forked from coop-cloud/authentik
Compare commits
7 Commits
6.8.1+2024
...
nextcloud
| Author | SHA1 | Date | |
|---|---|---|---|
| cc3be7534e | |||
| 47793df102 | |||
| 52719f8d3a | |||
| 0175c0b0f4 | |||
| 9db9d077ca | |||
| 66e31d8632 | |||
| f1aec8ce90 |
@ -18,6 +18,8 @@ AUTHENTIK_LOG_LEVEL=info
|
||||
|
||||
## Outpost Integration
|
||||
# COMPOSE_FILE="$COMPOSE_FILE:compose.outposts.yml"
|
||||
# COMPOSE_FILE="$COMPOSE_FILE:compose.outposts.ldap.yml"
|
||||
# SECRET_LDAP_TOKEN_VERSION=v1
|
||||
|
||||
## ADMIN
|
||||
AUTHENTIK_BOOTSTRAP_EMAIL=admin@example.com
|
||||
|
||||
@ -54,6 +54,14 @@ Set the nextcloud Icon using `abra app cmd -l -d <app_name> set_icons`
|
||||
|
||||
The configuration inside Nextcloud can be found in the [nextcloud recipe](https://git.coopcloud.tech/coop-cloud/nextcloud#authentik-integration)
|
||||
|
||||
## Add LDAP outpost
|
||||
|
||||
- Follow [this official guide](https://docs.goauthentik.io/docs/add-secure-apps/providers/ldap/generic_setup) and skip the LDAP Flow as we don't need it.
|
||||
- Copy token under `Applications` -> `Outposts` `-> `View Deployment Info`
|
||||
- Comment in envs for compose.outposts.ldap.yaml and secret version
|
||||
- Insert token as secret `abra app secret insert <DOMAIN> ldap_token v1 <TOKEN>`
|
||||
- Update deployment -> Outpost should be up and running
|
||||
|
||||
## Import User from CSV
|
||||
|
||||
Users can be imported from a CSV file of the following format:
|
||||
|
||||
23
compose.outposts.ldap.yml
Normal file
23
compose.outposts.ldap.yml
Normal file
@ -0,0 +1,23 @@
|
||||
version: "3.8"
|
||||
services:
|
||||
authentik_ldap:
|
||||
image: ghcr.io/goauthentik/ldap:2024.10.5
|
||||
# Optionally specify which networks the container should be
|
||||
# might be needed to reach the core authentik server
|
||||
networks:
|
||||
- internal
|
||||
- proxy
|
||||
ports:
|
||||
- 389:3389
|
||||
- 636:6636
|
||||
secrets:
|
||||
- ldap_token
|
||||
environment:
|
||||
- AUTHENTIK_HOST=https://${DOMAIN}
|
||||
- AUTHENTIK_INSECURE=true
|
||||
- AUTHENTIK_TOKEN=file:///run/secrets/ldap_token
|
||||
|
||||
secrets:
|
||||
ldap_token:
|
||||
external: true
|
||||
name: ${STACK_NAME}_ldap_token_${SECRET_LDAP_TOKEN_VERSION}
|
||||
@ -34,7 +34,7 @@ x-env: &env
|
||||
version: '3.8'
|
||||
services:
|
||||
app:
|
||||
image: ghcr.io/goauthentik/server:2024.10.0
|
||||
image: ghcr.io/goauthentik/server:2024.10.5
|
||||
command: server
|
||||
depends_on:
|
||||
- db
|
||||
@ -72,11 +72,11 @@ services:
|
||||
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
|
||||
- "traefik.http.middlewares.${STACK_NAME}-frameOptions.headers.customFrameOptionsValue=SAMEORIGIN"
|
||||
- "traefik.http.middlewares.${STACK_NAME}-frameOptions.headers.contentSecurityPolicy=frame-ancestors ${X_FRAME_OPTIONS_ALLOW_FROM}"
|
||||
- "coop-cloud.${STACK_NAME}.version=6.8.1+2024.10.0"
|
||||
- "coop-cloud.${STACK_NAME}.version=6.11.0+2024.10.5"
|
||||
- "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
|
||||
|
||||
worker:
|
||||
image: ghcr.io/goauthentik/server:2024.10.0
|
||||
image: ghcr.io/goauthentik/server:2024.10.5
|
||||
command: worker
|
||||
depends_on:
|
||||
- db
|
||||
|
||||
@ -26,6 +26,9 @@ entries:
|
||||
client_id: {{ secret "nextcloud_id" }}
|
||||
client_secret: {{ secret "nextcloud_secret" }}
|
||||
client_type: confidential
|
||||
redirect_uris:
|
||||
- url: https://{{ env "NEXTCLOUD_DOMAIN" }}
|
||||
matching_mode: strict
|
||||
include_claims_in_id_token: true
|
||||
issuer_mode: per_provider
|
||||
name: Nextcloud
|
||||
|
||||
1
release/6.11.0+2024.10.5
Normal file
1
release/6.11.0+2024.10.5
Normal file
@ -0,0 +1 @@
|
||||
Fix Impersonate Bug
|
||||
Reference in New Issue
Block a user