update authentik und hedgedoc
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
parent
9d9c0cd0e7
commit
5a34ee5336
2 changed files with 36 additions and 59 deletions
|
@ -7,54 +7,4 @@ title: Single-Sign-On Provider
|
|||
[Authentik](https://goauthentik.io) ist unser Single-Sign-On (SSO) Provider und Identity Management.
|
||||
Alle Apps die per SSO angebunden werden sollen, müssen später in der Administrationsoberfläche konfiguriert werden.
|
||||
|
||||
```
|
||||
abra app new authentik
|
||||
abra app config <app_name>
|
||||
abra app secret insert <app_name> email_pass v1 <password>
|
||||
abra app secret generate -a <app_name>
|
||||
abra app deploy <app_name>
|
||||
abra app cmd <app_name> app set_admin_pass
|
||||
```
|
||||
|
||||
|
||||
## Theming
|
||||
|
||||
Platziere die Dateien `flow_background.jpg`, `icon_left_brand.svg` und `icon.png` in einem Ordner`./<assets>`.
|
||||
|
||||
Füge folgende Zeile zur Konfiguration hinzu:
|
||||
|
||||
```
|
||||
abra app config <app_name>
|
||||
COPY_ASSETS="flow_background.jpg|app:/web/dist/assets/images/ icon_left_brand.svg|app:/web/dist/assets/icons/ icon.png|app:/web/dist/assets/icons/"
|
||||
```
|
||||
|
||||
Nach jedem neuen deploy / upgrade führe folgenden Befehl aus:
|
||||
```
|
||||
abra app cmd -l <app_name> customize ./<assets>
|
||||
```
|
||||
|
||||
## Rotate Secrets
|
||||
|
||||
Inkrementiere die Secret Versionen
|
||||
```
|
||||
abra app config <app_name>
|
||||
SECRET_SECRET_KEY_VERSION=v2
|
||||
SECRET_DB_PASSWORD_VERSION=V2
|
||||
SECRET_ADMIN_TOKEN_VERSION=v2
|
||||
SECRET_ADMIN_PASS_VERSION=v2
|
||||
```
|
||||
|
||||
Aktualisiere die Secrets:
|
||||
|
||||
~~~
|
||||
abra app secret generate -a <app_name>
|
||||
abra app undeploy <app_name>
|
||||
abra app deploy <app_name>
|
||||
abra app cmd <app_name> db rotate_db_pass
|
||||
abra app cmd <app_name> app set_admin_pass
|
||||
abra app cmd -l <app_name> customize ./<assets>
|
||||
~~~
|
||||
|
||||
## Upgrade
|
||||
|
||||
TODO
|
||||
Setup: [https://git.coopcloud.tech/coop-cloud/authentik](https://git.coopcloud.tech/coop-cloud/authentik)
|
||||
|
|
|
@ -1,12 +1,39 @@
|
|||
# Hedgedoc
|
||||
|
||||
Setup: [https://git.coopcloud.tech/coop-cloud/hedgedoc](https://git.coopcloud.tech/coop-cloud/hedgedoc)
|
||||
|
||||
## SKA Spezifische Konfiguration
|
||||
|
||||
Authentik SSO:
|
||||
|
||||
- Erstelle OAuth2 Provider
|
||||
- wähle `default-provider-authorization-implicit-consent`
|
||||
- Erstelle Application
|
||||
- Start URL: <hedgedoc_domain>
|
||||
|
||||
Setze folgende Konfiguration mit `abra app YOURAPPDOMAIN config` und ersetze <authentik_domain> und <client_id>:
|
||||
```
|
||||
COMPOSE_FILE="$COMPOSE_FILE:compose.oauth.yml"
|
||||
CMD_OAUTH2_PROVIDERNAME=local-it
|
||||
CMD_OAUTH2_CLIENT_ID=<client_id>
|
||||
CMD_OAUTH2_AUTHORIZATION_URL=https://<authentik_domain>/application/o/authorize/
|
||||
CMD_OAUTH2_TOKEN_URL=https://<authentik_domain>/application/o/token/
|
||||
CMD_OAUTH2_USER_PROFILE_URL=https://<authentik_domain>/application/o/userinfo/
|
||||
CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR=preferred_username
|
||||
CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR=name
|
||||
CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR=email
|
||||
CMD_OAUTH2_SCOPE="openid email profile"
|
||||
|
||||
SECRET_OAUTH_KEY_VERSION=v1
|
||||
```
|
||||
|
||||
Füge das secret aus Authentik ein:
|
||||
`abra app secret insert pad.kaputt.cloud oauth_key v1 <authentik_secret`
|
||||
|
||||
Weitere Optionen:
|
||||
|
||||
```
|
||||
abra app new hedgedoc
|
||||
abra app config hedgedoc
|
||||
# uncomment oauth config
|
||||
# and adjust settings
|
||||
abra app secrets generate -A
|
||||
# copy oauth secrets and create oauth provider in authentik
|
||||
abra app deploy pad.example.org
|
||||
```
|
||||
CMD_ALLOW_ANONYMOUS=true
|
||||
CMD_ALLOW_FREEURL=true
|
||||
CMD_COOKIE_POLICY=none
|
||||
```
|
||||
|
|
Loading…
Reference in a new issue