Merge branch 'main' into application-wizard-2
* main: blueprints: prevent duplicate password stage in default flow when using combined identification stage (#6432) website/integrations: cite better (#6431) root: add generated Source docs (#5323) website/docs: add architecture and persistence (#6250) core: bump paramiko from 3.2.0 to 3.3.1 (#6428) website: fix sidebar sizing (#6430) ci: update dependabot labels (#6423) website: fix sidebar layout (#6421)
This commit is contained in:
commit
7808b7b48a
2
.github/cherry-pick-bot.yml
vendored
Normal file
2
.github/cherry-pick-bot.yml
vendored
Normal file
|
@ -0,0 +1,2 @@
|
|||
enabled: true
|
||||
preservePullRequestTitle: true
|
12
.github/dependabot.yml
vendored
12
.github/dependabot.yml
vendored
|
@ -8,6 +8,8 @@ updates:
|
|||
open-pull-requests-limit: 10
|
||||
commit-message:
|
||||
prefix: "ci:"
|
||||
labels:
|
||||
- dependencies
|
||||
- package-ecosystem: gomod
|
||||
directory: "/"
|
||||
schedule:
|
||||
|
@ -16,11 +18,15 @@ updates:
|
|||
open-pull-requests-limit: 10
|
||||
commit-message:
|
||||
prefix: "core:"
|
||||
labels:
|
||||
- dependencies
|
||||
- package-ecosystem: npm
|
||||
directory: "/web"
|
||||
schedule:
|
||||
interval: daily
|
||||
time: "04:00"
|
||||
labels:
|
||||
- dependencies
|
||||
open-pull-requests-limit: 10
|
||||
commit-message:
|
||||
prefix: "web:"
|
||||
|
@ -44,6 +50,8 @@ updates:
|
|||
open-pull-requests-limit: 10
|
||||
commit-message:
|
||||
prefix: "website:"
|
||||
labels:
|
||||
- dependencies
|
||||
groups:
|
||||
docusaurus:
|
||||
patterns:
|
||||
|
@ -56,6 +64,8 @@ updates:
|
|||
open-pull-requests-limit: 10
|
||||
commit-message:
|
||||
prefix: "core:"
|
||||
labels:
|
||||
- dependencies
|
||||
- package-ecosystem: docker
|
||||
directory: "/"
|
||||
schedule:
|
||||
|
@ -64,3 +74,5 @@ updates:
|
|||
open-pull-requests-limit: 10
|
||||
commit-message:
|
||||
prefix: "core:"
|
||||
labels:
|
||||
- dependencies
|
||||
|
|
20
.github/pull_request_template.md
vendored
20
.github/pull_request_template.md
vendored
|
@ -1,23 +1,19 @@
|
|||
<!--
|
||||
👋 Hello there! Welcome.
|
||||
👋 Hi there! Welcome.
|
||||
|
||||
Please check the [Contributing guidelines](https://goauthentik.io/developer-docs/#how-can-i-contribute).
|
||||
Please check the Contributing guidelines: https://goauthentik.io/developer-docs/#how-can-i-contribute
|
||||
-->
|
||||
|
||||
## Details
|
||||
|
||||
- **Does this resolve an issue?**
|
||||
Resolves #
|
||||
<!--
|
||||
Explain what this PR changes, what the rationale behind the change is, if any new requirements are introduced or any breaking changes caused by this PR.
|
||||
|
||||
## Changes
|
||||
Ideally also link an Issue for context that this PR will close using `closes #`
|
||||
-->
|
||||
REPLACE ME
|
||||
|
||||
### New Features
|
||||
|
||||
- Adds feature which does x, y, and z.
|
||||
|
||||
### Breaking Changes
|
||||
|
||||
- Adds breaking change which causes \<issue\>.
|
||||
---
|
||||
|
||||
## Checklist
|
||||
|
||||
|
|
25
.github/workflows/publish-source-docs.yml
vendored
Normal file
25
.github/workflows/publish-source-docs.yml
vendored
Normal file
|
@ -0,0 +1,25 @@
|
|||
name: authentik-publish-source-docs
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- main
|
||||
|
||||
jobs:
|
||||
publish-source-docs:
|
||||
runs-on: ubuntu-latest
|
||||
timeout-minutes: 120
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
- name: Setup authentik env
|
||||
uses: ./.github/actions/setup
|
||||
- name: generate docs
|
||||
run: |
|
||||
poetry run ak build_source_docs
|
||||
- name: Publish
|
||||
uses: netlify/actions/cli@master
|
||||
with:
|
||||
args: deploy --dir=source_docs --prod
|
||||
env:
|
||||
NETLIFY_SITE_ID: eb246b7b-1d83-4f69-89f7-01a936b4ca59
|
||||
NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_AUTH_TOKEN }}
|
1
.gitignore
vendored
1
.gitignore
vendored
|
@ -205,3 +205,4 @@ data/
|
|||
# Local Netlify folder
|
||||
.netlify
|
||||
.ruff_cache
|
||||
source_docs/
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
"""authentik"""
|
||||
"""authentik root module"""
|
||||
from os import environ
|
||||
from typing import Optional
|
||||
|
||||
|
|
21
authentik/core/management/commands/build_source_docs.py
Normal file
21
authentik/core/management/commands/build_source_docs.py
Normal file
|
@ -0,0 +1,21 @@
|
|||
"""Build source docs"""
|
||||
from pathlib import Path
|
||||
|
||||
from django.core.management.base import BaseCommand
|
||||
from pdoc import pdoc
|
||||
from pdoc.render import configure
|
||||
|
||||
|
||||
class Command(BaseCommand):
|
||||
"""Build source docs"""
|
||||
|
||||
def handle(self, **options):
|
||||
configure(
|
||||
docformat="markdown",
|
||||
mermaid=True,
|
||||
logo="https://goauthentik.io/img/icon_top_brand_colour.svg",
|
||||
)
|
||||
pdoc(
|
||||
"authentik",
|
||||
output_directory=Path("./source_docs"),
|
||||
)
|
|
@ -79,7 +79,7 @@ class UserTypes(models.TextChoices):
|
|||
|
||||
|
||||
class Group(SerializerModel):
|
||||
"""Custom Group model which supports a basic hierarchy"""
|
||||
"""Group model which supports a basic hierarchy and has attributes"""
|
||||
|
||||
group_uuid = models.UUIDField(primary_key=True, editable=False, default=uuid4)
|
||||
|
||||
|
@ -148,15 +148,15 @@ class Group(SerializerModel):
|
|||
|
||||
|
||||
class UserManager(DjangoUserManager):
|
||||
"""Custom user manager that doesn't assign is_superuser and is_staff"""
|
||||
"""User manager that doesn't assign is_superuser and is_staff"""
|
||||
|
||||
def create_user(self, username, email=None, password=None, **extra_fields):
|
||||
"""Custom user manager that doesn't assign is_superuser and is_staff"""
|
||||
"""User manager that doesn't assign is_superuser and is_staff"""
|
||||
return self._create_user(username, email, password, **extra_fields)
|
||||
|
||||
|
||||
class User(SerializerModel, GuardianUserMixin, AbstractUser):
|
||||
"""Custom User model to allow easier adding of user-based settings"""
|
||||
"""authentik User model, based on django's contrib auth user model."""
|
||||
|
||||
uuid = models.UUIDField(default=uuid4, editable=False, unique=True)
|
||||
name = models.TextField(help_text=_("User's display name."))
|
||||
|
|
|
@ -51,6 +51,7 @@ entries:
|
|||
order: 20
|
||||
stage: !KeyOf default-authentication-password
|
||||
target: !KeyOf flow
|
||||
id: default-authentication-flow-password-binding
|
||||
model: authentik_flows.flowstagebinding
|
||||
- identifiers:
|
||||
order: 30
|
||||
|
@ -62,3 +63,18 @@ entries:
|
|||
stage: !KeyOf default-authentication-login
|
||||
target: !KeyOf flow
|
||||
model: authentik_flows.flowstagebinding
|
||||
- model: authentik_policies_expression.expressionpolicy
|
||||
id: default-authentication-flow-password-optional
|
||||
identifiers:
|
||||
name: default-authentication-flow-password-stage
|
||||
attrs:
|
||||
expression: |
|
||||
flow_plan = request.context["flow_plan"]
|
||||
# If the user does not have a backend attached to it, they haven't
|
||||
# been authenticated yet and we need the password stage
|
||||
return not hasattr(flow_plan.context["pending_user"], "backend")
|
||||
- model: authentik_policies.policybinding
|
||||
identifiers:
|
||||
order: 10
|
||||
target: !KeyOf default-authentication-flow-password-binding
|
||||
policy: !KeyOf default-authentication-flow-password-optional
|
||||
|
|
103
poetry.lock
generated
103
poetry.lock
generated
|
@ -1809,6 +1809,23 @@ pipfile-deprecated-finder = ["pip-shims (>=0.5.2)", "pipreqs", "requirementslib"
|
|||
plugins = ["setuptools"]
|
||||
requirements-deprecated-finder = ["pip-api", "pipreqs"]
|
||||
|
||||
[[package]]
|
||||
name = "jinja2"
|
||||
version = "3.1.2"
|
||||
description = "A very fast and expressive template engine."
|
||||
optional = false
|
||||
python-versions = ">=3.7"
|
||||
files = [
|
||||
{file = "Jinja2-3.1.2-py3-none-any.whl", hash = "sha256:6088930bfe239f0e6710546ab9c19c9ef35e29792895fed6e6e31a023a182a61"},
|
||||
{file = "Jinja2-3.1.2.tar.gz", hash = "sha256:31351a702a408a9e7595a8fc6150fc3f43bb6bf7e319770cbc0db9df9437e852"},
|
||||
]
|
||||
|
||||
[package.dependencies]
|
||||
MarkupSafe = ">=2.0"
|
||||
|
||||
[package.extras]
|
||||
i18n = ["Babel (>=2.7)"]
|
||||
|
||||
[[package]]
|
||||
name = "jsonpatch"
|
||||
version = "1.33"
|
||||
|
@ -2101,6 +2118,65 @@ profiling = ["gprof2dot"]
|
|||
rtd = ["jupyter_sphinx", "mdit-py-plugins", "myst-parser", "pyyaml", "sphinx", "sphinx-copybutton", "sphinx-design", "sphinx_book_theme"]
|
||||
testing = ["coverage", "pytest", "pytest-cov", "pytest-regressions"]
|
||||
|
||||
[[package]]
|
||||
name = "markupsafe"
|
||||
version = "2.1.3"
|
||||
description = "Safely add untrusted strings to HTML/XML markup."
|
||||
optional = false
|
||||
python-versions = ">=3.7"
|
||||
files = [
|
||||
{file = "MarkupSafe-2.1.3-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:cd0f502fe016460680cd20aaa5a76d241d6f35a1c3350c474bac1273803893fa"},
|
||||
{file = "MarkupSafe-2.1.3-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:e09031c87a1e51556fdcb46e5bd4f59dfb743061cf93c4d6831bf894f125eb57"},
|
||||
{file = "MarkupSafe-2.1.3-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:68e78619a61ecf91e76aa3e6e8e33fc4894a2bebe93410754bd28fce0a8a4f9f"},
|
||||
{file = "MarkupSafe-2.1.3-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:65c1a9bcdadc6c28eecee2c119465aebff8f7a584dd719facdd9e825ec61ab52"},
|
||||
{file = "MarkupSafe-2.1.3-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:525808b8019e36eb524b8c68acdd63a37e75714eac50e988180b169d64480a00"},
|
||||
{file = "MarkupSafe-2.1.3-cp310-cp310-musllinux_1_1_aarch64.whl", hash = "sha256:962f82a3086483f5e5f64dbad880d31038b698494799b097bc59c2edf392fce6"},
|
||||
{file = "MarkupSafe-2.1.3-cp310-cp310-musllinux_1_1_i686.whl", hash = "sha256:aa7bd130efab1c280bed0f45501b7c8795f9fdbeb02e965371bbef3523627779"},
|
||||
{file = "MarkupSafe-2.1.3-cp310-cp310-musllinux_1_1_x86_64.whl", hash = "sha256:c9c804664ebe8f83a211cace637506669e7890fec1b4195b505c214e50dd4eb7"},
|
||||
{file = "MarkupSafe-2.1.3-cp310-cp310-win32.whl", hash = "sha256:10bbfe99883db80bdbaff2dcf681dfc6533a614f700da1287707e8a5d78a8431"},
|
||||
{file = "MarkupSafe-2.1.3-cp310-cp310-win_amd64.whl", hash = "sha256:1577735524cdad32f9f694208aa75e422adba74f1baee7551620e43a3141f559"},
|
||||
{file = "MarkupSafe-2.1.3-cp311-cp311-macosx_10_9_universal2.whl", hash = "sha256:ad9e82fb8f09ade1c3e1b996a6337afac2b8b9e365f926f5a61aacc71adc5b3c"},
|
||||
{file = "MarkupSafe-2.1.3-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:3c0fae6c3be832a0a0473ac912810b2877c8cb9d76ca48de1ed31e1c68386575"},
|
||||
{file = "MarkupSafe-2.1.3-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:b076b6226fb84157e3f7c971a47ff3a679d837cf338547532ab866c57930dbee"},
|
||||
{file = "MarkupSafe-2.1.3-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:bfce63a9e7834b12b87c64d6b155fdd9b3b96191b6bd334bf37db7ff1fe457f2"},
|
||||
{file = "MarkupSafe-2.1.3-cp311-cp311-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:338ae27d6b8745585f87218a3f23f1512dbf52c26c28e322dbe54bcede54ccb9"},
|
||||
{file = "MarkupSafe-2.1.3-cp311-cp311-musllinux_1_1_aarch64.whl", hash = "sha256:e4dd52d80b8c83fdce44e12478ad2e85c64ea965e75d66dbeafb0a3e77308fcc"},
|
||||
{file = "MarkupSafe-2.1.3-cp311-cp311-musllinux_1_1_i686.whl", hash = "sha256:df0be2b576a7abbf737b1575f048c23fb1d769f267ec4358296f31c2479db8f9"},
|
||||
{file = "MarkupSafe-2.1.3-cp311-cp311-musllinux_1_1_x86_64.whl", hash = "sha256:5bbe06f8eeafd38e5d0a4894ffec89378b6c6a625ff57e3028921f8ff59318ac"},
|
||||
{file = "MarkupSafe-2.1.3-cp311-cp311-win32.whl", hash = "sha256:dd15ff04ffd7e05ffcb7fe79f1b98041b8ea30ae9234aed2a9168b5797c3effb"},
|
||||
{file = "MarkupSafe-2.1.3-cp311-cp311-win_amd64.whl", hash = "sha256:134da1eca9ec0ae528110ccc9e48041e0828d79f24121a1a146161103c76e686"},
|
||||
{file = "MarkupSafe-2.1.3-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:8e254ae696c88d98da6555f5ace2279cf7cd5b3f52be2b5cf97feafe883b58d2"},
|
||||
{file = "MarkupSafe-2.1.3-cp37-cp37m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:cb0932dc158471523c9637e807d9bfb93e06a95cbf010f1a38b98623b929ef2b"},
|
||||
{file = "MarkupSafe-2.1.3-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:9402b03f1a1b4dc4c19845e5c749e3ab82d5078d16a2a4c2cd2df62d57bb0707"},
|
||||
{file = "MarkupSafe-2.1.3-cp37-cp37m-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:ca379055a47383d02a5400cb0d110cef0a776fc644cda797db0c5696cfd7e18e"},
|
||||
{file = "MarkupSafe-2.1.3-cp37-cp37m-musllinux_1_1_aarch64.whl", hash = "sha256:b7ff0f54cb4ff66dd38bebd335a38e2c22c41a8ee45aa608efc890ac3e3931bc"},
|
||||
{file = "MarkupSafe-2.1.3-cp37-cp37m-musllinux_1_1_i686.whl", hash = "sha256:c011a4149cfbcf9f03994ec2edffcb8b1dc2d2aede7ca243746df97a5d41ce48"},
|
||||
{file = "MarkupSafe-2.1.3-cp37-cp37m-musllinux_1_1_x86_64.whl", hash = "sha256:56d9f2ecac662ca1611d183feb03a3fa4406469dafe241673d521dd5ae92a155"},
|
||||
{file = "MarkupSafe-2.1.3-cp37-cp37m-win32.whl", hash = "sha256:8758846a7e80910096950b67071243da3e5a20ed2546e6392603c096778d48e0"},
|
||||
{file = "MarkupSafe-2.1.3-cp37-cp37m-win_amd64.whl", hash = "sha256:787003c0ddb00500e49a10f2844fac87aa6ce977b90b0feaaf9de23c22508b24"},
|
||||
{file = "MarkupSafe-2.1.3-cp38-cp38-macosx_10_9_universal2.whl", hash = "sha256:2ef12179d3a291be237280175b542c07a36e7f60718296278d8593d21ca937d4"},
|
||||
{file = "MarkupSafe-2.1.3-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:2c1b19b3aaacc6e57b7e25710ff571c24d6c3613a45e905b1fde04d691b98ee0"},
|
||||
{file = "MarkupSafe-2.1.3-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:8afafd99945ead6e075b973fefa56379c5b5c53fd8937dad92c662da5d8fd5ee"},
|
||||
{file = "MarkupSafe-2.1.3-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:8c41976a29d078bb235fea9b2ecd3da465df42a562910f9022f1a03107bd02be"},
|
||||
{file = "MarkupSafe-2.1.3-cp38-cp38-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:d080e0a5eb2529460b30190fcfcc4199bd7f827663f858a226a81bc27beaa97e"},
|
||||
{file = "MarkupSafe-2.1.3-cp38-cp38-musllinux_1_1_aarch64.whl", hash = "sha256:69c0f17e9f5a7afdf2cc9fb2d1ce6aabdb3bafb7f38017c0b77862bcec2bbad8"},
|
||||
{file = "MarkupSafe-2.1.3-cp38-cp38-musllinux_1_1_i686.whl", hash = "sha256:504b320cd4b7eff6f968eddf81127112db685e81f7e36e75f9f84f0df46041c3"},
|
||||
{file = "MarkupSafe-2.1.3-cp38-cp38-musllinux_1_1_x86_64.whl", hash = "sha256:42de32b22b6b804f42c5d98be4f7e5e977ecdd9ee9b660fda1a3edf03b11792d"},
|
||||
{file = "MarkupSafe-2.1.3-cp38-cp38-win32.whl", hash = "sha256:ceb01949af7121f9fc39f7d27f91be8546f3fb112c608bc4029aef0bab86a2a5"},
|
||||
{file = "MarkupSafe-2.1.3-cp38-cp38-win_amd64.whl", hash = "sha256:1b40069d487e7edb2676d3fbdb2b0829ffa2cd63a2ec26c4938b2d34391b4ecc"},
|
||||
{file = "MarkupSafe-2.1.3-cp39-cp39-macosx_10_9_universal2.whl", hash = "sha256:8023faf4e01efadfa183e863fefde0046de576c6f14659e8782065bcece22198"},
|
||||
{file = "MarkupSafe-2.1.3-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:6b2b56950d93e41f33b4223ead100ea0fe11f8e6ee5f641eb753ce4b77a7042b"},
|
||||
{file = "MarkupSafe-2.1.3-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:9dcdfd0eaf283af041973bff14a2e143b8bd64e069f4c383416ecd79a81aab58"},
|
||||
{file = "MarkupSafe-2.1.3-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:05fb21170423db021895e1ea1e1f3ab3adb85d1c2333cbc2310f2a26bc77272e"},
|
||||
{file = "MarkupSafe-2.1.3-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:282c2cb35b5b673bbcadb33a585408104df04f14b2d9b01d4c345a3b92861c2c"},
|
||||
{file = "MarkupSafe-2.1.3-cp39-cp39-musllinux_1_1_aarch64.whl", hash = "sha256:ab4a0df41e7c16a1392727727e7998a467472d0ad65f3ad5e6e765015df08636"},
|
||||
{file = "MarkupSafe-2.1.3-cp39-cp39-musllinux_1_1_i686.whl", hash = "sha256:7ef3cb2ebbf91e330e3bb937efada0edd9003683db6b57bb108c4001f37a02ea"},
|
||||
{file = "MarkupSafe-2.1.3-cp39-cp39-musllinux_1_1_x86_64.whl", hash = "sha256:0a4e4a1aff6c7ac4cd55792abf96c915634c2b97e3cc1c7129578aa68ebd754e"},
|
||||
{file = "MarkupSafe-2.1.3-cp39-cp39-win32.whl", hash = "sha256:fec21693218efe39aa7f8599346e90c705afa52c5b31ae019b2e57e8f6542bb2"},
|
||||
{file = "MarkupSafe-2.1.3-cp39-cp39-win_amd64.whl", hash = "sha256:3fd4abcb888d15a94f32b75d8fd18ee162ca0c064f35b11134be77050296d6ba"},
|
||||
{file = "MarkupSafe-2.1.3.tar.gz", hash = "sha256:af598ed32d6ae86f1b747b82783958b1a4ab8f617b06fe68795c7f026abbdcad"},
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "maxminddb"
|
||||
version = "2.4.0"
|
||||
|
@ -2363,13 +2439,13 @@ files = [
|
|||
|
||||
[[package]]
|
||||
name = "paramiko"
|
||||
version = "3.2.0"
|
||||
version = "3.3.1"
|
||||
description = "SSH2 protocol library"
|
||||
optional = false
|
||||
python-versions = ">=3.6"
|
||||
files = [
|
||||
{file = "paramiko-3.2.0-py3-none-any.whl", hash = "sha256:df0f9dd8903bc50f2e10580af687f3015bf592a377cd438d2ec9546467a14eb8"},
|
||||
{file = "paramiko-3.2.0.tar.gz", hash = "sha256:93cdce625a8a1dc12204439d45033f3261bdb2c201648cfcdc06f9fd0f94ec29"},
|
||||
{file = "paramiko-3.3.1-py3-none-any.whl", hash = "sha256:b7bc5340a43de4287bbe22fe6de728aa2c22468b2a849615498dd944c2f275eb"},
|
||||
{file = "paramiko-3.3.1.tar.gz", hash = "sha256:6a3777a961ac86dbef375c5f5b8d50014a1a96d0fd7f054a43bc880134b0ff77"},
|
||||
]
|
||||
|
||||
[package.dependencies]
|
||||
|
@ -2404,6 +2480,25 @@ files = [
|
|||
{file = "pbr-5.11.1.tar.gz", hash = "sha256:aefc51675b0b533d56bb5fd1c8c6c0522fe31896679882e1c4c63d5e4a0fccb3"},
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "pdoc"
|
||||
version = "14.0.0"
|
||||
description = "API Documentation for Python Projects"
|
||||
optional = false
|
||||
python-versions = ">=3.8"
|
||||
files = [
|
||||
{file = "pdoc-14.0.0-py3-none-any.whl", hash = "sha256:4514041ff5da33f1adbc700002a661600fc13a9adadef317bc6ae8be9e61154b"},
|
||||
{file = "pdoc-14.0.0.tar.gz", hash = "sha256:ad6c16c949e5dd8b30effc5398aedb5779ffe8ab94be91ce2cddc320e8127900"},
|
||||
]
|
||||
|
||||
[package.dependencies]
|
||||
Jinja2 = ">=2.11.0"
|
||||
MarkupSafe = "*"
|
||||
pygments = ">=2.12.0"
|
||||
|
||||
[package.extras]
|
||||
dev = ["black", "hypothesis", "mypy", "pygments (>=2.14.0)", "pytest", "pytest-cov", "pytest-timeout", "ruff", "tox", "types-pygments"]
|
||||
|
||||
[[package]]
|
||||
name = "platformdirs"
|
||||
version = "3.8.0"
|
||||
|
@ -4211,4 +4306,4 @@ files = [
|
|||
[metadata]
|
||||
lock-version = "2.0"
|
||||
python-versions = "^3.11"
|
||||
content-hash = "ab00edcd235c1c92dad9a91ace11d50df4564297193683cca7aa2b207ca27be6"
|
||||
content-hash = "79778342afa2970f75dec18fc3916c7569426bf7735ff554bf2e55e057931132"
|
||||
|
|
|
@ -184,6 +184,7 @@ debugpy = "*"
|
|||
django-silk = "*"
|
||||
drf-jsonschema-serializer = "*"
|
||||
importlib-metadata = "*"
|
||||
pdoc = "*"
|
||||
pylint = "*"
|
||||
pylint-django = "*"
|
||||
pyrad = "*"
|
||||
|
|
61
website/docs/core/architecture.md
Normal file
61
website/docs/core/architecture.md
Normal file
|
@ -0,0 +1,61 @@
|
|||
---
|
||||
title: Architecture
|
||||
---
|
||||
|
||||
authentik consists of a handful of components, most of which are required for a functioning setup.
|
||||
|
||||
```mermaid
|
||||
graph LR
|
||||
user(User) --> ak_server(authentik Server)
|
||||
ak_server --> ak_server_core(authentik Server Core)
|
||||
ak_server --> ak_outpost(Embedded outpost)
|
||||
ak_server_core --> db(PostgreSQL)
|
||||
ak_server_core --> cache(Redis)
|
||||
ak_worker(Background Worker) --> db(PostgreSQL)
|
||||
ak_worker(Background Worker) --> cache(Redis)
|
||||
```
|
||||
|
||||
### Server
|
||||
|
||||
The server container consists of two sub-components, the actual server itself and the embedded outpost. Incoming requests to the server container(s) are routed by a lightweight router to either the _Core_ server or the embedded outpost. This router also handles requests for any static assets such as JavaScript and CSS files.
|
||||
|
||||
#### Core
|
||||
|
||||
The core sub-component handles most of authentik's logic, such as API requests, flow executions, any kind of SSO requests, etc.
|
||||
|
||||
#### Embedded outpost
|
||||
|
||||
Similar to [other outposts](../outposts/index.mdx), this outposts allows using [Proxy providers](../providers/proxy/index.md) without deploying a separate outpost.
|
||||
|
||||
#### Persistence
|
||||
|
||||
- `/media` is used to store icons and such, but not required, and if not mounted, authentik will allow you to set a URL to icons in place of a file upload
|
||||
|
||||
### Background Worker
|
||||
|
||||
This container executes background tasks, such as sending emails, the event notification system, and everything you can see on the _System Tasks_ page in the frontend.
|
||||
|
||||
#### Persistence
|
||||
|
||||
- `/certs` is used for authentik to import external certs, which in most cases shouldn't be used for SAML, but rather if you use authentik without a reverse proxy, this can be used for example for the [Let's Encrypt integration](../core/certificates.md#lets-encrypt)
|
||||
- `/templates` is used for [custom email templates](../flow/stages/email/index.mdx#custom-templates), and as with the other ones fully optional
|
||||
|
||||
### PostgreSQL
|
||||
|
||||
authentik uses PostgreSQL to store all of its configuration and other data (excluding uploaded files).
|
||||
|
||||
#### Persistence
|
||||
|
||||
- `/var/lib/postgresql/data` is used to store the PostgreSQL database
|
||||
|
||||
On Kubernetes, with the default Helm chart and using the packaged PostgreSQL sub-chart, persistent data is stored in a PVC.
|
||||
|
||||
### Redis
|
||||
|
||||
authentik uses Redis as a message-queue and a cache. Data in Redis is not required to be persistent, however you should be aware that restarting Redis will cause the loss of all sessions.
|
||||
|
||||
#### Persistence
|
||||
|
||||
- `/data` is used to store the Redis data
|
||||
|
||||
On Kubernetes, with the default Helm chart and using the packaged Redis sub-chart, persistent data is stored in a PVC.
|
|
@ -71,6 +71,13 @@ See [Configuration](../installation/configuration) to change the internal ports.
|
|||
|
||||
## Startup
|
||||
|
||||
:::warning
|
||||
The server assumes to have local timezone as UTC.
|
||||
All internals are handled in UTC; whenever a time is displayed to the user in UI, the time shown is localized.
|
||||
Do not update or mount `/etc/timezone` or `/etc/localtime` in the authentik containers.
|
||||
This will not give any advantages. It will cause problems with OAuth and SAML authentication, e.g. [see this GitHub issue](https://github.com/goauthentik/authentik/issues/3005).
|
||||
:::
|
||||
|
||||
Afterwards, run these commands to finish:
|
||||
|
||||
```shell
|
||||
|
@ -85,28 +92,3 @@ By default, authentik is reachable (by default) on port 9000 (HTTP) and port 944
|
|||
To start the initial setup, navigate to `https://<your server's IP or hostname>:9000/if/flow/initial-setup/`.
|
||||
|
||||
There you are prompted to set a password for the akadmin user (the default user).
|
||||
|
||||
## Explanation
|
||||
|
||||
:::warning
|
||||
The server assumes to have local timezone as UTC.
|
||||
All internals are handled in UTC; whenever a time is displayed to the user in UI it gets localized.
|
||||
Do not update or mount `/etc/timezone` or `/etc/localtime` in the authentik containers.
|
||||
This will not give any advantages.
|
||||
On the contrary, it will cause problems with OAuth and SAML authentication,
|
||||
e.g. [see this GitHub issue](https://github.com/goauthentik/authentik/issues/3005).
|
||||
:::
|
||||
|
||||
The Docker-Compose project contains the following containers:
|
||||
|
||||
- server
|
||||
|
||||
This is the backend service, which does all the logic, plus runs the API and the SSO functionality. It also runs the frontend, hosts the JS/CSS files, and serves the files you've uploaded for icons/etc.
|
||||
|
||||
- worker
|
||||
|
||||
This container executes background tasks, everything you can see on the _System Tasks_ page in the frontend.
|
||||
|
||||
- redis (for cache)
|
||||
|
||||
- postgresql (default database)
|
||||
|
|
|
@ -6,11 +6,9 @@ title: Service Name
|
|||
|
||||
## What is Service Name
|
||||
|
||||
From https://service.name
|
||||
|
||||
:::note
|
||||
Insert a quick overview of what Service Name is and what it does
|
||||
:::
|
||||
> Insert a quick overview of what Service Name is and what it does
|
||||
>
|
||||
> -- https://service.name
|
||||
|
||||
## Preparation
|
||||
|
||||
|
|
|
@ -6,11 +6,9 @@ title: Apache Guacamole™
|
|||
|
||||
## What is Apache Guacamole™
|
||||
|
||||
From https://guacamole.apache.org/
|
||||
|
||||
:::note
|
||||
Apache Guacamole is a clientless remote desktop gateway. It supports standard protocols like VNC, RDP, and SSH.
|
||||
:::
|
||||
> Apache Guacamole is a clientless remote desktop gateway. It supports standard protocols like VNC, RDP, and SSH.
|
||||
>
|
||||
> -- https://guacamole.apache.org/
|
||||
|
||||
## Preparation
|
||||
|
||||
|
|
|
@ -6,11 +6,9 @@ title: ArgoCD
|
|||
|
||||
## What is ArgoCD
|
||||
|
||||
From https://argoproj.github.io/cd/
|
||||
|
||||
:::note
|
||||
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes.
|
||||
:::
|
||||
> Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes.
|
||||
>
|
||||
> -- https://argoproj.github.io/cd/
|
||||
|
||||
## Preparation
|
||||
|
||||
|
|
|
@ -6,9 +6,9 @@ title: Amazon Web Services
|
|||
|
||||
## What is AWS
|
||||
|
||||
:::note
|
||||
Amazon Web Services (AWS) is the world’s most comprehensive and broadly adopted cloud platform, offering over 175 fully featured services from data centers globally. Millions of customers—including the fastest-growing startups, largest enterprises, and leading government agencies—are using AWS to lower costs, become more agile, and innovate faster.
|
||||
:::
|
||||
> Amazon Web Services (AWS) is the world’s most comprehensive and broadly adopted cloud, with more than 200 fully featured services available from data centers globally. Millions of customers—including the fastest-growing startups, largest enterprises, and leading government agencies—are using AWS to lower costs, increase security, become more agile, and innovate faster.
|
||||
>
|
||||
> -- https://www.aboutamazon.com/what-we-do/amazon-web-
|
||||
|
||||
## Select your method
|
||||
|
||||
|
|
|
@ -1,28 +1,28 @@
|
|||
---
|
||||
title: Ansible Tower / AWX
|
||||
title: Red Hat Ansible Automation Platform / AWX
|
||||
---
|
||||
|
||||
<span class="badge badge--secondary"></span>
|
||||
|
||||
## What is Tower
|
||||
|
||||
From https://docs.ansible.com/ansible/2.5/reference_appendices/tower.html
|
||||
From
|
||||
|
||||
> Red Hat Ansible Automation Platform (RHAAP) (formerly ‘AWX’) is a web-based solution that makes Ansible even more easy to use for IT teams of all kinds. It’s designed to be the hub for all of your automation tasks.
|
||||
>
|
||||
> Tower allows you to control access to who can access what, even allowing sharing of SSH credentials without someone being able to transfer those credentials. Inventory can be graphically managed or synced with a wide variety of cloud sources. It logs all of your jobs, integrates well with LDAP, and has an amazing browsable REST API. Command line tools are available for easy integration with Jenkins as well. Provisioning callbacks provide great support for autoscaling topologies.
|
||||
>
|
||||
> -- https://docs.ansible.com/ansible/latest/reference_appendices/tower.html
|
||||
|
||||
:::note
|
||||
Ansible Tower (formerly ‘AWX’) is a web-based solution that makes Ansible even more easy to use for IT teams of all kinds. It’s designed to be the hub for all of your automation tasks.
|
||||
|
||||
Tower allows you to control access to who can access what, even allowing sharing of SSH credentials without someone being able to transfer those credentials. Inventory can be graphically managed or synced with a wide variety of cloud sources. It logs all of your jobs, integrates well with LDAP, and has an amazing browsable REST API. Command line tools are available for easy integration with Jenkins as well. Provisioning callbacks provide great support for autoscaling topologies.
|
||||
:::
|
||||
|
||||
:::note
|
||||
AWX is the open-source version of Tower. The term "AWX" will be used interchangeably throughout this document.
|
||||
AWX is the open-source version of RHAAP. The term "AWX" will be used interchangeably throughout this document.
|
||||
:::
|
||||
|
||||
## Preparation
|
||||
|
||||
The following placeholders will be used:
|
||||
|
||||
- `awx.company` is the FQDN of the AWX/Tower install.
|
||||
- `awx.company` is the FQDN of the AWX/RHAAP install.
|
||||
- `authentik.company` is the FQDN of the authentik install.
|
||||
|
||||
Create an application in authentik and note the slug, as this will be used later. Create a SAML provider with the following parameters:
|
||||
|
|
|
@ -6,11 +6,9 @@ title: Bookstack
|
|||
|
||||
## What is Bookstack
|
||||
|
||||
From https://en.wikipedia.org/wiki/BookStack
|
||||
|
||||
:::note
|
||||
BookStack is a free and open-source wiki software aimed for a simple, self-hosted, and easy-to-use platform. Based on Laravel, a PHP framework, BookStack is released under the MIT License. It uses the ideas of books to organise pages and store information. BookStack is multilingual and available in over thirty languages. For the simplicity, BookStack is considered as suitable for smaller businesses or freelancers.
|
||||
:::
|
||||
> BookStack is a free and open-source wiki software aimed for a simple, self-hosted, and easy-to-use platform. Based on Laravel, a PHP framework, BookStack is released under the MIT License. It uses the ideas of books to organise pages and store information. BookStack is multilingual and available in over thirty languages. For the simplicity, BookStack is considered as suitable for smaller businesses or freelancers.
|
||||
>
|
||||
> -- https://en.wikipedia.org/wiki/BookStack
|
||||
|
||||
:::note
|
||||
This is based on authentik 2021.7.2 and BookStack V21.05.3. Instructions may differ between versions.
|
||||
|
|
|
@ -6,11 +6,9 @@ title: Budibase
|
|||
|
||||
## What is Budibase
|
||||
|
||||
From https://github.com/Budibase/budibase
|
||||
|
||||
:::note
|
||||
Budibase is an open source low-code platform, and the easiest way to build internal tools that improve productivity.
|
||||
:::
|
||||
> Budibase is an open source low-code platform, and the easiest way to build internal tools that improve productivity.
|
||||
>
|
||||
> -- https://github.com/Budibase/budibase
|
||||
|
||||
## Preparation
|
||||
|
||||
|
|
|
@ -8,9 +8,7 @@ title: DokuWiki
|
|||
|
||||
From https://en.wikipedia.org/wiki/DokuWiki
|
||||
|
||||
:::note
|
||||
DokuWiki is a wiki application licensed under GPLv2 and written in the PHP programming language. It works on plain text files and thus does not need a database. Its syntax is similar to the one used by MediaWiki. It is often recommended as a more lightweight, easier to customize alternative to MediaWiki.
|
||||
:::
|
||||
> DokuWiki is a wiki application licensed under GPLv2 and written in the PHP programming language. It works on plain text files and thus does not need a database. Its syntax is similar to the one used by MediaWiki. It is often recommended as a more lightweight, easier to customize alternative to MediaWiki.
|
||||
|
||||
## Preparation
|
||||
|
||||
|
|
|
@ -6,12 +6,10 @@ title: Firezone
|
|||
|
||||
## What is Firezone
|
||||
|
||||
From https://www.firezone.dev
|
||||
|
||||
:::note
|
||||
Firezone is an open-source remote access platform built on WireGuard?, a modern VPN protocol that's 4-6x faster than OpenVPN.
|
||||
Deploy on your infrastructure and start onboarding users in minutes.
|
||||
:::
|
||||
> Firezone is an open-source remote access platform built on WireGuard?, a modern VPN protocol that's 4-6x faster than OpenVPN.
|
||||
> Deploy on your infrastructure and start onboarding users in minutes.
|
||||
>
|
||||
> -- https://www.firezone.dev
|
||||
|
||||
## Preparation
|
||||
|
||||
|
|
|
@ -6,13 +6,11 @@ title: FortiManager
|
|||
|
||||
## What is FortiManager
|
||||
|
||||
From https://www.fortinet.com/products/management/fortimanager
|
||||
|
||||
:::note
|
||||
FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
|
||||
|
||||
FortiManager is a paid enterprise product.
|
||||
:::
|
||||
> FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
|
||||
>
|
||||
> FortiManager is a paid enterprise product.
|
||||
>
|
||||
> -- https://www.fortinet.com/products/management/fortimanager
|
||||
|
||||
## Preparation
|
||||
|
||||
|
|
|
@ -6,11 +6,9 @@ title: Gitea
|
|||
|
||||
## What is Gitea
|
||||
|
||||
From https://gitea.io/
|
||||
|
||||
:::note
|
||||
Gitea is a community managed lightweight code hosting solution written in Go. It is published under the MIT license.
|
||||
:::
|
||||
> Gitea is a community managed lightweight code hosting solution written in Go. It is published under the MIT license.
|
||||
>
|
||||
> -- https://gitea.io/
|
||||
|
||||
:::note
|
||||
This is based on authentik 2022.10.1 and Gitea 1.17.3 installed using the official docker image [https://docs.gitea.io/en-us/install-with-docker/](https://docs.gitea.io/en-us/install-with-docker/). Instructions may differ between versions.
|
||||
|
|
|
@ -6,11 +6,9 @@ title: GitHub Enterprise Cloud
|
|||
|
||||
## What is GitHub Enterprise Cloud
|
||||
|
||||
From https://docs.github.com/en/enterprise-cloud@latest/admin/overview/about-github-for-enterprises
|
||||
|
||||
:::note
|
||||
GitHub is a complete developer platform to build, scale, and deliver secure software. Businesses use our suite of products to support the entire software development lifecycle, increasing development velocity and improving code quality.
|
||||
:::
|
||||
> GitHub is a complete developer platform to build, scale, and deliver secure software. Businesses use our suite of products to support the entire software development lifecycle, increasing development velocity and improving code quality.
|
||||
>
|
||||
> -- https://docs.github.com/en/enterprise-cloud@latest/admin/overview/about-github-for-enterprises
|
||||
|
||||
:::note
|
||||
GitHub Enterprise Cloud EMU (Enterprise Managed Users) are not compatible with authentik. GitHub currently only permits SAML/OIDC for EMU organizations with Okta and/or Azure AD.
|
||||
|
|
|
@ -6,11 +6,9 @@ title: GitHub Enterprise Server
|
|||
|
||||
## What is GitHub Enterprise Server
|
||||
|
||||
From https://docs.github.com/en/enterprise-server@3.5/admin/overview/about-github-enterprise-server
|
||||
|
||||
:::note
|
||||
GitHub Enterprise Server is a self-hosted platform for software development within your enterprise. Your team can use GitHub Enterprise Server to build and ship software using Git version control, powerful APIs, productivity and collaboration tools, and integrations. Developers familiar with GitHub.com can onboard and contribute seamlessly using familiar features and workflows.
|
||||
:::
|
||||
> GitHub Enterprise Server is a self-hosted platform for software development within your enterprise. Your team can use GitHub Enterprise Server to build and ship software using Git version control, powerful APIs, productivity and collaboration tools, and integrations. Developers familiar with GitHub.com can onboard and contribute seamlessly using familiar features and workflows.
|
||||
>
|
||||
> -- https://docs.github.com/en/enterprise-server@3.5/admin/overview/about-github-enterprise-server
|
||||
|
||||
## Preparation
|
||||
|
||||
|
|
|
@ -6,11 +6,9 @@ title: GitHub Organization
|
|||
|
||||
## What is GitHub Organizations
|
||||
|
||||
From https://docs.github.com/en/organizations/collaborating-with-groups-in-organizations/about-organizations
|
||||
|
||||
:::note
|
||||
Organizations are shared accounts where businesses and open-source projects can collaborate across many projects at once, with sophisticated security and administrative features.
|
||||
:::
|
||||
> Organizations are shared accounts where businesses and open-source projects can collaborate across many projects at once, with sophisticated security and administrative features.
|
||||
>
|
||||
> -- https://docs.github.com/en/organizations/collaborating-with-groups-in-organizations/about-organizations
|
||||
|
||||
## Preparation
|
||||
|
||||
|
|
|
@ -6,11 +6,9 @@ title: GitLab
|
|||
|
||||
## What is GitLab
|
||||
|
||||
From https://about.gitlab.com/what-is-gitlab/
|
||||
|
||||
:::note
|
||||
GitLab is a complete DevOps platform, delivered as a single application. This makes GitLab unique and makes Concurrent DevOps possible, unlocking your organization from the constraints of a pieced together toolchain. Join us for a live Q&A to learn how GitLab can give you unmatched visibility and higher levels of efficiency in a single application across the DevOps lifecycle.
|
||||
:::
|
||||
> GitLab is a complete DevOps platform, delivered as a single application. This makes GitLab unique and makes Concurrent DevOps possible, unlocking your organization from the constraints of a pieced together toolchain. Join us for a live Q&A to learn how GitLab can give you unmatched visibility and higher levels of efficiency in a single application across the DevOps lifecycle.
|
||||
>
|
||||
> -- https://about.gitlab.com/what-is-gitlab/
|
||||
|
||||
## Preparation
|
||||
|
||||
|
|
|
@ -6,11 +6,9 @@ title: Google Workspace
|
|||
|
||||
## What is Google Workspace
|
||||
|
||||
From https://en.wikipedia.org/wiki/Google_Workspace
|
||||
|
||||
:::note
|
||||
Google Workspace is a collection of cloud computing, productivity and collaboration tools, software and products developed and marketed by Google.
|
||||
:::
|
||||
> Google Workspace is a collection of cloud computing, productivity and collaboration tools, software and products developed and marketed by Google.
|
||||
>
|
||||
> -- https://en.wikipedia.org/wiki/Google_Workspace
|
||||
|
||||
## Preparation
|
||||
|
||||
|
|
|
@ -6,11 +6,9 @@ title: Grafana
|
|||
|
||||
## What is Grafana
|
||||
|
||||
From https://en.wikipedia.org/wiki/Grafana
|
||||
|
||||
:::note
|
||||
Grafana is a multi-platform open source analytics and interactive visualization web application. It provides charts, graphs, and alerts for the web when connected to supported data sources, Grafana Enterprise version with additional capabilities is also available. It is expandable through a plug-in system.
|
||||
:::
|
||||
> Grafana is a multi-platform open source analytics and interactive visualization web application. It provides charts, graphs, and alerts for the web when connected to supported data sources, Grafana Enterprise version with additional capabilities is also available. It is expandable through a plug-in system.
|
||||
>
|
||||
> -- https://en.wikipedia.org/wiki/Grafana
|
||||
|
||||
## Preparation
|
||||
|
||||
|
|
|
@ -6,13 +6,11 @@ title: Gravitee
|
|||
|
||||
## What is Gravitee
|
||||
|
||||
From https://github.com/gravitee-io/gravitee-api-management
|
||||
|
||||
:::note
|
||||
Gravitee.io API Management is a flexible, lightweight and blazing-fast Open Source solution that helps your organization control who, when and how users access your APIs.
|
||||
:::
|
||||
|
||||
It offers an easy to use GUI to setup proxies for APIs, rate limiting, api keys, caching, OAUTH rules, a portal that can be opened to the public for people to subscribe to APIs, and much more.
|
||||
> Gravitee.io API Management is a flexible, lightweight and blazing-fast Open Source solution that helps your organization control who, when and how users access your APIs.
|
||||
>
|
||||
> It offers an easy to use GUI to setup proxies for APIs, rate limiting, api keys, caching, OAUTH rules, a portal that can be opened to the public for people to subscribe to APIs, and much more.
|
||||
>
|
||||
> -- https://github.com/gravitee-io/gravitee-api-management
|
||||
|
||||
## Preparation
|
||||
|
||||
|
|
|
@ -6,11 +6,9 @@ title: Harbor
|
|||
|
||||
## What is Harbor
|
||||
|
||||
From https://goharbor.io
|
||||
|
||||
:::note
|
||||
Harbor is an open source container image registry that secures images with role-based access control, scans images for vulnerabilities, and signs images as trusted. A CNCF Graduated project, Harbor delivers compliance, performance, and interoperability to help you consistently and securely manage images across cloud native compute platforms like Kubernetes and Docker.
|
||||
:::
|
||||
> Harbor is an open source container image registry that secures images with role-based access control, scans images for vulnerabilities, and signs images as trusted. A CNCF Graduated project, Harbor delivers compliance, performance, and interoperability to help you consistently and securely manage images across cloud native compute platforms like Kubernetes and Docker.
|
||||
>
|
||||
> -- https://goharbor.io
|
||||
|
||||
## Preparation
|
||||
|
||||
|
|
|
@ -6,11 +6,9 @@ title: HashiCorp Cloud Platform
|
|||
|
||||
## What is HashiCorp Cloud
|
||||
|
||||
From https://cloud.hashicorp.com/
|
||||
|
||||
:::note
|
||||
HashiCorp Cloud Platform is a fully managed platform for Terraform, Vault, Consul, and more.
|
||||
:::
|
||||
> HashiCorp Cloud Platform is a fully managed platform for Terraform, Vault, Consul, and more.
|
||||
>
|
||||
> -- https://cloud.hashicorp.com/
|
||||
|
||||
## Preparation
|
||||
|
||||
|
|
|
@ -6,11 +6,9 @@ title: Hashicorp Vault
|
|||
|
||||
## What is Vault
|
||||
|
||||
From https://vaultproject.io
|
||||
|
||||
:::note
|
||||
Secure, store and tightly control access to tokens, passwords, certificates, encryption keys for protecting secrets and other sensitive data using a UI, CLI, or HTTP API.
|
||||
:::
|
||||
> Secure, store and tightly control access to tokens, passwords, certificates, encryption keys for protecting secrets and other sensitive data using a UI, CLI, or HTTP API.
|
||||
>
|
||||
> -- https://vaultproject.io
|
||||
|
||||
:::note
|
||||
This is based on authentik 2022.2.1 and Vault 1.9.3. Instructions may differ between versions. This guide does not cover vault policies. See https://learn.hashicorp.com/tutorials/vault/oidc-auth?in=vault/auth-methods for a more in depth vault guide
|
||||
|
|
|
@ -6,11 +6,9 @@ title: HedgeDoc
|
|||
|
||||
## What is HedgeDoc
|
||||
|
||||
From https://github.com/hedgedoc/hedgedoc
|
||||
|
||||
:::note
|
||||
HedgeDoc lets you create real-time collaborative markdown notes.
|
||||
:::
|
||||
> HedgeDoc lets you create real-time collaborative markdown notes.
|
||||
>
|
||||
> -- https://github.com/hedgedoc/hedgedoc
|
||||
|
||||
## Preparation
|
||||
|
||||
|
|
|
@ -6,11 +6,9 @@ title: Home-Assistant
|
|||
|
||||
## What is Home-Assistant
|
||||
|
||||
From https://www.home-assistant.io/
|
||||
|
||||
:::note
|
||||
Open source home automation that puts local control and privacy first. Powered by a worldwide community of tinkerers and DIY enthusiasts. Perfect to run on a Raspberry Pi or a local server.
|
||||
:::
|
||||
> Open source home automation that puts local control and privacy first. Powered by a worldwide community of tinkerers and DIY enthusiasts. Perfect to run on a Raspberry Pi or a local server.
|
||||
>
|
||||
> -- https://www.home-assistant.io/
|
||||
|
||||
:::caution
|
||||
You might run into CSRF errors, this is caused by a technology Home-assistant uses and not authentik, see [this GitHub issue](https://github.com/goauthentik/authentik/issues/884#issuecomment-851542477).
|
||||
|
|
|
@ -6,11 +6,9 @@ title: Jellyfin
|
|||
|
||||
## What is Jellyfin
|
||||
|
||||
From https://jellyfin.org
|
||||
|
||||
:::note
|
||||
Jellyfin is a free and open source media management and streaming platform for movies, TV shows, and music.
|
||||
:::
|
||||
> Jellyfin is a free and open source media management and streaming platform for movies, TV shows, and music.
|
||||
>
|
||||
> -- https://jellyfin.org
|
||||
|
||||
:::note
|
||||
Jellyfin does not have any native external authentication support as of the writing of this page.
|
||||
|
|
|
@ -6,11 +6,9 @@ title: Kimai
|
|||
|
||||
## What is Kimai
|
||||
|
||||
From https://www.kimai.org/about/
|
||||
|
||||
:::note
|
||||
Kimai is a free & open source timetracker. It tracks work time and prints out a summary of your activities on demand. Yearly, monthly, daily, by customer, by project … Its simplicity is its strength. Due to Kimai's browser based interface it runs cross-platform, even on your mobile device.
|
||||
:::
|
||||
> Kimai is a free & open source timetracker. It tracks work time and prints out a summary of your activities on demand. Yearly, monthly, daily, by customer, by project … Its simplicity is its strength. Due to Kimai's browser based interface it runs cross-platform, even on your mobile device.
|
||||
>
|
||||
> -- https://www.kimai.org/about/
|
||||
|
||||
## Preparation
|
||||
|
||||
|
|
|
@ -6,10 +6,9 @@ title: Mastodon
|
|||
|
||||
## What is Mastodon
|
||||
|
||||
From https://joinmastodon.org/
|
||||
:::note
|
||||
Mastodon is free and open-source software for running self-hosted social networking services. It has microblogging features similar to Twitter
|
||||
:::
|
||||
> Mastodon is free and open-source software for running self-hosted social networking services. It has microblogging features similar to Twitter
|
||||
>
|
||||
> -- https://joinmastodon.org/
|
||||
|
||||
## Preparation
|
||||
|
||||
|
|
|
@ -6,12 +6,9 @@ title: Matrix Synapse
|
|||
|
||||
## What is Matrix Synapse
|
||||
|
||||
From https://matrix.org/
|
||||
|
||||
:::note
|
||||
Matrix is an open source project that publishes the Matrix open standard for secure, decentralised, real-time communication, and its Apache licensed
|
||||
reference implementations.
|
||||
:::
|
||||
> Matrix is an open source project that publishes the Matrix open standard for secure, decentralised, real-time communication, and its Apache licensed reference implementations.
|
||||
>
|
||||
> -- https://matrix.org/
|
||||
|
||||
## Preparation
|
||||
|
||||
|
|
|
@ -6,11 +6,9 @@ title: MinIO
|
|||
|
||||
## What is MinIO
|
||||
|
||||
From https://en.wikipedia.org/wiki/MinIO
|
||||
|
||||
:::note
|
||||
MinIO is an Amazon S3 compatible object storage suite capable of handling structured and unstructured data including log files, artifacts, backups, container images, photos and videos. The current maximum supported object size is 5TB.
|
||||
:::
|
||||
> MinIO is an Amazon S3 compatible object storage suite capable of handling structured and unstructured data including log files, artifacts, backups, container images, photos and videos. The current maximum supported object size is 5TB.
|
||||
>
|
||||
> -- https://en.wikipedia.org/wiki/MinIO
|
||||
|
||||
## Preparation
|
||||
|
||||
|
|
|
@ -6,10 +6,9 @@ title: Mobilizon
|
|||
|
||||
## What is Mobilizon
|
||||
|
||||
From https://joinmobilizon.org/
|
||||
:::note
|
||||
Gather, organize and mobilize yourselves with a convivial, ethical, and emancipating tool. https://joinmobilizon.org
|
||||
:::
|
||||
> Gather, organize and mobilize yourselves with a convivial, ethical, and emancipating tool. https://joinmobilizon.org
|
||||
>
|
||||
> -- https://joinmobilizon.org/
|
||||
|
||||
## Preparation
|
||||
|
||||
|
|
|
@ -6,11 +6,9 @@ title: NetBox
|
|||
|
||||
## What is NetBox
|
||||
|
||||
From https://github.com/netbox-community/netbox
|
||||
|
||||
:::note
|
||||
NetBox is the leading solution for modeling and documenting modern networks.
|
||||
:::
|
||||
> NetBox is the leading solution for modeling and documenting modern networks.
|
||||
>
|
||||
> -- https://github.com/netbox-community/netbox
|
||||
|
||||
## Preparation
|
||||
|
||||
|
|
|
@ -6,11 +6,9 @@ title: Nextcloud
|
|||
|
||||
## What is Nextcloud
|
||||
|
||||
From https://en.wikipedia.org/wiki/Nextcloud
|
||||
|
||||
:::note
|
||||
Nextcloud is a suite of client-server software for creating and using file hosting services. Nextcloud is free and open-source, which means that anyone is allowed to install and operate it on their own private server devices.
|
||||
:::
|
||||
> Nextcloud is a suite of client-server software for creating and using file hosting services. Nextcloud is free and open-source, which means that anyone is allowed to install and operate it on their own private server devices.
|
||||
>
|
||||
> -- https://en.wikipedia.org/wiki/Nextcloud
|
||||
|
||||
:::caution
|
||||
This setup only works, when Nextcloud is running with HTTPS enabled. See [here](https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/reverse_proxy_configuration.html?highlight=overwriteprotocol#overwrite-parameters) on how to configure this.
|
||||
|
|
|
@ -6,13 +6,11 @@ title: Node-RED
|
|||
|
||||
## What is Node-RED
|
||||
|
||||
From https://nodered.org/
|
||||
|
||||
:::note
|
||||
Node-RED is a programming tool for wiring together hardware devices, APIs and online services in new and interesting ways.
|
||||
|
||||
It provides a browser-based editor that makes it easy to wire together flows using the wide range of nodes in the palette that can be deployed to its runtime in a single-click.
|
||||
:::
|
||||
> Node-RED is a programming tool for wiring together hardware devices, APIs and online services in new and interesting ways.
|
||||
>
|
||||
> It provides a browser-based editor that makes it easy to wire together flows using the wide range of nodes in the palette that can be deployed to its runtime in a single-click.
|
||||
>
|
||||
> -- https://nodered.org/
|
||||
|
||||
:::caution
|
||||
This requires modification of the Node-RED settings.js and installing additional Passport-js packages, see [Securing Node-RED](https://nodered.org/docs/user-guide/runtime/securing-node-red#oauthopenid-based-authentication) documentation for further details.
|
||||
|
|
|
@ -6,11 +6,9 @@ title: OnlyOffice
|
|||
|
||||
## What is OnlyOffice
|
||||
|
||||
From https://en.wikipedia.org/wiki/OnlyOffice
|
||||
|
||||
:::note
|
||||
OnlyOffice, stylized as ONLYOFFICE, is a free software office suite developed by Ascensio System SIA, a company headquartered in Riga, Latvia. It features online document editors, platform for document management, corporate communication, mail and project management tools
|
||||
:::
|
||||
> OnlyOffice, stylized as ONLYOFFICE, is a free software office suite developed by Ascensio System SIA, a company headquartered in Riga, Latvia. It features online document editors, platform for document management, corporate communication, mail and project management tools
|
||||
>
|
||||
> -- https://en.wikipedia.org/wiki/OnlyOffice
|
||||
|
||||
:::note
|
||||
This is based on authentik 2021.10.4 and OnlyOffice 11.5.4.1582. Instructions may differ between versions.
|
||||
|
|
|
@ -6,11 +6,9 @@ title: OPNsense
|
|||
|
||||
## What is OPNsense
|
||||
|
||||
From https://opnsense.org/
|
||||
|
||||
:::note
|
||||
OPNsense is a free and Open-Source FreeBSD-based firewall and routing software. It is licensed under an Open Source Initiative approved license.
|
||||
:::
|
||||
> OPNsense is a free and Open-Source FreeBSD-based firewall and routing software. It is licensed under an Open Source Initiative approved license.
|
||||
>
|
||||
> -- https://opnsense.org/
|
||||
|
||||
:::note
|
||||
This is based on authentik 2022.4.1 and OPNsense 22.1.6-amd64 installed using https://docs.opnsense.org/manual/install.html. Instructions may differ between versions.
|
||||
|
|
|
@ -6,11 +6,9 @@ title: Oracle Cloud
|
|||
|
||||
## What is Oracle Cloud
|
||||
|
||||
From https://www.oracle.com/cloud/
|
||||
|
||||
:::note
|
||||
Oracle Cloud is the first public cloud built from the ground up to be a better cloud for every application. By rethinking core engineering and systems design for cloud computing, we created innovations that accelerate migrations, deliver better reliability and performance for all applications, and offer the complete services customers need to build innovative cloud applications.
|
||||
:::
|
||||
> Oracle Cloud is the first public cloud built from the ground up to be a better cloud for every application. By rethinking core engineering and systems design for cloud computing, we created innovations that accelerate migrations, deliver better reliability and performance for all applications, and offer the complete services customers need to build innovative cloud applications.
|
||||
>
|
||||
> -- https://www.oracle.com/cloud/
|
||||
|
||||
## Preparation
|
||||
|
||||
|
|
|
@ -6,11 +6,10 @@ title: organizr
|
|||
|
||||
## What is organizr
|
||||
|
||||
From https://github.com/causefx/Organizr
|
||||
> Organizr allows you to setup "Tabs" that will be loaded all in one webpage.
|
||||
>
|
||||
> -- https://github.com/causefx/Organizr
|
||||
|
||||
:::note
|
||||
Organizr allows you to setup "Tabs" that will be loaded all in one webpage.
|
||||
:::
|
||||
This integration leverages authentik's LDAP for the identity provider to achieve an SSO experience. See [ldap provider generic setup](../../../docs/providers/ldap/generic_setup) for setting up the LDAP provider.
|
||||
|
||||
## Preparation
|
||||
|
@ -52,23 +51,23 @@ Ensure any local usernames/email addresses in organizr do not conflict with user
|
|||
1. Enable Auth Proxy in organizr _system settings_ -> _main_ -> _Auth Proxy_
|
||||
|
||||
Auth Proxy Header Name: `X-authentik-username`
|
||||
Auth Proxy Whitelist: _your network subnet in CIDR notation IE_ `10.0.0.0/8`
|
||||
Auth Proxy Header Name for Email: `X-authentik-email`
|
||||
Logout URL: `/outpost.goauthentik.io/sign_out`
|
||||
![](./organizr6.png)
|
||||
Auth Proxy Whitelist: _your network subnet in CIDR notation IE_ `10.0.0.0/8`
|
||||
Auth Proxy Header Name for Email: `X-authentik-email`
|
||||
Logout URL: `/outpost.goauthentik.io/sign_out`
|
||||
![](./organizr6.png)
|
||||
|
||||
2. Setup Authentication in organizr _system settings_ -> _main_ -> _Authentication_
|
||||
|
||||
Authentication Type: `Organizr DB + Backend`
|
||||
Authentication Backend: `Ldap`
|
||||
Host Address: `<LDAP Outpost IP address:port>`
|
||||
Host Base DN: `dc=ldap,dc=goauthentik,dc=io`
|
||||
Account Prefix: `cn=`
|
||||
Account Suffix: `,ou=users,dc=ldap,dc=goauthentik,dc=io`
|
||||
Bind Username: `cn=ldapservice,ou=users,dc=ldap,dc=goauthentik,dc=io`
|
||||
Bind Password: `<LDAP bind account password>`
|
||||
LDAP Backend Type: `OpenLDAP`
|
||||
![](./organizr7.png)
|
||||
Authentication Backend: `Ldap`
|
||||
Host Address: `<LDAP Outpost IP address:port>`
|
||||
Host Base DN: `dc=ldap,dc=goauthentik,dc=io`
|
||||
Account Prefix: `cn=`
|
||||
Account Suffix: `,ou=users,dc=ldap,dc=goauthentik,dc=io`
|
||||
Bind Username: `cn=ldapservice,ou=users,dc=ldap,dc=goauthentik,dc=io`
|
||||
Bind Password: `<LDAP bind account password>`
|
||||
LDAP Backend Type: `OpenLDAP`
|
||||
![](./organizr7.png)
|
||||
|
||||
:::info
|
||||
Access for authentik users is managed locally within organizr under _User Management_. By default, new users are assigned the `User` group.
|
||||
|
|
|
@ -6,11 +6,9 @@ title: Paperless-ng
|
|||
|
||||
## What is Paperless-ng
|
||||
|
||||
Modified from https://github.com/jonaswinkler/paperless-ng
|
||||
|
||||
:::note
|
||||
Paperless-ng is an application that indexes your scanned documents and allows you to easily search for documents and store metadata alongside your documents. It was a fork from the original Paperless that is no longer maintained.
|
||||
:::
|
||||
> Paperless-ng is an application that indexes your scanned documents and allows you to easily search for documents and store metadata alongside your documents. It was a fork from the original Paperless that is no longer maintained.
|
||||
>
|
||||
> -- https://github.com/jonaswinkler/paperless-ng
|
||||
|
||||
:::caution
|
||||
This setup uses HTTP headers to log you in simply by providing your username as a header. Your authentik username and Paperless username MUST match. If you intend for this to be accessed externally, this requires careful setup of your reverse proxy server to not forward these headers from other sources.
|
||||
|
|
|
@ -6,11 +6,9 @@ title: pfSense
|
|||
|
||||
## What is pfSense
|
||||
|
||||
From https://www.pfsense.org/
|
||||
|
||||
:::note
|
||||
The pfSense project is a free network firewall distribution, based on the FreeBSD operating system with a custom kernel and including third party free software packages for additional functionality.
|
||||
:::
|
||||
> The pfSense project is a free network firewall distribution, based on the FreeBSD operating system with a custom kernel and including third party free software packages for additional functionality.
|
||||
>
|
||||
> -- https://www.pfsense.org/
|
||||
|
||||
:::note
|
||||
This is based on authentik 2022.3.31 and pfSense 2.6.0-amd64
|
||||
|
|
|
@ -6,11 +6,9 @@ title: pgAdmin
|
|||
|
||||
## What is pgAdmin
|
||||
|
||||
From https://www.pgadmin.org/
|
||||
|
||||
:::note
|
||||
pgAdmin is a management tool for PostgreSQL and derivative relational databases such as EnterpriseDB's EDB Advanced Server. It may be run either as a web or desktop application.
|
||||
:::
|
||||
> pgAdmin is a management tool for PostgreSQL and derivative relational databases such as EnterpriseDB's EDB Advanced Server. It may be run either as a web or desktop application.
|
||||
>
|
||||
> -- https://www.pgadmin.org/
|
||||
|
||||
:::note
|
||||
This is based on authentik 2022.3.3 and pgAdmin4 6.19
|
||||
|
|
|
@ -6,11 +6,9 @@ title: phpIPAM
|
|||
|
||||
## What is phpIPAM
|
||||
|
||||
From https://phpipam.net/
|
||||
|
||||
:::note
|
||||
phpipam is an open-source web IP address management application (IPAM). Its goal is to provide light, modern and useful IP address management. It is php-based application with MySQL database backend, using jQuery libraries, ajax and HTML5/CSS3 features.
|
||||
:::
|
||||
> phpipam is an open-source web IP address management application (IPAM). Its goal is to provide light, modern and useful IP address management. It is php-based application with MySQL database backend, using jQuery libraries, ajax and HTML5/CSS3 features.
|
||||
>
|
||||
> -- https://phpipam.net/
|
||||
|
||||
## Preparation
|
||||
|
||||
|
|
|
@ -6,11 +6,9 @@ title: Portainer
|
|||
|
||||
## What is Portainer
|
||||
|
||||
From https://www.portainer.io/
|
||||
|
||||
:::note
|
||||
Portainer is a powerful, GUI-based Container-as-a-Service solution that helps organizations manage and deploy cloud-native applications easily and securely.
|
||||
:::
|
||||
> Portainer is a powerful, GUI-based Container-as-a-Service solution that helps organizations manage and deploy cloud-native applications easily and securely.
|
||||
>
|
||||
> -- https://www.portainer.io/
|
||||
|
||||
:::note
|
||||
This is based on authentik 2021.7.3 and Portainer 2.6.x-CE. Portainer 2.6 supports OAuth without additional licenses, 1.x Series requires a paid license for OAuth.
|
||||
|
|
|
@ -6,11 +6,9 @@ title: PowerDNS-Admin
|
|||
|
||||
## What is PowerDNS-Admin
|
||||
|
||||
From https://github.com/ngoduykhanh/PowerDNS-Admin
|
||||
|
||||
:::note
|
||||
A PowerDNS web interface with advanced features.
|
||||
:::
|
||||
> A PowerDNS web interface with advanced features.
|
||||
>
|
||||
> -- https://github.com/ngoduykhanh/PowerDNS-Admin
|
||||
|
||||
## Preparation
|
||||
|
||||
|
|
|
@ -6,9 +6,9 @@ title: ProFTPD
|
|||
|
||||
## What is ProFTPD
|
||||
|
||||
:::note
|
||||
ProFTPD is a high-performance, open-source FTP server software designed for Unix and Linux systems. It supports various features, including IPv6, SSL/TLS encryption, virtual hosting, advanced logging, and supports various authentication methods, including LDAP and MySQL.
|
||||
:::
|
||||
> ProFTPD is a high-performance, extremely configurable, and most of all a secure FTP server, featuring Apache-like configuration and blazing performance.
|
||||
>
|
||||
> -- From http://www.proftpd.org
|
||||
|
||||
This integration leverages authentik's LDAP for the identity provider to achieve an SSO experience. See [ldap provider generic setup](../../../docs/providers/ldap/generic_setup) for setting up the LDAP provider.
|
||||
|
||||
|
|
|
@ -6,11 +6,9 @@ title: Proxmox VE
|
|||
|
||||
## What is Proxmox VE
|
||||
|
||||
From https://pve.proxmox.com/wiki/Main_Page
|
||||
|
||||
:::note
|
||||
Proxmox Virtual Environment is an open source server virtualization management solution based on QEMU/KVM and LXC. You can manage virtual machines, containers, highly available clusters, storage and networks with an integrated, easy-to-use web interface or via CLI. Proxmox VE code is licensed under the GNU Affero General Public License, version 3. The project is developed and maintained by Proxmox Server Solutions GmbH.
|
||||
:::
|
||||
> Proxmox Virtual Environment is an open source server virtualization management solution based on QEMU/KVM and LXC. You can manage virtual machines, containers, highly available clusters, storage and networks with an integrated, easy-to-use web interface or via CLI. Proxmox VE code is licensed under the GNU Affero General Public License, version 3. The project is developed and maintained by Proxmox Server Solutions GmbH.
|
||||
>
|
||||
> -- https://pve.proxmox.com/wiki/Main_Page
|
||||
|
||||
:::caution
|
||||
This requires Proxmox VE 7.0 or newer.
|
||||
|
|
|
@ -4,14 +4,11 @@ title: QNAP NAS
|
|||
|
||||
## What is QNAP NAS
|
||||
|
||||
From <https://en.wikipedia.org/wiki/QNAP_Systems>
|
||||
> QNAP Systems, Inc. is a Taiwanese corporation that specializes in network-attached storage appliances used for file sharing, virtualization, storage management and surveillance applications.
|
||||
>
|
||||
> -- https://en.wikipedia.org/wiki/QNAP_Systems
|
||||
|
||||
:::note
|
||||
QNAP Systems, Inc. is a Taiwanese corporation that specializes in network-attached storage appliances used for file sharing, virtualization, storage management and surveillance applications.
|
||||
:::
|
||||
|
||||
Connecting a QNAP NAS to an LDAP Directory is a little bit special
|
||||
as it is **not** (well) documented what really is done behind the scenes of QNAP.
|
||||
Connecting a QNAP NAS to an LDAP Directory is a little bit special as it is **not** (well) documented what really is done behind the scenes of QNAP.
|
||||
|
||||
## Preparation
|
||||
|
||||
|
|
|
@ -6,12 +6,10 @@ title: Rancher
|
|||
|
||||
## What is Rancher
|
||||
|
||||
From https://rancher.com/products/rancher
|
||||
|
||||
:::note
|
||||
An enterprise platform for managing Kubernetes Everywhere
|
||||
Rancher is a platform built to address the needs of the DevOps teams deploying applications with Kubernetes, and the IT staff responsible for delivering an enterprise-critical service.
|
||||
:::
|
||||
> An enterprise platform for managing Kubernetes Everywhere
|
||||
> Rancher is a platform built to address the needs of the DevOps teams deploying applications with Kubernetes, and the IT staff responsible for delivering an enterprise-critical service.
|
||||
>
|
||||
> -- https://rancher.com/products/rancher
|
||||
|
||||
## Preparation
|
||||
|
||||
|
|
|
@ -6,11 +6,9 @@ title: Rocket.chat
|
|||
|
||||
## What is Rocket.chat
|
||||
|
||||
From https://github.com/RocketChat/Rocket.Chat
|
||||
|
||||
:::note
|
||||
Rocket.Chat is an open-source fully customizable communications platform developed in JavaScript for organizations with high standards of data protection. It is licensed under the MIT License with some other licenses mixed in. See [Rocket.chat Git Hub](https://github.com/RocketChat/Rocket.Chat/blob/develop/LICENSE) for licensing information.
|
||||
:::
|
||||
> Rocket.Chat is an open-source fully customizable communications platform developed in JavaScript for organizations with high standards of data protection. It is licensed under the MIT License with some other licenses mixed in. See [Rocket.chat GitHub](https://github.com/RocketChat/Rocket.Chat/blob/develop/LICENSE) for licensing information.
|
||||
>
|
||||
> -- https://github.com/RocketChat/Rocket.Chat
|
||||
|
||||
:::note
|
||||
This is based on authentik 2022.3.1 and Rocket.chat 4.5.1 using the [Docker-Compose install](https://docs.rocket.chat/quick-start/installing-and-updating/rapid-deployment-methods/docker-and-docker-compose/docker-containers). Instructions may differ between versions.
|
||||
|
|
|
@ -6,12 +6,10 @@ title: Roundcube
|
|||
|
||||
## What is Roundcube
|
||||
|
||||
From https://roundcube.net
|
||||
|
||||
:::note
|
||||
**Roundcube** is a browser-based multilingual IMAP client with an application-like user interface.
|
||||
It provides full functionality you expect from an email client, including MIME support, address book, folder manipulation, message searching and spell checking
|
||||
:::
|
||||
> **Roundcube** is a browser-based multilingual IMAP client with an application-like user interface.
|
||||
> It provides full functionality you expect from an email client, including MIME support, address book, folder manipulation, message searching and spell checking
|
||||
>
|
||||
> -- https://roundcube.net
|
||||
|
||||
This integration describes how to use Roundcube's oauth support with authentik to automatically sign into an email account.
|
||||
The mail server must support XOAUTH2 for both SMTPD and IMAP/POP. Postfix SMTP server can also use Dovecot for authentication which provides Postfix with xoauth2 capability without configuring it separately.
|
||||
|
|
|
@ -6,15 +6,10 @@ title: Sentry
|
|||
|
||||
## What is Sentry
|
||||
|
||||
From https://sentry.io
|
||||
|
||||
:::note
|
||||
Sentry provides self-hosted and cloud-based error monitoring that helps all software
|
||||
teams discover, triage, and prioritize errors in real-time.
|
||||
|
||||
One million developers at over fifty thousand companies already ship
|
||||
better software faster with Sentry. Won’t you join them?
|
||||
:::
|
||||
> Sentry provides self-hosted and cloud-based error monitoring that helps all software teams discover, triage, and prioritize errors in real-time.
|
||||
> One million developers at over fifty thousand companies already ship better software faster with Sentry. Won’t you join them?
|
||||
>
|
||||
> -- https://sentry.io
|
||||
|
||||
## Preparation
|
||||
|
||||
|
|
|
@ -6,11 +6,9 @@ title: Skyhigh Security
|
|||
|
||||
## What is Skyhigh Security
|
||||
|
||||
:::note
|
||||
Skyhigh Security is a Security Services Edge (SSE), Cloud Access Security Broker (CASB), and Secure Web Gateway (SWG), and Private Access (PA / ZTNA) cloud provider.
|
||||
:::
|
||||
|
||||
From https://www.skyhighsecurity.com/en-us/about.html
|
||||
> Skyhigh Security is a Security Services Edge (SSE), Cloud Access Security Broker (CASB), and Secure Web Gateway (SWG), and Private Access (PA / ZTNA) cloud provider.
|
||||
>
|
||||
> -- https://www.skyhighsecurity.com/en-us/about.html
|
||||
|
||||
:::note
|
||||
We were among the first to recognize the cloud’s potential and knew that protecting data in this new hybrid world required an entirely new approach. We make managing your web and unifying your data policies easy to create and enforce, giving you a single console to provide visibility across all of your infrastructure.
|
||||
|
|
|
@ -6,10 +6,9 @@ title: Snipe-IT
|
|||
|
||||
## What is Snipe-IT
|
||||
|
||||
From https://snipeitapp.com
|
||||
:::note
|
||||
A free open source IT asset/license management system.
|
||||
:::
|
||||
> A free open source IT asset/license management system.
|
||||
>
|
||||
> -- https://snipeitapp.com
|
||||
|
||||
:::caution
|
||||
This setup assumes you will be using HTTPS as Snipe-It dynamically generates the ACS and other settings based on the complete URL.
|
||||
|
|
|
@ -10,11 +10,9 @@ These instructions apply to all projects in the \*arr Family. If you use multipl
|
|||
|
||||
## What is Sonarr
|
||||
|
||||
From https://github.com/Sonarr/Sonarr
|
||||
|
||||
:::note
|
||||
Sonarr is a PVR for Usenet and BitTorrent users. It can monitor multiple RSS feeds for new episodes of your favorite shows and will grab, sort and rename them. It can also be configured to automatically upgrade the quality of files already downloaded when a better quality format becomes available.
|
||||
:::
|
||||
> Sonarr is a PVR for Usenet and BitTorrent users. It can monitor multiple RSS feeds for new episodes of your favorite shows and will grab, sort and rename them. It can also be configured to automatically upgrade the quality of files already downloaded when a better quality format becomes available.
|
||||
>
|
||||
> -- https://github.com/Sonarr/Sonarr
|
||||
|
||||
## Preparation
|
||||
|
||||
|
|
|
@ -6,11 +6,9 @@ title: sssd
|
|||
|
||||
## What is sssd
|
||||
|
||||
From https://sssd.io/
|
||||
|
||||
:::note
|
||||
**SSSD** is an acronym for System Security Services Daemon. It is the client component of centralized identity management solutions such as FreeIPA, 389 Directory Server, Microsoft Active Directory, OpenLDAP and other directory servers. The client serves and caches the information stored in the remote directory server and provides identity, authentication and authorization services to the host machine.
|
||||
:::
|
||||
> **SSSD** is an acronym for System Security Services Daemon. It is the client component of centralized identity management solutions such as FreeIPA, 389 Directory Server, Microsoft Active Directory, OpenLDAP and other directory servers. The client serves and caches the information stored in the remote directory server and provides identity, authentication and authorization services to the host machine.
|
||||
>
|
||||
> -- https://sssd.io/
|
||||
|
||||
Note that authentik supports _only_ user and group objects. As
|
||||
a consequence, it cannot be used to provide automount or sudo
|
||||
|
|
|
@ -6,11 +6,9 @@ title: Tautulli
|
|||
|
||||
## What is Tautulli
|
||||
|
||||
From https://tautulli.com/
|
||||
|
||||
:::note
|
||||
Tautulli is a 3rd party application that you can run alongside your Plex Media Server to monitor activity and track various statistics. Most importantly, these statistics include what has been watched, who watched it, when and where they watched it, and how it was watched. The only thing missing is "why they watched it", but who am I to question your 42 plays of Frozen. All statistics are presented in a nice and clean interface with many tables and graphs, which makes it easy to brag about your server to everyone else.
|
||||
:::
|
||||
> Tautulli is a 3rd party application that you can run alongside your Plex Media Server to monitor activity and track various statistics. Most importantly, these statistics include what has been watched, who watched it, when and where they watched it, and how it was watched. The only thing missing is "why they watched it", but who am I to question your 42 plays of Frozen. All statistics are presented in a nice and clean interface with many tables and graphs, which makes it easy to brag about your server to everyone else.
|
||||
>
|
||||
> -- https://tautulli.com/
|
||||
|
||||
## Preparation
|
||||
|
||||
|
|
|
@ -6,13 +6,9 @@ title: TrueNAS TrueCommand
|
|||
|
||||
## What is TrueNAS TrueCommand
|
||||
|
||||
From https://www.truenas.com/truecommand/
|
||||
:::note
|
||||
What is TrueCommand?
|
||||
TrueCommand is a ZFS-aware solution allowing you to set custom alerts on statistics like ARC usage or pool capacity and ensuring storage
|
||||
e uptime and future planning. TrueCommand also identifies and pinpoints errors on drives or vdevs (RAID groups), saving you valuable ti
|
||||
me when resolving issues.
|
||||
:::
|
||||
> TrueCommand is a ZFS-aware solution allowing you to set custom alerts on statistics like ARC usage or pool capacity and ensuring storage uptime and future planning. TrueCommand also identifies and pinpoints errors on drives or vdevs (RAID groups), saving you valuable time when resolving issues.
|
||||
>
|
||||
> -- https://www.truenas.com/truecommand/
|
||||
|
||||
:::caution
|
||||
This setup assumes you will be using HTTPS as TrueCommand generates ACS and Redirect URLs based on the complete URL.
|
||||
|
|
|
@ -6,11 +6,9 @@ title: Ubuntu Landscape
|
|||
|
||||
## What is Ubuntu Landscape
|
||||
|
||||
From https://en.wikipedia.org/wiki/Landscape_(software)
|
||||
|
||||
:::note
|
||||
Landscape is a systems management tool developed by Canonical. It can be run on-premises or in the cloud depending on the needs of the user. It is primarily designed for use with Ubuntu derivatives such as Desktop, Server, and Core.
|
||||
:::
|
||||
> Landscape is a systems management tool developed by Canonical. It can be run on-premises or in the cloud depending on the needs of the user. It is primarily designed for use with Ubuntu derivatives such as Desktop, Server, and Core.
|
||||
>
|
||||
> -- https://en.wikipedia.org/wiki/Landscape_(software)
|
||||
|
||||
:::caution
|
||||
This requires authentik 0.10.3 or newer.
|
||||
|
|
|
@ -6,11 +6,9 @@ title: Uptime Kuma
|
|||
|
||||
## What is Uptime Kuma
|
||||
|
||||
From https://github.com/louislam/uptime-kuma
|
||||
|
||||
:::note
|
||||
It is a self-hosted monitoring tool like "Uptime Robot".
|
||||
:::
|
||||
> Uptime Kuma is an easy-to-use self-hosted monitoring tool.
|
||||
>
|
||||
> -- https://github.com/louislam/uptime-kuma
|
||||
|
||||
Uptime Kuma currently supports only a single user and no native SSO solution. To still use authentik, you can work with the Proxy Outpost and a Proxy Provider.
|
||||
|
||||
|
|
|
@ -6,11 +6,9 @@ title: Veeam Enterprise Manager
|
|||
|
||||
## What is Veeam Enterprise Manager
|
||||
|
||||
From https://helpcenter.veeam.com/docs/backup/em/introduction.html?ver=100
|
||||
|
||||
:::note
|
||||
Veeam Backup Enterprise Manager (Enterprise Manager) is a management and reporting component that allows you to manage multiple Veeam Backup & Replication installations from a single web console. Veeam Backup Enterprise Manager helps you optimize performance in remote office/branch office (ROBO) and large-scale deployments and maintain a view of your entire virtual environment.
|
||||
:::
|
||||
> Veeam Backup Enterprise Manager (Enterprise Manager) is a management and reporting component that allows you to manage multiple Veeam Backup & Replication installations from a single web console. Veeam Backup Enterprise Manager helps you optimize performance in remote office/branch office (ROBO) and large-scale deployments and maintain a view of your entire virtual environment.
|
||||
>
|
||||
> -- https://helpcenter.veeam.com/docs/backup/em/introduction.html?ver=100
|
||||
|
||||
## Preparation
|
||||
|
||||
|
|
|
@ -6,11 +6,9 @@ title: Vikunja
|
|||
|
||||
## What is Vikunja
|
||||
|
||||
From https://vikunja.io/
|
||||
|
||||
:::note
|
||||
Vikunja is an Open-Source, self-hosted To-Do list application for all platforms. It is licensed under the GPLv3.
|
||||
:::
|
||||
> Vikunja is an Open-Source, self-hosted To-Do list application for all platforms. It is licensed under the GPLv3.
|
||||
>
|
||||
> -- https://vikunja.io/
|
||||
|
||||
:::note
|
||||
This is based on authentik 2021.7.3 and Vikunja V0.17.1 using the Docker-Compose install https://vikunja.io/docs/full-docker-example/. Instructions may differ between versions.
|
||||
|
|
|
@ -6,11 +6,9 @@ title: VMware vCenter
|
|||
|
||||
## What is vCenter
|
||||
|
||||
From https://en.wikipedia.org/wiki/VCenter
|
||||
|
||||
:::note
|
||||
vCenter Server is the centralized management utility for VMware, and is used to manage virtual machines, multiple ESXi hosts, and all dependent components from a single centralized location. VMware vMotion and svMotion require the use of vCenter and ESXi hosts.
|
||||
:::
|
||||
> vCenter Server is the centralized management utility for VMware, and is used to manage virtual machines, multiple ESXi hosts, and all dependent components from a single centralized location. VMware vMotion and svMotion require the use of vCenter and ESXi hosts.
|
||||
>
|
||||
> -- https://en.wikipedia.org/wiki/VCenter
|
||||
|
||||
:::caution
|
||||
This requires authentik 0.10.3 or newer.
|
||||
|
|
|
@ -6,11 +6,9 @@ title: Weblate
|
|||
|
||||
## What is Weblate
|
||||
|
||||
From https://weblate.org/en/
|
||||
|
||||
:::note
|
||||
Weblate is a copylefted libre software web-based continuous localization system, used by over 2500 libre projects and companies in more than 165 countries.
|
||||
:::
|
||||
> Weblate is a copylefted libre software web-based continuous localization system, used by over 2500 libre projects and companies in more than 165 countries.
|
||||
>
|
||||
> -- https://weblate.org/en/
|
||||
|
||||
## Preparation
|
||||
|
||||
|
|
|
@ -6,11 +6,9 @@ title: Wekan
|
|||
|
||||
## What is Wekan
|
||||
|
||||
From https://github.com/wekan/wekan/wiki
|
||||
|
||||
:::note
|
||||
Wekan is an open-source kanban board which allows a card-based task and to-do management.
|
||||
:::
|
||||
> Wekan is an open-source kanban board which allows a card-based task and to-do management.
|
||||
>
|
||||
> -- https://github.com/wekan/wekan/wiki
|
||||
|
||||
## Preparation
|
||||
|
||||
|
|
|
@ -6,11 +6,9 @@ title: Wiki.js
|
|||
|
||||
## What is Wiki.js
|
||||
|
||||
From https://en.wikipedia.org/wiki/Wiki.js
|
||||
|
||||
:::note
|
||||
Wiki.js is a wiki engine running on Node.js and written in JavaScript. It is free software released under the Affero GNU General Public License. It is available as a self-hosted solution or using "single-click" install on the DigitalOcean and AWS marketplace.
|
||||
:::
|
||||
> Wiki.js is a wiki engine running on Node.js and written in JavaScript. It is free software released under the Affero GNU General Public License. It is available as a self-hosted solution or using "single-click" install on the DigitalOcean and AWS marketplace.
|
||||
>
|
||||
> -- https://en.wikipedia.org/wiki/Wiki.js
|
||||
|
||||
:::note
|
||||
This is based on authentik 2022.11 and Wiki.js 2.5. Instructions may differ between versions.
|
||||
|
|
|
@ -6,11 +6,9 @@ title: Wordpress
|
|||
|
||||
## What is Wordpress
|
||||
|
||||
From https://en.wikipedia.org/wiki/WordPress
|
||||
|
||||
:::note
|
||||
WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system, referred to within WordPress as Themes
|
||||
:::
|
||||
> WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system, referred to within WordPress as Themes
|
||||
>
|
||||
> -- https://en.wikipedia.org/wiki/WordPress
|
||||
|
||||
:::note
|
||||
There are many different plugins for Wordpress that allow you to setup SSO using different authentication methods. The plugin that is explained in this tutorial is "OpenID Connect Generic" version 3.8.5 by daggerhart. This plugin uses OpenID/OAUTH2 and is free without paywalls or subscriptions at the time of writing this. The plugin is available for free in the Wordpress Plugin gallery.
|
||||
|
|
|
@ -6,10 +6,9 @@ title: Writefreely
|
|||
|
||||
## What is Writefreely
|
||||
|
||||
From https://writefreely.org/
|
||||
:::note
|
||||
An open source platform for building a writing space on the web.
|
||||
:::
|
||||
> An open source platform for building a writing space on the web.
|
||||
>
|
||||
> -- https://writefreely.org/
|
||||
|
||||
:::caution
|
||||
Currently it is not possible to connect writefreely to authentik without making an adjustment in the database. See [here](https://github.com/writefreely/writefreely/issues/516) and [Writefreely Setup](https://goauthentik.io/integrations/services/writefreely/#writefreely-setup)
|
||||
|
|
|
@ -6,13 +6,11 @@ title: Zabbix
|
|||
|
||||
## What is Zabbix
|
||||
|
||||
From https://www.zabbix.com/features
|
||||
|
||||
:::note
|
||||
Zabbix is the ultimate enterprise-level software designed for real-time monitoring of millions of metrics collected from tens of thousands of servers, virtual machines and network devices.
|
||||
|
||||
Zabbix is Open Source and comes at no cost.
|
||||
:::
|
||||
> Zabbix is the ultimate enterprise-level software designed for real-time monitoring of millions of metrics collected from tens of thousands of servers, virtual machines and network devices.
|
||||
>
|
||||
> Zabbix is Open Source and comes at no cost.
|
||||
>
|
||||
> -- https://www.zabbix.com/features
|
||||
|
||||
## Preparation
|
||||
|
||||
|
|
|
@ -6,11 +6,10 @@ title: Zammad
|
|||
|
||||
## What is Zammad
|
||||
|
||||
From https://zammad.org/
|
||||
:::note
|
||||
Zammad is a web-based, open source user support/ticketing solution.
|
||||
Download and install it on your own servers. For free.
|
||||
:::
|
||||
> Zammad is a web-based, open source user support/ticketing solution.
|
||||
> Download and install it on your own servers. For free.
|
||||
>
|
||||
> -- https://zammad.org/
|
||||
|
||||
## Preparation
|
||||
|
||||
|
|
|
@ -6,12 +6,10 @@ title: Zulip
|
|||
|
||||
## What is Zulip
|
||||
|
||||
From https://zulip.com
|
||||
|
||||
:::note
|
||||
**Zulip**: Chat for distributed teams. Zulip combines the immediacy of real-time chat with an email threading model.
|
||||
With Zulip, you can catch up on important conversations while ignoring irrelevant ones.
|
||||
:::
|
||||
> **Zulip**: Chat for distributed teams. Zulip combines the immediacy of real-time chat with an email threading model.
|
||||
> With Zulip, you can catch up on important conversations while ignoring irrelevant ones.
|
||||
>
|
||||
> -- https://zulip.com
|
||||
|
||||
## Preparation
|
||||
|
||||
|
|
|
@ -33,6 +33,7 @@ module.exports = {
|
|||
"core/tenants",
|
||||
"core/certificates",
|
||||
"core/geoip",
|
||||
"core/architecture",
|
||||
],
|
||||
},
|
||||
{
|
||||
|
|
|
@ -84,8 +84,8 @@
|
|||
no-repeat;
|
||||
}
|
||||
|
||||
@media (min-width: 1416px) {
|
||||
.docPage_node_modules-\@docusaurus-theme-classic-lib-theme-DocPage-Layout-styles-module {
|
||||
@media (min-width: 1600px) {
|
||||
#__docusaurus_skipToContent_fallback > div {
|
||||
align-self: center;
|
||||
max-width: 1600px;
|
||||
width: 1600px;
|
||||
|
|
Reference in a new issue