Misc housekeeping tidy-ups

2025-12-13 17:56:26 +00:00 · 2021-10-27 14:41:40 +13:00
parent 5411b1b173
commit ffa4314919
16 changed files with 226 additions and 123 deletions
--- a/manuscript/ha-docker-swarm/traefik-forward-auth/index.md
+++ b/manuscript/ha-docker-swarm/traefik-forward-auth/index.md
--- a/manuscript/ha-docker-swarm/traefik-forward-auth/keycloak.md
+++ b/manuscript/ha-docker-swarm/traefik-forward-auth/keycloak.md
@@ -2,6 +2,9 @@

 While the [Traefik Forward Auth](/ha-docker-swarm/traefik-forward-auth/) recipe demonstrated a quick way to protect a set of explicitly-specified URLs using OIDC credentials from a Google account, this recipe will illustrate how to use your own KeyCloak instance to secure **any** URLs within your DNS domain.

+!!! tip "Keycloak with Traefik"
+    Did you land here from Google, looking for information about using Keycloak with Traefik? All this and more is covered in the [Keycloak][keycloak] recipe!
+
 --8<-- "recipe-tfa-ingredients.md"

 ## Preparation
--- a/manuscript/index.md
+++ b/manuscript/index.md
@@ -91,6 +91,10 @@ Need some Cloud / Microservices / DevOps / Infrastructure design work done? I'm

 I'm publishing the Geek Cookbook as a formal eBook (*PDF, mobi, epub*), on Leanpub (<https://leanpub.com/geek-cookbook>). Check it out!

+### Buy me a coffee ☕️
+
+A sponsorship is too much commitment, and a book is TL;DR? Hit me up with a [one-time caffine shot](https://www.buymeacoffee.com/funkypenguin)!
+
 ### Sponsored Projects

 I'm supported and motivated by [GitHub Sponsors](https://github.com/sponsors/funkypenguin), [Patreon patrons](https://www.patreon.com/funkypenguin) and [LeanPub readers](https://leanpub.com/geeks-cookbook) who have generously sponsored me.
--- a/manuscript/premix/index.md
+++ b/manuscript/premix/index.md
--- a/manuscript/recipes/homeassistant/ibeacon.md
+++ b/manuscript/recipes/homeassistant/ibeacon.md
@@ -1,26 +0,0 @@
-# iBeacons with Home assistant
-
-!!! warning
-This is not a complete recipe - it's an optional additional of the [HomeAssistant](/recipes/homeassistant/) "recipe", since it only applies to a subset of users
-
-One of the most useful features of Home Assistant is location awareness. I don't care if someone opens my office door when I'm home, but you bet I care about (_and want to be notified_) it if I'm away!
-
-## Ingredients
-
-1. [HomeAssistant](/recipes/homeassistant/) per recipe
-2. iBeacon(s) - This recipe is for <https://s.click.aliexpress.com/e/bzyLCnAp>
-3. [LightBlue Explorer](https://itunes.apple.com/nz/app/lightblue-explorer/id557428110?mt=8)
-
-## Preparation
-
-### Write UUID to iBeacon
-
-The iBeacons come with no UUID. We use the LightBlue Explorer app to pair with them (_code is "123456"_), and assign own own UUID.
-
-Generate your own UUID, or get a random one at <https://www.uuidgenerator.net/>
-
-Plug in your iBeacon, launch LightBlue Explorer, and find your iBeacon. The first time you attempt to interrogate it, you'll be prompted to pair. Although it's not recorded anywhere in the documentation (_grr!_), the pairing code is **123456**
-
-Having paired, you'll be able to see the vital statistics of your iBeacon.
-
--8<-- "recipe-footer.md"
--- a/manuscript/recipes/keycloak/index.md
+++ b/manuscript/recipes/keycloak/index.md
@@ -4,9 +4,11 @@ description: Kick-ass OIDC and identity management

 # KeyCloak

-[KeyCloak](https://www.keycloak.org/) is "_an open source identity and access management solution_". Using a local database, or a variety of backends (_think [OpenLDAP](/recipes/openldap/)_), you can provide Single Sign-On (SSO) using OpenID, OAuth 2.0, and SAML. KeyCloak's OpenID provider can be used in combination with [Traefik Forward Auth](/ha-docker-swarm/traefik-forward-auth/), to protect [vulnerable services](/recipes/autopirate/nzbget/) with an extra layer of authentication.
+[KeyCloak](https://www.keycloak.org/) is "_an open source identity and access management solution_". Using a local database, or a variety of backends (_think [OpenLDAP](/recipes/openldap/)_), you can provide Single Sign-On (SSO) using OpenID, OAuth 2.0, and SAML.

-![KeyCloak Screenshot](../images/keycloak.png)
+KeyCloak's OpenID provider can also be used in combination with [Traefik Forward Auth](/ha-docker-swarm/traefik-forward-auth/), to protect [vulnerable services](/recipes/autopirate/nzbget/) with an extra layer of authentication.
+
+![KeyCloak Screenshot](../../images/keycloak.png)

 --8<-- "recipe-standard-ingredients.md"

@@ -39,7 +41,7 @@ KEYCLOAK_PASSWORD=ilovepasswords
 PROXY_ADDRESS_FORWARDING=true

 # What's our hostname?
-KEYCLOAK_HOSTNAME=keycloak.batcave.com
+KEYCLOAK_HOSTNAME=keycloak.example.com

 # Tell Postgress what user/password to create
 POSTGRES_USER=keycloak
@@ -76,20 +78,19 @@ services:
      - internal
    deploy:
      labels:
-        # traefik common
+        # traefik
        - traefik.enable=true
        - traefik.docker.network=traefik_public

        # traefikv1
        - traefik.frontend.rule=Host:keycloak.example.com
-        - traefik.port=8080     
+        - traefik.port=8080

        # traefikv2
        - "traefik.http.routers.keycloak.rule=Host(`keycloak.example.com`)"
+        - "traefik.http.routers.keycloak.entrypoints=https"
        - "traefik.http.services.keycloak.loadbalancer.server.port=8080"
-        - "traefik.enable=true"
-
-
+      
  keycloak-db:
    env_file: /var/data/config/keycloak/keycloak.env
    image: postgres:10.1
@@ -136,6 +137,8 @@ networks:

 Launch the KeyCloak stack by running `docker stack deploy keycloak -c <path -to-docker-compose.yml>`

-Log into your new instance at https://**YOUR-FQDN**, and login with the user/password you defined in `keycloak.env`.
+Log into your new instance at `https://YOUR-FQDN`, and login with the user/password you defined in `keycloak.env`.

 --8<-- "recipe-footer.md"
+
+[^1]: For more geeky {--pain--}{++fun++}, try integrating KeyCloak with [OpenLDAP][openldap] for an authentication backend!
--- a/manuscript/support.md
+++ b/manuscript/support.md
@@ -63,7 +63,7 @@ I'm also writing the Geek Cookbook as a formal eBook, on Leanpub (<https://leanp

 ### Buy me a coffee ☕️

-Want to hit me with an (anonymous) thank-you? [Buy me a coffee](https://www.buymeacoffee.com/funkypenguin)!
+A sponsorship is too much commitment, and a book is TL;DR? Hit me up with a [one-time caffine shot](https://www.buymeacoffee.com/funkypenguin)!

 ### Engage me 🏢

@@ -82,4 +82,5 @@ Need some Cloud / Microservices / DevOps / Infrastructure design work done? I'm
 [12]: https://github.com/funkypenguin
 [13]: https://www.youracclaim.com/badges/a0c4a196-55ab-4472-b46b-b610b44dc00f/public_url
 [14]: https://www.funkypenguin.co.nz
-[contact]:         https://www.funkypenguin.co.nz
+[contact]:         https://www.funkypenguin.co.nz/contact
+[aws_cert]:         https://www.youracclaim.com/badges/a0c4a196-55ab-4472-b46b-b610b44dc00f/public_url