public/geek-cookbook
1
0
Fork 0
mirror of https://github.com/funkypenguin/geek-cookbook/ synced 2025-12-22 22:21:56 +00:00
Code Issues Releases Wiki Activity

Update for leanpub preview

Browse Source
This commit is contained in:
AutoPenguin
2020-06-03 02:33:48 +00:00
parent 8da6e914a5
commit 3862d7c2f6
91 changed files with 703 additions and 628 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
manuscript/reference/data_layout.md
View File

@@ -1,6 +1,6 @@
# Data layout
The applications deployed in the stack utilize a combination of data-at-rest (_static config, files, etc_) and runtime data (_live database files_). The realtime data can't be [backed up](https://geek-cookbook.funkypenguin.co.nz/)recipes/duplicity) with a simple copy-paste, so where we employ databases, we also include containers to perform a regular export of database data to a filesystem location.
The applications deployed in the stack utilize a combination of data-at-rest (_static config, files, etc_) and runtime data (_live database files_). The realtime data can't be [backed up]https://geek-cookbook.funkypenguin.co.nz/recipes/duplicity) with a simple copy-paste, so where we employ databases, we also include containers to perform a regular export of database data to a filesystem location.
So that we can confidently backup all our data, I've setup a data layout as follows:

4
manuscript/reference/oauth_proxy.md
View File

@@ -15,7 +15,7 @@ This is the role of the OAuth proxy.
When employing the **OAuth proxy** , the proxy sits in the middle of this transaction - traefik sends the web client to the OAuth proxy, the proxy authenticates the user against a 3rd-party source (_GitHub, Google, etc_), and then passes authenticated requests on to the web app in the container.
Illustrated below:
![OAuth proxy](https://geek-cookbook.funkypenguin.co.nz/)images/oauth_proxy.png)
![OAuth proxy]https://geek-cookbook.funkypenguin.co.nz/images/oauth_proxy.png)
The advantage under this design is additional security. If I'm deploying a web app which I expect only myself to require access to, I'll put the oauth_proxy in front of it. The overhead is negligible, and the additional layer of security is well-worth it.
@@ -47,7 +47,7 @@ I created **/var/data/oauth_proxy/authenticated-emails.txt**, and add my own ema
### Configure stack
You'll need to define a service for the oauth_proxy in every stack which you want to protect. Here's an example from the [Wekan](https://geek-cookbook.funkypenguin.co.nz/)recipes/wekan/) recipe:
You'll need to define a service for the oauth_proxy in every stack which you want to protect. Here's an example from the [Wekan]https://geek-cookbook.funkypenguin.co.nz/recipes/wekan/) recipe:
```
proxy: