website/docs: add air-gapped docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-10 11:28:20 +01:00 · 2021-11-10 11:28:20 +01:00 · 34fbf3941b
parent e73606b54d
commit 34fbf3941b
4 changed files with 43 additions and 6 deletions
--- a/website/docs/installation/air-gapped.md
+++ b/website/docs/installation/air-gapped.md
@ -0,0 +1,40 @@
+---
+title: Air-gapped environments
+---
+
+## Outbound connections
+
+By default, authentik creates outbound connections to the following URLs:
+
+- https://version.goauthentik.io: Periodic update check
+- https://goauthentik.io: Anonymous analytics on startup
+- https://secure.gravatar.com: Avatars for users
+- https://sentry.beryju.org: Error reporting
+
+To disable these outbound connections, set the following in your `.env` file:
+
+```
+AUTHENTIK_DISABLE_UPDATE_CHECK=true
+AUTHENTIK_ERROR_REPORTING__ENABLED=false
+AUTHENTIK_DISABLE_STARTUP_ANALYTICS=true
+AUTHENTIK_AVATARS=none
+```
+
+For a Helm-based install, set the following in your values.yaml file:
+
+```yaml
+authentik:
+    avatars: none
+    error_reporting:
+        enabled: false
+    disable_update_check: true
+    disable_startup_analytics: true
+```
+
+## Container images
+
+Container images can be pulled from the following URLs:
+
+- goauthentik.io/server (https://goauthentik.io)
+- ghcr.io/goauthentik/server (https://ghcr.io)
+- beryju/authentik (https://index.docker.io)
--- a/website/docs/installation/configuration.md
+++ b/website/docs/installation/configuration.md
@ -88,10 +88,6 @@ Disable the inbuilt update-checker. Defaults to `false`.

  Whether or not to send personal data, like usernames. Defaults to `false`.

-### AUTHENTIK_DISABLE_UPDATE_CHECK
-
-Optionally disable the update check. Defaults to `false`.
-
 ### AUTHENTIK_EMAIL

 - `AUTHENTIK_EMAIL__HOST`
@ -144,7 +140,7 @@ Optionally disable the update check. Defaults to `false`.
 Configure how authentik should show avatars for users. Following values can be set:

 - `none`: Disables per-user avatars and just shows a 1x1 pixel transparent picture
- `gravatar`: Uses gravatar with the user's email address
+- `gravatar`: Uses gravatar with the user's email address (default)
 - Any URL: If you want to use images hosted on another server, you can set any URL.

  Additionally, these placeholders can be used:
--- a/website/docs/installation/reverse-proxy.md
+++ b/website/docs/installation/reverse-proxy.md
@ -1,5 +1,5 @@
 ---
-title: authentik behind a reverse-proxy
+title: Reverse-proxy
 ---

 If you want to access authentik behind a reverse-proxy, use a config like this. It is important that Websocket is enabled, so that Outposts can connect.
--- a/website/sidebars.js
+++ b/website/sidebars.js
@ -26,6 +26,7 @@ module.exports = {
                "installation/configuration",
                "installation/reverse-proxy",
                "installation/automated-install",
+                "installation/air-gapped",
            ],
        },
        {