mirror of
https://github.com/YunoHost-Apps/outline_ynh.git
synced 2024-09-03 19:56:12 +02:00
Setup LDAP auth for Outline through Dex app
This commit is contained in:
Limezy
parent
afab5522a3
commit
43147112fc
9 changed files with 68 additions and 46 deletions
16
conf/.env
16
conf/.env
|
|
@ -54,8 +54,8 @@ AWS_S3_ACL=private
|
|||
#
|
||||
# When configuring the Client ID, add a redirect URL under "OAuth & Permissions":
|
||||
# https://<URL>/auth/slack.callback
|
||||
SLACK_KEY=__SLACK_KEY__
|
||||
SLACK_SECRET=__SLACK_SECRET__
|
||||
SLACK_KEY=
|
||||
SLACK_SECRET=
|
||||
|
||||
# To configure Google auth, you'll need to create an OAuth Client ID at
|
||||
# => https://console.cloud.google.com/apis/credentials
|
||||
|
|
@ -75,18 +75,18 @@ AZURE_RESOURCE_APP_ID=
|
|||
# To configure generic OIDC auth, you'll need some kind of identity provider.
|
||||
# See documentation for whichever IdP you use to acquire the following info:
|
||||
# Redirect URI is https://<URL>/auth/oidc.callback
|
||||
OIDC_CLIENT_ID=
|
||||
OIDC_CLIENT_SECRET=
|
||||
OIDC_AUTH_URI=
|
||||
OIDC_TOKEN_URI=
|
||||
OIDC_USERINFO_URI=
|
||||
OIDC_CLIENT_ID=__OIDC_NAME__
|
||||
OIDC_CLIENT_SECRET=__OIDC_SECRET__
|
||||
OIDC_AUTH_URI=__DEX_DOMAIN____DEX_PATH__/auth
|
||||
OIDC_TOKEN_URI=__DEX_DOMAIN____DEX_PATH__/token
|
||||
OIDC_USERINFO_URI=__DEX_DOMAIN____DEX_PATH__/userinfo
|
||||
|
||||
# Specify which claims to derive user information from
|
||||
# Supports any valid JSON path with the JWT payload
|
||||
OIDC_USERNAME_CLAIM=preferred_username
|
||||
|
||||
# Display name for OIDC authentication
|
||||
OIDC_DISPLAY_NAME=OpenID
|
||||
OIDC_DISPLAY_NAME=Yunohost
|
||||
|
||||
# Space separated auth scopes.
|
||||
OIDC_SCOPES="openid profile email"
|
||||
|
|
|
|||
|
|
@ -2,22 +2,12 @@
|
|||
|
||||
1. Because this app can't yet run in the CI server, its integration level is unkonwn at the moment and standard Yunohost packages testing couldn't run yet. **Please don't use it on a prod server**
|
||||
2. The app requires MinIO app to be installed (MinIO installation is automatic, though)
|
||||
3. The app is requiring two full dedicated domains (one for MinIO server, one for Outline)
|
||||
3. The app is requiring three domains including two fully dedicated (one for MinIO server, one for Dex, one for Outline)
|
||||
4. ARM architectures are not supported (and may never be as Outline was built for AMD64)
|
||||
5. Not yet working Yunohost SSO integration (for now it requires a Slack account and Slack app - see below)
|
||||
6. Because it's built from sources, the app requires an important amount of RAM, disk and time to install properly
|
||||
|
||||
|
||||
### How to create a "Slack app" and get your "Client ID" and "Signing Secret"
|
||||
### How to create an admin user
|
||||
|
||||
You should perform all below steps before starting the package installation on Yunohost :
|
||||
1. Visit https://api.slack.com/apps
|
||||
2. Sign in into a Slack workspace
|
||||
3. Create a new app from scratch
|
||||
4. Give it a name and associate it to your workspace
|
||||
|
||||
|
||||
|
||||
6. In the basic information tab, you'll find a "Client ID" and a "Signing Secret" - keep both as you'll need them to run the package installation
|
||||
7. Go to "Features" then "OAuth & Permissions"
|
||||
8. Add a new redirect URL. Use https://example.mydomain.fr/auth/slack.callback (assuming https://example.mydomain.fr is the domain on which you will install outline package)
|
||||
The first user to login will automatically be granted admin rights
|
||||
You can then change the user rights by default and/or change the admin user afterwards from the Outline settings page
|
||||
|
|
@ -31,7 +31,9 @@
|
|||
"install" : [
|
||||
{
|
||||
"name": "domain",
|
||||
"type": "domain"
|
||||
"type": "domain",
|
||||
"example": "wiki.domain.tld",
|
||||
"ask": "Domain for Outline app. This will be the main domain to access the wiki. Outline has to be installed at the root"
|
||||
},
|
||||
{
|
||||
"name": "is_public",
|
||||
|
|
@ -49,19 +51,22 @@
|
|||
"default": "en"
|
||||
},
|
||||
{
|
||||
"name": "slack_key",
|
||||
"type": "string",
|
||||
"ask": "Slack Client ID (from https://api.slack.com/apps)"
|
||||
"name": "dex_domain",
|
||||
"type": "domain",
|
||||
"example": "auth.domain.tld",
|
||||
"ask": "Domain for authentification. It can't be the same domain as above. Dex app will be installed and used for the authentification mechanism"
|
||||
},
|
||||
{
|
||||
"name": "slack_secret",
|
||||
"type": "string",
|
||||
"ask": "Slack Client Secret (from https://api.slack.com/apps)"
|
||||
"name": "dex_path",
|
||||
"type": "path",
|
||||
"example": "/example",
|
||||
"default": "/example"
|
||||
},
|
||||
{
|
||||
"name": "minio_domain",
|
||||
"type": "domain",
|
||||
"ask": "Domain for MinIO app (if not yet installed, it will automatically be). Please note that this domain has to be free from any app"
|
||||
"example": "docs.domain.tld",
|
||||
"ask": "Domain for Minio app, used for images and attachements storage. If not yet installed, it will automatically be. Minio has to be installed at the root"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
|
|
|||
|
|
@ -34,13 +34,16 @@ path_url=$(ynh_app_setting_get --app=$app --key=path_url)
|
|||
port=$(ynh_app_setting_get --app=$app --key=port)
|
||||
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
|
||||
language_key=$(ynh_app_setting_get --app=$app --key=language_key)
|
||||
slack_key=$(ynh_app_setting_get --app=$app --key=slack_key)
|
||||
slack_secret=$(ynh_app_setting_get --app=$app --key=slack_secret)
|
||||
secret_key=$(ynh_app_setting_get --app=$app --key=secret_key)
|
||||
utils_secret=$(ynh_app_setting_get --app=$app --key=utils_secret)
|
||||
minio_domain=$(ynh_app_setting_get --app="minio" --key=domain)
|
||||
minio_key=$(ynh_app_setting_get --app="minio" --key=minio_key)
|
||||
mc_path=$(ynh_app_setting_get --app="minio" --key=mc_path)
|
||||
dex_domain=$(ynh_app_setting_get --app="minio" --key=dex_domain)
|
||||
dex_path=$(ynh_app_setting_get --app="minio" --key=dex_path)
|
||||
oidc_secret=$(ynh_app_setting_get --app="minio" --key=oidc_secret)
|
||||
oidc_name=$(ynh_app_setting_get --app="minio" --key=oidc_name)
|
||||
oidc_callback=$(ynh_app_setting_get --app="minio" --key=oidc_callback)
|
||||
|
||||
#=================================================
|
||||
# DECLARE DATA AND CONF FILES TO BACKUP
|
||||
|
|
|
|||
|
|
@ -33,13 +33,16 @@ path_url=$(ynh_app_setting_get --app=$app --key=path_url)
|
|||
port=$(ynh_app_setting_get --app=$app --key=port)
|
||||
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
|
||||
language_key=$(ynh_app_setting_get --app=$app --key=language_key)
|
||||
slack_key=$(ynh_app_setting_get --app=$app --key=slack_key)
|
||||
slack_secret=$(ynh_app_setting_get --app=$app --key=slack_secret)
|
||||
secret_key=$(ynh_app_setting_get --app=$app --key=secret_key)
|
||||
utils_secret=$(ynh_app_setting_get --app=$app --key=utils_secret)
|
||||
minio_domain=$(ynh_app_setting_get --app="minio" --key=domain)
|
||||
minio_key=$(ynh_app_setting_get --app="minio" --key=minio_key)
|
||||
mc_path=$(ynh_app_setting_get --app="minio" --key=mc_path)
|
||||
dex_domain=$(ynh_app_setting_get --app="minio" --key=dex_domain)
|
||||
dex_path=$(ynh_app_setting_get --app="minio" --key=dex_path)
|
||||
oidc_secret=$(ynh_app_setting_get --app="minio" --key=oidc_secret)
|
||||
oidc_name=$(ynh_app_setting_get --app="minio" --key=oidc_name)
|
||||
oidc_callback=$(ynh_app_setting_get --app="minio" --key=oidc_callback)
|
||||
|
||||
#=================================================
|
||||
# BACKUP BEFORE CHANGE URL THEN ACTIVE TRAP
|
||||
|
|
|
|||
|
|
@ -41,9 +41,6 @@ fi
|
|||
secret_key=$(ynh_hex_32_random)
|
||||
utils_secret=$(ynh_hex_32_random)
|
||||
|
||||
slack_key=$YNH_APP_ARG_SLACK_KEY
|
||||
slack_secret=$YNH_APP_ARG_SLACK_SECRET
|
||||
|
||||
app=$YNH_APP_INSTANCE_NAME
|
||||
|
||||
#=================================================
|
||||
|
|
@ -64,6 +61,19 @@ minio_domain=$(ynh_app_setting_get --app="minio" --key=domain)
|
|||
minio_key=$(ynh_app_setting_get --app="minio" --key=minio_key)
|
||||
mc_path=$(ynh_app_setting_get --app="minio" --key=mc_path)
|
||||
|
||||
#=================================================
|
||||
# CHECK IF MINIO IS INSTALLED, IF NOT INSTALL IT
|
||||
#=================================================
|
||||
ynh_script_progression --message="Installing Dex..." --weight=18
|
||||
|
||||
dex_domain=$YNH_APP_ARG_DEX_DOMAIN
|
||||
dex_path=$YNH_APP_ARG_DEX_PATH
|
||||
oidc_secret=$(ynh_hex_32_random)
|
||||
oidc_name="Outline"
|
||||
oidc_callback="$domain/auth/oidc.callback"
|
||||
|
||||
yunohost app install https://github.com/YunoHost-Apps/dex_ynh --force --args "domain=$dex_domain&path=$dex_path&OIDC_name=$oidc_name&OIDC_secret=$oidc_secret&OIDC_callback=$oidc_callback"
|
||||
|
||||
#=================================================
|
||||
# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
|
||||
#=================================================
|
||||
|
|
@ -88,7 +98,11 @@ ynh_app_setting_set --app=$app --key=utils_secret --value=$utils_secret
|
|||
ynh_app_setting_set --app=$app --key=slack_key --value=$slack_key
|
||||
ynh_app_setting_set --app=$app --key=slack_secret --value=$slack_secret
|
||||
ynh_app_setting_set --app=$app --key=language_key --value=$language_key
|
||||
|
||||
ynh_app_setting_set --app=$app --key=dex_domain --value=$dex_domain
|
||||
ynh_app_setting_set --app=$app --key=dex_path --value=$dex_path
|
||||
ynh_app_setting_set --app=$app --key=oidc_name --value=$oidc_name
|
||||
ynh_app_setting_set --app=$app --key=oidc_secret --value=$oidc_secret
|
||||
ynh_app_setting_set --app=$app --key=oidc_callback --value=$oidc_callback
|
||||
|
||||
#=================================================
|
||||
# STANDARD MODIFICATIONS
|
||||
|
|
|
|||
|
|
@ -21,15 +21,16 @@ domain=$(ynh_app_setting_get --app=$app --key=domain)
|
|||
path_url=$(ynh_app_setting_get --app=$app --key=path_url)
|
||||
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
|
||||
language_key=$(ynh_app_setting_get --app=$app --key=language_key)
|
||||
slack_key=$(ynh_app_setting_get --app=$app --key=slack_key)
|
||||
slack_secret=$(ynh_app_setting_get --app=$app --key=slack_secret)
|
||||
secret_key=$(ynh_app_setting_get --app=$app --key=secret_key)
|
||||
utils_secret=$(ynh_app_setting_get --app=$app --key=utils_secret)
|
||||
|
||||
|
||||
minio_domain=$(ynh_app_setting_get --app="minio" --key=domain)
|
||||
minio_key=$(ynh_app_setting_get --app="minio" --key=minio_key)
|
||||
mc_path=$(ynh_app_setting_get --app="minio" --key=mc_path)
|
||||
dex_domain=$(ynh_app_setting_get --app="minio" --key=dex_domain)
|
||||
dex_path=$(ynh_app_setting_get --app="minio" --key=dex_path)
|
||||
oidc_secret=$(ynh_app_setting_get --app="minio" --key=oidc_secret)
|
||||
oidc_name=$(ynh_app_setting_get --app="minio" --key=oidc_name)
|
||||
oidc_callback=$(ynh_app_setting_get --app="minio" --key=oidc_callback)
|
||||
|
||||
#=================================================
|
||||
# STANDARD REMOVE
|
||||
|
|
|
|||
|
|
@ -43,13 +43,16 @@ path_url=$(ynh_app_setting_get --app=$app --key=path_url)
|
|||
port=$(ynh_app_setting_get --app=$app --key=port)
|
||||
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
|
||||
language_key=$(ynh_app_setting_get --app=$app --key=language_key)
|
||||
slack_key=$(ynh_app_setting_get --app=$app --key=slack_key)
|
||||
slack_secret=$(ynh_app_setting_get --app=$app --key=slack_secret)
|
||||
secret_key=$(ynh_app_setting_get --app=$app --key=secret_key)
|
||||
utils_secret=$(ynh_app_setting_get --app=$app --key=utils_secret)
|
||||
minio_domain=$(ynh_app_setting_get --app="minio" --key=domain)
|
||||
minio_key=$(ynh_app_setting_get --app="minio" --key=minio_key)
|
||||
mc_path=$(ynh_app_setting_get --app="minio" --key=mc_path)
|
||||
dex_domain=$(ynh_app_setting_get --app="minio" --key=dex_domain)
|
||||
dex_path=$(ynh_app_setting_get --app="minio" --key=dex_path)
|
||||
oidc_secret=$(ynh_app_setting_get --app="minio" --key=oidc_secret)
|
||||
oidc_name=$(ynh_app_setting_get --app="minio" --key=oidc_name)
|
||||
oidc_callback=$(ynh_app_setting_get --app="minio" --key=oidc_callback)
|
||||
|
||||
#=================================================
|
||||
# CHECK IF THE APP CAN BE RESTORED
|
||||
|
|
|
|||
|
|
@ -22,13 +22,16 @@ path_url=$(ynh_app_setting_get --app=$app --key=path_url)
|
|||
port=$(ynh_app_setting_get --app=$app --key=port)
|
||||
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
|
||||
language_key=$(ynh_app_setting_get --app=$app --key=language_key)
|
||||
slack_key=$(ynh_app_setting_get --app=$app --key=slack_key)
|
||||
slack_secret=$(ynh_app_setting_get --app=$app --key=slack_secret)
|
||||
secret_key=$(ynh_app_setting_get --app=$app --key=secret_key)
|
||||
utils_secret=$(ynh_app_setting_get --app=$app --key=utils_secret)
|
||||
minio_domain=$(ynh_app_setting_get --app="minio" --key=domain)
|
||||
minio_key=$(ynh_app_setting_get --app="minio" --key=minio_key)
|
||||
mc_path=$(ynh_app_setting_get --app="minio" --key=mc_path)
|
||||
dex_domain=$(ynh_app_setting_get --app="minio" --key=dex_domain)
|
||||
dex_path=$(ynh_app_setting_get --app="minio" --key=dex_path)
|
||||
oidc_secret=$(ynh_app_setting_get --app="minio" --key=oidc_secret)
|
||||
oidc_name=$(ynh_app_setting_get --app="minio" --key=oidc_name)
|
||||
oidc_callback=$(ynh_app_setting_get --app="minio" --key=oidc_callback)
|
||||
|
||||
#=================================================
|
||||
# CHECK VERSION
|
||||
|
|
|
|||
Loading…
Reference in a new issue