From 34fbf3941b75fe38ff2958ff93ee4c3def0f4e19 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Wed, 10 Nov 2021 11:28:20 +0100 Subject: [PATCH] website/docs: add air-gapped docs Signed-off-by: Jens Langhammer --- website/docs/installation/air-gapped.md | 40 ++++++++++++++++++++++ website/docs/installation/configuration.md | 6 +--- website/docs/installation/reverse-proxy.md | 2 +- website/sidebars.js | 1 + 4 files changed, 43 insertions(+), 6 deletions(-) create mode 100644 website/docs/installation/air-gapped.md diff --git a/website/docs/installation/air-gapped.md b/website/docs/installation/air-gapped.md new file mode 100644 index 000000000..bb14bda3b --- /dev/null +++ b/website/docs/installation/air-gapped.md @@ -0,0 +1,40 @@ +--- +title: Air-gapped environments +--- + +## Outbound connections + +By default, authentik creates outbound connections to the following URLs: + +- https://version.goauthentik.io: Periodic update check +- https://goauthentik.io: Anonymous analytics on startup +- https://secure.gravatar.com: Avatars for users +- https://sentry.beryju.org: Error reporting + +To disable these outbound connections, set the following in your `.env` file: + +``` +AUTHENTIK_DISABLE_UPDATE_CHECK=true +AUTHENTIK_ERROR_REPORTING__ENABLED=false +AUTHENTIK_DISABLE_STARTUP_ANALYTICS=true +AUTHENTIK_AVATARS=none +``` + +For a Helm-based install, set the following in your values.yaml file: + +```yaml +authentik: + avatars: none + error_reporting: + enabled: false + disable_update_check: true + disable_startup_analytics: true +``` + +## Container images + +Container images can be pulled from the following URLs: + +- goauthentik.io/server (https://goauthentik.io) +- ghcr.io/goauthentik/server (https://ghcr.io) +- beryju/authentik (https://index.docker.io) diff --git a/website/docs/installation/configuration.md b/website/docs/installation/configuration.md index b275b0ad0..30a3c3e8c 100644 --- a/website/docs/installation/configuration.md +++ b/website/docs/installation/configuration.md @@ -88,10 +88,6 @@ Disable the inbuilt update-checker. Defaults to `false`. Whether or not to send personal data, like usernames. Defaults to `false`. -### AUTHENTIK_DISABLE_UPDATE_CHECK - -Optionally disable the update check. Defaults to `false`. - ### AUTHENTIK_EMAIL - `AUTHENTIK_EMAIL__HOST` @@ -144,7 +140,7 @@ Optionally disable the update check. Defaults to `false`. Configure how authentik should show avatars for users. Following values can be set: - `none`: Disables per-user avatars and just shows a 1x1 pixel transparent picture -- `gravatar`: Uses gravatar with the user's email address +- `gravatar`: Uses gravatar with the user's email address (default) - Any URL: If you want to use images hosted on another server, you can set any URL. Additionally, these placeholders can be used: diff --git a/website/docs/installation/reverse-proxy.md b/website/docs/installation/reverse-proxy.md index 64b023adf..7bff17208 100644 --- a/website/docs/installation/reverse-proxy.md +++ b/website/docs/installation/reverse-proxy.md @@ -1,5 +1,5 @@ --- -title: authentik behind a reverse-proxy +title: Reverse-proxy --- If you want to access authentik behind a reverse-proxy, use a config like this. It is important that Websocket is enabled, so that Outposts can connect. diff --git a/website/sidebars.js b/website/sidebars.js index daca177e5..96a47ad94 100644 --- a/website/sidebars.js +++ b/website/sidebars.js @@ -26,6 +26,7 @@ module.exports = { "installation/configuration", "installation/reverse-proxy", "installation/automated-install", + "installation/air-gapped", ], }, {