forked from coop-cloud/authentik
Compare commits
7 Commits
6.8.1+2024
...
nextcloud
Author | SHA1 | Date | |
---|---|---|---|
cc3be7534e | |||
47793df102 | |||
52719f8d3a | |||
0175c0b0f4 | |||
9db9d077ca | |||
66e31d8632 | |||
f1aec8ce90 |
@ -18,6 +18,8 @@ AUTHENTIK_LOG_LEVEL=info
|
|||||||
|
|
||||||
## Outpost Integration
|
## Outpost Integration
|
||||||
# COMPOSE_FILE="$COMPOSE_FILE:compose.outposts.yml"
|
# COMPOSE_FILE="$COMPOSE_FILE:compose.outposts.yml"
|
||||||
|
# COMPOSE_FILE="$COMPOSE_FILE:compose.outposts.ldap.yml"
|
||||||
|
# SECRET_LDAP_TOKEN_VERSION=v1
|
||||||
|
|
||||||
## ADMIN
|
## ADMIN
|
||||||
AUTHENTIK_BOOTSTRAP_EMAIL=admin@example.com
|
AUTHENTIK_BOOTSTRAP_EMAIL=admin@example.com
|
||||||
|
@ -54,6 +54,14 @@ Set the nextcloud Icon using `abra app cmd -l -d <app_name> set_icons`
|
|||||||
|
|
||||||
The configuration inside Nextcloud can be found in the [nextcloud recipe](https://git.coopcloud.tech/coop-cloud/nextcloud#authentik-integration)
|
The configuration inside Nextcloud can be found in the [nextcloud recipe](https://git.coopcloud.tech/coop-cloud/nextcloud#authentik-integration)
|
||||||
|
|
||||||
|
## Add LDAP outpost
|
||||||
|
|
||||||
|
- Follow [this official guide](https://docs.goauthentik.io/docs/add-secure-apps/providers/ldap/generic_setup) and skip the LDAP Flow as we don't need it.
|
||||||
|
- Copy token under `Applications` -> `Outposts` `-> `View Deployment Info`
|
||||||
|
- Comment in envs for compose.outposts.ldap.yaml and secret version
|
||||||
|
- Insert token as secret `abra app secret insert <DOMAIN> ldap_token v1 <TOKEN>`
|
||||||
|
- Update deployment -> Outpost should be up and running
|
||||||
|
|
||||||
## Import User from CSV
|
## Import User from CSV
|
||||||
|
|
||||||
Users can be imported from a CSV file of the following format:
|
Users can be imported from a CSV file of the following format:
|
||||||
|
23
compose.outposts.ldap.yml
Normal file
23
compose.outposts.ldap.yml
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
version: "3.8"
|
||||||
|
services:
|
||||||
|
authentik_ldap:
|
||||||
|
image: ghcr.io/goauthentik/ldap:2024.10.5
|
||||||
|
# Optionally specify which networks the container should be
|
||||||
|
# might be needed to reach the core authentik server
|
||||||
|
networks:
|
||||||
|
- internal
|
||||||
|
- proxy
|
||||||
|
ports:
|
||||||
|
- 389:3389
|
||||||
|
- 636:6636
|
||||||
|
secrets:
|
||||||
|
- ldap_token
|
||||||
|
environment:
|
||||||
|
- AUTHENTIK_HOST=https://${DOMAIN}
|
||||||
|
- AUTHENTIK_INSECURE=true
|
||||||
|
- AUTHENTIK_TOKEN=file:///run/secrets/ldap_token
|
||||||
|
|
||||||
|
secrets:
|
||||||
|
ldap_token:
|
||||||
|
external: true
|
||||||
|
name: ${STACK_NAME}_ldap_token_${SECRET_LDAP_TOKEN_VERSION}
|
@ -34,7 +34,7 @@ x-env: &env
|
|||||||
version: '3.8'
|
version: '3.8'
|
||||||
services:
|
services:
|
||||||
app:
|
app:
|
||||||
image: ghcr.io/goauthentik/server:2024.10.0
|
image: ghcr.io/goauthentik/server:2024.10.5
|
||||||
command: server
|
command: server
|
||||||
depends_on:
|
depends_on:
|
||||||
- db
|
- db
|
||||||
@ -72,11 +72,11 @@ services:
|
|||||||
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
|
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
|
||||||
- "traefik.http.middlewares.${STACK_NAME}-frameOptions.headers.customFrameOptionsValue=SAMEORIGIN"
|
- "traefik.http.middlewares.${STACK_NAME}-frameOptions.headers.customFrameOptionsValue=SAMEORIGIN"
|
||||||
- "traefik.http.middlewares.${STACK_NAME}-frameOptions.headers.contentSecurityPolicy=frame-ancestors ${X_FRAME_OPTIONS_ALLOW_FROM}"
|
- "traefik.http.middlewares.${STACK_NAME}-frameOptions.headers.contentSecurityPolicy=frame-ancestors ${X_FRAME_OPTIONS_ALLOW_FROM}"
|
||||||
- "coop-cloud.${STACK_NAME}.version=6.8.1+2024.10.0"
|
- "coop-cloud.${STACK_NAME}.version=6.11.0+2024.10.5"
|
||||||
- "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
|
- "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
|
||||||
|
|
||||||
worker:
|
worker:
|
||||||
image: ghcr.io/goauthentik/server:2024.10.0
|
image: ghcr.io/goauthentik/server:2024.10.5
|
||||||
command: worker
|
command: worker
|
||||||
depends_on:
|
depends_on:
|
||||||
- db
|
- db
|
||||||
|
@ -26,6 +26,9 @@ entries:
|
|||||||
client_id: {{ secret "nextcloud_id" }}
|
client_id: {{ secret "nextcloud_id" }}
|
||||||
client_secret: {{ secret "nextcloud_secret" }}
|
client_secret: {{ secret "nextcloud_secret" }}
|
||||||
client_type: confidential
|
client_type: confidential
|
||||||
|
redirect_uris:
|
||||||
|
- url: https://{{ env "NEXTCLOUD_DOMAIN" }}
|
||||||
|
matching_mode: strict
|
||||||
include_claims_in_id_token: true
|
include_claims_in_id_token: true
|
||||||
issuer_mode: per_provider
|
issuer_mode: per_provider
|
||||||
name: Nextcloud
|
name: Nextcloud
|
||||||
|
1
release/6.11.0+2024.10.5
Normal file
1
release/6.11.0+2024.10.5
Normal file
@ -0,0 +1 @@
|
|||||||
|
Fix Impersonate Bug
|
Reference in New Issue
Block a user