From 73b18195a4f1bbc84e4983eca9356086a041adf4 Mon Sep 17 00:00:00 2001 From: Peter Sarossy Date: Sun, 1 Sep 2019 19:32:51 -0400 Subject: [PATCH 01/12] Update bitwarden image (#55) The bitwarden image referenced is a fork of the original and not maintained as much as the original... --- manuscript/recipes/bitwarden.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manuscript/recipes/bitwarden.md b/manuscript/recipes/bitwarden.md index 1176fd2..330c842 100644 --- a/manuscript/recipes/bitwarden.md +++ b/manuscript/recipes/bitwarden.md @@ -57,7 +57,7 @@ Create a docker swarm config file in docker-compose syntax (v3), something like version: "3" services: bitwarden: - image: mprasil/bitwarden + image: bitwardenrs/server env_file: /var/data/config/bitwarden/bitwarden.env volumes: - /etc/localtime:/etc/localtime:ro From 25431f4749aa4cc308b85c79c68f1a58d6597444 Mon Sep 17 00:00:00 2001 From: Thomas Date: Tue, 17 Sep 2019 09:30:13 +1200 Subject: [PATCH 02/12] Fixed Broken Links (#60) Some links point to a .md file, causing the formatting to not be loaded, and a 404 error displayed (https://geek-cookbook.funkypenguin.co.nz/recipes/autopirate/sabnzbd.md) Fix by pointing to a directory and not the file. --- manuscript/recipes/autopirate.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manuscript/recipes/autopirate.md b/manuscript/recipes/autopirate.md index 2f6203f..476b90c 100644 --- a/manuscript/recipes/autopirate.md +++ b/manuscript/recipes/autopirate.md @@ -111,8 +111,8 @@ networks: Now work your way through the list of tools below, adding whichever tools your want to use, and finishing with the **end** section: -* [SABnzbd](/recipes/autopirate/sabnzbd.md) -* [NZBGet](/recipes/autopirate/nzbget.md) +* [SABnzbd](/recipes/autopirate/sabnzbd/) +* [NZBGet](/recipes/autopirate/nzbget/) * [RTorrent](/recipes/autopirate/rtorrent/) * [Sonarr](/recipes/autopirate/sonarr/) * [Radarr](/recipes/autopirate/radarr/) From 987201231ffa19542859f376254b16899adf87cd Mon Sep 17 00:00:00 2001 From: Thomas Date: Tue, 17 Sep 2019 09:31:32 +1200 Subject: [PATCH 03/12] Correct image for traefik-forward-auth (#59) thomseddon/traefik-forward-auth does not support the OIDC_ISSUER parameter. --- manuscript/ha-docker-swarm/traefik-forward-auth/keycloak.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manuscript/ha-docker-swarm/traefik-forward-auth/keycloak.md b/manuscript/ha-docker-swarm/traefik-forward-auth/keycloak.md index 3bc230f..dc18d12 100644 --- a/manuscript/ha-docker-swarm/traefik-forward-auth/keycloak.md +++ b/manuscript/ha-docker-swarm/traefik-forward-auth/keycloak.md @@ -52,7 +52,7 @@ This is a small container, you can simply add the following content to the exist ``` traefik-forward-auth: - image: thomseddon/traefik-forward-auth + image: funkypenguin/traefik-forward-auth env_file: /var/data/config/traefik/traefik-forward-auth.env networks: - traefik_public @@ -119,4 +119,4 @@ What have we achieved? By adding an additional three simple labels to any servic ## Chef's Notes 📓 -1. KeyCloak is very powerful. You can add 2FA and all other clever things outside of the scope of this simple recipe ;) \ No newline at end of file +1. KeyCloak is very powerful. You can add 2FA and all other clever things outside of the scope of this simple recipe ;) From d149334879e9c9daa1fb0b5fb4eacfa0a5d262cb Mon Sep 17 00:00:00 2001 From: Sandro Date: Mon, 16 Sep 2019 23:33:28 +0200 Subject: [PATCH 04/12] Fix broken link (#58) --- manuscript/recipes/keycloak.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manuscript/recipes/keycloak.md b/manuscript/recipes/keycloak.md index a238f1e..c396bba 100644 --- a/manuscript/recipes/keycloak.md +++ b/manuscript/recipes/keycloak.md @@ -15,7 +15,7 @@ Existing: * [X] [Docker swarm cluster](/ha-docker-swarm/design/) with [persistent shared storage](/ha-docker-swarm/shared-storage-ceph.md) - * [X] [Traefik](/ha-docker-swarm/traefik_public) configured per design + * [X] [Traefik](/ha-docker-swarm/traefik) configured per design * [X] DNS entry for the hostname (_i.e. "keycloak.your-domain.com"_) you intend to use, pointed to your [keepalived](ha-docker-swarm/keepalived/) IP ## Preparation @@ -144,4 +144,4 @@ Log into your new instance at https://**YOUR-FQDN**, and login with the user/pas [![Common Observatory](../images/common_observatory.png)](https://www.observe.global/) -## Chef's Notes \ No newline at end of file +## Chef's Notes From 63c27b4d125af8548cbe7b98575b8d58dde776d6 Mon Sep 17 00:00:00 2001 From: Sandro Date: Mon, 16 Sep 2019 23:35:38 +0200 Subject: [PATCH 05/12] Fix links (#57) --- manuscript/recipes/keycloak.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/manuscript/recipes/keycloak.md b/manuscript/recipes/keycloak.md index c396bba..64b3e01 100644 --- a/manuscript/recipes/keycloak.md +++ b/manuscript/recipes/keycloak.md @@ -14,9 +14,9 @@ !!! Summary Existing: - * [X] [Docker swarm cluster](/ha-docker-swarm/design/) with [persistent shared storage](/ha-docker-swarm/shared-storage-ceph.md) - * [X] [Traefik](/ha-docker-swarm/traefik) configured per design - * [X] DNS entry for the hostname (_i.e. "keycloak.your-domain.com"_) you intend to use, pointed to your [keepalived](ha-docker-swarm/keepalived/) IP + * [X] [Docker swarm cluster](/ha-docker-swarm/design/) with [persistent shared storage](/ha-docker-swarm/shared-storage-ceph/) + * [X] [Traefik](/ha-docker-swarm/traefik_public) configured per design + * [X] DNS entry for the hostname (_i.e. "keycloak.your-domain.com"_) you intend to use, pointed to your [keepalived](/ha-docker-swarm/keepalived/) IP ## Preparation From b61e11939e9ab49a2b52e3c3520abe0a9dd42067 Mon Sep 17 00:00:00 2001 From: Thor Erik Date: Mon, 16 Sep 2019 23:37:20 +0200 Subject: [PATCH 06/12] Update openldap.md (#56) Add missing [ for link to KeyCloak --- manuscript/recipes/openldap.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manuscript/recipes/openldap.md b/manuscript/recipes/openldap.md index faa54f3..8afcb05 100644 --- a/manuscript/recipes/openldap.md +++ b/manuscript/recipes/openldap.md @@ -439,4 +439,4 @@ Create your users using the "**New User**" button. ## Chef's Notes 📓 -1. The KeyCloak](/recipes/keycloak/authenticate-against-openldap/) recipe illustrates how to integrate KeyCloak with your LDAP directory, giving you a cleaner interface to manage users, and a raft of SSO / OAuth features. +1. [The KeyCloak](/recipes/keycloak/authenticate-against-openldap/) recipe illustrates how to integrate KeyCloak with your LDAP directory, giving you a cleaner interface to manage users, and a raft of SSO / OAuth features. From 47918d7fec2e829e73ecc99441a13c70287db700 Mon Sep 17 00:00:00 2001 From: Peter Sarossy Date: Mon, 16 Sep 2019 16:38:01 -0500 Subject: [PATCH 07/12] The owntracks recorder variable names changed... (#54) --- manuscript/recipes/owntracks.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/manuscript/recipes/owntracks.md b/manuscript/recipes/owntracks.md index e9e9c50..b9c77b4 100644 --- a/manuscript/recipes/owntracks.md +++ b/manuscript/recipes/owntracks.md @@ -35,9 +35,8 @@ OAUTH2_PROXY_CLIENT_SECRET= OAUTH2_PROXY_COOKIE_SECRET= OTR_USER=recorder -OTR_PASSWD=yourpassword -MQTTHOSTNAME=owntracks.example.com -HOSTLIST=owntracks.example.com +OTR_PASS=yourpassword +OTR_HOST=owntracks.example.com ``` ### Setup Docker Swarm From ba3a5204b774dedc569736428b12efa57066de6d Mon Sep 17 00:00:00 2001 From: Benjamin Durham <33912370+Bencey@users.noreply.github.com> Date: Wed, 2 Oct 2019 21:16:16 +1300 Subject: [PATCH 08/12] Update README.md (#66) --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index afbb29e..eecd3b8 100644 --- a/README.md +++ b/README.md @@ -35,4 +35,4 @@ See [my Patreon page](https://www.patreon.com/funkypenguin) for details! ### Hire me 🏢 -Need some system design work done? I do freelance consulting - [contact](https://www.funkypenguin.co.nz/contact/) me for details. +Need some system design work done? I do freelance consulting - [contact](mailto:davidy@funypenguin.co.nz) me for details. From eb50041c32159710e56894658a461a4d1ce32b4b Mon Sep 17 00:00:00 2001 From: Thomas Date: Wed, 2 Oct 2019 21:28:16 +1300 Subject: [PATCH 09/12] Fix formatting error (#65) Fix formatting error, where code block isn't closed --- manuscript/recipes/openldap.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manuscript/recipes/openldap.md b/manuscript/recipes/openldap.md index 8afcb05..aad5e66 100644 --- a/manuscript/recipes/openldap.md +++ b/manuscript/recipes/openldap.md @@ -421,7 +421,7 @@ networks: ### Launch OpenLDAP stack -Create the auth_internal overlay network, by running ```docker stack deploy auth -c /var/data/config/openldap/auth.yml`, then launch the OpenLDAP stack by running ```docker stack deploy openldap -c /var/data/config/openldap/openldap.yml``` +Create the auth_internal overlay network, by running ```docker stack deploy auth -c /var/data/config/openldap/auth.yml```, then launch the OpenLDAP stack by running ```docker stack deploy openldap -c /var/data/config/openldap/openldap.yml``` Log into your new LAM instance at https://**YOUR-FQDN**. From efceda1f68ce46e6e8a75d9038b3642b683ce9d0 Mon Sep 17 00:00:00 2001 From: Sandro Date: Wed, 2 Oct 2019 23:44:09 +0200 Subject: [PATCH 10/12] Fix cookie_domain env (#64) --- manuscript/ha-docker-swarm/traefik-forward-auth/keycloak.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manuscript/ha-docker-swarm/traefik-forward-auth/keycloak.md b/manuscript/ha-docker-swarm/traefik-forward-auth/keycloak.md index dc18d12..126eaf8 100644 --- a/manuscript/ha-docker-swarm/traefik-forward-auth/keycloak.md +++ b/manuscript/ha-docker-swarm/traefik-forward-auth/keycloak.md @@ -43,7 +43,7 @@ CLIENT_SECRET= OIDC_ISSUER=https:///auth/realms/master SECRET= AUTH_HOST= -COOKIE_DOMAINS= +COOKIE_DOMAIN= ``` ### Prepare the docker service config From 4f4a9f751c14ec6af04662d5766d8acaec9ed8e3 Mon Sep 17 00:00:00 2001 From: James Clark Date: Sun, 6 Oct 2019 04:07:50 +0100 Subject: [PATCH 11/12] Update the Docker Hub link for Bitwarden (#70) This confused me when (admittedly not reading properly) the link in Chef's Notes was to a different Docker Image --- manuscript/recipes/bitwarden.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manuscript/recipes/bitwarden.md b/manuscript/recipes/bitwarden.md index 330c842..42f8193 100644 --- a/manuscript/recipes/bitwarden.md +++ b/manuscript/recipes/bitwarden.md @@ -96,6 +96,6 @@ Once you've created your account, jump over to https://bitwarden.com/#download a ## Chef's Notes 📓 -1. You'll notice we're not using the *official* container images (*[all 6 of them required](https://help.bitwarden.com/article/install-on-premise/#install-bitwarden)!)*, but rather a [more lightweight version ideal for self-hosting](https://hub.docker.com/r/mprasil/bitwarden). All of the elements are contained within a single container, and SQLite is used for the database backend. +1. You'll notice we're not using the *official* container images (*[all 6 of them required](https://help.bitwarden.com/article/install-on-premise/#install-bitwarden)!)*, but rather a [more lightweight version ideal for self-hosting](https://hub.docker.com/r/bitwardenrs/server). All of the elements are contained within a single container, and SQLite is used for the database backend. 2. As mentioned above, readers should refer to the [dani-garcia/bitwarden_rs wiki](https://github.com/dani-garcia/bitwarden_rs) for details on customizing the behaviour of Bitwarden. 3. The inclusion of Bitwarden was due to the efforts of @gkoerk in our [Discord server](http://chat.funkypenguin.co.nz)- Thanks Gerry! From e0c529855e8428f00815ade8be37c6b9532a42c3 Mon Sep 17 00:00:00 2001 From: Thomas Date: Mon, 11 Nov 2019 12:38:27 +1300 Subject: [PATCH 12/12] Updated the docker image that is used to the fork (#62) Updated the docker image that is used to the fork for people like me who just copy paste the big code blocks without reading :> --- manuscript/ha-docker-swarm/traefik-forward-auth.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manuscript/ha-docker-swarm/traefik-forward-auth.md b/manuscript/ha-docker-swarm/traefik-forward-auth.md index db69b3f..10f7ef6 100644 --- a/manuscript/ha-docker-swarm/traefik-forward-auth.md +++ b/manuscript/ha-docker-swarm/traefik-forward-auth.md @@ -52,7 +52,7 @@ This is a small container, you can simply add the following content to the exist ``` traefik-forward-auth: - image: thomseddon/traefik-forward-auth + image: funkypenguin/traefik-forward-auth env_file: /var/data/config/traefik/traefik-forward-auth.env networks: - traefik_public @@ -113,4 +113,4 @@ What have we achieved? By adding an additional three simple labels to any servic 1. Traefik forward auth replaces the use of [oauth_proxy containers](/reference/oauth_proxy/) found in some of the existing recipes 2. [@thomaseddon's original version](https://github.com/thomseddon/traefik-forward-auth) of traefik-forward-auth only works with Google currently, but I've created a [fork](https://www.github.com/funkypenguin/traefik-forward-auth) of a [fork](https://github.com/noelcatt/traefik-forward-auth), which implements generic OIDC providers. 3. I reviewed several implementations of forward authenticators for Traefik, but found most to be rather heavy-handed, or specific to a single auth provider. @thomaseddon's go-based docker image is 7MB in size, and with the generic OIDC patch (above), it can be extended to work with any OIDC provider. -4. No, not github natively, but you can ferderate GitHub into KeyCloak, and then use KeyCloak as the OIDC provider. \ No newline at end of file +4. No, not github natively, but you can ferderate GitHub into KeyCloak, and then use KeyCloak as the OIDC provider.