update authentik und hedgedoc
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
parent
9d9c0cd0e7
commit
5a34ee5336
2 changed files with 36 additions and 59 deletions
|
@ -7,54 +7,4 @@ title: Single-Sign-On Provider
|
||||||
[Authentik](https://goauthentik.io) ist unser Single-Sign-On (SSO) Provider und Identity Management.
|
[Authentik](https://goauthentik.io) ist unser Single-Sign-On (SSO) Provider und Identity Management.
|
||||||
Alle Apps die per SSO angebunden werden sollen, müssen später in der Administrationsoberfläche konfiguriert werden.
|
Alle Apps die per SSO angebunden werden sollen, müssen später in der Administrationsoberfläche konfiguriert werden.
|
||||||
|
|
||||||
```
|
Setup: [https://git.coopcloud.tech/coop-cloud/authentik](https://git.coopcloud.tech/coop-cloud/authentik)
|
||||||
abra app new authentik
|
|
||||||
abra app config <app_name>
|
|
||||||
abra app secret insert <app_name> email_pass v1 <password>
|
|
||||||
abra app secret generate -a <app_name>
|
|
||||||
abra app deploy <app_name>
|
|
||||||
abra app cmd <app_name> app set_admin_pass
|
|
||||||
```
|
|
||||||
|
|
||||||
|
|
||||||
## Theming
|
|
||||||
|
|
||||||
Platziere die Dateien `flow_background.jpg`, `icon_left_brand.svg` und `icon.png` in einem Ordner`./<assets>`.
|
|
||||||
|
|
||||||
Füge folgende Zeile zur Konfiguration hinzu:
|
|
||||||
|
|
||||||
```
|
|
||||||
abra app config <app_name>
|
|
||||||
COPY_ASSETS="flow_background.jpg|app:/web/dist/assets/images/ icon_left_brand.svg|app:/web/dist/assets/icons/ icon.png|app:/web/dist/assets/icons/"
|
|
||||||
```
|
|
||||||
|
|
||||||
Nach jedem neuen deploy / upgrade führe folgenden Befehl aus:
|
|
||||||
```
|
|
||||||
abra app cmd -l <app_name> customize ./<assets>
|
|
||||||
```
|
|
||||||
|
|
||||||
## Rotate Secrets
|
|
||||||
|
|
||||||
Inkrementiere die Secret Versionen
|
|
||||||
```
|
|
||||||
abra app config <app_name>
|
|
||||||
SECRET_SECRET_KEY_VERSION=v2
|
|
||||||
SECRET_DB_PASSWORD_VERSION=V2
|
|
||||||
SECRET_ADMIN_TOKEN_VERSION=v2
|
|
||||||
SECRET_ADMIN_PASS_VERSION=v2
|
|
||||||
```
|
|
||||||
|
|
||||||
Aktualisiere die Secrets:
|
|
||||||
|
|
||||||
~~~
|
|
||||||
abra app secret generate -a <app_name>
|
|
||||||
abra app undeploy <app_name>
|
|
||||||
abra app deploy <app_name>
|
|
||||||
abra app cmd <app_name> db rotate_db_pass
|
|
||||||
abra app cmd <app_name> app set_admin_pass
|
|
||||||
abra app cmd -l <app_name> customize ./<assets>
|
|
||||||
~~~
|
|
||||||
|
|
||||||
## Upgrade
|
|
||||||
|
|
||||||
TODO
|
|
||||||
|
|
|
@ -1,12 +1,39 @@
|
||||||
# Hedgedoc
|
# Hedgedoc
|
||||||
|
|
||||||
|
Setup: [https://git.coopcloud.tech/coop-cloud/hedgedoc](https://git.coopcloud.tech/coop-cloud/hedgedoc)
|
||||||
|
|
||||||
|
## SKA Spezifische Konfiguration
|
||||||
|
|
||||||
|
Authentik SSO:
|
||||||
|
|
||||||
|
- Erstelle OAuth2 Provider
|
||||||
|
- wähle `default-provider-authorization-implicit-consent`
|
||||||
|
- Erstelle Application
|
||||||
|
- Start URL: <hedgedoc_domain>
|
||||||
|
|
||||||
|
Setze folgende Konfiguration mit `abra app YOURAPPDOMAIN config` und ersetze <authentik_domain> und <client_id>:
|
||||||
|
```
|
||||||
|
COMPOSE_FILE="$COMPOSE_FILE:compose.oauth.yml"
|
||||||
|
CMD_OAUTH2_PROVIDERNAME=local-it
|
||||||
|
CMD_OAUTH2_CLIENT_ID=<client_id>
|
||||||
|
CMD_OAUTH2_AUTHORIZATION_URL=https://<authentik_domain>/application/o/authorize/
|
||||||
|
CMD_OAUTH2_TOKEN_URL=https://<authentik_domain>/application/o/token/
|
||||||
|
CMD_OAUTH2_USER_PROFILE_URL=https://<authentik_domain>/application/o/userinfo/
|
||||||
|
CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR=preferred_username
|
||||||
|
CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR=name
|
||||||
|
CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR=email
|
||||||
|
CMD_OAUTH2_SCOPE="openid email profile"
|
||||||
|
|
||||||
|
SECRET_OAUTH_KEY_VERSION=v1
|
||||||
|
```
|
||||||
|
|
||||||
|
Füge das secret aus Authentik ein:
|
||||||
|
`abra app secret insert pad.kaputt.cloud oauth_key v1 <authentik_secret`
|
||||||
|
|
||||||
|
Weitere Optionen:
|
||||||
|
|
||||||
```
|
```
|
||||||
abra app new hedgedoc
|
CMD_ALLOW_ANONYMOUS=true
|
||||||
abra app config hedgedoc
|
CMD_ALLOW_FREEURL=true
|
||||||
# uncomment oauth config
|
CMD_COOKIE_POLICY=none
|
||||||
# and adjust settings
|
```
|
||||||
abra app secrets generate -A
|
|
||||||
# copy oauth secrets and create oauth provider in authentik
|
|
||||||
abra app deploy pad.example.org
|
|
||||||
```
|
|
||||||
|
|
Loading…
Reference in a new issue