diff --git a/.github/cherry-pick-bot.yml b/.github/cherry-pick-bot.yml new file mode 100644 index 000000000..1f62315d7 --- /dev/null +++ b/.github/cherry-pick-bot.yml @@ -0,0 +1,2 @@ +enabled: true +preservePullRequestTitle: true diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 7fd3040fa..008c542ea 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -8,6 +8,8 @@ updates: open-pull-requests-limit: 10 commit-message: prefix: "ci:" + labels: + - dependencies - package-ecosystem: gomod directory: "/" schedule: @@ -16,11 +18,15 @@ updates: open-pull-requests-limit: 10 commit-message: prefix: "core:" + labels: + - dependencies - package-ecosystem: npm directory: "/web" schedule: interval: daily time: "04:00" + labels: + - dependencies open-pull-requests-limit: 10 commit-message: prefix: "web:" @@ -44,6 +50,8 @@ updates: open-pull-requests-limit: 10 commit-message: prefix: "website:" + labels: + - dependencies groups: docusaurus: patterns: @@ -56,6 +64,8 @@ updates: open-pull-requests-limit: 10 commit-message: prefix: "core:" + labels: + - dependencies - package-ecosystem: docker directory: "/" schedule: @@ -64,3 +74,5 @@ updates: open-pull-requests-limit: 10 commit-message: prefix: "core:" + labels: + - dependencies diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index 8c182f49b..9deccbc2e 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -1,23 +1,19 @@ ## Details -- **Does this resolve an issue?** - Resolves # + +REPLACE ME -### New Features - -- Adds feature which does x, y, and z. - -### Breaking Changes - -- Adds breaking change which causes \. +--- ## Checklist diff --git a/.github/workflows/publish-source-docs.yml b/.github/workflows/publish-source-docs.yml new file mode 100644 index 000000000..eb091bfaa --- /dev/null +++ b/.github/workflows/publish-source-docs.yml @@ -0,0 +1,25 @@ +name: authentik-publish-source-docs + +on: + push: + branches: + - main + +jobs: + publish-source-docs: + runs-on: ubuntu-latest + timeout-minutes: 120 + steps: + - uses: actions/checkout@v3 + - name: Setup authentik env + uses: ./.github/actions/setup + - name: generate docs + run: | + poetry run ak build_source_docs + - name: Publish + uses: netlify/actions/cli@master + with: + args: deploy --dir=source_docs --prod + env: + NETLIFY_SITE_ID: eb246b7b-1d83-4f69-89f7-01a936b4ca59 + NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_AUTH_TOKEN }} diff --git a/.gitignore b/.gitignore index f0e8bfb2d..17f1a196d 100644 --- a/.gitignore +++ b/.gitignore @@ -205,3 +205,4 @@ data/ # Local Netlify folder .netlify .ruff_cache +source_docs/ diff --git a/authentik/__init__.py b/authentik/__init__.py index 3add9502d..941d9e88b 100644 --- a/authentik/__init__.py +++ b/authentik/__init__.py @@ -1,4 +1,4 @@ -"""authentik""" +"""authentik root module""" from os import environ from typing import Optional diff --git a/authentik/core/management/commands/build_source_docs.py b/authentik/core/management/commands/build_source_docs.py new file mode 100644 index 000000000..1c69d5a5f --- /dev/null +++ b/authentik/core/management/commands/build_source_docs.py @@ -0,0 +1,21 @@ +"""Build source docs""" +from pathlib import Path + +from django.core.management.base import BaseCommand +from pdoc import pdoc +from pdoc.render import configure + + +class Command(BaseCommand): + """Build source docs""" + + def handle(self, **options): + configure( + docformat="markdown", + mermaid=True, + logo="https://goauthentik.io/img/icon_top_brand_colour.svg", + ) + pdoc( + "authentik", + output_directory=Path("./source_docs"), + ) diff --git a/authentik/core/models.py b/authentik/core/models.py index 72ede3d43..5eafdfd25 100644 --- a/authentik/core/models.py +++ b/authentik/core/models.py @@ -79,7 +79,7 @@ class UserTypes(models.TextChoices): class Group(SerializerModel): - """Custom Group model which supports a basic hierarchy""" + """Group model which supports a basic hierarchy and has attributes""" group_uuid = models.UUIDField(primary_key=True, editable=False, default=uuid4) @@ -148,15 +148,15 @@ class Group(SerializerModel): class UserManager(DjangoUserManager): - """Custom user manager that doesn't assign is_superuser and is_staff""" + """User manager that doesn't assign is_superuser and is_staff""" def create_user(self, username, email=None, password=None, **extra_fields): - """Custom user manager that doesn't assign is_superuser and is_staff""" + """User manager that doesn't assign is_superuser and is_staff""" return self._create_user(username, email, password, **extra_fields) class User(SerializerModel, GuardianUserMixin, AbstractUser): - """Custom User model to allow easier adding of user-based settings""" + """authentik User model, based on django's contrib auth user model.""" uuid = models.UUIDField(default=uuid4, editable=False, unique=True) name = models.TextField(help_text=_("User's display name.")) diff --git a/blueprints/default/flow-default-authentication-flow.yaml b/blueprints/default/flow-default-authentication-flow.yaml index bb5f6089c..47cf27863 100644 --- a/blueprints/default/flow-default-authentication-flow.yaml +++ b/blueprints/default/flow-default-authentication-flow.yaml @@ -51,6 +51,7 @@ entries: order: 20 stage: !KeyOf default-authentication-password target: !KeyOf flow + id: default-authentication-flow-password-binding model: authentik_flows.flowstagebinding - identifiers: order: 30 @@ -62,3 +63,18 @@ entries: stage: !KeyOf default-authentication-login target: !KeyOf flow model: authentik_flows.flowstagebinding +- model: authentik_policies_expression.expressionpolicy + id: default-authentication-flow-password-optional + identifiers: + name: default-authentication-flow-password-stage + attrs: + expression: | + flow_plan = request.context["flow_plan"] + # If the user does not have a backend attached to it, they haven't + # been authenticated yet and we need the password stage + return not hasattr(flow_plan.context["pending_user"], "backend") +- model: authentik_policies.policybinding + identifiers: + order: 10 + target: !KeyOf default-authentication-flow-password-binding + policy: !KeyOf default-authentication-flow-password-optional diff --git a/poetry.lock b/poetry.lock index 0d573a2a4..cc86dd907 100644 --- a/poetry.lock +++ b/poetry.lock @@ -1809,6 +1809,23 @@ pipfile-deprecated-finder = ["pip-shims (>=0.5.2)", "pipreqs", "requirementslib" plugins = ["setuptools"] requirements-deprecated-finder = ["pip-api", "pipreqs"] +[[package]] +name = "jinja2" +version = "3.1.2" +description = "A very fast and expressive template engine." +optional = false +python-versions = ">=3.7" +files = [ + {file = "Jinja2-3.1.2-py3-none-any.whl", hash = "sha256:6088930bfe239f0e6710546ab9c19c9ef35e29792895fed6e6e31a023a182a61"}, + {file = "Jinja2-3.1.2.tar.gz", hash = "sha256:31351a702a408a9e7595a8fc6150fc3f43bb6bf7e319770cbc0db9df9437e852"}, +] + +[package.dependencies] +MarkupSafe = ">=2.0" + +[package.extras] +i18n = ["Babel (>=2.7)"] + [[package]] name = "jsonpatch" version = "1.33" @@ -2101,6 +2118,65 @@ profiling = ["gprof2dot"] rtd = ["jupyter_sphinx", "mdit-py-plugins", "myst-parser", "pyyaml", "sphinx", "sphinx-copybutton", "sphinx-design", "sphinx_book_theme"] testing = ["coverage", "pytest", "pytest-cov", "pytest-regressions"] +[[package]] +name = "markupsafe" +version = "2.1.3" +description = "Safely add untrusted strings to HTML/XML markup." +optional = false +python-versions = ">=3.7" +files = [ + {file = "MarkupSafe-2.1.3-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:cd0f502fe016460680cd20aaa5a76d241d6f35a1c3350c474bac1273803893fa"}, + {file = "MarkupSafe-2.1.3-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:e09031c87a1e51556fdcb46e5bd4f59dfb743061cf93c4d6831bf894f125eb57"}, + {file = "MarkupSafe-2.1.3-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:68e78619a61ecf91e76aa3e6e8e33fc4894a2bebe93410754bd28fce0a8a4f9f"}, + {file = "MarkupSafe-2.1.3-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:65c1a9bcdadc6c28eecee2c119465aebff8f7a584dd719facdd9e825ec61ab52"}, + {file = "MarkupSafe-2.1.3-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:525808b8019e36eb524b8c68acdd63a37e75714eac50e988180b169d64480a00"}, + {file = "MarkupSafe-2.1.3-cp310-cp310-musllinux_1_1_aarch64.whl", hash = "sha256:962f82a3086483f5e5f64dbad880d31038b698494799b097bc59c2edf392fce6"}, + {file = "MarkupSafe-2.1.3-cp310-cp310-musllinux_1_1_i686.whl", hash = "sha256:aa7bd130efab1c280bed0f45501b7c8795f9fdbeb02e965371bbef3523627779"}, + {file = "MarkupSafe-2.1.3-cp310-cp310-musllinux_1_1_x86_64.whl", hash = "sha256:c9c804664ebe8f83a211cace637506669e7890fec1b4195b505c214e50dd4eb7"}, + {file = "MarkupSafe-2.1.3-cp310-cp310-win32.whl", hash = "sha256:10bbfe99883db80bdbaff2dcf681dfc6533a614f700da1287707e8a5d78a8431"}, + {file = "MarkupSafe-2.1.3-cp310-cp310-win_amd64.whl", hash = "sha256:1577735524cdad32f9f694208aa75e422adba74f1baee7551620e43a3141f559"}, + {file = "MarkupSafe-2.1.3-cp311-cp311-macosx_10_9_universal2.whl", hash = "sha256:ad9e82fb8f09ade1c3e1b996a6337afac2b8b9e365f926f5a61aacc71adc5b3c"}, + {file = "MarkupSafe-2.1.3-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:3c0fae6c3be832a0a0473ac912810b2877c8cb9d76ca48de1ed31e1c68386575"}, + {file = "MarkupSafe-2.1.3-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:b076b6226fb84157e3f7c971a47ff3a679d837cf338547532ab866c57930dbee"}, + {file = "MarkupSafe-2.1.3-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:bfce63a9e7834b12b87c64d6b155fdd9b3b96191b6bd334bf37db7ff1fe457f2"}, + {file = "MarkupSafe-2.1.3-cp311-cp311-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:338ae27d6b8745585f87218a3f23f1512dbf52c26c28e322dbe54bcede54ccb9"}, + {file = "MarkupSafe-2.1.3-cp311-cp311-musllinux_1_1_aarch64.whl", hash = "sha256:e4dd52d80b8c83fdce44e12478ad2e85c64ea965e75d66dbeafb0a3e77308fcc"}, + {file = "MarkupSafe-2.1.3-cp311-cp311-musllinux_1_1_i686.whl", hash = "sha256:df0be2b576a7abbf737b1575f048c23fb1d769f267ec4358296f31c2479db8f9"}, + {file = "MarkupSafe-2.1.3-cp311-cp311-musllinux_1_1_x86_64.whl", hash = "sha256:5bbe06f8eeafd38e5d0a4894ffec89378b6c6a625ff57e3028921f8ff59318ac"}, + {file = "MarkupSafe-2.1.3-cp311-cp311-win32.whl", hash = "sha256:dd15ff04ffd7e05ffcb7fe79f1b98041b8ea30ae9234aed2a9168b5797c3effb"}, + {file = "MarkupSafe-2.1.3-cp311-cp311-win_amd64.whl", hash = "sha256:134da1eca9ec0ae528110ccc9e48041e0828d79f24121a1a146161103c76e686"}, + {file = "MarkupSafe-2.1.3-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:8e254ae696c88d98da6555f5ace2279cf7cd5b3f52be2b5cf97feafe883b58d2"}, + {file = "MarkupSafe-2.1.3-cp37-cp37m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:cb0932dc158471523c9637e807d9bfb93e06a95cbf010f1a38b98623b929ef2b"}, + {file = "MarkupSafe-2.1.3-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:9402b03f1a1b4dc4c19845e5c749e3ab82d5078d16a2a4c2cd2df62d57bb0707"}, + {file = "MarkupSafe-2.1.3-cp37-cp37m-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:ca379055a47383d02a5400cb0d110cef0a776fc644cda797db0c5696cfd7e18e"}, + {file = "MarkupSafe-2.1.3-cp37-cp37m-musllinux_1_1_aarch64.whl", hash = "sha256:b7ff0f54cb4ff66dd38bebd335a38e2c22c41a8ee45aa608efc890ac3e3931bc"}, + {file = "MarkupSafe-2.1.3-cp37-cp37m-musllinux_1_1_i686.whl", hash = "sha256:c011a4149cfbcf9f03994ec2edffcb8b1dc2d2aede7ca243746df97a5d41ce48"}, + {file = "MarkupSafe-2.1.3-cp37-cp37m-musllinux_1_1_x86_64.whl", hash = "sha256:56d9f2ecac662ca1611d183feb03a3fa4406469dafe241673d521dd5ae92a155"}, + {file = "MarkupSafe-2.1.3-cp37-cp37m-win32.whl", hash = "sha256:8758846a7e80910096950b67071243da3e5a20ed2546e6392603c096778d48e0"}, + {file = "MarkupSafe-2.1.3-cp37-cp37m-win_amd64.whl", hash = "sha256:787003c0ddb00500e49a10f2844fac87aa6ce977b90b0feaaf9de23c22508b24"}, + {file = "MarkupSafe-2.1.3-cp38-cp38-macosx_10_9_universal2.whl", hash = "sha256:2ef12179d3a291be237280175b542c07a36e7f60718296278d8593d21ca937d4"}, + {file = "MarkupSafe-2.1.3-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:2c1b19b3aaacc6e57b7e25710ff571c24d6c3613a45e905b1fde04d691b98ee0"}, + {file = "MarkupSafe-2.1.3-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:8afafd99945ead6e075b973fefa56379c5b5c53fd8937dad92c662da5d8fd5ee"}, + {file = "MarkupSafe-2.1.3-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:8c41976a29d078bb235fea9b2ecd3da465df42a562910f9022f1a03107bd02be"}, + {file = "MarkupSafe-2.1.3-cp38-cp38-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:d080e0a5eb2529460b30190fcfcc4199bd7f827663f858a226a81bc27beaa97e"}, + {file = "MarkupSafe-2.1.3-cp38-cp38-musllinux_1_1_aarch64.whl", hash = "sha256:69c0f17e9f5a7afdf2cc9fb2d1ce6aabdb3bafb7f38017c0b77862bcec2bbad8"}, + {file = "MarkupSafe-2.1.3-cp38-cp38-musllinux_1_1_i686.whl", hash = "sha256:504b320cd4b7eff6f968eddf81127112db685e81f7e36e75f9f84f0df46041c3"}, + {file = "MarkupSafe-2.1.3-cp38-cp38-musllinux_1_1_x86_64.whl", hash = "sha256:42de32b22b6b804f42c5d98be4f7e5e977ecdd9ee9b660fda1a3edf03b11792d"}, + {file = "MarkupSafe-2.1.3-cp38-cp38-win32.whl", hash = "sha256:ceb01949af7121f9fc39f7d27f91be8546f3fb112c608bc4029aef0bab86a2a5"}, + {file = "MarkupSafe-2.1.3-cp38-cp38-win_amd64.whl", hash = "sha256:1b40069d487e7edb2676d3fbdb2b0829ffa2cd63a2ec26c4938b2d34391b4ecc"}, + {file = "MarkupSafe-2.1.3-cp39-cp39-macosx_10_9_universal2.whl", hash = "sha256:8023faf4e01efadfa183e863fefde0046de576c6f14659e8782065bcece22198"}, + {file = "MarkupSafe-2.1.3-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:6b2b56950d93e41f33b4223ead100ea0fe11f8e6ee5f641eb753ce4b77a7042b"}, + {file = "MarkupSafe-2.1.3-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:9dcdfd0eaf283af041973bff14a2e143b8bd64e069f4c383416ecd79a81aab58"}, + {file = "MarkupSafe-2.1.3-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:05fb21170423db021895e1ea1e1f3ab3adb85d1c2333cbc2310f2a26bc77272e"}, + {file = "MarkupSafe-2.1.3-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:282c2cb35b5b673bbcadb33a585408104df04f14b2d9b01d4c345a3b92861c2c"}, + {file = "MarkupSafe-2.1.3-cp39-cp39-musllinux_1_1_aarch64.whl", hash = "sha256:ab4a0df41e7c16a1392727727e7998a467472d0ad65f3ad5e6e765015df08636"}, + {file = "MarkupSafe-2.1.3-cp39-cp39-musllinux_1_1_i686.whl", hash = "sha256:7ef3cb2ebbf91e330e3bb937efada0edd9003683db6b57bb108c4001f37a02ea"}, + {file = "MarkupSafe-2.1.3-cp39-cp39-musllinux_1_1_x86_64.whl", hash = "sha256:0a4e4a1aff6c7ac4cd55792abf96c915634c2b97e3cc1c7129578aa68ebd754e"}, + {file = "MarkupSafe-2.1.3-cp39-cp39-win32.whl", hash = "sha256:fec21693218efe39aa7f8599346e90c705afa52c5b31ae019b2e57e8f6542bb2"}, + {file = "MarkupSafe-2.1.3-cp39-cp39-win_amd64.whl", hash = "sha256:3fd4abcb888d15a94f32b75d8fd18ee162ca0c064f35b11134be77050296d6ba"}, + {file = "MarkupSafe-2.1.3.tar.gz", hash = "sha256:af598ed32d6ae86f1b747b82783958b1a4ab8f617b06fe68795c7f026abbdcad"}, +] + [[package]] name = "maxminddb" version = "2.4.0" @@ -2363,13 +2439,13 @@ files = [ [[package]] name = "paramiko" -version = "3.2.0" +version = "3.3.1" description = "SSH2 protocol library" optional = false python-versions = ">=3.6" files = [ - {file = "paramiko-3.2.0-py3-none-any.whl", hash = "sha256:df0f9dd8903bc50f2e10580af687f3015bf592a377cd438d2ec9546467a14eb8"}, - {file = "paramiko-3.2.0.tar.gz", hash = "sha256:93cdce625a8a1dc12204439d45033f3261bdb2c201648cfcdc06f9fd0f94ec29"}, + {file = "paramiko-3.3.1-py3-none-any.whl", hash = "sha256:b7bc5340a43de4287bbe22fe6de728aa2c22468b2a849615498dd944c2f275eb"}, + {file = "paramiko-3.3.1.tar.gz", hash = "sha256:6a3777a961ac86dbef375c5f5b8d50014a1a96d0fd7f054a43bc880134b0ff77"}, ] [package.dependencies] @@ -2404,6 +2480,25 @@ files = [ {file = "pbr-5.11.1.tar.gz", hash = "sha256:aefc51675b0b533d56bb5fd1c8c6c0522fe31896679882e1c4c63d5e4a0fccb3"}, ] +[[package]] +name = "pdoc" +version = "14.0.0" +description = "API Documentation for Python Projects" +optional = false +python-versions = ">=3.8" +files = [ + {file = "pdoc-14.0.0-py3-none-any.whl", hash = "sha256:4514041ff5da33f1adbc700002a661600fc13a9adadef317bc6ae8be9e61154b"}, + {file = "pdoc-14.0.0.tar.gz", hash = "sha256:ad6c16c949e5dd8b30effc5398aedb5779ffe8ab94be91ce2cddc320e8127900"}, +] + +[package.dependencies] +Jinja2 = ">=2.11.0" +MarkupSafe = "*" +pygments = ">=2.12.0" + +[package.extras] +dev = ["black", "hypothesis", "mypy", "pygments (>=2.14.0)", "pytest", "pytest-cov", "pytest-timeout", "ruff", "tox", "types-pygments"] + [[package]] name = "platformdirs" version = "3.8.0" @@ -4211,4 +4306,4 @@ files = [ [metadata] lock-version = "2.0" python-versions = "^3.11" -content-hash = "ab00edcd235c1c92dad9a91ace11d50df4564297193683cca7aa2b207ca27be6" +content-hash = "79778342afa2970f75dec18fc3916c7569426bf7735ff554bf2e55e057931132" diff --git a/pyproject.toml b/pyproject.toml index 6cd144cf2..69b1a4a46 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -184,6 +184,7 @@ debugpy = "*" django-silk = "*" drf-jsonschema-serializer = "*" importlib-metadata = "*" +pdoc = "*" pylint = "*" pylint-django = "*" pyrad = "*" diff --git a/website/docs/core/architecture.md b/website/docs/core/architecture.md new file mode 100644 index 000000000..a6059cc86 --- /dev/null +++ b/website/docs/core/architecture.md @@ -0,0 +1,61 @@ +--- +title: Architecture +--- + +authentik consists of a handful of components, most of which are required for a functioning setup. + +```mermaid +graph LR + user(User) --> ak_server(authentik Server) + ak_server --> ak_server_core(authentik Server Core) + ak_server --> ak_outpost(Embedded outpost) + ak_server_core --> db(PostgreSQL) + ak_server_core --> cache(Redis) + ak_worker(Background Worker) --> db(PostgreSQL) + ak_worker(Background Worker) --> cache(Redis) +``` + +### Server + +The server container consists of two sub-components, the actual server itself and the embedded outpost. Incoming requests to the server container(s) are routed by a lightweight router to either the _Core_ server or the embedded outpost. This router also handles requests for any static assets such as JavaScript and CSS files. + +#### Core + +The core sub-component handles most of authentik's logic, such as API requests, flow executions, any kind of SSO requests, etc. + +#### Embedded outpost + +Similar to [other outposts](../outposts/index.mdx), this outposts allows using [Proxy providers](../providers/proxy/index.md) without deploying a separate outpost. + +#### Persistence + +- `/media` is used to store icons and such, but not required, and if not mounted, authentik will allow you to set a URL to icons in place of a file upload + +### Background Worker + +This container executes background tasks, such as sending emails, the event notification system, and everything you can see on the _System Tasks_ page in the frontend. + +#### Persistence + +- `/certs` is used for authentik to import external certs, which in most cases shouldn't be used for SAML, but rather if you use authentik without a reverse proxy, this can be used for example for the [Let's Encrypt integration](../core/certificates.md#lets-encrypt) +- `/templates` is used for [custom email templates](../flow/stages/email/index.mdx#custom-templates), and as with the other ones fully optional + +### PostgreSQL + +authentik uses PostgreSQL to store all of its configuration and other data (excluding uploaded files). + +#### Persistence + +- `/var/lib/postgresql/data` is used to store the PostgreSQL database + +On Kubernetes, with the default Helm chart and using the packaged PostgreSQL sub-chart, persistent data is stored in a PVC. + +### Redis + +authentik uses Redis as a message-queue and a cache. Data in Redis is not required to be persistent, however you should be aware that restarting Redis will cause the loss of all sessions. + +#### Persistence + +- `/data` is used to store the Redis data + +On Kubernetes, with the default Helm chart and using the packaged Redis sub-chart, persistent data is stored in a PVC. diff --git a/website/docs/installation/docker-compose.md b/website/docs/installation/docker-compose.md index 10b45b7ab..2cadeb41f 100644 --- a/website/docs/installation/docker-compose.md +++ b/website/docs/installation/docker-compose.md @@ -71,6 +71,13 @@ See [Configuration](../installation/configuration) to change the internal ports. ## Startup +:::warning +The server assumes to have local timezone as UTC. +All internals are handled in UTC; whenever a time is displayed to the user in UI, the time shown is localized. +Do not update or mount `/etc/timezone` or `/etc/localtime` in the authentik containers. +This will not give any advantages. It will cause problems with OAuth and SAML authentication, e.g. [see this GitHub issue](https://github.com/goauthentik/authentik/issues/3005). +::: + Afterwards, run these commands to finish: ```shell @@ -85,28 +92,3 @@ By default, authentik is reachable (by default) on port 9000 (HTTP) and port 944 To start the initial setup, navigate to `https://:9000/if/flow/initial-setup/`. There you are prompted to set a password for the akadmin user (the default user). - -## Explanation - -:::warning -The server assumes to have local timezone as UTC. -All internals are handled in UTC; whenever a time is displayed to the user in UI it gets localized. -Do not update or mount `/etc/timezone` or `/etc/localtime` in the authentik containers. -This will not give any advantages. -On the contrary, it will cause problems with OAuth and SAML authentication, -e.g. [see this GitHub issue](https://github.com/goauthentik/authentik/issues/3005). -::: - -The Docker-Compose project contains the following containers: - -- server - - This is the backend service, which does all the logic, plus runs the API and the SSO functionality. It also runs the frontend, hosts the JS/CSS files, and serves the files you've uploaded for icons/etc. - -- worker - - This container executes background tasks, everything you can see on the _System Tasks_ page in the frontend. - -- redis (for cache) - -- postgresql (default database) diff --git a/website/integrations/_template/service.md b/website/integrations/_template/service.md index 41abbcce5..58a9a1019 100644 --- a/website/integrations/_template/service.md +++ b/website/integrations/_template/service.md @@ -6,11 +6,9 @@ title: Service Name ## What is Service Name -From https://service.name - -:::note -Insert a quick overview of what Service Name is and what it does -::: +> Insert a quick overview of what Service Name is and what it does +> +> -- https://service.name ## Preparation diff --git a/website/integrations/services/apache-guacamole/index.mdx b/website/integrations/services/apache-guacamole/index.mdx index 5faf25ca0..6a140bfc6 100644 --- a/website/integrations/services/apache-guacamole/index.mdx +++ b/website/integrations/services/apache-guacamole/index.mdx @@ -6,11 +6,9 @@ title: Apache Guacamole™ ## What is Apache Guacamole™ -From https://guacamole.apache.org/ - -:::note -Apache Guacamole is a clientless remote desktop gateway. It supports standard protocols like VNC, RDP, and SSH. -::: +> Apache Guacamole is a clientless remote desktop gateway. It supports standard protocols like VNC, RDP, and SSH. +> +> -- https://guacamole.apache.org/ ## Preparation diff --git a/website/integrations/services/argocd/index.md b/website/integrations/services/argocd/index.md index dc92c9104..0460c66f5 100644 --- a/website/integrations/services/argocd/index.md +++ b/website/integrations/services/argocd/index.md @@ -6,11 +6,9 @@ title: ArgoCD ## What is ArgoCD -From https://argoproj.github.io/cd/ - -:::note -Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. -::: +> Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. +> +> -- https://argoproj.github.io/cd/ ## Preparation diff --git a/website/integrations/services/aws/index.md b/website/integrations/services/aws/index.md index 7ec0ec911..8993290ca 100644 --- a/website/integrations/services/aws/index.md +++ b/website/integrations/services/aws/index.md @@ -6,9 +6,9 @@ title: Amazon Web Services ## What is AWS -:::note -Amazon Web Services (AWS) is the world’s most comprehensive and broadly adopted cloud platform, offering over 175 fully featured services from data centers globally. Millions of customers—including the fastest-growing startups, largest enterprises, and leading government agencies—are using AWS to lower costs, become more agile, and innovate faster. -::: +> Amazon Web Services (AWS) is the world’s most comprehensive and broadly adopted cloud, with more than 200 fully featured services available from data centers globally. Millions of customers—including the fastest-growing startups, largest enterprises, and leading government agencies—are using AWS to lower costs, increase security, become more agile, and innovate faster. +> +> -- https://www.aboutamazon.com/what-we-do/amazon-web- ## Select your method diff --git a/website/integrations/services/awx-tower/index.md b/website/integrations/services/awx-tower/index.md index 1ffaa6e7c..59ae5161a 100644 --- a/website/integrations/services/awx-tower/index.md +++ b/website/integrations/services/awx-tower/index.md @@ -1,28 +1,28 @@ --- -title: Ansible Tower / AWX +title: Red Hat Ansible Automation Platform / AWX --- ## What is Tower -From https://docs.ansible.com/ansible/2.5/reference_appendices/tower.html +From + +> Red Hat Ansible Automation Platform (RHAAP) (formerly ‘AWX’) is a web-based solution that makes Ansible even more easy to use for IT teams of all kinds. It’s designed to be the hub for all of your automation tasks. +> +> Tower allows you to control access to who can access what, even allowing sharing of SSH credentials without someone being able to transfer those credentials. Inventory can be graphically managed or synced with a wide variety of cloud sources. It logs all of your jobs, integrates well with LDAP, and has an amazing browsable REST API. Command line tools are available for easy integration with Jenkins as well. Provisioning callbacks provide great support for autoscaling topologies. +> +> -- https://docs.ansible.com/ansible/latest/reference_appendices/tower.html :::note -Ansible Tower (formerly ‘AWX’) is a web-based solution that makes Ansible even more easy to use for IT teams of all kinds. It’s designed to be the hub for all of your automation tasks. - -Tower allows you to control access to who can access what, even allowing sharing of SSH credentials without someone being able to transfer those credentials. Inventory can be graphically managed or synced with a wide variety of cloud sources. It logs all of your jobs, integrates well with LDAP, and has an amazing browsable REST API. Command line tools are available for easy integration with Jenkins as well. Provisioning callbacks provide great support for autoscaling topologies. -::: - -:::note -AWX is the open-source version of Tower. The term "AWX" will be used interchangeably throughout this document. +AWX is the open-source version of RHAAP. The term "AWX" will be used interchangeably throughout this document. ::: ## Preparation The following placeholders will be used: -- `awx.company` is the FQDN of the AWX/Tower install. +- `awx.company` is the FQDN of the AWX/RHAAP install. - `authentik.company` is the FQDN of the authentik install. Create an application in authentik and note the slug, as this will be used later. Create a SAML provider with the following parameters: diff --git a/website/integrations/services/bookstack/index.md b/website/integrations/services/bookstack/index.md index 4e72efb81..0e7b76b96 100644 --- a/website/integrations/services/bookstack/index.md +++ b/website/integrations/services/bookstack/index.md @@ -6,11 +6,9 @@ title: Bookstack ## What is Bookstack -From https://en.wikipedia.org/wiki/BookStack - -:::note -BookStack is a free and open-source wiki software aimed for a simple, self-hosted, and easy-to-use platform. Based on Laravel, a PHP framework, BookStack is released under the MIT License. It uses the ideas of books to organise pages and store information. BookStack is multilingual and available in over thirty languages. For the simplicity, BookStack is considered as suitable for smaller businesses or freelancers. -::: +> BookStack is a free and open-source wiki software aimed for a simple, self-hosted, and easy-to-use platform. Based on Laravel, a PHP framework, BookStack is released under the MIT License. It uses the ideas of books to organise pages and store information. BookStack is multilingual and available in over thirty languages. For the simplicity, BookStack is considered as suitable for smaller businesses or freelancers. +> +> -- https://en.wikipedia.org/wiki/BookStack :::note This is based on authentik 2021.7.2 and BookStack V21.05.3. Instructions may differ between versions. diff --git a/website/integrations/services/budibase/index.md b/website/integrations/services/budibase/index.md index 052a80c09..0ffe1dc89 100644 --- a/website/integrations/services/budibase/index.md +++ b/website/integrations/services/budibase/index.md @@ -6,11 +6,9 @@ title: Budibase ## What is Budibase -From https://github.com/Budibase/budibase - -:::note -Budibase is an open source low-code platform, and the easiest way to build internal tools that improve productivity. -::: +> Budibase is an open source low-code platform, and the easiest way to build internal tools that improve productivity. +> +> -- https://github.com/Budibase/budibase ## Preparation diff --git a/website/integrations/services/dokuwiki/index.md b/website/integrations/services/dokuwiki/index.md index d3b9d988b..7b7e27e4c 100644 --- a/website/integrations/services/dokuwiki/index.md +++ b/website/integrations/services/dokuwiki/index.md @@ -8,9 +8,7 @@ title: DokuWiki From https://en.wikipedia.org/wiki/DokuWiki -:::note -DokuWiki is a wiki application licensed under GPLv2 and written in the PHP programming language. It works on plain text files and thus does not need a database. Its syntax is similar to the one used by MediaWiki. It is often recommended as a more lightweight, easier to customize alternative to MediaWiki. -::: +> DokuWiki is a wiki application licensed under GPLv2 and written in the PHP programming language. It works on plain text files and thus does not need a database. Its syntax is similar to the one used by MediaWiki. It is often recommended as a more lightweight, easier to customize alternative to MediaWiki. ## Preparation diff --git a/website/integrations/services/firezone/index.md b/website/integrations/services/firezone/index.md index a439e1dd7..553884e7d 100644 --- a/website/integrations/services/firezone/index.md +++ b/website/integrations/services/firezone/index.md @@ -6,12 +6,10 @@ title: Firezone ## What is Firezone -From https://www.firezone.dev - -:::note -Firezone is an open-source remote access platform built on WireGuard?, a modern VPN protocol that's 4-6x faster than OpenVPN. -Deploy on your infrastructure and start onboarding users in minutes. -::: +> Firezone is an open-source remote access platform built on WireGuard?, a modern VPN protocol that's 4-6x faster than OpenVPN. +> Deploy on your infrastructure and start onboarding users in minutes. +> +> -- https://www.firezone.dev ## Preparation diff --git a/website/integrations/services/fortimanager/index.md b/website/integrations/services/fortimanager/index.md index 2fff408c6..2fec73252 100644 --- a/website/integrations/services/fortimanager/index.md +++ b/website/integrations/services/fortimanager/index.md @@ -6,13 +6,11 @@ title: FortiManager ## What is FortiManager -From https://www.fortinet.com/products/management/fortimanager - -:::note -FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches. - -FortiManager is a paid enterprise product. -::: +> FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches. +> +> FortiManager is a paid enterprise product. +> +> -- https://www.fortinet.com/products/management/fortimanager ## Preparation diff --git a/website/integrations/services/gitea/index.md b/website/integrations/services/gitea/index.md index 400c0222d..e6ba01c99 100644 --- a/website/integrations/services/gitea/index.md +++ b/website/integrations/services/gitea/index.md @@ -6,11 +6,9 @@ title: Gitea ## What is Gitea -From https://gitea.io/ - -:::note -Gitea is a community managed lightweight code hosting solution written in Go. It is published under the MIT license. -::: +> Gitea is a community managed lightweight code hosting solution written in Go. It is published under the MIT license. +> +> -- https://gitea.io/ :::note This is based on authentik 2022.10.1 and Gitea 1.17.3 installed using the official docker image [https://docs.gitea.io/en-us/install-with-docker/](https://docs.gitea.io/en-us/install-with-docker/). Instructions may differ between versions. diff --git a/website/integrations/services/github-enterprise-cloud/index.md b/website/integrations/services/github-enterprise-cloud/index.md index 066fd9937..972968f82 100644 --- a/website/integrations/services/github-enterprise-cloud/index.md +++ b/website/integrations/services/github-enterprise-cloud/index.md @@ -6,11 +6,9 @@ title: GitHub Enterprise Cloud ## What is GitHub Enterprise Cloud -From https://docs.github.com/en/enterprise-cloud@latest/admin/overview/about-github-for-enterprises - -:::note -GitHub is a complete developer platform to build, scale, and deliver secure software. Businesses use our suite of products to support the entire software development lifecycle, increasing development velocity and improving code quality. -::: +> GitHub is a complete developer platform to build, scale, and deliver secure software. Businesses use our suite of products to support the entire software development lifecycle, increasing development velocity and improving code quality. +> +> -- https://docs.github.com/en/enterprise-cloud@latest/admin/overview/about-github-for-enterprises :::note GitHub Enterprise Cloud EMU (Enterprise Managed Users) are not compatible with authentik. GitHub currently only permits SAML/OIDC for EMU organizations with Okta and/or Azure AD. diff --git a/website/integrations/services/github-enterprise-server/index.md b/website/integrations/services/github-enterprise-server/index.md index 44fef5323..6b8fcb2d1 100644 --- a/website/integrations/services/github-enterprise-server/index.md +++ b/website/integrations/services/github-enterprise-server/index.md @@ -6,11 +6,9 @@ title: GitHub Enterprise Server ## What is GitHub Enterprise Server -From https://docs.github.com/en/enterprise-server@3.5/admin/overview/about-github-enterprise-server - -:::note -GitHub Enterprise Server is a self-hosted platform for software development within your enterprise. Your team can use GitHub Enterprise Server to build and ship software using Git version control, powerful APIs, productivity and collaboration tools, and integrations. Developers familiar with GitHub.com can onboard and contribute seamlessly using familiar features and workflows. -::: +> GitHub Enterprise Server is a self-hosted platform for software development within your enterprise. Your team can use GitHub Enterprise Server to build and ship software using Git version control, powerful APIs, productivity and collaboration tools, and integrations. Developers familiar with GitHub.com can onboard and contribute seamlessly using familiar features and workflows. +> +> -- https://docs.github.com/en/enterprise-server@3.5/admin/overview/about-github-enterprise-server ## Preparation diff --git a/website/integrations/services/github-organization/index.md b/website/integrations/services/github-organization/index.md index 0ace3b5b1..edaf83c39 100644 --- a/website/integrations/services/github-organization/index.md +++ b/website/integrations/services/github-organization/index.md @@ -6,11 +6,9 @@ title: GitHub Organization ## What is GitHub Organizations -From https://docs.github.com/en/organizations/collaborating-with-groups-in-organizations/about-organizations - -:::note -Organizations are shared accounts where businesses and open-source projects can collaborate across many projects at once, with sophisticated security and administrative features. -::: +> Organizations are shared accounts where businesses and open-source projects can collaborate across many projects at once, with sophisticated security and administrative features. +> +> -- https://docs.github.com/en/organizations/collaborating-with-groups-in-organizations/about-organizations ## Preparation diff --git a/website/integrations/services/gitlab/index.md b/website/integrations/services/gitlab/index.md index 0015330f1..f2ec3b88a 100644 --- a/website/integrations/services/gitlab/index.md +++ b/website/integrations/services/gitlab/index.md @@ -6,11 +6,9 @@ title: GitLab ## What is GitLab -From https://about.gitlab.com/what-is-gitlab/ - -:::note -GitLab is a complete DevOps platform, delivered as a single application. This makes GitLab unique and makes Concurrent DevOps possible, unlocking your organization from the constraints of a pieced together toolchain. Join us for a live Q&A to learn how GitLab can give you unmatched visibility and higher levels of efficiency in a single application across the DevOps lifecycle. -::: +> GitLab is a complete DevOps platform, delivered as a single application. This makes GitLab unique and makes Concurrent DevOps possible, unlocking your organization from the constraints of a pieced together toolchain. Join us for a live Q&A to learn how GitLab can give you unmatched visibility and higher levels of efficiency in a single application across the DevOps lifecycle. +> +> -- https://about.gitlab.com/what-is-gitlab/ ## Preparation diff --git a/website/integrations/services/google/index.md b/website/integrations/services/google/index.md index 8f8e8b159..2dfad4a19 100644 --- a/website/integrations/services/google/index.md +++ b/website/integrations/services/google/index.md @@ -6,11 +6,9 @@ title: Google Workspace ## What is Google Workspace -From https://en.wikipedia.org/wiki/Google_Workspace - -:::note -Google Workspace is a collection of cloud computing, productivity and collaboration tools, software and products developed and marketed by Google. -::: +> Google Workspace is a collection of cloud computing, productivity and collaboration tools, software and products developed and marketed by Google. +> +> -- https://en.wikipedia.org/wiki/Google_Workspace ## Preparation diff --git a/website/integrations/services/grafana/index.mdx b/website/integrations/services/grafana/index.mdx index fe70f08fd..f5274d0f4 100644 --- a/website/integrations/services/grafana/index.mdx +++ b/website/integrations/services/grafana/index.mdx @@ -6,11 +6,9 @@ title: Grafana ## What is Grafana -From https://en.wikipedia.org/wiki/Grafana - -:::note -Grafana is a multi-platform open source analytics and interactive visualization web application. It provides charts, graphs, and alerts for the web when connected to supported data sources, Grafana Enterprise version with additional capabilities is also available. It is expandable through a plug-in system. -::: +> Grafana is a multi-platform open source analytics and interactive visualization web application. It provides charts, graphs, and alerts for the web when connected to supported data sources, Grafana Enterprise version with additional capabilities is also available. It is expandable through a plug-in system. +> +> -- https://en.wikipedia.org/wiki/Grafana ## Preparation diff --git a/website/integrations/services/gravitee/index.md b/website/integrations/services/gravitee/index.md index 3f1e9f83f..9e16190f9 100644 --- a/website/integrations/services/gravitee/index.md +++ b/website/integrations/services/gravitee/index.md @@ -6,13 +6,11 @@ title: Gravitee ## What is Gravitee -From https://github.com/gravitee-io/gravitee-api-management - -:::note -Gravitee.io API Management is a flexible, lightweight and blazing-fast Open Source solution that helps your organization control who, when and how users access your APIs. -::: - -It offers an easy to use GUI to setup proxies for APIs, rate limiting, api keys, caching, OAUTH rules, a portal that can be opened to the public for people to subscribe to APIs, and much more. +> Gravitee.io API Management is a flexible, lightweight and blazing-fast Open Source solution that helps your organization control who, when and how users access your APIs. +> +> It offers an easy to use GUI to setup proxies for APIs, rate limiting, api keys, caching, OAUTH rules, a portal that can be opened to the public for people to subscribe to APIs, and much more. +> +> -- https://github.com/gravitee-io/gravitee-api-management ## Preparation diff --git a/website/integrations/services/harbor/index.md b/website/integrations/services/harbor/index.md index cf9000349..9f8232e77 100644 --- a/website/integrations/services/harbor/index.md +++ b/website/integrations/services/harbor/index.md @@ -6,11 +6,9 @@ title: Harbor ## What is Harbor -From https://goharbor.io - -:::note -Harbor is an open source container image registry that secures images with role-based access control, scans images for vulnerabilities, and signs images as trusted. A CNCF Graduated project, Harbor delivers compliance, performance, and interoperability to help you consistently and securely manage images across cloud native compute platforms like Kubernetes and Docker. -::: +> Harbor is an open source container image registry that secures images with role-based access control, scans images for vulnerabilities, and signs images as trusted. A CNCF Graduated project, Harbor delivers compliance, performance, and interoperability to help you consistently and securely manage images across cloud native compute platforms like Kubernetes and Docker. +> +> -- https://goharbor.io ## Preparation diff --git a/website/integrations/services/hashicorp-cloud/index.md b/website/integrations/services/hashicorp-cloud/index.md index 587baa0bd..ee3f19c66 100644 --- a/website/integrations/services/hashicorp-cloud/index.md +++ b/website/integrations/services/hashicorp-cloud/index.md @@ -6,11 +6,9 @@ title: HashiCorp Cloud Platform ## What is HashiCorp Cloud -From https://cloud.hashicorp.com/ - -:::note -HashiCorp Cloud Platform is a fully managed platform for Terraform, Vault, Consul, and more. -::: +> HashiCorp Cloud Platform is a fully managed platform for Terraform, Vault, Consul, and more. +> +> -- https://cloud.hashicorp.com/ ## Preparation diff --git a/website/integrations/services/hashicorp-vault/index.md b/website/integrations/services/hashicorp-vault/index.md index e778bbddf..12deca58b 100644 --- a/website/integrations/services/hashicorp-vault/index.md +++ b/website/integrations/services/hashicorp-vault/index.md @@ -6,11 +6,9 @@ title: Hashicorp Vault ## What is Vault -From https://vaultproject.io - -:::note -Secure, store and tightly control access to tokens, passwords, certificates, encryption keys for protecting secrets and other sensitive data using a UI, CLI, or HTTP API. -::: +> Secure, store and tightly control access to tokens, passwords, certificates, encryption keys for protecting secrets and other sensitive data using a UI, CLI, or HTTP API. +> +> -- https://vaultproject.io :::note This is based on authentik 2022.2.1 and Vault 1.9.3. Instructions may differ between versions. This guide does not cover vault policies. See https://learn.hashicorp.com/tutorials/vault/oidc-auth?in=vault/auth-methods for a more in depth vault guide diff --git a/website/integrations/services/hedgedoc/index.md b/website/integrations/services/hedgedoc/index.md index f2217d344..9645dd48f 100644 --- a/website/integrations/services/hedgedoc/index.md +++ b/website/integrations/services/hedgedoc/index.md @@ -6,11 +6,9 @@ title: HedgeDoc ## What is HedgeDoc -From https://github.com/hedgedoc/hedgedoc - -:::note -HedgeDoc lets you create real-time collaborative markdown notes. -::: +> HedgeDoc lets you create real-time collaborative markdown notes. +> +> -- https://github.com/hedgedoc/hedgedoc ## Preparation diff --git a/website/integrations/services/home-assistant/index.md b/website/integrations/services/home-assistant/index.md index f95183283..836eb2e4b 100644 --- a/website/integrations/services/home-assistant/index.md +++ b/website/integrations/services/home-assistant/index.md @@ -6,11 +6,9 @@ title: Home-Assistant ## What is Home-Assistant -From https://www.home-assistant.io/ - -:::note -Open source home automation that puts local control and privacy first. Powered by a worldwide community of tinkerers and DIY enthusiasts. Perfect to run on a Raspberry Pi or a local server. -::: +> Open source home automation that puts local control and privacy first. Powered by a worldwide community of tinkerers and DIY enthusiasts. Perfect to run on a Raspberry Pi or a local server. +> +> -- https://www.home-assistant.io/ :::caution You might run into CSRF errors, this is caused by a technology Home-assistant uses and not authentik, see [this GitHub issue](https://github.com/goauthentik/authentik/issues/884#issuecomment-851542477). diff --git a/website/integrations/services/jellyfin/index.md b/website/integrations/services/jellyfin/index.md index 6db9b0697..c92e21f52 100644 --- a/website/integrations/services/jellyfin/index.md +++ b/website/integrations/services/jellyfin/index.md @@ -6,11 +6,9 @@ title: Jellyfin ## What is Jellyfin -From https://jellyfin.org - -:::note -Jellyfin is a free and open source media management and streaming platform for movies, TV shows, and music. -::: +> Jellyfin is a free and open source media management and streaming platform for movies, TV shows, and music. +> +> -- https://jellyfin.org :::note Jellyfin does not have any native external authentication support as of the writing of this page. diff --git a/website/integrations/services/kimai/index.md b/website/integrations/services/kimai/index.md index 632289dde..d5ff47a97 100644 --- a/website/integrations/services/kimai/index.md +++ b/website/integrations/services/kimai/index.md @@ -6,11 +6,9 @@ title: Kimai ## What is Kimai -From https://www.kimai.org/about/ - -:::note -Kimai is a free & open source timetracker. It tracks work time and prints out a summary of your activities on demand. Yearly, monthly, daily, by customer, by project … Its simplicity is its strength. Due to Kimai's browser based interface it runs cross-platform, even on your mobile device. -::: +> Kimai is a free & open source timetracker. It tracks work time and prints out a summary of your activities on demand. Yearly, monthly, daily, by customer, by project … Its simplicity is its strength. Due to Kimai's browser based interface it runs cross-platform, even on your mobile device. +> +> -- https://www.kimai.org/about/ ## Preparation diff --git a/website/integrations/services/mastodon/index.md b/website/integrations/services/mastodon/index.md index 6d74cae9f..9766636ec 100644 --- a/website/integrations/services/mastodon/index.md +++ b/website/integrations/services/mastodon/index.md @@ -6,10 +6,9 @@ title: Mastodon ## What is Mastodon -From https://joinmastodon.org/ -:::note -Mastodon is free and open-source software for running self-hosted social networking services. It has microblogging features similar to Twitter -::: +> Mastodon is free and open-source software for running self-hosted social networking services. It has microblogging features similar to Twitter +> +> -- https://joinmastodon.org/ ## Preparation diff --git a/website/integrations/services/matrix-synapse/index.md b/website/integrations/services/matrix-synapse/index.md index b07c4a9e4..88bcdf6aa 100644 --- a/website/integrations/services/matrix-synapse/index.md +++ b/website/integrations/services/matrix-synapse/index.md @@ -6,12 +6,9 @@ title: Matrix Synapse ## What is Matrix Synapse -From https://matrix.org/ - -:::note -Matrix is an open source project that publishes the Matrix open standard for secure, decentralised, real-time communication, and its Apache licensed -reference implementations. -::: +> Matrix is an open source project that publishes the Matrix open standard for secure, decentralised, real-time communication, and its Apache licensed reference implementations. +> +> -- https://matrix.org/ ## Preparation diff --git a/website/integrations/services/minio/index.md b/website/integrations/services/minio/index.md index 59632c037..11c664186 100644 --- a/website/integrations/services/minio/index.md +++ b/website/integrations/services/minio/index.md @@ -6,11 +6,9 @@ title: MinIO ## What is MinIO -From https://en.wikipedia.org/wiki/MinIO - -:::note -MinIO is an Amazon S3 compatible object storage suite capable of handling structured and unstructured data including log files, artifacts, backups, container images, photos and videos. The current maximum supported object size is 5TB. -::: +> MinIO is an Amazon S3 compatible object storage suite capable of handling structured and unstructured data including log files, artifacts, backups, container images, photos and videos. The current maximum supported object size is 5TB. +> +> -- https://en.wikipedia.org/wiki/MinIO ## Preparation diff --git a/website/integrations/services/mobilizon/index.md b/website/integrations/services/mobilizon/index.md index ff1e18913..60afddac9 100644 --- a/website/integrations/services/mobilizon/index.md +++ b/website/integrations/services/mobilizon/index.md @@ -6,10 +6,9 @@ title: Mobilizon ## What is Mobilizon -From https://joinmobilizon.org/ -:::note -Gather, organize and mobilize yourselves with a convivial, ethical, and emancipating tool. https://joinmobilizon.org -::: +> Gather, organize and mobilize yourselves with a convivial, ethical, and emancipating tool. https://joinmobilizon.org +> +> -- https://joinmobilizon.org/ ## Preparation diff --git a/website/integrations/services/netbox/index.md b/website/integrations/services/netbox/index.md index 38af02816..5f934f745 100644 --- a/website/integrations/services/netbox/index.md +++ b/website/integrations/services/netbox/index.md @@ -6,11 +6,9 @@ title: NetBox ## What is NetBox -From https://github.com/netbox-community/netbox - -:::note -NetBox is the leading solution for modeling and documenting modern networks. -::: +> NetBox is the leading solution for modeling and documenting modern networks. +> +> -- https://github.com/netbox-community/netbox ## Preparation diff --git a/website/integrations/services/nextcloud/index.md b/website/integrations/services/nextcloud/index.md index a5674a251..d052f8ca7 100644 --- a/website/integrations/services/nextcloud/index.md +++ b/website/integrations/services/nextcloud/index.md @@ -6,11 +6,9 @@ title: Nextcloud ## What is Nextcloud -From https://en.wikipedia.org/wiki/Nextcloud - -:::note -Nextcloud is a suite of client-server software for creating and using file hosting services. Nextcloud is free and open-source, which means that anyone is allowed to install and operate it on their own private server devices. -::: +> Nextcloud is a suite of client-server software for creating and using file hosting services. Nextcloud is free and open-source, which means that anyone is allowed to install and operate it on their own private server devices. +> +> -- https://en.wikipedia.org/wiki/Nextcloud :::caution This setup only works, when Nextcloud is running with HTTPS enabled. See [here](https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/reverse_proxy_configuration.html?highlight=overwriteprotocol#overwrite-parameters) on how to configure this. diff --git a/website/integrations/services/node-red/index.md b/website/integrations/services/node-red/index.md index 7dc02cf96..011905f71 100644 --- a/website/integrations/services/node-red/index.md +++ b/website/integrations/services/node-red/index.md @@ -6,13 +6,11 @@ title: Node-RED ## What is Node-RED -From https://nodered.org/ - -:::note -Node-RED is a programming tool for wiring together hardware devices, APIs and online services in new and interesting ways. - -It provides a browser-based editor that makes it easy to wire together flows using the wide range of nodes in the palette that can be deployed to its runtime in a single-click. -::: +> Node-RED is a programming tool for wiring together hardware devices, APIs and online services in new and interesting ways. +> +> It provides a browser-based editor that makes it easy to wire together flows using the wide range of nodes in the palette that can be deployed to its runtime in a single-click. +> +> -- https://nodered.org/ :::caution This requires modification of the Node-RED settings.js and installing additional Passport-js packages, see [Securing Node-RED](https://nodered.org/docs/user-guide/runtime/securing-node-red#oauthopenid-based-authentication) documentation for further details. diff --git a/website/integrations/services/onlyoffice/index.md b/website/integrations/services/onlyoffice/index.md index 237f39de7..4537e41ef 100644 --- a/website/integrations/services/onlyoffice/index.md +++ b/website/integrations/services/onlyoffice/index.md @@ -6,11 +6,9 @@ title: OnlyOffice ## What is OnlyOffice -From https://en.wikipedia.org/wiki/OnlyOffice - -:::note -OnlyOffice, stylized as ONLYOFFICE, is a free software office suite developed by Ascensio System SIA, a company headquartered in Riga, Latvia. It features online document editors, platform for document management, corporate communication, mail and project management tools -::: +> OnlyOffice, stylized as ONLYOFFICE, is a free software office suite developed by Ascensio System SIA, a company headquartered in Riga, Latvia. It features online document editors, platform for document management, corporate communication, mail and project management tools +> +> -- https://en.wikipedia.org/wiki/OnlyOffice :::note This is based on authentik 2021.10.4 and OnlyOffice 11.5.4.1582. Instructions may differ between versions. diff --git a/website/integrations/services/opnsense/index.md b/website/integrations/services/opnsense/index.md index 4af5f8a0a..e2aa81ab7 100644 --- a/website/integrations/services/opnsense/index.md +++ b/website/integrations/services/opnsense/index.md @@ -6,11 +6,9 @@ title: OPNsense ## What is OPNsense -From https://opnsense.org/ - -:::note -OPNsense is a free and Open-Source FreeBSD-based firewall and routing software. It is licensed under an Open Source Initiative approved license. -::: +> OPNsense is a free and Open-Source FreeBSD-based firewall and routing software. It is licensed under an Open Source Initiative approved license. +> +> -- https://opnsense.org/ :::note This is based on authentik 2022.4.1 and OPNsense 22.1.6-amd64 installed using https://docs.opnsense.org/manual/install.html. Instructions may differ between versions. diff --git a/website/integrations/services/oracle-cloud/index.md b/website/integrations/services/oracle-cloud/index.md index 403c645f6..e65a5d6ab 100644 --- a/website/integrations/services/oracle-cloud/index.md +++ b/website/integrations/services/oracle-cloud/index.md @@ -6,11 +6,9 @@ title: Oracle Cloud ## What is Oracle Cloud -From https://www.oracle.com/cloud/ - -:::note -Oracle Cloud is the first public cloud built from the ground up to be a better cloud for every application. By rethinking core engineering and systems design for cloud computing, we created innovations that accelerate migrations, deliver better reliability and performance for all applications, and offer the complete services customers need to build innovative cloud applications. -::: +> Oracle Cloud is the first public cloud built from the ground up to be a better cloud for every application. By rethinking core engineering and systems design for cloud computing, we created innovations that accelerate migrations, deliver better reliability and performance for all applications, and offer the complete services customers need to build innovative cloud applications. +> +> -- https://www.oracle.com/cloud/ ## Preparation diff --git a/website/integrations/services/organizr/index.md b/website/integrations/services/organizr/index.md index 91dfdde42..5b93dcf5a 100644 --- a/website/integrations/services/organizr/index.md +++ b/website/integrations/services/organizr/index.md @@ -6,11 +6,10 @@ title: organizr ## What is organizr -From https://github.com/causefx/Organizr +> Organizr allows you to setup "Tabs" that will be loaded all in one webpage. +> +> -- https://github.com/causefx/Organizr -:::note -Organizr allows you to setup "Tabs" that will be loaded all in one webpage. -::: This integration leverages authentik's LDAP for the identity provider to achieve an SSO experience. See [ldap provider generic setup](../../../docs/providers/ldap/generic_setup) for setting up the LDAP provider. ## Preparation @@ -40,7 +39,7 @@ _Optionally_, create a new group like `organizr users` to scope access to the or _Optionally_, bind the group to control access to the organizr to the application. ![](./organizr4.png) -![](./organizr5.png) +![](./organizr5.png) ::: 3. Add the Application to the authentik Embedded Outpost. ## organizr Configuration @@ -51,24 +50,24 @@ Ensure any local usernames/email addresses in organizr do not conflict with user 1. Enable Auth Proxy in organizr _system settings_ -> _main_ -> _Auth Proxy_ -Auth Proxy Header Name: `X-authentik-username` - Auth Proxy Whitelist: _your network subnet in CIDR notation IE_ `10.0.0.0/8` - Auth Proxy Header Name for Email: `X-authentik-email` - Logout URL: `/outpost.goauthentik.io/sign_out` - ![](./organizr6.png) +Auth Proxy Header Name: `X-authentik-username` +Auth Proxy Whitelist: _your network subnet in CIDR notation IE_ `10.0.0.0/8` +Auth Proxy Header Name for Email: `X-authentik-email` +Logout URL: `/outpost.goauthentik.io/sign_out` +![](./organizr6.png) 2. Setup Authentication in organizr _system settings_ -> _main_ -> _Authentication_ -Authentication Type: `Organizr DB + Backend` - Authentication Backend: `Ldap` - Host Address: `` - Host Base DN: `dc=ldap,dc=goauthentik,dc=io` - Account Prefix: `cn=` - Account Suffix: `,ou=users,dc=ldap,dc=goauthentik,dc=io` - Bind Username: `cn=ldapservice,ou=users,dc=ldap,dc=goauthentik,dc=io` - Bind Password: `` - LDAP Backend Type: `OpenLDAP` - ![](./organizr7.png) +Authentication Type: `Organizr DB + Backend` +Authentication Backend: `Ldap` +Host Address: `` +Host Base DN: `dc=ldap,dc=goauthentik,dc=io` +Account Prefix: `cn=` +Account Suffix: `,ou=users,dc=ldap,dc=goauthentik,dc=io` +Bind Username: `cn=ldapservice,ou=users,dc=ldap,dc=goauthentik,dc=io` +Bind Password: `` +LDAP Backend Type: `OpenLDAP` +![](./organizr7.png) :::info Access for authentik users is managed locally within organizr under _User Management_. By default, new users are assigned the `User` group. diff --git a/website/integrations/services/paperless-ng/index.md b/website/integrations/services/paperless-ng/index.md index f7672470b..c482ab639 100644 --- a/website/integrations/services/paperless-ng/index.md +++ b/website/integrations/services/paperless-ng/index.md @@ -6,11 +6,9 @@ title: Paperless-ng ## What is Paperless-ng -Modified from https://github.com/jonaswinkler/paperless-ng - -:::note -Paperless-ng is an application that indexes your scanned documents and allows you to easily search for documents and store metadata alongside your documents. It was a fork from the original Paperless that is no longer maintained. -::: +> Paperless-ng is an application that indexes your scanned documents and allows you to easily search for documents and store metadata alongside your documents. It was a fork from the original Paperless that is no longer maintained. +> +> -- https://github.com/jonaswinkler/paperless-ng :::caution This setup uses HTTP headers to log you in simply by providing your username as a header. Your authentik username and Paperless username MUST match. If you intend for this to be accessed externally, this requires careful setup of your reverse proxy server to not forward these headers from other sources. diff --git a/website/integrations/services/pfsense/index.md b/website/integrations/services/pfsense/index.md index 5e523239d..dd4003d2e 100644 --- a/website/integrations/services/pfsense/index.md +++ b/website/integrations/services/pfsense/index.md @@ -6,11 +6,9 @@ title: pfSense ## What is pfSense -From https://www.pfsense.org/ - -:::note -The pfSense project is a free network firewall distribution, based on the FreeBSD operating system with a custom kernel and including third party free software packages for additional functionality. -::: +> The pfSense project is a free network firewall distribution, based on the FreeBSD operating system with a custom kernel and including third party free software packages for additional functionality. +> +> -- https://www.pfsense.org/ :::note This is based on authentik 2022.3.31 and pfSense 2.6.0-amd64 diff --git a/website/integrations/services/pgadmin/index.md b/website/integrations/services/pgadmin/index.md index 1a5084679..168ea9475 100644 --- a/website/integrations/services/pgadmin/index.md +++ b/website/integrations/services/pgadmin/index.md @@ -6,11 +6,9 @@ title: pgAdmin ## What is pgAdmin -From https://www.pgadmin.org/ - -:::note -pgAdmin is a management tool for PostgreSQL and derivative relational databases such as EnterpriseDB's EDB Advanced Server. It may be run either as a web or desktop application. -::: +> pgAdmin is a management tool for PostgreSQL and derivative relational databases such as EnterpriseDB's EDB Advanced Server. It may be run either as a web or desktop application. +> +> -- https://www.pgadmin.org/ :::note This is based on authentik 2022.3.3 and pgAdmin4 6.19 diff --git a/website/integrations/services/phpipam/index.md b/website/integrations/services/phpipam/index.md index a9a54d209..2e5afb495 100644 --- a/website/integrations/services/phpipam/index.md +++ b/website/integrations/services/phpipam/index.md @@ -6,11 +6,9 @@ title: phpIPAM ## What is phpIPAM -From https://phpipam.net/ - -:::note -phpipam is an open-source web IP address management application (IPAM). Its goal is to provide light, modern and useful IP address management. It is php-based application with MySQL database backend, using jQuery libraries, ajax and HTML5/CSS3 features. -::: +> phpipam is an open-source web IP address management application (IPAM). Its goal is to provide light, modern and useful IP address management. It is php-based application with MySQL database backend, using jQuery libraries, ajax and HTML5/CSS3 features. +> +> -- https://phpipam.net/ ## Preparation diff --git a/website/integrations/services/portainer/index.md b/website/integrations/services/portainer/index.md index 77486cb17..73c7a8175 100644 --- a/website/integrations/services/portainer/index.md +++ b/website/integrations/services/portainer/index.md @@ -6,11 +6,9 @@ title: Portainer ## What is Portainer -From https://www.portainer.io/ - -:::note -Portainer is a powerful, GUI-based Container-as-a-Service solution that helps organizations manage and deploy cloud-native applications easily and securely. -::: +> Portainer is a powerful, GUI-based Container-as-a-Service solution that helps organizations manage and deploy cloud-native applications easily and securely. +> +> -- https://www.portainer.io/ :::note This is based on authentik 2021.7.3 and Portainer 2.6.x-CE. Portainer 2.6 supports OAuth without additional licenses, 1.x Series requires a paid license for OAuth. diff --git a/website/integrations/services/powerdns-admin/index.md b/website/integrations/services/powerdns-admin/index.md index f1fe43047..a64ef2e0c 100644 --- a/website/integrations/services/powerdns-admin/index.md +++ b/website/integrations/services/powerdns-admin/index.md @@ -6,11 +6,9 @@ title: PowerDNS-Admin ## What is PowerDNS-Admin -From https://github.com/ngoduykhanh/PowerDNS-Admin - -:::note -A PowerDNS web interface with advanced features. -::: +> A PowerDNS web interface with advanced features. +> +> -- https://github.com/ngoduykhanh/PowerDNS-Admin ## Preparation diff --git a/website/integrations/services/proftpd/index.md b/website/integrations/services/proftpd/index.md index 9b7e9f9dd..1030d37cf 100644 --- a/website/integrations/services/proftpd/index.md +++ b/website/integrations/services/proftpd/index.md @@ -6,9 +6,9 @@ title: ProFTPD ## What is ProFTPD -:::note -ProFTPD is a high-performance, open-source FTP server software designed for Unix and Linux systems. It supports various features, including IPv6, SSL/TLS encryption, virtual hosting, advanced logging, and supports various authentication methods, including LDAP and MySQL. -::: +> ProFTPD is a high-performance, extremely configurable, and most of all a secure FTP server, featuring Apache-like configuration and blazing performance. +> +> -- From http://www.proftpd.org This integration leverages authentik's LDAP for the identity provider to achieve an SSO experience. See [ldap provider generic setup](../../../docs/providers/ldap/generic_setup) for setting up the LDAP provider. diff --git a/website/integrations/services/proxmox-ve/index.md b/website/integrations/services/proxmox-ve/index.md index 8a8ad22cb..be076c668 100644 --- a/website/integrations/services/proxmox-ve/index.md +++ b/website/integrations/services/proxmox-ve/index.md @@ -6,11 +6,9 @@ title: Proxmox VE ## What is Proxmox VE -From https://pve.proxmox.com/wiki/Main_Page - -:::note -Proxmox Virtual Environment is an open source server virtualization management solution based on QEMU/KVM and LXC. You can manage virtual machines, containers, highly available clusters, storage and networks with an integrated, easy-to-use web interface or via CLI. Proxmox VE code is licensed under the GNU Affero General Public License, version 3. The project is developed and maintained by Proxmox Server Solutions GmbH. -::: +> Proxmox Virtual Environment is an open source server virtualization management solution based on QEMU/KVM and LXC. You can manage virtual machines, containers, highly available clusters, storage and networks with an integrated, easy-to-use web interface or via CLI. Proxmox VE code is licensed under the GNU Affero General Public License, version 3. The project is developed and maintained by Proxmox Server Solutions GmbH. +> +> -- https://pve.proxmox.com/wiki/Main_Page :::caution This requires Proxmox VE 7.0 or newer. diff --git a/website/integrations/services/qnap-nas/index.md b/website/integrations/services/qnap-nas/index.md index 5a444da31..edcf4148b 100644 --- a/website/integrations/services/qnap-nas/index.md +++ b/website/integrations/services/qnap-nas/index.md @@ -4,14 +4,11 @@ title: QNAP NAS ## What is QNAP NAS -From +> QNAP Systems, Inc. is a Taiwanese corporation that specializes in network-attached storage appliances used for file sharing, virtualization, storage management and surveillance applications. +> +> -- https://en.wikipedia.org/wiki/QNAP_Systems -:::note -QNAP Systems, Inc. is a Taiwanese corporation that specializes in network-attached storage appliances used for file sharing, virtualization, storage management and surveillance applications. -::: - -Connecting a QNAP NAS to an LDAP Directory is a little bit special -as it is **not** (well) documented what really is done behind the scenes of QNAP. +Connecting a QNAP NAS to an LDAP Directory is a little bit special as it is **not** (well) documented what really is done behind the scenes of QNAP. ## Preparation diff --git a/website/integrations/services/rancher/index.md b/website/integrations/services/rancher/index.md index 18b4e2696..223cb15f6 100644 --- a/website/integrations/services/rancher/index.md +++ b/website/integrations/services/rancher/index.md @@ -6,12 +6,10 @@ title: Rancher ## What is Rancher -From https://rancher.com/products/rancher - -:::note -An enterprise platform for managing Kubernetes Everywhere -Rancher is a platform built to address the needs of the DevOps teams deploying applications with Kubernetes, and the IT staff responsible for delivering an enterprise-critical service. -::: +> An enterprise platform for managing Kubernetes Everywhere +> Rancher is a platform built to address the needs of the DevOps teams deploying applications with Kubernetes, and the IT staff responsible for delivering an enterprise-critical service. +> +> -- https://rancher.com/products/rancher ## Preparation diff --git a/website/integrations/services/rocketchat/index.md b/website/integrations/services/rocketchat/index.md index 8599198f8..55df4bccc 100644 --- a/website/integrations/services/rocketchat/index.md +++ b/website/integrations/services/rocketchat/index.md @@ -6,11 +6,9 @@ title: Rocket.chat ## What is Rocket.chat -From https://github.com/RocketChat/Rocket.Chat - -:::note -Rocket.Chat is an open-source fully customizable communications platform developed in JavaScript for organizations with high standards of data protection. It is licensed under the MIT License with some other licenses mixed in. See [Rocket.chat Git Hub](https://github.com/RocketChat/Rocket.Chat/blob/develop/LICENSE) for licensing information. -::: +> Rocket.Chat is an open-source fully customizable communications platform developed in JavaScript for organizations with high standards of data protection. It is licensed under the MIT License with some other licenses mixed in. See [Rocket.chat GitHub](https://github.com/RocketChat/Rocket.Chat/blob/develop/LICENSE) for licensing information. +> +> -- https://github.com/RocketChat/Rocket.Chat :::note This is based on authentik 2022.3.1 and Rocket.chat 4.5.1 using the [Docker-Compose install](https://docs.rocket.chat/quick-start/installing-and-updating/rapid-deployment-methods/docker-and-docker-compose/docker-containers). Instructions may differ between versions. diff --git a/website/integrations/services/roundcube/index.md b/website/integrations/services/roundcube/index.md index aa52d57a7..6d74827b3 100644 --- a/website/integrations/services/roundcube/index.md +++ b/website/integrations/services/roundcube/index.md @@ -6,12 +6,10 @@ title: Roundcube ## What is Roundcube -From https://roundcube.net - -:::note -**Roundcube** is a browser-based multilingual IMAP client with an application-like user interface. -It provides full functionality you expect from an email client, including MIME support, address book, folder manipulation, message searching and spell checking -::: +> **Roundcube** is a browser-based multilingual IMAP client with an application-like user interface. +> It provides full functionality you expect from an email client, including MIME support, address book, folder manipulation, message searching and spell checking +> +> -- https://roundcube.net This integration describes how to use Roundcube's oauth support with authentik to automatically sign into an email account. The mail server must support XOAUTH2 for both SMTPD and IMAP/POP. Postfix SMTP server can also use Dovecot for authentication which provides Postfix with xoauth2 capability without configuring it separately. diff --git a/website/integrations/services/sentry/index.md b/website/integrations/services/sentry/index.md index d1dbec27c..6715f3d90 100644 --- a/website/integrations/services/sentry/index.md +++ b/website/integrations/services/sentry/index.md @@ -6,15 +6,10 @@ title: Sentry ## What is Sentry -From https://sentry.io - -:::note -Sentry provides self-hosted and cloud-based error monitoring that helps all software -teams discover, triage, and prioritize errors in real-time. - -One million developers at over fifty thousand companies already ship -better software faster with Sentry. Won’t you join them? -::: +> Sentry provides self-hosted and cloud-based error monitoring that helps all software teams discover, triage, and prioritize errors in real-time. +> One million developers at over fifty thousand companies already ship better software faster with Sentry. Won’t you join them? +> +> -- https://sentry.io ## Preparation diff --git a/website/integrations/services/skyhigh/index.md b/website/integrations/services/skyhigh/index.md index 646dc612a..e220933f1 100644 --- a/website/integrations/services/skyhigh/index.md +++ b/website/integrations/services/skyhigh/index.md @@ -6,11 +6,9 @@ title: Skyhigh Security ## What is Skyhigh Security -:::note -Skyhigh Security is a Security Services Edge (SSE), Cloud Access Security Broker (CASB), and Secure Web Gateway (SWG), and Private Access (PA / ZTNA) cloud provider. -::: - -From https://www.skyhighsecurity.com/en-us/about.html +> Skyhigh Security is a Security Services Edge (SSE), Cloud Access Security Broker (CASB), and Secure Web Gateway (SWG), and Private Access (PA / ZTNA) cloud provider. +> +> -- https://www.skyhighsecurity.com/en-us/about.html :::note We were among the first to recognize the cloud’s potential and knew that protecting data in this new hybrid world required an entirely new approach. We make managing your web and unifying your data policies easy to create and enforce, giving you a single console to provide visibility across all of your infrastructure. diff --git a/website/integrations/services/snipe-it/index.md b/website/integrations/services/snipe-it/index.md index 25d0d3687..12c8c60ec 100644 --- a/website/integrations/services/snipe-it/index.md +++ b/website/integrations/services/snipe-it/index.md @@ -6,10 +6,9 @@ title: Snipe-IT ## What is Snipe-IT -From https://snipeitapp.com -:::note -A free open source IT asset/license management system. -::: +> A free open source IT asset/license management system. +> +> -- https://snipeitapp.com :::caution This setup assumes you will be using HTTPS as Snipe-It dynamically generates the ACS and other settings based on the complete URL. diff --git a/website/integrations/services/sonarr/index.md b/website/integrations/services/sonarr/index.md index dae718a3d..38a48de2f 100644 --- a/website/integrations/services/sonarr/index.md +++ b/website/integrations/services/sonarr/index.md @@ -10,11 +10,9 @@ These instructions apply to all projects in the \*arr Family. If you use multipl ## What is Sonarr -From https://github.com/Sonarr/Sonarr - -:::note -Sonarr is a PVR for Usenet and BitTorrent users. It can monitor multiple RSS feeds for new episodes of your favorite shows and will grab, sort and rename them. It can also be configured to automatically upgrade the quality of files already downloaded when a better quality format becomes available. -::: +> Sonarr is a PVR for Usenet and BitTorrent users. It can monitor multiple RSS feeds for new episodes of your favorite shows and will grab, sort and rename them. It can also be configured to automatically upgrade the quality of files already downloaded when a better quality format becomes available. +> +> -- https://github.com/Sonarr/Sonarr ## Preparation diff --git a/website/integrations/services/sssd/index.md b/website/integrations/services/sssd/index.md index 37e8067e7..4dac88417 100644 --- a/website/integrations/services/sssd/index.md +++ b/website/integrations/services/sssd/index.md @@ -6,11 +6,9 @@ title: sssd ## What is sssd -From https://sssd.io/ - -:::note -**SSSD** is an acronym for System Security Services Daemon. It is the client component of centralized identity management solutions such as FreeIPA, 389 Directory Server, Microsoft Active Directory, OpenLDAP and other directory servers. The client serves and caches the information stored in the remote directory server and provides identity, authentication and authorization services to the host machine. -::: +> **SSSD** is an acronym for System Security Services Daemon. It is the client component of centralized identity management solutions such as FreeIPA, 389 Directory Server, Microsoft Active Directory, OpenLDAP and other directory servers. The client serves and caches the information stored in the remote directory server and provides identity, authentication and authorization services to the host machine. +> +> -- https://sssd.io/ Note that authentik supports _only_ user and group objects. As a consequence, it cannot be used to provide automount or sudo diff --git a/website/integrations/services/tautulli/index.md b/website/integrations/services/tautulli/index.md index 2c3752055..aa6c27cd9 100644 --- a/website/integrations/services/tautulli/index.md +++ b/website/integrations/services/tautulli/index.md @@ -6,11 +6,9 @@ title: Tautulli ## What is Tautulli -From https://tautulli.com/ - -:::note -Tautulli is a 3rd party application that you can run alongside your Plex Media Server to monitor activity and track various statistics. Most importantly, these statistics include what has been watched, who watched it, when and where they watched it, and how it was watched. The only thing missing is "why they watched it", but who am I to question your 42 plays of Frozen. All statistics are presented in a nice and clean interface with many tables and graphs, which makes it easy to brag about your server to everyone else. -::: +> Tautulli is a 3rd party application that you can run alongside your Plex Media Server to monitor activity and track various statistics. Most importantly, these statistics include what has been watched, who watched it, when and where they watched it, and how it was watched. The only thing missing is "why they watched it", but who am I to question your 42 plays of Frozen. All statistics are presented in a nice and clean interface with many tables and graphs, which makes it easy to brag about your server to everyone else. +> +> -- https://tautulli.com/ ## Preparation diff --git a/website/integrations/services/truecommand/index.md b/website/integrations/services/truecommand/index.md index 784c46981..0e3c01347 100644 --- a/website/integrations/services/truecommand/index.md +++ b/website/integrations/services/truecommand/index.md @@ -6,13 +6,9 @@ title: TrueNAS TrueCommand ## What is TrueNAS TrueCommand -From https://www.truenas.com/truecommand/ -:::note -What is TrueCommand? -TrueCommand is a ZFS-aware solution allowing you to set custom alerts on statistics like ARC usage or pool capacity and ensuring storage -e uptime and future planning. TrueCommand also identifies and pinpoints errors on drives or vdevs (RAID groups), saving you valuable ti -me when resolving issues. -::: +> TrueCommand is a ZFS-aware solution allowing you to set custom alerts on statistics like ARC usage or pool capacity and ensuring storage uptime and future planning. TrueCommand also identifies and pinpoints errors on drives or vdevs (RAID groups), saving you valuable time when resolving issues. +> +> -- https://www.truenas.com/truecommand/ :::caution This setup assumes you will be using HTTPS as TrueCommand generates ACS and Redirect URLs based on the complete URL. diff --git a/website/integrations/services/ubuntu-landscape/index.md b/website/integrations/services/ubuntu-landscape/index.md index 325e5330f..7d2b9dd99 100644 --- a/website/integrations/services/ubuntu-landscape/index.md +++ b/website/integrations/services/ubuntu-landscape/index.md @@ -6,11 +6,9 @@ title: Ubuntu Landscape ## What is Ubuntu Landscape -From https://en.wikipedia.org/wiki/Landscape_(software) - -:::note -Landscape is a systems management tool developed by Canonical. It can be run on-premises or in the cloud depending on the needs of the user. It is primarily designed for use with Ubuntu derivatives such as Desktop, Server, and Core. -::: +> Landscape is a systems management tool developed by Canonical. It can be run on-premises or in the cloud depending on the needs of the user. It is primarily designed for use with Ubuntu derivatives such as Desktop, Server, and Core. +> +> -- https://en.wikipedia.org/wiki/Landscape_(software) :::caution This requires authentik 0.10.3 or newer. diff --git a/website/integrations/services/uptime-kuma/index.md b/website/integrations/services/uptime-kuma/index.md index eecc8557e..cb16c6c1c 100644 --- a/website/integrations/services/uptime-kuma/index.md +++ b/website/integrations/services/uptime-kuma/index.md @@ -6,11 +6,9 @@ title: Uptime Kuma ## What is Uptime Kuma -From https://github.com/louislam/uptime-kuma - -:::note -It is a self-hosted monitoring tool like "Uptime Robot". -::: +> Uptime Kuma is an easy-to-use self-hosted monitoring tool. +> +> -- https://github.com/louislam/uptime-kuma Uptime Kuma currently supports only a single user and no native SSO solution. To still use authentik, you can work with the Proxy Outpost and a Proxy Provider. diff --git a/website/integrations/services/veeam-enterprise-manager/index.md b/website/integrations/services/veeam-enterprise-manager/index.md index bb0663b53..492caa890 100644 --- a/website/integrations/services/veeam-enterprise-manager/index.md +++ b/website/integrations/services/veeam-enterprise-manager/index.md @@ -6,11 +6,9 @@ title: Veeam Enterprise Manager ## What is Veeam Enterprise Manager -From https://helpcenter.veeam.com/docs/backup/em/introduction.html?ver=100 - -:::note -Veeam Backup Enterprise Manager (Enterprise Manager) is a management and reporting component that allows you to manage multiple Veeam Backup & Replication installations from a single web console. Veeam Backup Enterprise Manager helps you optimize performance in remote office/branch office (ROBO) and large-scale deployments and maintain a view of your entire virtual environment. -::: +> Veeam Backup Enterprise Manager (Enterprise Manager) is a management and reporting component that allows you to manage multiple Veeam Backup & Replication installations from a single web console. Veeam Backup Enterprise Manager helps you optimize performance in remote office/branch office (ROBO) and large-scale deployments and maintain a view of your entire virtual environment. +> +> -- https://helpcenter.veeam.com/docs/backup/em/introduction.html?ver=100 ## Preparation diff --git a/website/integrations/services/vikunja/index.md b/website/integrations/services/vikunja/index.md index 2faa5fc7f..38a7a7e2a 100644 --- a/website/integrations/services/vikunja/index.md +++ b/website/integrations/services/vikunja/index.md @@ -6,11 +6,9 @@ title: Vikunja ## What is Vikunja -From https://vikunja.io/ - -:::note -Vikunja is an Open-Source, self-hosted To-Do list application for all platforms. It is licensed under the GPLv3. -::: +> Vikunja is an Open-Source, self-hosted To-Do list application for all platforms. It is licensed under the GPLv3. +> +> -- https://vikunja.io/ :::note This is based on authentik 2021.7.3 and Vikunja V0.17.1 using the Docker-Compose install https://vikunja.io/docs/full-docker-example/. Instructions may differ between versions. diff --git a/website/integrations/services/vmware-vcenter/index.md b/website/integrations/services/vmware-vcenter/index.md index 90bfa8d41..ef89e9342 100644 --- a/website/integrations/services/vmware-vcenter/index.md +++ b/website/integrations/services/vmware-vcenter/index.md @@ -6,11 +6,9 @@ title: VMware vCenter ## What is vCenter -From https://en.wikipedia.org/wiki/VCenter - -:::note -vCenter Server is the centralized management utility for VMware, and is used to manage virtual machines, multiple ESXi hosts, and all dependent components from a single centralized location. VMware vMotion and svMotion require the use of vCenter and ESXi hosts. -::: +> vCenter Server is the centralized management utility for VMware, and is used to manage virtual machines, multiple ESXi hosts, and all dependent components from a single centralized location. VMware vMotion and svMotion require the use of vCenter and ESXi hosts. +> +> -- https://en.wikipedia.org/wiki/VCenter :::caution This requires authentik 0.10.3 or newer. diff --git a/website/integrations/services/weblate/index.md b/website/integrations/services/weblate/index.md index e1a8d8ab9..003055126 100644 --- a/website/integrations/services/weblate/index.md +++ b/website/integrations/services/weblate/index.md @@ -6,11 +6,9 @@ title: Weblate ## What is Weblate -From https://weblate.org/en/ - -:::note -Weblate is a copylefted libre software web-based continuous localization system, used by over 2500 libre projects and companies in more than 165 countries. -::: +> Weblate is a copylefted libre software web-based continuous localization system, used by over 2500 libre projects and companies in more than 165 countries. +> +> -- https://weblate.org/en/ ## Preparation diff --git a/website/integrations/services/wekan/index.mdx b/website/integrations/services/wekan/index.mdx index 37914950d..f615a6a6f 100644 --- a/website/integrations/services/wekan/index.mdx +++ b/website/integrations/services/wekan/index.mdx @@ -6,11 +6,9 @@ title: Wekan ## What is Wekan -From https://github.com/wekan/wekan/wiki - -:::note -Wekan is an open-source kanban board which allows a card-based task and to-do management. -::: +> Wekan is an open-source kanban board which allows a card-based task and to-do management. +> +> -- https://github.com/wekan/wekan/wiki ## Preparation diff --git a/website/integrations/services/wiki-js/index.md b/website/integrations/services/wiki-js/index.md index 7f80841ce..305030472 100644 --- a/website/integrations/services/wiki-js/index.md +++ b/website/integrations/services/wiki-js/index.md @@ -6,11 +6,9 @@ title: Wiki.js ## What is Wiki.js -From https://en.wikipedia.org/wiki/Wiki.js - -:::note -Wiki.js is a wiki engine running on Node.js and written in JavaScript. It is free software released under the Affero GNU General Public License. It is available as a self-hosted solution or using "single-click" install on the DigitalOcean and AWS marketplace. -::: +> Wiki.js is a wiki engine running on Node.js and written in JavaScript. It is free software released under the Affero GNU General Public License. It is available as a self-hosted solution or using "single-click" install on the DigitalOcean and AWS marketplace. +> +> -- https://en.wikipedia.org/wiki/Wiki.js :::note This is based on authentik 2022.11 and Wiki.js 2.5. Instructions may differ between versions. diff --git a/website/integrations/services/wordpress/index.md b/website/integrations/services/wordpress/index.md index b44cb4e29..4486b637f 100644 --- a/website/integrations/services/wordpress/index.md +++ b/website/integrations/services/wordpress/index.md @@ -6,11 +6,9 @@ title: Wordpress ## What is Wordpress -From https://en.wikipedia.org/wiki/WordPress - -:::note -WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system, referred to within WordPress as Themes -::: +> WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system, referred to within WordPress as Themes +> +> -- https://en.wikipedia.org/wiki/WordPress :::note There are many different plugins for Wordpress that allow you to setup SSO using different authentication methods. The plugin that is explained in this tutorial is "OpenID Connect Generic" version 3.8.5 by daggerhart. This plugin uses OpenID/OAUTH2 and is free without paywalls or subscriptions at the time of writing this. The plugin is available for free in the Wordpress Plugin gallery. diff --git a/website/integrations/services/writefreely/index.md b/website/integrations/services/writefreely/index.md index f255b3ae0..631790974 100644 --- a/website/integrations/services/writefreely/index.md +++ b/website/integrations/services/writefreely/index.md @@ -6,10 +6,9 @@ title: Writefreely ## What is Writefreely -From https://writefreely.org/ -:::note -An open source platform for building a writing space on the web. -::: +> An open source platform for building a writing space on the web. +> +> -- https://writefreely.org/ :::caution Currently it is not possible to connect writefreely to authentik without making an adjustment in the database. See [here](https://github.com/writefreely/writefreely/issues/516) and [Writefreely Setup](https://goauthentik.io/integrations/services/writefreely/#writefreely-setup) diff --git a/website/integrations/services/zabbix/index.md b/website/integrations/services/zabbix/index.md index 98b7d9937..c67bcf530 100644 --- a/website/integrations/services/zabbix/index.md +++ b/website/integrations/services/zabbix/index.md @@ -6,13 +6,11 @@ title: Zabbix ## What is Zabbix -From https://www.zabbix.com/features - -:::note -Zabbix is the ultimate enterprise-level software designed for real-time monitoring of millions of metrics collected from tens of thousands of servers, virtual machines and network devices. - -Zabbix is Open Source and comes at no cost. -::: +> Zabbix is the ultimate enterprise-level software designed for real-time monitoring of millions of metrics collected from tens of thousands of servers, virtual machines and network devices. +> +> Zabbix is Open Source and comes at no cost. +> +> -- https://www.zabbix.com/features ## Preparation diff --git a/website/integrations/services/zammad/index.md b/website/integrations/services/zammad/index.md index a965c2ea3..93e30e93e 100644 --- a/website/integrations/services/zammad/index.md +++ b/website/integrations/services/zammad/index.md @@ -6,11 +6,10 @@ title: Zammad ## What is Zammad -From https://zammad.org/ -:::note -Zammad is a web-based, open source user support/ticketing solution. -Download and install it on your own servers. For free. -::: +> Zammad is a web-based, open source user support/ticketing solution. +> Download and install it on your own servers. For free. +> +> -- https://zammad.org/ ## Preparation diff --git a/website/integrations/services/zulip/index.md b/website/integrations/services/zulip/index.md index fb185c6a2..8104f7c4a 100644 --- a/website/integrations/services/zulip/index.md +++ b/website/integrations/services/zulip/index.md @@ -6,12 +6,10 @@ title: Zulip ## What is Zulip -From https://zulip.com - -:::note -**Zulip**: Chat for distributed teams. Zulip combines the immediacy of real-time chat with an email threading model. -With Zulip, you can catch up on important conversations while ignoring irrelevant ones. -::: +> **Zulip**: Chat for distributed teams. Zulip combines the immediacy of real-time chat with an email threading model. +> With Zulip, you can catch up on important conversations while ignoring irrelevant ones. +> +> -- https://zulip.com ## Preparation diff --git a/website/sidebars.js b/website/sidebars.js index bcae7d1f4..240331e3f 100644 --- a/website/sidebars.js +++ b/website/sidebars.js @@ -33,6 +33,7 @@ module.exports = { "core/tenants", "core/certificates", "core/geoip", + "core/architecture", ], }, { diff --git a/website/src/css/custom.css b/website/src/css/custom.css index 983ec3631..f9aeb416f 100644 --- a/website/src/css/custom.css +++ b/website/src/css/custom.css @@ -84,8 +84,8 @@ no-repeat; } -@media (min-width: 1416px) { - .docPage_node_modules-\@docusaurus-theme-classic-lib-theme-DocPage-Layout-styles-module { +@media (min-width: 1600px) { + #__docusaurus_skipToContent_fallback > div { align-self: center; max-width: 1600px; width: 1600px;