website/docs: add air-gapped docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2021-11-10 11:28:20 +01:00
parent e73606b54d
commit 34fbf3941b
4 changed files with 43 additions and 6 deletions

View File

@ -0,0 +1,40 @@
---
title: Air-gapped environments
---
## Outbound connections
By default, authentik creates outbound connections to the following URLs:
- https://version.goauthentik.io: Periodic update check
- https://goauthentik.io: Anonymous analytics on startup
- https://secure.gravatar.com: Avatars for users
- https://sentry.beryju.org: Error reporting
To disable these outbound connections, set the following in your `.env` file:
```
AUTHENTIK_DISABLE_UPDATE_CHECK=true
AUTHENTIK_ERROR_REPORTING__ENABLED=false
AUTHENTIK_DISABLE_STARTUP_ANALYTICS=true
AUTHENTIK_AVATARS=none
```
For a Helm-based install, set the following in your values.yaml file:
```yaml
authentik:
avatars: none
error_reporting:
enabled: false
disable_update_check: true
disable_startup_analytics: true
```
## Container images
Container images can be pulled from the following URLs:
- goauthentik.io/server (https://goauthentik.io)
- ghcr.io/goauthentik/server (https://ghcr.io)
- beryju/authentik (https://index.docker.io)

View File

@ -88,10 +88,6 @@ Disable the inbuilt update-checker. Defaults to `false`.
Whether or not to send personal data, like usernames. Defaults to `false`.
### AUTHENTIK_DISABLE_UPDATE_CHECK
Optionally disable the update check. Defaults to `false`.
### AUTHENTIK_EMAIL
- `AUTHENTIK_EMAIL__HOST`
@ -144,7 +140,7 @@ Optionally disable the update check. Defaults to `false`.
Configure how authentik should show avatars for users. Following values can be set:
- `none`: Disables per-user avatars and just shows a 1x1 pixel transparent picture
- `gravatar`: Uses gravatar with the user's email address
- `gravatar`: Uses gravatar with the user's email address (default)
- Any URL: If you want to use images hosted on another server, you can set any URL.
Additionally, these placeholders can be used:

View File

@ -1,5 +1,5 @@
---
title: authentik behind a reverse-proxy
title: Reverse-proxy
---
If you want to access authentik behind a reverse-proxy, use a config like this. It is important that Websocket is enabled, so that Outposts can connect.

View File

@ -26,6 +26,7 @@ module.exports = {
"installation/configuration",
"installation/reverse-proxy",
"installation/automated-install",
"installation/air-gapped",
],
},
{