forked from coop-cloud/authentik
Compare commits
11 Commits
6.5.2+2024
...
6.7.1+2024
| Author | SHA1 | Date | |
|---|---|---|---|
| 5e49903b3f | |||
| 9124dab6ab | |||
| 197feb32f3 | |||
| df670cea2b | |||
| eeef43529e | |||
| 6b0195e5a1 | |||
| f342673d43 | |||
| f6f6f90bed | |||
| f1f5b96309 | |||
| 3cba20afd9 | |||
| 5c9e4e5372 |
@ -1,8 +1,10 @@
|
||||
TYPE=authentik
|
||||
TIMEOUT=900
|
||||
ENABLE_AUTO_UPDATE=true
|
||||
# POST_DEPLOY_CMDS="worker set_admin_pass|worker apply_blueprints|worker add_applications"
|
||||
POST_DEPLOY_CMDS="worker set_admin_pass"
|
||||
# Example values for post deploy cmds: "worker set_admin_pass|worker apply_blueprints|worker add_applications"
|
||||
LETS_ENCRYPT_ENV=production
|
||||
ENABLE_BACKUPS=true
|
||||
|
||||
DOMAIN=authentik.example.com
|
||||
## Domain aliases
|
||||
|
||||
3
abra.sh
3
abra.sh
@ -12,11 +12,12 @@ export WEKAN_CONFIG_VERSION=v3
|
||||
export VIKUNJA_CONFIG_VERSION=v1
|
||||
export OUTLINE_CONFIG_VERSION=v2
|
||||
export KIMAI_CONFIG_VERSION=v1
|
||||
export ZAMMAD_CONFIG_VERSION=v1
|
||||
export ZAMMAD_CONFIG_VERSION=v2
|
||||
export RALLLY_CONFIG_VERSION=v2
|
||||
export HEDGEDOC_CONFIG_VERSION=v1
|
||||
export MONITORING_CONFIG_VERSION=v2
|
||||
export DB_ENTRYPOINT_VERSION=v1
|
||||
export PG_BACKUP_VERSION=v2
|
||||
|
||||
customize() {
|
||||
if [ -z "$1" ]
|
||||
|
||||
23
compose.yml
23
compose.yml
@ -34,7 +34,7 @@ x-env: &env
|
||||
version: '3.8'
|
||||
services:
|
||||
app:
|
||||
image: ghcr.io/goauthentik/server:2024.6.5
|
||||
image: ghcr.io/goauthentik/server:2024.8.3
|
||||
command: server
|
||||
depends_on:
|
||||
- db
|
||||
@ -72,11 +72,11 @@ services:
|
||||
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
|
||||
- "traefik.http.middlewares.${STACK_NAME}-frameOptions.headers.customFrameOptionsValue=SAMEORIGIN"
|
||||
- "traefik.http.middlewares.${STACK_NAME}-frameOptions.headers.contentSecurityPolicy=frame-ancestors ${X_FRAME_OPTIONS_ALLOW_FROM}"
|
||||
- "coop-cloud.${STACK_NAME}.version=6.5.2+2024.6.5"
|
||||
- "coop-cloud.${STACK_NAME}.version=6.7.1+2024.8.3"
|
||||
- "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
|
||||
|
||||
worker:
|
||||
image: ghcr.io/goauthentik/server:2024.6.5
|
||||
image: ghcr.io/goauthentik/server:2024.8.3
|
||||
command: worker
|
||||
depends_on:
|
||||
- db
|
||||
@ -117,13 +117,16 @@ services:
|
||||
start_period: 5m
|
||||
|
||||
db:
|
||||
image: postgres:15.7
|
||||
image: postgres:15.8
|
||||
secrets:
|
||||
- db_password
|
||||
configs:
|
||||
- source: db_entrypoint
|
||||
target: /docker-entrypoint.sh
|
||||
mode: 0555
|
||||
- source: pg_backup
|
||||
target: /pg_backup.sh
|
||||
mode: 0555
|
||||
entrypoint:
|
||||
/docker-entrypoint.sh
|
||||
volumes:
|
||||
@ -142,15 +145,14 @@ services:
|
||||
- POSTGRES_DB=authentik
|
||||
deploy:
|
||||
labels:
|
||||
backupbot.backup: "true"
|
||||
backupbot.backup.pre-hook: "PGPASSWORD=$$(cat /run/secrets/db_password) pg_dump -U $${POSTGRES_USER} $${POSTGRES_DB} > /var/lib/postgresql/data/backup.sql"
|
||||
backupbot.backup.post-hook: "rm -rf /var/lib/postgresql/data/backup.sql"
|
||||
backupbot.backup: "${ENABLE_BACKUPS:-true}"
|
||||
backupbot.backup.pre-hook: "/pg_backup.sh backup"
|
||||
backupbot.backup.volumes.database.path: "backup.sql"
|
||||
backupbot.backup.volumes.redis: "false"
|
||||
backupbot.restore.post-hook: 'psql -U authentik -d postgres -c "DROP DATABASE authentik WITH (FORCE);" && createdb -U authentik authentik && psql -U authentik -d authentik -f /var/lib/postgresql/data/backup.sql'
|
||||
backupbot.restore.post-hook: '/pg_backup.sh restore'
|
||||
|
||||
redis:
|
||||
image: redis:7.4.0-alpine
|
||||
image: redis:7.4.1-alpine
|
||||
command: --save 60 1 --loglevel warning
|
||||
networks:
|
||||
- internal
|
||||
@ -222,3 +224,6 @@ configs:
|
||||
name: ${STACK_NAME}_db_entrypoint_${DB_ENTRYPOINT_VERSION}
|
||||
file: entrypoint.postgres.sh.tmpl
|
||||
template_driver: golang
|
||||
pg_backup:
|
||||
name: ${STACK_NAME}_pg_backup_${PG_BACKUP_VERSION}
|
||||
file: pg_backup.sh
|
||||
|
||||
34
pg_backup.sh
Normal file
34
pg_backup.sh
Normal file
@ -0,0 +1,34 @@
|
||||
#!/bin/bash
|
||||
|
||||
set -e
|
||||
|
||||
BACKUP_FILE='/var/lib/postgresql/data/backup.sql'
|
||||
|
||||
function backup {
|
||||
export PGPASSWORD=$(cat /run/secrets/db_password)
|
||||
pg_dump -U ${POSTGRES_USER} ${POSTGRES_DB} > $BACKUP_FILE
|
||||
}
|
||||
|
||||
function restore {
|
||||
cd /var/lib/postgresql/data/
|
||||
restore_config(){
|
||||
# Restore allowed connections
|
||||
cat pg_hba.conf.bak > pg_hba.conf
|
||||
su postgres -c 'pg_ctl reload'
|
||||
}
|
||||
# Don't allow any other connections than local
|
||||
cp pg_hba.conf pg_hba.conf.bak
|
||||
echo "local all all trust" > pg_hba.conf
|
||||
su postgres -c 'pg_ctl reload'
|
||||
trap restore_config EXIT INT TERM
|
||||
|
||||
# Recreate Database
|
||||
psql -U ${POSTGRES_USER} -d postgres -c "DROP DATABASE ${POSTGRES_DB} WITH (FORCE);"
|
||||
createdb -U ${POSTGRES_USER} ${POSTGRES_DB}
|
||||
psql -U ${POSTGRES_USER} -d ${POSTGRES_DB} -1 -f $BACKUP_FILE
|
||||
|
||||
trap - EXIT INT TERM
|
||||
restore_config
|
||||
}
|
||||
|
||||
$@
|
||||
1
release/6.6.0+2024.8.2
Normal file
1
release/6.6.0+2024.8.2
Normal file
@ -0,0 +1 @@
|
||||
Replaced icon bbb.jpg with icon.png - configs need to be updated when upgrading!
|
||||
@ -1,5 +1,3 @@
|
||||
Replaced icon bbb.jpg with icon.png - configs need to be updated when upgrading!
|
||||
|
||||
Two critical vulnerabilities were closed:
|
||||
https://github.com/goauthentik/authentik/security/advisories/GHSA-7jxf-mmg9-9hg7
|
||||
https://github.com/goauthentik/authentik/security/advisories/GHSA-8gfm-pr6x-pfh9
|
||||
@ -54,7 +54,7 @@ entries:
|
||||
state: present
|
||||
|
||||
- attrs:
|
||||
meta_launch_url: https://{{ env "ZAMMAD_DOMAIN" }}
|
||||
meta_launch_url: ""
|
||||
open_in_new_tab: true
|
||||
policy_engine_mode: any
|
||||
provider: !KeyOf zammad_provider
|
||||
|
||||
Reference in New Issue
Block a user