add env REDIRECTS

add env AUTHENTIK_DISABLE_UPDATE_CHECK
chore: publish 6.11.1+2024.10.5 release
2025-07-01 17:23:12 +02:00 · 2025-07-01 16:37:21 +02:00 · 2025-01-20 22:28:24 +01:00 · 2025-01-20 22:28:24 +01:00 · 2025-01-20 22:28:20 +01:00
14 changed files with 56 additions and 21 deletions
--- a/.env.sample
+++ b/.env.sample
@ -9,9 +9,14 @@ ENABLE_BACKUPS=true
 DOMAIN=authentik.example.com
 ## Domain aliases
 #EXTRA_DOMAINS=', `www.authentik.example.com`'
+# Redirects
+# All redirect domains have to be added to extra_domains as well)
+# multiple redirects can be added by seperating them with a | character
+#REDIRECTS=www.authentik.example.com
 COMPOSE_FILE="compose.yml"
 AUTHENTIK_DEFAULT_USER_CHANGE_USERNAME=false
 AUTHENTIK_LOG_LEVEL=info
+# AUTHENTIK_DISABLE_UPDATE_CHECK=false
 # AUTHENTIK_IMPERSONATION=true
 # AUTHENTIK_FOOTER_LINKS='[{"name": "My Organization","href":"https://example.com"}]'
 # WORKERS=1
--- a/abra.sh
+++ b/abra.sh
@ -5,17 +5,17 @@ export FLOW_INVALIDATION_VERSION=v2
 export FLOW_RECOVERY_VERSION=v1
 export FLOW_TRANSLATION_VERSION=v3
 export SYSTEM_BRAND_VERSION=v4
-export NEXTCLOUD_CONFIG_VERSION=v2
-export WORDPRESS_CONFIG_VERSION=v3
-export MATRIX_CONFIG_VERSION=v2
-export WEKAN_CONFIG_VERSION=v4
-export VIKUNJA_CONFIG_VERSION=v2
-export OUTLINE_CONFIG_VERSION=v3
-export KIMAI_CONFIG_VERSION=v2
-export ZAMMAD_CONFIG_VERSION=v3
-export RALLLY_CONFIG_VERSION=v3
-export HEDGEDOC_CONFIG_VERSION=v2
-export MONITORING_CONFIG_VERSION=v3
+export NEXTCLOUD_CONFIG_VERSION=v3
+export WORDPRESS_CONFIG_VERSION=v4
+export MATRIX_CONFIG_VERSION=v3
+export WEKAN_CONFIG_VERSION=v5
+export VIKUNJA_CONFIG_VERSION=v3
+export OUTLINE_CONFIG_VERSION=v4
+export KIMAI_CONFIG_VERSION=v3
+export ZAMMAD_CONFIG_VERSION=v4
+export RALLLY_CONFIG_VERSION=v4
+export HEDGEDOC_CONFIG_VERSION=v3
+export MONITORING_CONFIG_VERSION=v4
 export DB_ENTRYPOINT_VERSION=v1
 export PG_BACKUP_VERSION=v2
 export ENTRYPOINT_CSS_VERSION=v1
--- a/compose.matrix.yml
+++ b/compose.matrix.yml
@ -3,7 +3,7 @@ services:
  app:
    deploy:
      labels:
-        - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect-matrix-well-known"
+        - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect,${STACK_NAME}-frameOptions,${STACK_NAME}-redirect,${STACK_NAME}-redirect-matrix-well-known"
        - "traefik.http.middlewares.${STACK_NAME}-redirect-matrix-well-known.redirectregex.regex=^https://(.*)/.well-known/matrix/(.*)"
        - "traefik.http.middlewares.${STACK_NAME}-redirect-matrix-well-known.redirectregex.replacement=https://${MATRIX_DOMAIN}/.well-known/matrix/$$2"
  worker:
@ -12,6 +12,7 @@ services:
      - matrix_secret
    environment:
      - ELEMENT_DOMAIN
+      - MATRIX_DOMAIN
    configs:
      - source: matrix
        target: /blueprints/matrix.yaml
--- a/compose.yml
+++ b/compose.yml
@ -17,6 +17,7 @@ x-env: &env
    - AUTHENTIK_EMAIL__TIMEOUT
    - AUTHENTIK_EMAIL__FROM
    - AUTHENTIK_LOG_LEVEL
+    - AUTHENTIK_DISABLE_UPDATE_CHECK
    - BACKGROUND_FONT_COLOR=${BACKGROUND_FONT_COLOR:-white}
    - BACKGROUND_BOX_COLOR=${BACKGROUND_BOX_COLOR:-#eaeaeacf}
    - AUTHENTIK_FOOTER_LINKS
@ -67,12 +68,13 @@ services:
        - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
        - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
        - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
-        - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect,${STACK_NAME}-frameOptions"
-        - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
-        - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
        - "traefik.http.middlewares.${STACK_NAME}-frameOptions.headers.customFrameOptionsValue=SAMEORIGIN"
        - "traefik.http.middlewares.${STACK_NAME}-frameOptions.headers.contentSecurityPolicy=frame-ancestors ${X_FRAME_OPTIONS_ALLOW_FROM}"
-        - "coop-cloud.${STACK_NAME}.version=6.11.0+2024.10.5"
+        - "coop-cloud.${STACK_NAME}.version=6.11.1+2024.10.5"
+        - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect,${STACK_NAME}-frameOptions,${STACK_NAME}-redirect"
+        - "traefik.http.middlewares.${STACK_NAME}-redirect.redirectregex.regex=^https://(${REDIRECTS})/(.*)"
+        - "traefik.http.middlewares.${STACK_NAME}-redirect.redirectregex.replacement=https://${DOMAIN}/$${2}"
+        - "traefik.http.middlewares.${STACK_NAME}-redirect.redirectregex.permanent=true"
        - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"

  worker:
--- a/hedgedoc.yaml.tmpl
+++ b/hedgedoc.yaml.tmpl
@ -16,6 +16,9 @@ entries:
    client_type: confidential
    include_claims_in_id_token: true
    issuer_mode: per_provider
+    redirect_uris:
+    - matching_mode: strict
+      url: https://{{ env  "HEDGEDOC_DOMAIN" }}/auth/oauth2/callback
    name: Hedgedoc
    property_mappings:
    - !Find [authentik_providers_oauth2.scopemapping, [scope_name, openid]]
@ -32,7 +35,7 @@ entries:
  state: present

 - attrs:
-    meta_launch_url: https://{{ env  "HEDGEDOC_DOMAIN" }}
+    meta_launch_url: https://{{ env  "HEDGEDOC_DOMAIN" }}/auth/oauth2
    open_in_new_tab: true
    policy_engine_mode: any
    provider: !KeyOf hedgedoc_provider
--- a/kimai.yaml.tmpl
+++ b/kimai.yaml.tmpl
@ -37,7 +37,7 @@ entries:
  state: present

 - attrs:
-    meta_launch_url: https://{{ env  "KIMAI_DOMAIN" }}
+    meta_launch_url: https://{{ env  "KIMAI_DOMAIN" }}/auth/saml/login
    open_in_new_tab: true
    policy_engine_mode: any
    provider: !KeyOf kimai_provider
--- a/matrix.yaml.tmpl
+++ b/matrix.yaml.tmpl
@ -16,6 +16,9 @@ entries:
    client_type: confidential
    include_claims_in_id_token: true
    issuer_mode: per_provider
+    redirect_uris:
+    - matching_mode: strict
+      url: https://{{ env  "MATRIX_DOMAIN" }}/_synapse/client/oidc/callback
    name: Matrix
    property_mappings:
    - !Find [authentik_providers_oauth2.scopemapping, [scope_name, openid]]
@ -36,10 +39,10 @@ entries:
    open_in_new_tab: true
    policy_engine_mode: any
    provider: !KeyOf matrix_provider
-    slug: matrix
+    name: Element
  conditions: []
  id: matrix_application
  identifiers:
-    name: Matrix
+    slug: matrix
  model: authentik_core.application
  state: present
--- a/monitoring.yaml.tmpl
+++ b/monitoring.yaml.tmpl
@ -16,6 +16,9 @@ entries:
    client_type: confidential
    include_claims_in_id_token: true
    issuer_mode: per_provider
+    redirect_uris:
+    - matching_mode: strict
+      url: https://{{ env  "MONITORING_DOMAIN" }}/login/generic_oauth
    name: Monitoring
    property_mappings:
    - !Find [authentik_providers_oauth2.scopemapping, [scope_name, openid]]
--- a/nextcloud.yaml.tmpl
+++ b/nextcloud.yaml.tmpl
@ -28,6 +28,9 @@ entries:
    client_type: confidential
    include_claims_in_id_token: true
    issuer_mode: per_provider
+    redirect_uris:
+    - matching_mode: strict
+      url: https://{{ env  "NEXTCLOUD_DOMAIN" }}/apps/sociallogin/custom_oidc/authentik
    name: Nextcloud
    property_mappings:
    - !Find [authentik_providers_oauth2.scopemapping, [scope_name, openid]]
--- a/outline.yaml.tmpl
+++ b/outline.yaml.tmpl
@ -16,6 +16,9 @@ entries:
    client_type: confidential
    include_claims_in_id_token: true
    issuer_mode: per_provider
+    redirect_uris:
+    - matching_mode: strict
+      url: https://{{ env  "OUTLINE_DOMAIN" }}/auth/oidc.callback
    name: Outline
    property_mappings:
    - !Find [authentik_providers_oauth2.scopemapping, [scope_name, openid]]
@ -32,7 +35,7 @@ entries:
  state: present

 - attrs:
-    meta_launch_url: https://{{ env  "OUTLINE_DOMAIN" }}
+    meta_launch_url: https://{{ env  "OUTLINE_DOMAIN" }}/auth/oidc
    open_in_new_tab: true
    policy_engine_mode: any
    provider: !KeyOf outline_provider
--- a/rallly.yaml.tmpl
+++ b/rallly.yaml.tmpl
@ -16,6 +16,9 @@ entries:
    client_type: confidential
    include_claims_in_id_token: true
    issuer_mode: per_provider
+    redirect_uris:
+    - matching_mode: strict
+      url: https://{{ env  "RALLLY_DOMAIN" }}/api/auth/callback/oidc
    name: Rallly
    property_mappings:
    - !Find [authentik_providers_oauth2.scopemapping, [scope_name, openid]]
--- a/vikunja.yaml.tmpl
+++ b/vikunja.yaml.tmpl
@ -16,6 +16,9 @@ entries:
    client_type: confidential
    include_claims_in_id_token: true
    issuer_mode: per_provider
+    redirect_uris:
+    - matching_mode: strict
+      url: https://{{ env  "VIKUNJA_DOMAIN" }}/auth/openid/authentik
    name: Vikunja
    property_mappings:
    - !Find [authentik_providers_oauth2.scopemapping, [scope_name, openid]]
--- a/wekan.yaml.tmpl
+++ b/wekan.yaml.tmpl
@ -33,6 +33,9 @@ entries:
    client_type: confidential
    include_claims_in_id_token: true
    issuer_mode: per_provider
+    redirect_uris:
+    - matching_mode: strict
+      url: https://{{ env  "WEKAN_DOMAIN" }}/_oauth/oidc
    name: Wekan
    property_mappings:
    - !Find [authentik_providers_oauth2.scopemapping, [scope_name, openid]]
--- a/wordpress.yaml.tmpl
+++ b/wordpress.yaml.tmpl
@ -16,6 +16,9 @@ entries:
    client_type: confidential
    include_claims_in_id_token: true
    issuer_mode: per_provider
+    redirect_uris:
+    - matching_mode: strict
+      url: https://{{ env  "WORDPRESS_DOMAIN" }}/openid-connect-authorize
    name: Wordpress
    property_mappings:
    - !Find [authentik_providers_oauth2.scopemapping, [scope_name, openid]]
Author	SHA1	Message	Date
Moritz	38668ee551	add env REDIRECTS	2025-07-01 17:23:12 +02:00
Moritz	8ee0bf9c9e	add env AUTHENTIK_DISABLE_UPDATE_CHECK	2025-07-01 16:37:21 +02:00
Moritz	d0c924a864	chore: publish 6.11.1+2024.10.5 release All checks were successful continuous-integration/drone/tag Build is passing Details continuous-integration/drone/push Build is passing Details	2025-01-20 22:28:24 +01:00
Moritz	5df1f34cd7	UX: rename matrix to element	2025-01-20 22:28:24 +01:00
Moritz	bc62831e58	fix blueprints: add redirect_uris	2025-01-20 22:28:20 +01:00