum": [
{
"value": "preferred",
"description": "Preferred"
},
{
"value": "required",
"description": "Required"
},
{
"value": "discouraged",
"description": "Discouraged"
}
]
}
},
{
"variable": "trusted_proxies",
"label": "Trusted Proxies",
"description": "The list of proxies IP to trust",
"schema": {
"type": "list",
"default": [],
"items": [
{
"variable": "trustedProxy",
"label": "Trusted Proxy",
"schema": {
"type": "string",
"required": true
}
}
]
}
},
{
"variable": "additional_envs",
"label": "Additional Environment Variables",
"description": "Configure additional environment variables for 2FAuth.",
"schema": {
"type": "list",
"default": [],
"items": [
{
"variable": "env",
"label": "Environment Variable",
"schema": {
"type": "dict",
"attrs": [
{
"variable": "name",
"label": "Name",
"schema": {
"type": "string",
"required": true
}
},
{
"variable": "value",
"label": "Value",
"schema": {
"type": "string",
"required": true
}
}
]
}
}
]
}
}
]
}
},
{
"variable": "run_as",
"label": "",
"group": "User and Group Configuration",
"schema": {
"type": "dict",
"attrs": [
{
"variable": "user",
"label": "User ID",
"description": "The user id that 2FAuth files will be owned by.",
"schema": {
"type": "int",
"min": 568,
"default": 568,
"required": true
}
},
{
"variable": "group",
"label": "Group ID",
"description": "The group id that 2FAuth files will be owned by.",
"schema": {
"type": "int",
"min": 568,
"default": 568,
"required": true
}
}
]
}
},
{
"variable": "network",
"label": "",
"group": "Network Configuration",
"schema": {
"type": "dict",
"attrs": [
{
"variable": "host_network",
"label": "Host Network",
"description": "Bind to the host network. It's recommended to keep this disabled.\n",
"schema": {
"type": "boolean",
"default": false
}
},
{
"variable": "web_port",
"label": "WebUI Port",
"description": "The port for 2FAuth WebUI",
"schema": {
"type": "int",
"default": 30081,
"show_if": [
[
"host_network",
"=",
false
]
],
"required": true,
"$ref": [
"definitions/port"
]
}
}
]
}
},
{
"variable": "storage",
"label": "",
"group": "Storage Configuration",
"schema": {
"type": "dict",
"attrs": [
{
"variable": "config",
"label": "2FAuth Config Storage",
"description": "The path to store 2FAuth Config.",
"schema": {
"type": "dict",
"attrs": [
{
"variable": "type",
"label": "Type",
"description": "ixVolume: Is dataset created automatically by the system.</br>\nHost Path: Is a path that already exists on the system.\n",
"schema": {
"type": "string",
"required": true,
"immutable": true,
"default": "ix_volume",
"enum": [
{
"value": "host_path",
"description": "Host Path (Path that already exists on the system)"
},
{
"value": "ix_volume",
"description": "ixVolume (Dataset created automatically by the system)"
}
]
}
},
{
"variable": "ix_volume_config",
"label": "ixVolume Configuration",
"description": "The configuration for the ixVolume dataset.",
"schema": {
"type": "dict",
"show_if": [
[
"type",
"=",
"ix_volume"
]
],
"$ref": [
"normalize/ix_volume"
],
"attrs": [
{
"variable": "acl_enable",
"label": "Enable ACL",
"description": "Enable ACL for the storage.",
"schema": {
"type": "boolean",
"default": false
}
},
{
"variable": "dataset_name",
"label": "Dataset Name",
"description": "The name of the dataset to use for storage.",
"schema": {
"type": "string",
"required": true,
"immutable": true,
"hidden": true,
"default": "config"
}
},
{
"variable": "acl_entries",
"label": "ACL Configuration",
"schema": {
"type": "dict",
"show_if": [
[
"acl_enable",
"=",
true
]
],
"attrs": []
}
}
]
}
},
{
"variable": "host_path_config",
"label": "Host Path Configuration",
"schema": {
"type": "dict",
"show_if": [
[
"type",
"=",
"host_path"
]
],
"attrs": [
{
"variable": "acl_enable",
"label": "Enable ACL",
"description": "Enable ACL for the storage.",
"schema": {
"type": "boolean",
"default": false
}
},
{
"variable": "acl",
"label": "ACL Configuration",
"schema": {
"type": "dict",
"show_if": [
[
"acl_enable",
"=",
true
]
],
"attrs": [],
"$ref": [
"normalize/acl"
]
}
},
{
"variable": "path",
"label": "Host Path",
"description": "The host path to use for storage.",
"schema": {
"type": "hostpath",
"show_if": [
[
"acl_enable",
"=",
false
]
],
"required": true
}
}
]
}
}
]
}
},
{
"variable": "additional_storage",
"label": "Additional Storage",
"description": "Additional storage for 2FAuth.",
"schema": {
"type": "list",
"default": [],
"items": [
{
"variable": "storageEntry",
"label": "Storage Entry",
"schema": {
"type": "dict",
"attrs": [
{
"variable": "type",
"label": "Type",
"description": "ixVolume: Is dataset created automatically by the system.</br>\nHost Path: Is a path that already exists on the system.</br>\nSMB Share: Is a SMB share that is mounted to as a volume.\n",
"schema": {
"type": "string",
"required": true,
"default": "ix_volume",
"immutable": true,
"enum": [
{
"value": "host_path",
"description": "Host Path (Path that already exists on the system)"
},
{
"value": "ix_volume",
"description": "ixVolume (Dataset created automatically by the system)"
},
{
"value": "cifs",
"description": "SMB/CIFS Share (Mounts a volume to a SMB share)"
}
]
}
},
{
"variable": "read_only",
"label": "Read Only",
"description": "Mount the volume as read only.",
"schema": {
"type": "boolean",
"default": false
}
},
{
"variable": "mount_path",
"label": "Mount Path",
"description": "The path inside the container to mount the storage.",
"schema": {
"type": "path",
"required": true
}
},
{
"variable": "host_path_config",
"label": "Host Path Configuration",
"schema": {
"type": "dict",
"show_if": [
[
"type",
"=",
"host_path"
]
],
"attrs": [
{
"variable": "acl_enable",
"label": "Enable ACL",
"description": "Enable ACL for the storage.",
"schema": {
"type": "boolean",
"default": false
}
},
{
"variable": "acl",
"label": "ACL Configuration",
"schema": {
"type": "dict",
"show_if": [
[
"acl_enable",
"=",
true
]
],
"attrs": [],
"$ref": [
"normalize/acl"
]
}
},
{
"variable": "path",
"label": "Host Path",
"description": "The host path to use for storage.",
"schema": {
"type": "hostpath",
"show_if": [
[
"acl_enable",
"=",
false
]
],
"required": true
}
}
]
}
},
{
"variable": "ix_volume_config",
"label": "ixVolume Configuration",
"description": "The configuration for the ixVolume dataset.",
"schema": {
"type": "dict",
"show_if": [
[
"type",
"=",
"ix_volume"
]
],
"$ref": [
"normalize/ix_volume"
],
"attrs": [
{
"variable": "acl_enable",
"label": "Enable ACL",
"description": "Enable ACL for the storage.",
"schema": {
"type": "boolean",
"default": false
}
},
{
"variable": "dataset_name",
"label": "Dataset Name",
"description": "The name of the dataset to use for storage.",
"schema": {
"type": "string",
"required": true,
"immutable": true,
"default": "storage_entry"
}
},
{
"variable": "acl_entries",
"label": "ACL Configuration",
"schema": {
"type": "dict",
"show_if": [
[
"acl_enable",
"=",
true
]
],
"attrs": [],
"$ref": [
"normalize/acl"
]
}
}
]
}
},
{
"variable": "cifs_config",
"label": "SMB Configuration",
"description": "The configuration for the SMB dataset.",
"schema": {
"type": "dict",
"show_if": [
[
"type",
"=",
"cifs"
]
],
"attrs": [
{
"variable": "server",
"label": "Server",
"description": "The server to mount the SMB share.",
"schema": {
"type": "string",
"required": true
}
},
{
"variable": "path",
"label": "Path",
"description": "The path to mount the SMB share.",
"schema": {
"type": "string",
"required": true
}
},
{
"variable": "username",
"label": "Username",
"description": "The username to use for the SMB share.",
"schema": {
"type": "string",
"required": true
}
},
{
"variable": "password",
"label": "Password",
"description": "The password to use for the SMB share.",
"schema": {
"type": "string",
"required": true,
"private": true
}
},
{
"variable": "domain",
"label": "Domain",
"description": "The domain to use for the SMB share.",
"schema": {
"type": "string"
}
}
]
}
}
]
}
}
]
}
}
]
}
},
{
"variable": "labels",
"label": "",
"group": "Labels Configuration",
"schema": {
"type": "list",
"default": [],
"items": [
{
"variable": "label",
"label": "Label",
"schema": {
"type": "dict",
"attrs": [
{
"variable": "key",
"label": "Key",
"schema": {
"type": "string",
"required": true
}
},
{
"variable": "value",
"label": "Value",
"schema": {
"type": "string",
"required": true
}
},
{
"variable": "containers",
"label": "Containers",
"description": "Containers where the label should be applied",
"schema": {
"type": "list",
"items": [
{
"variable": "container",
"label": "Container",
"schema": {
"type": "string",
"required": true,
"enum": [
{
"value": "twofactor-auth",
"description": "twofactor-auth"
}
]
}
}
]
}
}
]
}
}
]
}
},
{
"variable": "resources",
"label": "",
"group": "Resources Configuration",
"schema": {
"type": "dict",
"attrs": [
{
"variable": "limits",
"label": "Limits",
"schema": {
"type": "dict",
"attrs": [
{
"variable": "cpus",
"label": "CPUs",
"description": "CPUs limit for 2FAuth.",
"schema": {
"type": "int",
"default": 2,
"required": true
}
},
{
"variable": "memory",
"label": "Memory (in MB)",
"description": "Memory limit for 2FAuth.",
"schema": {
"type": "int",
"default": 4096,
"required": true
}
}
]
}
}
]
}
}
]
},
"readme": "<h1>2FAuth</h1> <p><a href=\"https://docs.2fauth.app/\">2FAuth</a> is a web based self-hosted alternative to One Time Passcode (OTP) generators like Google Authenticator, designed for both mobile and desktop.</p>",
"changelog": null,
"chart_metadata": {
"app_version": "5.5.2",
"capabilities": [],
"categories": [
"security"
],
"changelog_url": "https://github.com/Bubka/2FAuth/blob/master/changelog.md",
"date_added": "2024-09-18",
"description": "2FAuth is a web based self-hosted alternative to One Time Passcode (OTP) generators like Google Authenticator, designed for both mobile and desktop.",
"home": "https://docs.2fauth.app/",
"host_mounts": [],
"icon": "https://media.sys.truenas.net/apps/twofactor-auth/icons/icon.png",
"keywords": [
"security",
"2fa",
"otp"
],
"lib_version": "2.1.16",
"lib_version_hash": "dac15686f882b9ce65b8549a3d5c0ed7bafe2df7a9028880d1a99b0ff4af1eff",
"maintainers": [
{
"email": "dev@ixsystems.com",
"name": "truenas",
"url": "https://www.truenas.com/"
}
],
"name": "twofactor-auth",
"run_as_context": [
{
"description": "2FAuth runs as non-root user.",
"gid": 1000,
"group_name": "2fauth",
"uid": 1000,
"user_name": "2fauth"
}
],
"screenshots": [
"https://media.sys.truenas.net/apps/twofactor-auth/screenshots/screenshot1.png"
],
"sources": [
"https://github.com/Bubka/2FAuth",
"https://hub.docker.com/r/2fauth/2fauth/"
],
"title": "2FAuth",
"train": "community",
"version": "1.1.12"
}
}
}Support, maintenance, and documentation for applications within the Community catalog is handled by the TrueNAS community. The TrueNAS Applications Portal hosts but does not validate or maintain any linked resources associated with this app.
There currently aren’t any resources available for this application!
Please help the TrueNAS community create content or discuss this application in the TrueNAS Community forum.