mirror of
https://github.com/YunoHost-Apps/outline_ynh.git
synced 2024-09-03 19:56:12 +02:00
Setup LDAP auth for Outline through Dex app
This commit is contained in:
parent
afab5522a3
commit
43147112fc
9 changed files with 68 additions and 46 deletions
16
conf/.env
16
conf/.env
|
@ -54,8 +54,8 @@ AWS_S3_ACL=private
|
||||||
#
|
#
|
||||||
# When configuring the Client ID, add a redirect URL under "OAuth & Permissions":
|
# When configuring the Client ID, add a redirect URL under "OAuth & Permissions":
|
||||||
# https://<URL>/auth/slack.callback
|
# https://<URL>/auth/slack.callback
|
||||||
SLACK_KEY=__SLACK_KEY__
|
SLACK_KEY=
|
||||||
SLACK_SECRET=__SLACK_SECRET__
|
SLACK_SECRET=
|
||||||
|
|
||||||
# To configure Google auth, you'll need to create an OAuth Client ID at
|
# To configure Google auth, you'll need to create an OAuth Client ID at
|
||||||
# => https://console.cloud.google.com/apis/credentials
|
# => https://console.cloud.google.com/apis/credentials
|
||||||
|
@ -75,18 +75,18 @@ AZURE_RESOURCE_APP_ID=
|
||||||
# To configure generic OIDC auth, you'll need some kind of identity provider.
|
# To configure generic OIDC auth, you'll need some kind of identity provider.
|
||||||
# See documentation for whichever IdP you use to acquire the following info:
|
# See documentation for whichever IdP you use to acquire the following info:
|
||||||
# Redirect URI is https://<URL>/auth/oidc.callback
|
# Redirect URI is https://<URL>/auth/oidc.callback
|
||||||
OIDC_CLIENT_ID=
|
OIDC_CLIENT_ID=__OIDC_NAME__
|
||||||
OIDC_CLIENT_SECRET=
|
OIDC_CLIENT_SECRET=__OIDC_SECRET__
|
||||||
OIDC_AUTH_URI=
|
OIDC_AUTH_URI=__DEX_DOMAIN____DEX_PATH__/auth
|
||||||
OIDC_TOKEN_URI=
|
OIDC_TOKEN_URI=__DEX_DOMAIN____DEX_PATH__/token
|
||||||
OIDC_USERINFO_URI=
|
OIDC_USERINFO_URI=__DEX_DOMAIN____DEX_PATH__/userinfo
|
||||||
|
|
||||||
# Specify which claims to derive user information from
|
# Specify which claims to derive user information from
|
||||||
# Supports any valid JSON path with the JWT payload
|
# Supports any valid JSON path with the JWT payload
|
||||||
OIDC_USERNAME_CLAIM=preferred_username
|
OIDC_USERNAME_CLAIM=preferred_username
|
||||||
|
|
||||||
# Display name for OIDC authentication
|
# Display name for OIDC authentication
|
||||||
OIDC_DISPLAY_NAME=OpenID
|
OIDC_DISPLAY_NAME=Yunohost
|
||||||
|
|
||||||
# Space separated auth scopes.
|
# Space separated auth scopes.
|
||||||
OIDC_SCOPES="openid profile email"
|
OIDC_SCOPES="openid profile email"
|
||||||
|
|
|
@ -2,22 +2,12 @@
|
||||||
|
|
||||||
1. Because this app can't yet run in the CI server, its integration level is unkonwn at the moment and standard Yunohost packages testing couldn't run yet. **Please don't use it on a prod server**
|
1. Because this app can't yet run in the CI server, its integration level is unkonwn at the moment and standard Yunohost packages testing couldn't run yet. **Please don't use it on a prod server**
|
||||||
2. The app requires MinIO app to be installed (MinIO installation is automatic, though)
|
2. The app requires MinIO app to be installed (MinIO installation is automatic, though)
|
||||||
3. The app is requiring two full dedicated domains (one for MinIO server, one for Outline)
|
3. The app is requiring three domains including two fully dedicated (one for MinIO server, one for Dex, one for Outline)
|
||||||
4. ARM architectures are not supported (and may never be as Outline was built for AMD64)
|
4. ARM architectures are not supported (and may never be as Outline was built for AMD64)
|
||||||
5. Not yet working Yunohost SSO integration (for now it requires a Slack account and Slack app - see below)
|
|
||||||
6. Because it's built from sources, the app requires an important amount of RAM, disk and time to install properly
|
6. Because it's built from sources, the app requires an important amount of RAM, disk and time to install properly
|
||||||
|
|
||||||
|
|
||||||
### How to create a "Slack app" and get your "Client ID" and "Signing Secret"
|
### How to create an admin user
|
||||||
|
|
||||||
You should perform all below steps before starting the package installation on Yunohost :
|
The first user to login will automatically be granted admin rights
|
||||||
1. Visit https://api.slack.com/apps
|
You can then change the user rights by default and/or change the admin user afterwards from the Outline settings page
|
||||||
2. Sign in into a Slack workspace
|
|
||||||
3. Create a new app from scratch
|
|
||||||
4. Give it a name and associate it to your workspace
|
|
||||||
|
|
||||||
![image](https://user-images.githubusercontent.com/24638389/134668089-3b1a73f2-dbca-47c4-8e57-1ee26d1c034a.png)
|
|
||||||
|
|
||||||
6. In the basic information tab, you'll find a "Client ID" and a "Signing Secret" - keep both as you'll need them to run the package installation
|
|
||||||
7. Go to "Features" then "OAuth & Permissions"
|
|
||||||
8. Add a new redirect URL. Use https://example.mydomain.fr/auth/slack.callback (assuming https://example.mydomain.fr is the domain on which you will install outline package)
|
|
|
@ -31,7 +31,9 @@
|
||||||
"install" : [
|
"install" : [
|
||||||
{
|
{
|
||||||
"name": "domain",
|
"name": "domain",
|
||||||
"type": "domain"
|
"type": "domain",
|
||||||
|
"example": "wiki.domain.tld",
|
||||||
|
"ask": "Domain for Outline app. This will be the main domain to access the wiki. Outline has to be installed at the root"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"name": "is_public",
|
"name": "is_public",
|
||||||
|
@ -49,19 +51,22 @@
|
||||||
"default": "en"
|
"default": "en"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"name": "slack_key",
|
"name": "dex_domain",
|
||||||
"type": "string",
|
"type": "domain",
|
||||||
"ask": "Slack Client ID (from https://api.slack.com/apps)"
|
"example": "auth.domain.tld",
|
||||||
|
"ask": "Domain for authentification. It can't be the same domain as above. Dex app will be installed and used for the authentification mechanism"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"name": "slack_secret",
|
"name": "dex_path",
|
||||||
"type": "string",
|
"type": "path",
|
||||||
"ask": "Slack Client Secret (from https://api.slack.com/apps)"
|
"example": "/example",
|
||||||
|
"default": "/example"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"name": "minio_domain",
|
"name": "minio_domain",
|
||||||
"type": "domain",
|
"type": "domain",
|
||||||
"ask": "Domain for MinIO app (if not yet installed, it will automatically be). Please note that this domain has to be free from any app"
|
"example": "docs.domain.tld",
|
||||||
|
"ask": "Domain for Minio app, used for images and attachements storage. If not yet installed, it will automatically be. Minio has to be installed at the root"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
|
@ -34,13 +34,16 @@ path_url=$(ynh_app_setting_get --app=$app --key=path_url)
|
||||||
port=$(ynh_app_setting_get --app=$app --key=port)
|
port=$(ynh_app_setting_get --app=$app --key=port)
|
||||||
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
|
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
|
||||||
language_key=$(ynh_app_setting_get --app=$app --key=language_key)
|
language_key=$(ynh_app_setting_get --app=$app --key=language_key)
|
||||||
slack_key=$(ynh_app_setting_get --app=$app --key=slack_key)
|
|
||||||
slack_secret=$(ynh_app_setting_get --app=$app --key=slack_secret)
|
|
||||||
secret_key=$(ynh_app_setting_get --app=$app --key=secret_key)
|
secret_key=$(ynh_app_setting_get --app=$app --key=secret_key)
|
||||||
utils_secret=$(ynh_app_setting_get --app=$app --key=utils_secret)
|
utils_secret=$(ynh_app_setting_get --app=$app --key=utils_secret)
|
||||||
minio_domain=$(ynh_app_setting_get --app="minio" --key=domain)
|
minio_domain=$(ynh_app_setting_get --app="minio" --key=domain)
|
||||||
minio_key=$(ynh_app_setting_get --app="minio" --key=minio_key)
|
minio_key=$(ynh_app_setting_get --app="minio" --key=minio_key)
|
||||||
mc_path=$(ynh_app_setting_get --app="minio" --key=mc_path)
|
mc_path=$(ynh_app_setting_get --app="minio" --key=mc_path)
|
||||||
|
dex_domain=$(ynh_app_setting_get --app="minio" --key=dex_domain)
|
||||||
|
dex_path=$(ynh_app_setting_get --app="minio" --key=dex_path)
|
||||||
|
oidc_secret=$(ynh_app_setting_get --app="minio" --key=oidc_secret)
|
||||||
|
oidc_name=$(ynh_app_setting_get --app="minio" --key=oidc_name)
|
||||||
|
oidc_callback=$(ynh_app_setting_get --app="minio" --key=oidc_callback)
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# DECLARE DATA AND CONF FILES TO BACKUP
|
# DECLARE DATA AND CONF FILES TO BACKUP
|
||||||
|
|
|
@ -33,13 +33,16 @@ path_url=$(ynh_app_setting_get --app=$app --key=path_url)
|
||||||
port=$(ynh_app_setting_get --app=$app --key=port)
|
port=$(ynh_app_setting_get --app=$app --key=port)
|
||||||
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
|
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
|
||||||
language_key=$(ynh_app_setting_get --app=$app --key=language_key)
|
language_key=$(ynh_app_setting_get --app=$app --key=language_key)
|
||||||
slack_key=$(ynh_app_setting_get --app=$app --key=slack_key)
|
|
||||||
slack_secret=$(ynh_app_setting_get --app=$app --key=slack_secret)
|
|
||||||
secret_key=$(ynh_app_setting_get --app=$app --key=secret_key)
|
secret_key=$(ynh_app_setting_get --app=$app --key=secret_key)
|
||||||
utils_secret=$(ynh_app_setting_get --app=$app --key=utils_secret)
|
utils_secret=$(ynh_app_setting_get --app=$app --key=utils_secret)
|
||||||
minio_domain=$(ynh_app_setting_get --app="minio" --key=domain)
|
minio_domain=$(ynh_app_setting_get --app="minio" --key=domain)
|
||||||
minio_key=$(ynh_app_setting_get --app="minio" --key=minio_key)
|
minio_key=$(ynh_app_setting_get --app="minio" --key=minio_key)
|
||||||
mc_path=$(ynh_app_setting_get --app="minio" --key=mc_path)
|
mc_path=$(ynh_app_setting_get --app="minio" --key=mc_path)
|
||||||
|
dex_domain=$(ynh_app_setting_get --app="minio" --key=dex_domain)
|
||||||
|
dex_path=$(ynh_app_setting_get --app="minio" --key=dex_path)
|
||||||
|
oidc_secret=$(ynh_app_setting_get --app="minio" --key=oidc_secret)
|
||||||
|
oidc_name=$(ynh_app_setting_get --app="minio" --key=oidc_name)
|
||||||
|
oidc_callback=$(ynh_app_setting_get --app="minio" --key=oidc_callback)
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# BACKUP BEFORE CHANGE URL THEN ACTIVE TRAP
|
# BACKUP BEFORE CHANGE URL THEN ACTIVE TRAP
|
||||||
|
|
|
@ -41,9 +41,6 @@ fi
|
||||||
secret_key=$(ynh_hex_32_random)
|
secret_key=$(ynh_hex_32_random)
|
||||||
utils_secret=$(ynh_hex_32_random)
|
utils_secret=$(ynh_hex_32_random)
|
||||||
|
|
||||||
slack_key=$YNH_APP_ARG_SLACK_KEY
|
|
||||||
slack_secret=$YNH_APP_ARG_SLACK_SECRET
|
|
||||||
|
|
||||||
app=$YNH_APP_INSTANCE_NAME
|
app=$YNH_APP_INSTANCE_NAME
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
|
@ -64,6 +61,19 @@ minio_domain=$(ynh_app_setting_get --app="minio" --key=domain)
|
||||||
minio_key=$(ynh_app_setting_get --app="minio" --key=minio_key)
|
minio_key=$(ynh_app_setting_get --app="minio" --key=minio_key)
|
||||||
mc_path=$(ynh_app_setting_get --app="minio" --key=mc_path)
|
mc_path=$(ynh_app_setting_get --app="minio" --key=mc_path)
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# CHECK IF MINIO IS INSTALLED, IF NOT INSTALL IT
|
||||||
|
#=================================================
|
||||||
|
ynh_script_progression --message="Installing Dex..." --weight=18
|
||||||
|
|
||||||
|
dex_domain=$YNH_APP_ARG_DEX_DOMAIN
|
||||||
|
dex_path=$YNH_APP_ARG_DEX_PATH
|
||||||
|
oidc_secret=$(ynh_hex_32_random)
|
||||||
|
oidc_name="Outline"
|
||||||
|
oidc_callback="$domain/auth/oidc.callback"
|
||||||
|
|
||||||
|
yunohost app install https://github.com/YunoHost-Apps/dex_ynh --force --args "domain=$dex_domain&path=$dex_path&OIDC_name=$oidc_name&OIDC_secret=$oidc_secret&OIDC_callback=$oidc_callback"
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
|
# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
|
||||||
#=================================================
|
#=================================================
|
||||||
|
@ -88,7 +98,11 @@ ynh_app_setting_set --app=$app --key=utils_secret --value=$utils_secret
|
||||||
ynh_app_setting_set --app=$app --key=slack_key --value=$slack_key
|
ynh_app_setting_set --app=$app --key=slack_key --value=$slack_key
|
||||||
ynh_app_setting_set --app=$app --key=slack_secret --value=$slack_secret
|
ynh_app_setting_set --app=$app --key=slack_secret --value=$slack_secret
|
||||||
ynh_app_setting_set --app=$app --key=language_key --value=$language_key
|
ynh_app_setting_set --app=$app --key=language_key --value=$language_key
|
||||||
|
ynh_app_setting_set --app=$app --key=dex_domain --value=$dex_domain
|
||||||
|
ynh_app_setting_set --app=$app --key=dex_path --value=$dex_path
|
||||||
|
ynh_app_setting_set --app=$app --key=oidc_name --value=$oidc_name
|
||||||
|
ynh_app_setting_set --app=$app --key=oidc_secret --value=$oidc_secret
|
||||||
|
ynh_app_setting_set --app=$app --key=oidc_callback --value=$oidc_callback
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# STANDARD MODIFICATIONS
|
# STANDARD MODIFICATIONS
|
||||||
|
|
|
@ -21,15 +21,16 @@ domain=$(ynh_app_setting_get --app=$app --key=domain)
|
||||||
path_url=$(ynh_app_setting_get --app=$app --key=path_url)
|
path_url=$(ynh_app_setting_get --app=$app --key=path_url)
|
||||||
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
|
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
|
||||||
language_key=$(ynh_app_setting_get --app=$app --key=language_key)
|
language_key=$(ynh_app_setting_get --app=$app --key=language_key)
|
||||||
slack_key=$(ynh_app_setting_get --app=$app --key=slack_key)
|
|
||||||
slack_secret=$(ynh_app_setting_get --app=$app --key=slack_secret)
|
|
||||||
secret_key=$(ynh_app_setting_get --app=$app --key=secret_key)
|
secret_key=$(ynh_app_setting_get --app=$app --key=secret_key)
|
||||||
utils_secret=$(ynh_app_setting_get --app=$app --key=utils_secret)
|
utils_secret=$(ynh_app_setting_get --app=$app --key=utils_secret)
|
||||||
|
|
||||||
|
|
||||||
minio_domain=$(ynh_app_setting_get --app="minio" --key=domain)
|
minio_domain=$(ynh_app_setting_get --app="minio" --key=domain)
|
||||||
minio_key=$(ynh_app_setting_get --app="minio" --key=minio_key)
|
minio_key=$(ynh_app_setting_get --app="minio" --key=minio_key)
|
||||||
mc_path=$(ynh_app_setting_get --app="minio" --key=mc_path)
|
mc_path=$(ynh_app_setting_get --app="minio" --key=mc_path)
|
||||||
|
dex_domain=$(ynh_app_setting_get --app="minio" --key=dex_domain)
|
||||||
|
dex_path=$(ynh_app_setting_get --app="minio" --key=dex_path)
|
||||||
|
oidc_secret=$(ynh_app_setting_get --app="minio" --key=oidc_secret)
|
||||||
|
oidc_name=$(ynh_app_setting_get --app="minio" --key=oidc_name)
|
||||||
|
oidc_callback=$(ynh_app_setting_get --app="minio" --key=oidc_callback)
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# STANDARD REMOVE
|
# STANDARD REMOVE
|
||||||
|
|
|
@ -43,13 +43,16 @@ path_url=$(ynh_app_setting_get --app=$app --key=path_url)
|
||||||
port=$(ynh_app_setting_get --app=$app --key=port)
|
port=$(ynh_app_setting_get --app=$app --key=port)
|
||||||
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
|
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
|
||||||
language_key=$(ynh_app_setting_get --app=$app --key=language_key)
|
language_key=$(ynh_app_setting_get --app=$app --key=language_key)
|
||||||
slack_key=$(ynh_app_setting_get --app=$app --key=slack_key)
|
|
||||||
slack_secret=$(ynh_app_setting_get --app=$app --key=slack_secret)
|
|
||||||
secret_key=$(ynh_app_setting_get --app=$app --key=secret_key)
|
secret_key=$(ynh_app_setting_get --app=$app --key=secret_key)
|
||||||
utils_secret=$(ynh_app_setting_get --app=$app --key=utils_secret)
|
utils_secret=$(ynh_app_setting_get --app=$app --key=utils_secret)
|
||||||
minio_domain=$(ynh_app_setting_get --app="minio" --key=domain)
|
minio_domain=$(ynh_app_setting_get --app="minio" --key=domain)
|
||||||
minio_key=$(ynh_app_setting_get --app="minio" --key=minio_key)
|
minio_key=$(ynh_app_setting_get --app="minio" --key=minio_key)
|
||||||
mc_path=$(ynh_app_setting_get --app="minio" --key=mc_path)
|
mc_path=$(ynh_app_setting_get --app="minio" --key=mc_path)
|
||||||
|
dex_domain=$(ynh_app_setting_get --app="minio" --key=dex_domain)
|
||||||
|
dex_path=$(ynh_app_setting_get --app="minio" --key=dex_path)
|
||||||
|
oidc_secret=$(ynh_app_setting_get --app="minio" --key=oidc_secret)
|
||||||
|
oidc_name=$(ynh_app_setting_get --app="minio" --key=oidc_name)
|
||||||
|
oidc_callback=$(ynh_app_setting_get --app="minio" --key=oidc_callback)
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# CHECK IF THE APP CAN BE RESTORED
|
# CHECK IF THE APP CAN BE RESTORED
|
||||||
|
|
|
@ -22,13 +22,16 @@ path_url=$(ynh_app_setting_get --app=$app --key=path_url)
|
||||||
port=$(ynh_app_setting_get --app=$app --key=port)
|
port=$(ynh_app_setting_get --app=$app --key=port)
|
||||||
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
|
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
|
||||||
language_key=$(ynh_app_setting_get --app=$app --key=language_key)
|
language_key=$(ynh_app_setting_get --app=$app --key=language_key)
|
||||||
slack_key=$(ynh_app_setting_get --app=$app --key=slack_key)
|
|
||||||
slack_secret=$(ynh_app_setting_get --app=$app --key=slack_secret)
|
|
||||||
secret_key=$(ynh_app_setting_get --app=$app --key=secret_key)
|
secret_key=$(ynh_app_setting_get --app=$app --key=secret_key)
|
||||||
utils_secret=$(ynh_app_setting_get --app=$app --key=utils_secret)
|
utils_secret=$(ynh_app_setting_get --app=$app --key=utils_secret)
|
||||||
minio_domain=$(ynh_app_setting_get --app="minio" --key=domain)
|
minio_domain=$(ynh_app_setting_get --app="minio" --key=domain)
|
||||||
minio_key=$(ynh_app_setting_get --app="minio" --key=minio_key)
|
minio_key=$(ynh_app_setting_get --app="minio" --key=minio_key)
|
||||||
mc_path=$(ynh_app_setting_get --app="minio" --key=mc_path)
|
mc_path=$(ynh_app_setting_get --app="minio" --key=mc_path)
|
||||||
|
dex_domain=$(ynh_app_setting_get --app="minio" --key=dex_domain)
|
||||||
|
dex_path=$(ynh_app_setting_get --app="minio" --key=dex_path)
|
||||||
|
oidc_secret=$(ynh_app_setting_get --app="minio" --key=oidc_secret)
|
||||||
|
oidc_name=$(ynh_app_setting_get --app="minio" --key=oidc_name)
|
||||||
|
oidc_callback=$(ynh_app_setting_get --app="minio" --key=oidc_callback)
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# CHECK VERSION
|
# CHECK VERSION
|
||||||
|
|
Loading…
Reference in a new issue