Add markdown linting (without breaking the site this time!)

manuscript/ha-docker-swarm/traefik-forward-auth/dex-static.md

@@ -49,7 +49,7 @@ staticPasswords:
 
 Create `/var/data/config/traefik-forward-auth/traefik-forward-auth.env` as follows:
 
-```
+```bash
 DEFAULT_PROVIDER: oidc
 PROVIDERS_OIDC_CLIENT_ID: foo                         # This is the staticClients.id value in config.yml above
 PROVIDERS_OIDC_CLIENT_SECRET: bar                     # This is the staticClients.secret value in config.yml above
@@ -176,7 +176,7 @@ Once you redeploy traefik-forward-auth with the above, it **should** use dex as
 
 ### Test
 
-Browse to https://whoami.example.com (_obviously, customized for your domain and having created a DNS record_), and all going according to plan, you'll be redirected to a CoreOS Dex login. Once successfully logged in, you'll be directed to the basic whoami page :thumbsup:
+Browse to <https://whoami.example.com> (_obviously, customized for your domain and having created a DNS record_), and all going according to plan, you'll be redirected to a CoreOS Dex login. Once successfully logged in, you'll be directed to the basic whoami page :thumbsup:
 
 ### Protect services
 

manuscript/ha-docker-swarm/traefik-forward-auth/google.md

@@ -12,9 +12,9 @@ This recipe will illustrate how to point Traefik Forward Auth to Google, confirm
 
 #### TL;DR
 
-Log into https://console.developers.google.com/, create a new project then search for and select "**Credentials**" in the search bar. 
+Log into <https://console.developers.google.com/>, create a new project then search for and select "**Credentials**" in the search bar.
 
- Fill out the "OAuth Consent Screen" tab, and then click, "**Create Credentials**" > "**OAuth client ID**". Select "**Web Application**", fill in the name of your app, skip "**Authorized JavaScript origins**" and fill "**Authorized redirect URIs**" with either all the domains you will allow authentication from, appended with the url-path (*e.g. https://radarr.example.com/_oauth, https://radarr.example.com/_oauth, etc*), or if you don't like frustration, use a "auth host" URL instead, like "*https://auth.example.com/_oauth*" (*see below for details*)
+ Fill out the "OAuth Consent Screen" tab, and then click, "**Create Credentials**" > "**OAuth client ID**". Select "**Web Application**", fill in the name of your app, skip "**Authorized JavaScript origins**" and fill "**Authorized redirect URIs**" with either all the domains you will allow authentication from, appended with the url-path (*e.g. <https://radarr.example.com/_oauth>, <https://radarr.example.com/_oauth>, etc*), or if you don't like frustration, use a "auth host" URL instead, like "*<https://auth.example.com/_oauth>*" (*see below for details*)
 
 #### Monkey see, monkey do 🙈
 
@@ -27,7 +27,7 @@ Here's a [screencast I recorded](https://static.funkypenguin.co.nz/2021/screenca
 
 Create `/var/data/config/traefik-forward-auth/traefik-forward-auth.env` as follows:
 
-```
+```bash
 PROVIDERS_GOOGLE_CLIENT_ID=<your client id>
 PROVIDERS_GOOGLE_CLIENT_SECRET=<your client secret>
 SECRET=<a random string, make it up>
@@ -41,7 +41,7 @@ WHITELIST=you@yourdomain.com, me@mydomain.com
 
 Create `/var/data/config/traefik-forward-auth/traefik-forward-auth.yml` as follows:
 
-```
+```yaml
   traefik-forward-auth:
     image: thomseddon/traefik-forward-auth:2.1.0
     env_file: /var/data/config/traefik-forward-auth/traefik-forward-auth.env
@@ -77,7 +77,7 @@ Create `/var/data/config/traefik-forward-auth/traefik-forward-auth.yml` as follo
 
 If you're not confident that forward authentication is working, add a simple "whoami" test container to the above .yml, to help debug traefik forward auth, before attempting to add it to a more complex container.
 
-```
+```yaml
   # This simply validates that traefik forward authentication is working
   whoami:
     image: containous/whoami
@@ -114,7 +114,7 @@ Deploy traefik-forward-auth with ```docker stack deploy traefik-forward-auth -c
 
 ### Test
 
-Browse to https://whoami.example.com (*obviously, customized for your domain and having created a DNS record*), and all going according to plan, you should be redirected to a Google login. Once successfully logged in, you'll be directed to the basic whoami page.
+Browse to <https://whoami.example.com> (*obviously, customized for your domain and having created a DNS record*), and all going according to plan, you should be redirected to a Google login. Once successfully logged in, you'll be directed to the basic whoami page.
 
 ## Summary
 
@@ -127,4 +127,4 @@ What have we achieved? By adding an additional three simple labels to any servic
 
 [^1]: Be sure to populate `WHITELIST` in `traefik-forward-auth.env`, else you'll happily be granting **any** authenticated Google account access to your services!
 
---8<-- "recipe-footer.md"
+--8<-- "recipe-footer.md"

manuscript/ha-docker-swarm/traefik-forward-auth/keycloak.md

@@ -10,7 +10,7 @@ While the [Traefik Forward Auth](/ha-docker-swarm/traefik-forward-auth/) recipe
 
 Create `/var/data/config/traefik/traefik-forward-auth.env` as follows (_change "master" if you created a different realm_):
 
-```
+```bash
 CLIENT_ID=<your keycloak client name>
 CLIENT_SECRET=<your keycloak client secret>
 OIDC_ISSUER=https://<your keycloak URL>/auth/realms/master
@@ -23,8 +23,8 @@ COOKIE_DOMAIN=<the root FQDN of your domain>
 
 This is a small container, you can simply add the following content to the existing `traefik-app.yml` deployed in the previous [Traefik](/ha-docker-swarm/traefik/) recipe:
 
-```
-  traefik-forward-auth:
+```bash
+ traefik-forward-auth:
     image: funkypenguin/traefik-forward-auth
     env_file: /var/data/config/traefik/traefik-forward-auth.env
     networks:
@@ -39,8 +39,8 @@ This is a small container, you can simply add the following content to the exist
 
 If you're not confident that forward authentication is working, add a simple "whoami" test container, to help debug traefik forward auth, before attempting to add it to a more complex container.
 
-```
-  # This simply validates that traefik forward authentication is working
+```bash
+ # This simply validates that traefik forward authentication is working
   whoami:
     image: containous/whoami
     networks:
@@ -64,13 +64,13 @@ Redeploy traefik with `docker stack deploy traefik-app -c /var/data/traefik/trae
 
 ### Test
 
-Browse to https://whoami.example.com (_obviously, customized for your domain and having created a DNS record_), and all going according to plan, you'll be redirected to a KeyCloak login. Once successfully logged in, you'll be directed to the basic whoami page.
+Browse to <https://whoami.example.com> (_obviously, customized for your domain and having created a DNS record_), and all going according to plan, you'll be redirected to a KeyCloak login. Once successfully logged in, you'll be directed to the basic whoami page.
 
 ### Protect services
 
 To protect any other service, ensure the service itself is exposed by Traefik (_if you were previously using an oauth_proxy for this, you may have to migrate some labels from the oauth_proxy serivce to the service itself_). Add the following 3 labels:
 
-```
+```yaml
 - traefik.frontend.auth.forward.address=http://traefik-forward-auth:4181
 - traefik.frontend.auth.forward.authResponseHeaders=X-Forwarded-User
 - traefik.frontend.auth.forward.trustForwardHeader=true
@@ -89,4 +89,4 @@ What have we achieved? By adding an additional three simple labels to any servic
 
 [^1]: KeyCloak is very powerful. You can add 2FA and all other clever things outside of the scope of this simple recipe ;)
 
---8<-- "recipe-footer.md"
+--8<-- "recipe-footer.md"