forked from coop-cloud/authentik
Compare commits
17 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
96aedac582
|
|||
|
3eb185d96a
|
|||
|
9855ad16a1
|
|||
| c15f2adcba | |||
| 08118088a8 | |||
| 14e1d61343 | |||
| 04a370699d | |||
| efd67032cf | |||
| 6b627c6db7 | |||
| c90b3c6881 | |||
| e7af2b541e | |||
|
ea9b0ebd55
|
|||
|
06aafce852
|
|||
| 3c2b248304 | |||
| bda409290e | |||
| 77d79b3a07 | |||
| ac7192e6ab |
@ -9,9 +9,14 @@ ENABLE_BACKUPS=true
|
||||
DOMAIN=authentik.example.com
|
||||
## Domain aliases
|
||||
#EXTRA_DOMAINS=', `www.authentik.example.com`'
|
||||
# Redirects
|
||||
# All redirect domains have to be added to extra_domains as well)
|
||||
# multiple redirects can be added by seperating them with a | character
|
||||
#REDIRECTS=www.authentik.example.com
|
||||
COMPOSE_FILE="compose.yml"
|
||||
AUTHENTIK_DEFAULT_USER_CHANGE_USERNAME=false
|
||||
AUTHENTIK_LOG_LEVEL=info
|
||||
# AUTHENTIK_DISABLE_UPDATE_CHECK=false
|
||||
# AUTHENTIK_IMPERSONATION=true
|
||||
# AUTHENTIK_FOOTER_LINKS='[{"name": "My Organization","href":"https://example.com"}]'
|
||||
# WORKERS=1
|
||||
|
||||
41
README.md
41
README.md
@ -52,6 +52,16 @@ APP_ICONS="nextcloud:~/.abra/recipes/authentik/icons/nextcloud.png"
|
||||
|
||||
Set the nextcloud Icon using `abra app cmd -l -d <app_name> set_icons`
|
||||
|
||||
Generate OAuth client id and secret using `abra app secret generate <app_name> -a` (all secrets) or individually:
|
||||
- `abra app secret generate <app_name> nextcloud_id`
|
||||
- `abra app secret generate <app_name> nextcloud_secret`
|
||||
|
||||
Add the id and secret to nextcloud as secrets with:
|
||||
- `abra app secret insert <nextcloud_app_name> authentik_id v1 <id>`
|
||||
- `abra app secret insert <nextcloud_app_name> authentik_secret v1 <secret>`
|
||||
|
||||
Redeploy Authentik to enable the nextcloud client.
|
||||
|
||||
The configuration inside Nextcloud can be found in the [nextcloud recipe](https://git.coopcloud.tech/coop-cloud/nextcloud#authentik-integration)
|
||||
|
||||
## Add LDAP outpost
|
||||
@ -95,6 +105,25 @@ Run this command after every deploy/upgrade:
|
||||
|
||||
`abra app command --local <app-name> customize <assets_path>`
|
||||
|
||||
## Custom CSS
|
||||
|
||||
Uncomment the following env:
|
||||
|
||||
```
|
||||
COMPOSE_FILE="$COMPOSE_FILE:compose.css-volume.yml"
|
||||
```
|
||||
|
||||
Redeploy the app:
|
||||
```
|
||||
abra app deploy -f <app_name>
|
||||
```
|
||||
|
||||
Copy the CSS and restart the container:
|
||||
```
|
||||
abra app cp <app_name> my_custom.css app:/web/dist/assets/custom.css
|
||||
abra app restart <app_name> app
|
||||
```
|
||||
|
||||
## Email templates
|
||||
|
||||
Add custom [email templates](https://goauthentik.io/docs/flow/stages/email/#custom-templates):
|
||||
@ -105,15 +134,15 @@ Add custom [email templates](https://goauthentik.io/docs/flow/stages/email/#cust
|
||||
|
||||
These blueprints overwrite default blueprint values:
|
||||
|
||||
- flow_translation.yaml
|
||||
- flow_authentication.yaml
|
||||
- `flow_translation.yaml`
|
||||
- `flow_authentication.yaml`
|
||||
|
||||
The following default blueprints will be overwritten by customizations:
|
||||
|
||||
- flow-password-change.yaml
|
||||
- flow-default-authentication-flow.yaml
|
||||
- flow-default-user-settings-flow.yaml
|
||||
- flow-default-source-enrollment.yaml
|
||||
- `flow-password-change.yaml`
|
||||
- `flow-default-authentication-flow.yaml`
|
||||
- `flow-default-user-settings-flow.yaml`
|
||||
- `flow-default-source-enrollment.yaml`
|
||||
|
||||
The `abra.sh` function `apply_blueprints` needs to be executed to deactivate these blueprints to ensure that the customizations won't be overwritten. It will further execute flow_translation.yaml and flow_authentication.yaml again.
|
||||
|
||||
|
||||
@ -3,7 +3,7 @@ services:
|
||||
app:
|
||||
deploy:
|
||||
labels:
|
||||
- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect-matrix-well-known"
|
||||
- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect,${STACK_NAME}-frameOptions,${STACK_NAME}-redirect,${STACK_NAME}-redirect-matrix-well-known"
|
||||
- "traefik.http.middlewares.${STACK_NAME}-redirect-matrix-well-known.redirectregex.regex=^https://(.*)/.well-known/matrix/(.*)"
|
||||
- "traefik.http.middlewares.${STACK_NAME}-redirect-matrix-well-known.redirectregex.replacement=https://${MATRIX_DOMAIN}/.well-known/matrix/$$2"
|
||||
worker:
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
version: "3.8"
|
||||
services:
|
||||
authentik_ldap:
|
||||
image: ghcr.io/goauthentik/ldap:2025.2.0
|
||||
image: ghcr.io/goauthentik/ldap:2025.6.3
|
||||
# Optionally specify which networks the container should be
|
||||
# might be needed to reach the core authentik server
|
||||
networks:
|
||||
|
||||
18
compose.yml
18
compose.yml
@ -17,6 +17,7 @@ x-env: &env
|
||||
- AUTHENTIK_EMAIL__TIMEOUT
|
||||
- AUTHENTIK_EMAIL__FROM
|
||||
- AUTHENTIK_LOG_LEVEL
|
||||
- AUTHENTIK_DISABLE_UPDATE_CHECK
|
||||
- BACKGROUND_FONT_COLOR=${BACKGROUND_FONT_COLOR:-white}
|
||||
- BACKGROUND_BOX_COLOR=${BACKGROUND_BOX_COLOR:-#eaeaeacf}
|
||||
- AUTHENTIK_FOOTER_LINKS
|
||||
@ -34,7 +35,7 @@ x-env: &env
|
||||
version: '3.8'
|
||||
services:
|
||||
app:
|
||||
image: ghcr.io/goauthentik/server:2025.2.0
|
||||
image: ghcr.io/goauthentik/server:2025.6.3
|
||||
command: server
|
||||
depends_on:
|
||||
- db
|
||||
@ -67,16 +68,17 @@ services:
|
||||
- "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
|
||||
- "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
|
||||
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
||||
- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect,${STACK_NAME}-frameOptions"
|
||||
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
|
||||
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
|
||||
- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect,${STACK_NAME}-frameOptions,${STACK_NAME}-redirect"
|
||||
- "traefik.http.middlewares.${STACK_NAME}-frameOptions.headers.customFrameOptionsValue=SAMEORIGIN"
|
||||
- "traefik.http.middlewares.${STACK_NAME}-frameOptions.headers.contentSecurityPolicy=frame-ancestors ${X_FRAME_OPTIONS_ALLOW_FROM}"
|
||||
- "coop-cloud.${STACK_NAME}.version=7.0.0+2025.2.0"
|
||||
- "coop-cloud.${STACK_NAME}.version=7.4.0+2025.6.3"
|
||||
- "traefik.http.middlewares.${STACK_NAME}-redirect.redirectregex.regex=^https://(${REDIRECTS})/(.*)"
|
||||
- "traefik.http.middlewares.${STACK_NAME}-redirect.redirectregex.replacement=https://${DOMAIN}/$${2}"
|
||||
- "traefik.http.middlewares.${STACK_NAME}-redirect.redirectregex.permanent=true"
|
||||
- "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
|
||||
|
||||
worker:
|
||||
image: ghcr.io/goauthentik/server:2025.2.0
|
||||
image: ghcr.io/goauthentik/server:2025.6.3
|
||||
command: worker
|
||||
depends_on:
|
||||
- db
|
||||
@ -117,7 +119,7 @@ services:
|
||||
start_period: 5m
|
||||
|
||||
db:
|
||||
image: postgres:15.12
|
||||
image: postgres:15.13
|
||||
secrets:
|
||||
- db_password
|
||||
configs:
|
||||
@ -152,7 +154,7 @@ services:
|
||||
backupbot.restore.post-hook: '/pg_backup.sh restore'
|
||||
|
||||
redis:
|
||||
image: redis:7.4.2-alpine
|
||||
image: redis:8.0.2-alpine
|
||||
command: --save 60 1 --loglevel warning
|
||||
networks:
|
||||
- internal
|
||||
|
||||
3
release/7.4.0+2025.6.3
Normal file
3
release/7.4.0+2025.6.3
Normal file
@ -0,0 +1,3 @@
|
||||
Adds following new envs:
|
||||
REDIRECTS
|
||||
AUTHENTIK_DISABLE_UPDATE_CHECK
|
||||
Reference in New Issue
Block a user