don't put stock blueprints in /data, symlink
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
parent
23557c49a5
commit
afc226825f
|
@ -132,6 +132,8 @@ RUN apt-get update && \
|
|||
rm -rf /tmp/* /var/lib/apt/lists/* /var/tmp/ && \
|
||||
adduser --system --no-create-home --uid 1000 --group --home /authentik authentik && \
|
||||
mkdir -p /data/certs /data/media /data/blueprints && \
|
||||
mkdir -p /ak-root/blueprints && \
|
||||
ln -s /data/blueprints /ak-root/blueprints/local && \
|
||||
mkdir -p /authentik/.ssh && \
|
||||
mkdir -p /ak-root && \
|
||||
chown authentik:authentik /data/certs /data/media /authentik/.ssh /ak-root
|
||||
|
@ -143,7 +145,7 @@ COPY ./schemas /ak-root/schemas
|
|||
COPY ./locale /ak-root/locale
|
||||
COPY ./tests /ak-root/tests
|
||||
COPY ./manage.py /ak-root/
|
||||
COPY ./blueprints /data/blueprints
|
||||
COPY ./blueprints /ak-root/blueprints
|
||||
COPY ./lifecycle/ /ak-root/lifecycle
|
||||
COPY --from=go-builder /go/authentik /bin/authentik
|
||||
COPY --from=python-deps /ak-root/venv /ak-root/venv
|
||||
|
|
|
@ -57,7 +57,7 @@ paths:
|
|||
media: /data/media
|
||||
cert_discovery: /data/certs
|
||||
email_templates: /data/email-templates
|
||||
blueprints: /data/blueprints
|
||||
blueprints: /ak-root/blueprints
|
||||
|
||||
debug: false
|
||||
remote_debug: false
|
||||
|
|
|
@ -42,8 +42,8 @@ services:
|
|||
AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
|
||||
AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
|
||||
volumes:
|
||||
- ./media:/media
|
||||
- ./custom-templates:/templates
|
||||
- ./media:/data/media
|
||||
- ./custom-templates:/data/email-templates
|
||||
env_file:
|
||||
- .env
|
||||
ports:
|
||||
|
@ -71,9 +71,9 @@ services:
|
|||
user: root
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
- ./media:/media
|
||||
- ./certs:/certs
|
||||
- ./custom-templates:/templates
|
||||
- ./media:/data/media
|
||||
- ./certs:/data/certs
|
||||
- ./custom-templates:/data/email-templates
|
||||
env_file:
|
||||
- .env
|
||||
depends_on:
|
||||
|
|
|
@ -31,9 +31,9 @@ The following aspects can be configured:
|
|||
|
||||
- _Icon (URL)_: Optionally configure an Icon for the application
|
||||
|
||||
If the authentik server does not have a volume mounted under `/media`, you'll get a text input. This accepts absolute URLs. If you've mounted single files into the container, you can reference them using `https://authentik.company/media/my-file.png`.
|
||||
If the authentik server does not have a volume mounted under `/data/media`, you'll get a text input. This accepts absolute URLs. If you've mounted single files into the container, you can reference them using `https://authentik.company/media/my-file.png`.
|
||||
|
||||
If there is a mount under `/media`, you'll instead see a field to upload a file.
|
||||
If there is a mount under `/data/media`, you'll instead see a field to upload a file.
|
||||
|
||||
- _Publisher_: Text shown below the application
|
||||
- _Description_: Subtext shown on the application card below the publisher
|
||||
|
|
|
@ -29,7 +29,7 @@ Similar to [other outposts](../outposts/index.mdx), this outpost allows using [P
|
|||
|
||||
#### Persistence
|
||||
|
||||
- `/media` is used to store icons and such, but not required, and if not mounted, authentik will allow you to set a URL to icons in place of a file upload
|
||||
- `/data/media` is used to store icons and such, but not required, and if not mounted, authentik will allow you to set a URL to icons in place of a file upload
|
||||
|
||||
### Background Worker
|
||||
|
||||
|
@ -37,8 +37,8 @@ This container executes background tasks, such as sending emails, the event noti
|
|||
|
||||
#### Persistence
|
||||
|
||||
- `/certs` is used for authentik to import external certs, which in most cases shouldn't be used for SAML, but rather if you use authentik without a reverse proxy, this can be used for example for the [Let's Encrypt integration](../core/certificates.md#lets-encrypt)
|
||||
- `/templates` is used for [custom email templates](../flow/stages/email/index.mdx#custom-templates), and as with the other ones fully optional
|
||||
- `/data/certs` is used for authentik to import external certs, which in most cases shouldn't be used for SAML, but rather if you use authentik without a reverse proxy, this can be used for example for the [Let's Encrypt integration](../core/certificates.md#lets-encrypt)
|
||||
- `/data/email-templates` is used for [custom email templates](../flow/stages/email/index.mdx#custom-templates), and as with the other ones fully optional
|
||||
|
||||
### PostgreSQL
|
||||
|
||||
|
|
|
@ -24,9 +24,9 @@ For SAML use-cases, you can generate a Certificate that's valid for longer than
|
|||
|
||||
To use externally managed certificates, for example generated with certbot or HashiCorp Vault, you can use the discovery feature.
|
||||
|
||||
The docker-compose installation maps a `certs` directory to `/certs`, you can simply use this as an output directory for certbot.
|
||||
The docker-compose installation maps a `certs` directory to `/data/certs`, you can simply use this as an output directory for certbot.
|
||||
|
||||
For Kubernetes, you can map custom secrets/volumes under `/certs`.
|
||||
For Kubernetes, you can map custom secrets/volumes under `/data/certs`.
|
||||
|
||||
You can also bind mount single files into the folder, as long as they fall under this naming schema.
|
||||
|
||||
|
@ -62,9 +62,9 @@ Files are checked every 5 minutes, and will trigger an Outpost refresh if the fi
|
|||
Starting with authentik 2022.9, you can also import certificates with any folder structure directly. To do this, run the following command within the worker container:
|
||||
|
||||
```shell
|
||||
ak import_certificate --certificate /certs/mycert.pem --private-key /certs/something.pem --name test
|
||||
ak import_certificate --certificate /data/certs/mycert.pem --private-key /data/certs/something.pem --name test
|
||||
# --private-key can be omitted to only import a certificate, i.e. to trust other connections
|
||||
# ak import_certificate --certificate /certs/othercert.pem --name test2
|
||||
# ak import_certificate --certificate /data/certs/othercert.pem --name test2
|
||||
```
|
||||
|
||||
This will import the certificate into authentik under the given name. This command is idempotent, meaning you can run it via a cron-job and authentik will only update the certificate when it changes.
|
||||
|
@ -84,7 +84,7 @@ services:
|
|||
certbot:
|
||||
image: certbot/dns-route53:v1.22.0
|
||||
volumes:
|
||||
- ./certs/:/etc/letsencrypt
|
||||
- ./data/certs/:/etc/letsencrypt
|
||||
# Variables depending on DNS Plugin
|
||||
environment:
|
||||
AWS_ACCESS_KEY_ID: ...
|
||||
|
|
|
@ -65,7 +65,7 @@ volumes:
|
|||
name: authentik-templates
|
||||
volumeMounts:
|
||||
- name: email-templates
|
||||
mountPath: /templates
|
||||
mountPath: /data/email-templates
|
||||
```
|
||||
|
||||
</TabItem>
|
||||
|
|
Reference in New Issue