From d9cfc401ce7c3e7fb335152013557e5c2e1afe1a Mon Sep 17 00:00:00 2001 From: James Elliott Date: Thu, 30 Jun 2022 14:02:00 +1000 Subject: [PATCH] docs: use details shortcode (#3586) Co-authored-by: Amir Zarrinkafsh --- .../en/integration/deployment/docker.md | 12 +++++++ .../index.md => introduction.md} | 5 +-- .../kubernetes/introduction/kubernetes.png | Bin 27869 -> 0 bytes .../en/integration/kubernetes/secrets.md | 12 +++++-- .../integration/kubernetes/traefik-ingress.md | 12 +++++++ docs/content/en/integration/proxies/caddy.md | 13 ++++--- docs/content/en/integration/proxies/nginx.md | 34 ++++++++++++------ .../content/en/integration/proxies/traefik.md | 19 ++++++---- 8 files changed, 76 insertions(+), 31 deletions(-) rename docs/content/en/integration/kubernetes/{introduction/index.md => introduction.md} (95%) delete mode 100644 docs/content/en/integration/kubernetes/introduction/kubernetes.png diff --git a/docs/content/en/integration/deployment/docker.md b/docs/content/en/integration/deployment/docker.md index d1fe04032..42109751f 100644 --- a/docs/content/en/integration/deployment/docker.md +++ b/docs/content/en/integration/deployment/docker.md @@ -54,7 +54,9 @@ It expects the following: Use this [Standalone Example](#standalone-example) if you want to use [docker secrets](https://docs.docker.com/engine/swarm/secrets/). +{{< details "docker-compose.yml" >}} ```yaml +--- version: "3.8" secrets: JWT_SECRET: @@ -87,14 +89,18 @@ networks: net: external: true name: net +... ``` +{{< /details >}} #### Using a Secrets Volume Use this [Standalone Example](#standalone-example) if you want to use a standard [docker volume](https://docs.docker.com/storage/volumes/) or bind mount for your secrets. +{{< details "docker-compose.yml" >}} ```yaml +--- version: "3.8" services: authelia: @@ -119,6 +125,8 @@ networks: external: true name: net ``` +... +{{< /details >}} ### Bundles @@ -184,7 +192,9 @@ The example below includes the additional `ports` option which must be added in [Standalone Example](#standalone-example) above. The example allows *Authelia* to be communicated with over the localhost IP address `127.0.0.1` on port `9091`. You need to adjust this to your specific needs. +{{< details "docker-compose.yml" >}} ```yaml +--- services: authelia: container_name: authelia @@ -197,7 +207,9 @@ services: - 9091 ports: - "127.0.0.1:9091:9091" +... ``` +{{< /details >}} [Docker]: https://docker.com [Docker Compose]: https://docs.docker.com/compose/ diff --git a/docs/content/en/integration/kubernetes/introduction/index.md b/docs/content/en/integration/kubernetes/introduction.md similarity index 95% rename from docs/content/en/integration/kubernetes/introduction/index.md rename to docs/content/en/integration/kubernetes/introduction.md index 675ecf770..e9bd8dbc5 100644 --- a/docs/content/en/integration/kubernetes/introduction/index.md +++ b/docs/content/en/integration/kubernetes/introduction.md @@ -14,7 +14,7 @@ aliases: - /i/k8s --- -{{< figure src="kubernetes.png" alt="Kubernetes" width="100" style="padding-right: 10px" >}} +{{< figure src="/images/logos/kubernetes.png" alt="Kubernetes" width="100" style="padding-right: 10px" >}} ## UNDER CONSTRUCTION @@ -63,9 +63,6 @@ spec: ... ``` -## Secrets - - ## FAQ ### RAM usage diff --git a/docs/content/en/integration/kubernetes/introduction/kubernetes.png b/docs/content/en/integration/kubernetes/introduction/kubernetes.png deleted file mode 100644 index 5e2b1ab757bffb151626999ea555dc107bbdc476..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 27869 zcmbqa^LHKJ*S>KY+qP{qM&qQh?WD17+iK9*PGh^V&BjjSChzp~{S)3F?pm|%oxA6p zeKw!{Or(;66e1iR90&wL{30!`0s?_0{QJN{1K$Mna7}_hwm-gzi>P|!oae%LsH&}v ze9U{ZQ3lGPc_oqF$AwUlfQ#DNFx$YmR!4VLZP#?P*X*6PW7TQc($iI~pu)@lXca#G zL`v$**5y0Rn`!Ano0+LYee@_`g2MKg_tW|6HLsPv&yWQNK@yDxsvo$B`C$kb^6#53 zeHgI8z(rCJEebSnK>_uZ1Od2^hAR=q0WK0To;`4tAc7w5WIHM zyp@#$NkU{G7(xbYf$n>rU6}&}L4J_eoB^DdQJCH2*#;se&uEFC!GcMdfQ9oBiaXxt z)dy_6?t|&V8=xtoiB4!X9Us#bzWA|dl%WS_h)4x!t-de29w$W>iEIw<&A0!RqPO#X9MOy9iRh- z_nt98XD0{gaD1xOdETLkjFR49tUrXj^(wK9vC#^c{U-M6ceMyp3ECIRYZPlz#q7eoZwLGhL+_=>or2-06`baBg|MGGSUtdZ1eZ^-`{P`wjK z1N@lsA-AQfZWn zOG*Ow8@qo!Q<0APL;l1v#C5~CTUbUNOe!hQMa3{RI1hZU=cHOH3nyp`x~|OY@7tAN zxW93x4nm(1uv47hovi;3IJ9qH4%J)Us^1CJ`g}URM5OD7eAYUIf&iRWrx-&V zlbCt-uPIda{ULv9_D9;Ikp0CA<|ftZzdy_ez?mDRaeM{<59S7R#|LTzy&(q3o^!gQ zwScwZ_s$8*T7+ki8D0PL>8VKU57%!RZ_8r9?}~;{@!Vhuq## z6Kn%!2O7jzzdV@#w1;bte5J*g{b$|S0s1RROiE;{ss>maY_AyTc1Rz6zl;FnfF0mo zp*|hmaOx&m0q9;DE_OAt$`8A5_NrgBn)1;JWC5ZvhYCodhBKrOKn}hXt6j3wY3p!X z*MV(TjqG9yLjV+#$l@4H4ps6H9c6BL`p{Z&4m}HJ^zv zKIj9$0ac)+=H6s7$UZRS5*kK@%n|`dlhU>)>;pYw^3R2+!hWnk?r^yeMKQ@H3%NhjqzRaR~Qr#*G7f&0ERSmvEI$LnWIMP zKZ7%spbYQ^>r`&`(hn&HxhrIVpNIn+I$N)KnjX4@kW3N>I|p4Wchb}Y+i_#c*g2*c zWQ_9xA%of=1M~p_b8y4~%b>SnKy_l1WG4hHP)Wms(H|HkIlD!G0rfx_qI>JbG?ftb zzKT2+V4t-x>h4!En}9uXgwZB&Q0Tvva`5P)1GZG!(90uc*bn*)agA)Cx9VO+!zyS5 zNAc^J)AutFXP$3r+OX^Qgu+I}L7iYbTVZ<9^pAdgQs;kIctQY4!rz#KfIxa$BX*Pn zX~-4O2$nIZj~zUVgdFez(p2j5d#`A>gC~D~$u+KxOeB*F9L;bW@(%`ixQd^qAO=3d#C0 z{}>K(I77^U^-WBAb=B%jn6zd}-wg0XmYcLwE%T#@J5UbhxAGcHZ#@L)ct|iG_?_Ui zisq{&TTP`A2DFoYj0nicWk(!Dq~%4>C3FJ$LlzDKDi6ZWHz25{BQf=iOaOQFVMK_} ztVbV@YD)FMds{O8?1|^*Jtu!?$3gg{gtVguB37&Y-ct;u7#vx!G-$a%=>U%#17wgt z$bk_Qy<%g`LLp7@x#MpQplam0Lh&0TIB|+K%#YYu?2p_}y)^#>;qE|P8+Fp$gahgT zJO>rnEF@K4RAt1ny#Vx%DPYJ?p_&LvGyw$JaL-zFB+#l05=x6G1^()F)RNW=(U0Cb ztrjQeIPh)o@ZJQFL7D`cRG%Sb{k{l+kVm9O8e-@^iKL7Kpaw_GB#Q<4b=fj&byw00N|wFFOGfi+5p1Pa0lpcCU(HejYHL~6uN8~RrK z2v;ucb!BJd=@^9VdN_^`6~Y;K-S)oTpk};=G6||pbQBf%7qS1#BGz0C5p{_jZ~Yjs zihws{qqwWZ8ZPT(p-k+*!?Qc6e;K*wQzk?1nxAAqJrQks)dscxq*wQuh(db~76d0S zVay19bNooJZa&aQVSdLSc~Sj>T_|84v#>vny`Fz*xc}+^+4k5B?NdKBof6UX3G9ie zw=n;8W*u|;V;dEVd>6~@)mgmrY1-DI%^ac)T^JkCBo8ZBBihw=Hew}h{S?ceOPVRq zGH7|C-{VQ2IB#~-E3Jtfr z`y}(ur_69I(pzKZfaM?{J_6aUt+c?06~3($)bS@7a7w9^p;%B2m1G291{72M{EbQ} z={ez!uYD*?o=s_YoUD+25Iazy59^g?4`g~7Ii#goP7$DDVmTicgVr%R@da^#+CpiO zJqzbSdevi!Z@=nk3yhL~A4YxZ{RQG$gOj}?cH1W<_iVw9?6dzsLaD`*l6*{t2hxA) z&1bcr#jll1V?;C?Vzn#!O`a0Co=M=DEPVxCl7&UAoEb-i zE7$fe6omcQdR<#4IOGZzl56jspaI5R2b1ydhD56cDv9P7q@8=iAXXQ`iZH zuo)-L1x@<8KyE{K9htX=Z8(nIIn1e>`G6Al{ZlWsoFj|EU|`lDV*-Q}nm=;Uyol*E_0+8M6*XJrXo(B?1%`Cr z$+ts1f*Q;lO(`eecHCTOsDQ4;Ncv#k#l$I8VbdRQi6Z_$;t@hwrFbxIqpHS`-qpIQ z1cJQ}=FK6}^iJe}Kc?ms zg9Yt_7}5yBYJ%_qENH)7Wc|kY|J{M&O{$xS1^45+>d}av!55_$*SI#6ROnQv5SD6Z z2rf)pYK;x&i$hCw-TlWLWgU|@lrdul6!7n%8zOZC$^NFN!fPl#d*y`fKafD}LhonXMSZ*N2AAp)RhZIOxbR_MJc{S8ET(bb z*HHX5sK-|g2n>>^x+~tpL4n51WSFLv!h0fR9jhBi(AXj5gc>Ba5g5VbO`yvJXJNf= zIMe%$FAQfJDGL&za#{jK? zu)H2Us4vz(st|~C&V&fkvbG6p8s(s4`H+NBIL-Dz4^A>B%U+wX!MWvrfcM2oSg zFV+uDQ&^Eh@JOo*qLSb_KRA!FIyH|_y-5ir)ZqpV-T#1kbEaa7=1Le;Wk~qNLbnt+ zU)+~_Q)>g~YeMF0!iMrgvIdmQL~5Yp_3VoLkwT0u9i)_%v4{KCVBH81jMf8DkO)2v zT*R^#_w%4~>4;dh4&PGp59&)xC8mPUX5@+i=Oc!PVkQFVSn?(EvjQh#nEQmvtdRS( z`hdMMWlGir6klwRHrD}XAxdw?QqLoFVVQkQVFgpnZ3T;)dRYCL5-f~$KWvD0Gu%8a z!W-Fs2KX*Sqw^q2{cB5%Xsm?U?5-HZPScQCwZ1~sd#OT%qbiF$>YTK za!1iqxj+Q-@@t*rHx#L?LLqud$s-D;eXOXixHvL=C^Y2!3Hts)=}%;Gi*!nT{Dn%< zyPqpY^Z_UWOO$_|J|gd$v6umM(boi%<&Cx~qa3lt>y@_O;;6 z`_whPm;<(eP}YYiuACzv9p5qaYcO?wvWeWDOe~j=-m4m1?8TDR`3IO+EO@G`QPWd~ zM3VWF?;kVxzkm3L^hZ7=hC&sx^0R|tP`n9a7D%w9;`ActC2<_rU?HmK4JpEZ74|o? zGq&xivUjiVjYw7cJUMCvV6n34k$Fo(uz+7jbtRyaMpLikh&7&81B#_z^P(2cQyLG;dOBQ7kxd6SwitzUdqHlDXjXVP~vH0YH9VR4tP%%4cNZ zxkiFf`-AwKgrk|?o1s6LHj@yO~P%F7HND@vXDO1E(0Sm~a?Y3D&Z zbgi68hvw<2JuNr89q`80HZETw?M$WPE3Z>*hX)9pQ+0uJ=Nk2`Qc_{zU`Gxhq6)kz zpm(q1C0ulcJpJXUkdF4AnihX#8u9nb5>Vc_*A;9zPnWpG&M)JgxyyBF6#g~Tx8Id?#;MhDE99xlXw>Dji zwLxhFe4osii{>QGSNa=c1s>UbUQ#w0X?DC#Nw(v5sQMc0o%nGx9N+m_xE)y5J45UA zdR%^O_c>-c%p7H{Fc2`QfNUpru!Z8yIF_#tKK<4g_<1T0dmu5~aLy2-e;0@AJaI%J ziY7ies@dbW7Yr3L*USSU!i_SW$YybAEJtCbeCVG;k<~WoX6v0qdRrcgoJha8I8ltF zna|o;mkj$_j8y)Ar%C}>P3C1i>Fw(!f#5O}iP*U-g>26y-f6Z1M#J69Ko!CyPC@#; znDA1`JdMMlDmqcmS{|33o7^$llg(sKas z@g3A3j7;bRPxJ=c&7k;g*DB(s=boD#Nh{`3-OUnN0CHH97ToHfhUd=76JewdYdYB$ z3vRs}?cZi4SDspg_)195>ZL_Y0$TEcjPwe1{*rGV>h8d-Kg%DIQO7^fejQB4NrcFI`^?)oGP7 zD*NtHfo3qQzLk&cA;~XnW9v~j;Y+F%nSEuEW7+4R!)&u$Vc~QR=weqd z0e9Q2VwF^gONH)QkUYMS&@yJ;^N`jKT!E7v0k4bbic__`mE`4(lSF(w*^|RKj6CY0 z8sC3#X1k83w{x*X7kf{*O3@^{+RBY>9C0FVOAg$aXP3frxRAT-&;4^d)eoMlq^Zd# zc`iYKJVuxB;H9kwtG~! z9u9Q7o6OuhCzSR+U9<7QQvLT=2cuTxh#p5Z3~jfIK?imTS4TkN*znCuoktzq5=N*T zpDQe$!1y}lFvhn}aTX3h3GLvc=-!0o4UY~uXYMepodNv2Hth5_3$AXuH`9CzT+aJs z{CI;w?ba2zjTV}wYBR?V67{bB5mQr|8bm*!GR5;zBoscwtQuAF_)w(EK-uBXHBBjo z)<`aT#rbV=;9SfZc@(4}4JAb@ex?@-9jR&9A3i#*tIgWp8xRrXeCm;HQzHtYwCS{T znAi%HI7W>RR*mjTC?eH@GOp`@{^IFN7z&#r)Uz6aZSUrwO`dqBw0~n`+xE9ulHhk+ ze_M6oTbwf+t4&H^2gIE)&m13|+kPI&IC7{Je6;UkH5^2bRn4+GX6>>Az9A)?SgEpb zL4-0CW@ONV$%~r}XxskN%-tG$3Wq&MT`7QsTb)>LF?@Q2o|sVCZC-D@{*L%eG*ZVaPCGTY=7il~=pL0bIA_M#j3eX=b0R;hOsw=9%y#o4gJ-Z{9 zqxGI}tlD3$JHMY1?+bSK0!fkGrfaJCmC9RmsMEyF>~Nx&J#J34g}S=!2FllXwwg)6 zqh(h`r_6YwP*ev$#8h#WX1H+>@!JUiH7dc|s&20Ui;4@z-Ta!?=eyy0@efzDA5*IYo4u5qd=aV3@k266T6 z-a9wm&2Kj5SUV0+lMfR|3eiUnV%HLN5+&q&FTI&j^7^2$;>NK0TZP?%jV3 zEzBb9+0Jq4#$fw(!|_a_T%U})h`S9LXrW5g!QFGR11CzgdF&c+Bf+CJJRP@f6T-}BI-OOqo6`nnuXgTj;S8_p7PsSqb7)Ji~0ZBl<3UtLtd2gM=2EL_l*JtXWr{z ztWpsEkSuk!gNYS%DN~CnDY)xJ4XAq^Eni*D&ZiqfLo^&2J|x;CX&NUM%-|csPWCS_ zgwyh&m_)Cbv(oT+rg!Z5%1XT2?X=Ji1FQTy8$PA)A@Jfsgp+ytdHfgD=z(H#F0p!bZo zrcb685kNR66`feKsvEP?lviH7R{L=@0A|09Z95mXG5h78s2fJuFz)xmc0W1%$W3*1ek_3!07ow1ndG; z-?xa=IwxXue0~Fdf}pF&Qj(5DwWz0T`uNsZv~~iPXqUDcR7m;eLLPfRbaBfI5a8pPPl=aPCem$#Vw#nVxQUzdMzVS8rt? zO+|jgQ_x=Eb2C?0t8ni61~>Mz?*5^$iH78yMjWMz34X6LJl;^QJ`d{x@jTP(m$Y&o zH1k$cXh|B4Kp>54JqrC%*Oj2hUwY(?ZX7kDM}3l-+p?0S5_0o@6}~M}a64_V`uCioU?M@dPtl$27!?C3n zy+l3Jsxrbwzc2BK?IU(RwrmIE`R5B81hjO$yp@qwodKJDkX8r;;ZPi6(fgoBftdY% z_aUzbxlr}Dy?afWp#N>RIhIB638YD@y4h{66F}s?-HoyS%YxtBJHwEluPo8;c=&>#arSW>I;4m007k+GZzXbDU;klM>XUL(?Hq@ zHrM!<MUo@G8t6iDkrDOKJ945cw z{`yE&BsLi{A@hZV5~>i2MdaLd6qtHEy?V=+*(b#D+l=&~xYql&Qj+ji79m2(|2%we z6D_@=5?$|Ny9zeX!lTFJx`N+JW!9nau9Z$n-XB^@5@v%NR99Lf6n3v)CZ#^jD$;D* zAb((^Sw{}J4!1b9if5*Uhiu>yM7HYmsurCCJ9B{aaLx?JB7q*5Te(0#M3p`xis+o- z*SBT-L{TIR!YE{SZP^8pA+%m%e|*yYNgi}zB$tW%Fq zD`&u~z8%IUTBKy3*4>yw7#kBkWuU3OCoR_4Xy5>1b#UsS@hlv(eXc>gc`b)qGqq@u zx{}c}C!dop?hg%g%G*O|AtwJ$q{HyRbsrQc^{ce^FtI3LXfIo`qRj?Ju}Osj2c=AM z<$Hxn32{9C-N!}sTVbQrpm;55P~Pjhev$fICWBKxJY_ zVU5Xv>eF$(rp?+76g56nt>(7}Nylk=M3*!{a;q=^J5L?_O8p7ypVdx-AD7>ZV-xu_ z_fa47R#Q>h!F&J+giAf0*=+b&mBuw2Pc*^&kMzNP7u`{JjU{*DI6F^a~WiydOm zTHFb)FWj<9AFcfq+OgD0vYSH-h^gvAi=Gl^!P{e3EiB= zyN)AvtkRDI=tCkYM;Aw?JLP8tqs|fYL&w7^@Pywcq(A9(9&5XZe^3D(R}dyji8Ml+ zUm6r1YU2QVjLe3sJyl-kk|ZN~d6LnA;;4o6y)*jZ?zqPO1+cVTadZo@yd(f`>%XGT zHZ`i2$oh2fhQD8nI9q zriRhkFV-Qz**2ig+MC#6kJX@n7cW)bNgAVKXqy!&MH!Dg89+Slt4c5(0}AI^ z6tzI0Rv#D==+R|8!OZYhFFDA5B#hPP#S>s1iPM>Ch$s}F^f5R3qzfZz!;b)`J^DP- z$Yz?kYPv-4c*L7&%q-Rd2q-kKi}D)5C14tJNligFc|F+~P554CIX#p-`Sgm}U-C+a z`4*Q)If6wuC04V#v!&hXWP@c#OKu^Fc~bToo5*7ftmTK2z|+8~P}0uEjbwd#0-N|$ z9@~O2#JR<%l*`J4pPR6}T-zrLb|*i%zZ(@WRqFHJVs{>R^Sb9G4v8k2WMl-o%wk0J zUCu!qQ!hOq!g_W~V#t(QCcxX8Q(nfGzTR%aiC3#!^YPAdYy=dySwZ;VymNA(=C|csb1XB4z{#-&tVukYrLmz# zVS*Yf;}OGy;cHRC7q@+j#(E=nlx;iI)*(0IQfNgzn~~VkJ9NWkD~!&|HBM`X&s7!G zEy0?WtshKZ7xcV1;5y$V;Nv)M*tvINSg8(V>uA*XX!eIz_HuM%lC=Q~Ew#NsI={;X6PFfWOx$w1*~9)SsiD)G-!+(2T3JgvHpnkh|jLCD>j zM+0lQB76y_^~f6@=8-xJtUrZqAcSk?eV=3e-+Yje8amgsYo|Mg!-Vp3NxjeqsT46< zKO4lm_uS200hxf9?(8Yk;8GFq6#1KzCjX`SP<>?o{2uFKfQAoJe%$vj@ zJlG*%-frKNKF9306%@X0B_2VHn}}j}(oKcLw+Y8uEB3t*N|b9`u)Xa1mbj5c68z+6 zY#z<~wVa^3{f8OQ+T#qoDL&PUwwqP5)|G~(o0PIr0WiKIs{%vRKLDS>mm7>N7LIQu z5IL>p&u(wx2PZdH_5H45EqCuewx7A1_u8DVLFZ6l@=FQU$5`_nu}@2>()S`Yh@)8c zz0hpJW5&Syji@yid%qf@b)*nKwQbRNxyx*M@8F#8U&}!?nf7Vo+Z?cE|zDH%%33Hq&A60kF0ylxJHGzecLnRxLagww{kE!*Gz_-2y=C9U%_ws@70@ z8R1W7&-vfOHM>{iZ^cNbrWLCaCKPs$@)S+PX=yNY{|ybCEFwO`N-!Z@7E3T8FG&Fq zLg{C>@7Iq&f#k;$vMr=e@0G>8Cu8anSTk_aEuP?BPkS>+07KX@!R;0e_mO2H6?gF@ zb8vLOQEA(@pCdPGp7N14?RUEyW^txG?_pdyPYn6~Y{cFy*=8}cYuRX5Q6+YkpRx4%O-!rU*&>`ma$ z=|n3t5k3$h6}1=U|5_Qc{9nUaUYJFi$lvKoctst+)wX?%!Sh99a z@b|x`<9~Tf2&<&R0pEIG3Lg1vdFcR6^m8e-8TH<+!U_>N9fkhD&<;oE(fQl%4_dG0 zzWOG&yGoc)fpVP0_7gcz7lhk@xI-gDRe2N0D_{5fm601*sX$NSHs!0h-S$kZFEO)} zG6&Du4RyvH#6q_4`EN=%tb;SP9nhuUO~sY-BvY~(0T4{czIw@`2+ojTTSPky$~|N0}`fZ zaHNWKW#Eyo$1))Tr8y^C5}^V_zxh!_L>Qt>+4c0_3!&Vi!Lf50VwIWjI4$3V=~zP^ zT$(E!z!Y&^bWvgx5~wj$12dc@@1YWOiOi|RDxu90jy_YlT}$Jfxs~Si z5XYg&4hDyB+ZCSlB6#lJNU=VKLi;q*_Kw}8+1-=l?CH;a*CYFwg#u5qn!?>hyA27V zLjjP?wC;5gIA_jd>-{ao_u*xtDZ0tADd#af;`b*X!3T}#@4qLGap+rN9G>@GSDMoK zw`USdXg=$VbYZgnXhmAhM1yS^gDfzs%HNJzN}7O!ULPuK@&Se`*DrSgF&GIeL5btD3(^p=u8UtmjEj zlhJtNf+=bXW7hm{pC9|~s$qhzA)g#+yx&+i9<|A>vn4M3M|r65A0cn9`Q5lDt!j=D_+hqsl{jcTg zxkx_wF}Jup`jrq-5sZi}eR01@L#PnyFoA2zA-<`3cX#zLOXxHd4{+8sA)8q^zpM*Z zK1m+%x3eO1f$oU!ZsbxX^IIrcT^rD%Y%wwj$9)@`gds?0(G$8`sNw*2FS82S54lrB zVt=Add;~VNkBR`{?_HXyP-|k<-M@b$%xMOG<-S}i zW(u4WSph@BB}g3qjfpzO3+lyn->p?5NKG!i%}t#MT%jR?TnB##e32j zTwUnV#4XU4)e-9>a;V*_&TY+q-?yyo=Uw>Wc#mFgN#t>ll8E#;I$eqtzD@!(ZAa0Z z2zMy7$D!DxSAi4JR@=*Y_lZhTl=YWwHcc^D z5D*H}B=)`2BA@^phDU`#6%9m*^kCaQ`hxA{cIcPh?CLLlA6H^((e9`S+d5e*r6%ZX z;rQ!iQ=}sQEUTz6KA5s}dr}Pl0X0;62^&z+(t5N9_o|1+KlXzF$oJ{9BA+l(oW9=A zR$(`S6iNQCWGh_fh`UKrHuW7ccs4RH-J5$OIi;scTGWU`8(bkVHqd|OqG|}t#0#qP zInu9^VNoG)DVEM%e~NHvZ1TDpK@Id0efm>QHtk)uO+lpxQsoqP*z7qw zu|-YG%j5y((>!gfw zIKBqhu41Ry5<)8zeCVGKqZ4y|v4>$ai!kgyJA|H{bKwtShUFtnvRTQw55ehoC&|@- zGNz}Y93h@O;+>0pW8iESZ8QB#bmBhhyKlpsr$5K=z-B7Kf-xXJy|lm1IHrh#5ryd8 z=C0hJx)p+h#=Q3%QD15;>u%TuYUkjN;6#)`5(D-Tc|<>M-R%xcYa8FdTZwNxLZ7!k z{^Z-Oc>G192Ekwd*WWgVT(HDzIzZnZ`#LyX!H;^tzc~~PC0gYo8SeN`9GKFt zMMR>Xb72HTVSa@1#Wuc48bo#|#RQQcIwWRgjqE7YPW1d>;R%Nhv(1DUQ-J?3FfF&+{UMv;OlbXCJ@!F>zhk3Y;ldcJ!3+!6j=kD z0=$-pe9eT=mW@oiTM$jst(ei<*ItFz0+yM*T#lWybUPkxGM>o#f_nGuFgMzqKNcEkt%Mx#nLf@C+B3V-Dbq77I=2{=iLb%Ky^$v{kF7g8KcdjXGvthRH}7nct?yw(afyBC}v;`~7Iacb(H=MS)UsU_3DNhJS&xR?3M(VkWWo zAjvzeV!~7va$*HQH6tT|o{^(k04NAHbL)8SGSplD79**%t}h*``6dKi4esl-h_fXX zogC$gv+z|G9ro$RD*jOLH||eK_V{t2k4H)Jt&UdsdjV+gyT%2N_Y#IIn)-Hz0N0M- zl_u^GfU)oebL}~p^>pd06OB~{JiSp<+FMd2XzSpmH-{d@rjOy)glc(2-hF}Kh)S}E zHH5-20HvT>4FZ@9I<84W4F6dsr59V#^@|qyR4N}T8Q6|?WKrp%Mr22mD*VV~{le$o z8L6GiPcQm(PtDxDu_GmKqUvIXhA?9J3o$)i3?QqrO#(QQXJfGwWhuA-yCZmHr2vn40JGUm8yXj2-2-k+Mm$- zFE`l;4h$T0`Tod=FOQ>x@}(Aq6{InU9l;BHt98^7QERZxa-pg;;-2Csv7@=`k!Kdg z$t+Vz8phV;x?@(eXh;9Sk?0`i_m+Ffybd}t78A$T{!ubxGaSbxSpfKGdRw3b#@oB> zeh?cGI#5NgQCD4yWjf)>iOVO{xaB0<8if5vXK(jv%J?Pz)FGmWe3C^evg|BYiAO-S zA-$O8Ddga(^qB$Wo%&}fsd60Qy`5n8QxGgvmt^2>sP-g*RsNDBcBO~ z??>w8nN()MM>R4UOyO2rPJo&*Z1#1MN0qn)?1^xYj~01m>9NmY1QV`)xXnK41YU-u zODRwDA5w)skzTcX8lbB~(gnI+dS=bNai|g=Et%d3jM5{!ucD#^IA60II>u%{Y_d#Q zl}QBJ569|X-DJNj_#Y6BPpix?S1DKfYs};HHOTw%tylwuaywRk0W;$T$L+$AiN8NK z6oR+(IS>LkFe4~?Oxaf7oIEF|g4XdRc;L!-H>y`B4=SIA%;vFZE{xTT9TXXLH?^w~ z8rZK8hO`8o7w(;%E|_cwtW}hZvZq|?D;(Y-(S6mp#p|pLQ23F;>h0Y@{Pg_*-@iwN z23L~u2(DvjnjygyAlv4&WbB>WyT@h0s|#lc41#|OEmE@iIZvWjJ^o$q>uRQq98p!N zy5zPGqx{{uEsAUWyfPlK3Z;gA;em9WL<_}gNJU{mV zcsL@LFE`r6)jVQVXng2HwRCZXCWgkr zn#aa(R2nf?QpAMfU?>5rNRRKu`bOgBkE9ThF3seRF_&Qa%-n|2C`A%eLXTuaIRi%f z4?U`=TY%=yg4SoNG{;L_iZn0lMb#OCioa@WJ>U#(}slKkXUXh0vu~R{ilbl{vH+P0auk z762Nfg47>Q2)t;~AEm#n)#ZCY$GnW`c z9LonuB{kx{Kyo7j0ki^ScRS}0ZTroJ1s8>}8F0edyUpT=5#nNWu%30i-hy^mI}t^< zwasH6BuoIxJdW6^lEbuHuQj6`{s>lCwa#5()V@D^Kl3MFo(CLh>6)<{r!$bo&hiv_ zXy;*Q<{(mKd8LosC`BXmgaD&v_)R9Fz!7&V;~Y$-{bG`r{AE~*q6A9(DIMdC#U=$+ z?A6k+k!2!~UepNa-edGqjn))=C%Q@8h>_-DI5BwByh#JN(>xtcl>{$)XwW6~jz)P_ z+<9W~^D0ZDivDtvj=RopEvetz*{h^BxJH=*VG6>_nzb$*+SiHmIH}w?J99sOp5{23 zCIek$v<_SYuK`#CJDiL3U(P)poec2;>QnR;2rFFGJw1)4Ui;v_LAj~ zQwLg{#?TOkl(x}|k=FyWU^lx6t72#R#KKR>Rkg(Ta%t9t0;n69fERyCt1mwsQw1;F z*QBz@p7!DYEYR`iC6IlTM9?R#{id4tfZ zg-IVJ2jct9UFkY`bv2AvZyAdHjrlR34-w;wZdi1Ya8sJ@YDX=bJe+`U7sQYiN0ch; zTOSUl69C8ZrP{lz;dmp5mxGha>}i5cm=f{a=6!30ydF=tpUku0HT|m+a_;i+rjGug zMr`0o5Z&^aaAt62@7kB5*3vR!^{sy8m&}1#`D{-(bg-ATQbuV(l*C99zk+m_a^!>p z>pWgcWnS69JDz7Nv5Z<6b+zywI;`1df5`d5yHjK;ZM?}2{Gg>kVIflx1gDWIx1?oG zkS10*KAGjsh-E(7CvA)|;kb_%4WhT2L0BnCuNQMSwXiyC?|^hYJMZY?DME={e(A=P zt*8+=pkyMz!i=p&k)_<8ePL&o4LwItTbmkF#LCu+?D@MDwW_!{=KFc9P8Iy5T$3ad zq)XdrpgJ1t0t^y||5*IGfo1Hbapk_?!TI6$AQ(QNYQ^!oN1G5;bYu;0)sG(9d?5_G z5A&lGe6@-D>8=?o=;0Sxb{8v$_rQt{A#@A0UyJ6bc>oP|sh-5w8JLH;!f)MS?L%@e zQ`M?b9X8kDT3B!Uf6aM28ln)~G|b7VQP95?q4CAa0KQDFlf zfjCN37O7MK02~o;aa7;#%bssl#sX9ZO(0KX#G+k%PA|9->c77^u+~bX5L<78lZXiKZV#0ip`Ili50QxLI zMK`r5IZ}Ag1OR?Q=0%fVQzY_6wiEv8g$+DdCmRi-ls6QO4>F;)TwLc!#=f4{NB$F2 zs(ZN|4OXC@Mnf)|a)xIkd}{LHp#Ut5(+i18fN+lP=d7~bRGpualhRlpVLVfcZmvU{ zT5UDX*lnOKC~Y>fjyhW5e11}S-{G!2QPXI z-W2`&q<3+Urih3EN!a)c3!RNl@a#LvOl2h;t$}Nzb%CRtpCX;m-w|};GTENxy(|oghd0fRFAQZlG=5m z9s(h1;vOQho0S%5u^DnfB!>!d#&ZX#3IQ+R%2jmmbK`r>9YK~3BS(C#6ES11We#_^ zSaP_w`HS_h*8P?b;=IVW=*ixD!h~4W*N$Gg-K5KwFAfmD{Jv-awc`}7%^>`DPg65o zw0|{~ChW3L$B-gC-Ru9=c9mUmbj@~fm*DOioIoJByC+zJLm&j#!7T)LcMa~rVX(n9 zxVsZ%a0~MGv)26!_v0+4>C@Hw)T!E4yT)xnL-u0aQk=@SE8U&vn}77sbN(mL!_r$7 z(#pZ8H^|o$Z!A@$s-6Z<$ih`N{vBlr;Q5+E(fiV*ZBVS39>vP)ZY09mFz(MELZRJf z<@1kW$twtYUBH$w$h&8hSbJ&MeXaOQ-*UVs=i1m-=6n@u#y7gRgVLta17(!K^{<68 zSAbHCFbv)^J||L5WST&QH@vI|(hc%Pd=c-KqP9@a$M6K)2W<4ilJR3+rkC18XQPoP z`L0sC&Nt_3L>h3`zNKRS@UrHHNQ^2!f?42g*NJzZTIjfE(%zk5!M6HB2$(7*8Z6t! zNpcVW{Tiqq;eLODW~N7dWD#318BOA70~&Hlvkxxg>%Fw)BFj11 z8YuYZ%Vxa0qzpC9oz|xjs_d{U<_zxI(3E!=u+bZ_@`hbY9;%;CGELrfoV59I=kq!M z*$F?%KXs>wW#%gOK+E&<O7fhy>2|EUnaYq>Z^lifo=+9&_Cq?j81SB}ULN zRDqh`OM2_MdCCN!{@MJV(v}tn^SSE8&AG27ZO%zXQw^H81Ih`b?;orm z*E6yu$taiw@D@1hsGA<0W{ya+1O_sN`T_vaNS(Wt#wAXGQN`vedLr)*%Hg+?1546b zB8#sqPIG*IBRwe&`%Q0iDcJB3=95wCIw3i?9poP?d#|^=06LqAfQxoyCs2S)bB!i@ zIh#Op@T<4Bl!MZ?%!49CJ|T|l<#ey=tXTNZ@QDU}KTtLMTkvR66+5rR@V7uI$(R4l z-vKiHUpv<=Wc-dROQbEkQ_H#J6iV^)l+{!pnyytho;lvvqg%!DYZ-SY{ltH;xBOFk zez_KhwXDAPG^c|*x4OUW1$6fyA91C9>+6H_%J}BY4t=v3c_a4MNujVBVz2$%?TJm5%|~B+9k;Yp3sVrk^x=KF^SZH{YX9b^i;@IRE1U7u@1GB>gy& z%0Z%&wr_k{ z|4Rv%M2%f??Ajar)f?ynI`u)@l|z-4Ksx%Z8kjpcHL&e}e>zUL8!bK2_+1{C{0^DB z5~o=Qb!%JE@-e;WksFh15>2O6w)0FNwbA5-nS&2QY3d9%9I`zy!y#x@$(?Spl>W9Y z{lU3|@5j;Z5}>$2dtClR_|Ev^T@62pb!ULwONFvL)nYQG(t6p^G{f+{XF*zf9@VSCZtbxhKrd??nMRFymEtilk_}Vz5}_&Sll* z0zDEvaOjZ$ae$Xq+<kbZtvcxTP*?-7qixn}lDo0ZEUOmOQz5GRjtp z<0|vGqQ`qLUiE`~hV@>BH*_mN6@BI{SnU3p;N2-dBO#^`QnjFLng>vYUlshc;q+4j zsAXQ@WFQS2wVzwybMX@mOP$446sLP0FGD;UbuTINXVQSz4Fwn1blQpsTvLwFm;$BP zovWLt>)O95RReZiqj569ktZ$cgHoUso+v>NjC#rzHwJQS@)UD#-IWvT}#ft znoKpE-5)>$1W%K=cy+i8P%+=Ym|U9MiQRU9@l9?2w(vL+A1?)8b)^b9K;qSq2r{2+ z3C~0X5>xLH>-GUZlP-Xf=_KX;cnqFrcr3OcKz)c1SHAYewEwUD_Bi^fPwJD>X7LP1 zL30U}W@#bOn++(%~n-$Ti3*s(hQ;bbWUaExNMkM-%4op<2X> zp-&6Y00o1khgonhcd$U0M}4VsaVRIxu#SebcpP+R{+6p%%&8=WFMA(0?%{dZRd`lH zA$LG0aKliPLopUHSK9i1TgLmSE;MYIA58Ta9wQw8dM>$xbx{UdK6mAZSWB0F$E#&E z`hwfJ+PyJx2R2vb(|8-w{hNf4^eF#__DmBaf)F3TfSn z^Uv9<2*8C25**Y_@+?=qigb=X;?pe>v+&);|xZR!M%5c-9c@n(zi_z4XH1W+?zt zFRq$QHTWXNj|E6@`+sl~iFbHKO%wdI$lW>oh`XyTHvT9?`-ajtxCe4IkRhE32_OhX zJNhBzKN@xX%Pw*2CYHzDk|)6101{@INVcCrEEUIU?`DSmeCoa$*~wu7&4-`PQso z6JFv4JP%X-h$jPbhKoyLd!s)9AxsZk^C}eF)Fb1A7Y+AnFdOwqbS54pfZHn#dw)?r zNo(R?+0(&)f5oU{l*kHD?VFjZ)3!uQiYzro;;(a`u;ZprH5)D0-+)rf(qh z*ZLhU=CF!LXN5LDI-*V8eP4N@5&PU9+a64D)y@G|$-1LUlY%-)J({Pz85mi~ee@u# zo+uE3vc7A)#T%oD+g;?gLNs6E9G7&4>;J6Q!luKHQp=aT!=1oPhIC3pzRiKG~^@@Bs6^+2DV&e4G^17s-{b(Vl$k+nLm=1-A;8WC99~3(5D}RvfPD z=+b;*?z)wF$tr*Cy|w(zz#Kv-zzCRD5O%Q_yPUJFI0>{M`RTpl#DvDy5;+CSF6}$z z3OLT(k(wG`e^rv#J)Wby=&zYii;&n%{q@0ZXgE`v$KjWGA=AmIBl>$cM*Btl?v=`& z>a-KPvd`Ya@oQz!;gp)EoyZZmF+`2Q{tJ?DNvb|#F`F%4HCf$EbR0wbpNfO0iQ)~h zL>aAPPC9f6yo<&*j+wTfUi;XZN)0a-*YFoQs4HA)VGiGzloj>P;yO{EPz=aZmiB6yDNpCK*p7K zF25reN&_+{YE34hFiSnCMAbVZWyNa?B;&(C_q|O5>My+73)CD1mE-lQGos!4VklWh?Ym4E|GW6X%?DucL5>mK7^w995cpz%7sp-q zBK3>bv^tKw+}~J-ij|QdKy;G7ukU#xNYaN--BvVt-dcaTn?D!ZF_wG@(j`(Lmjok0 zd-he+MVa*BqEuiPJ<~r>t4~p+(s*V5j5f5~y5`#xaLgwmZQU|54ATJ^_`sNfc za|TwX=f_ntAwA)cNl%`G)6S-|ioWSm9Xl?_GZ(G7dZ9%hB=Weqa=0NKIcT+#Kox4k z!*V#0$`!*W`^`B}uV=YP{Gm2fo^2Ow9<6vcNCzGqx6*U$|MbFv1I5T~J+k~ki>|y% z$ac2;?}%c;LC)xwvYjYfx?%MhwCG9_NDFm7e!&%cRwNO30VL(>#xRLgm9J7|MGdey zT>Dk-!R;L4Q~G z1)>K11GYeD>PlR52^bg-WCLfAFqY>o_dO2f2GHf5)DT$;sRPQw8_ydcAwwXNSxJ%m%)Jr;>7+`;NQe{KS)Q5J`44tD*bIY{GO42Wps z22^nBEG_ax)=pClF9bvQ)U9>(T4Xz?WS$m4;y?`Ct zxtgTnM(~p%0C^dyv7O0}0-5ceZ0e`8pZm|oSMKme9l3xv%x@;H0tj{lP|Ljt@s7Xs z?Z7!8W?;ga@1+UA)2skWl|vF=0%|rWe`#OJ|3Iw=6uMg@2h46@K(3$jRIAV1h#dNt z?r_7fcO^;IOwp(5Y>~BN*DIC4=3=+e{rY6&HOo^;MBhL6B?8rV|kCP>oN4By^uG`-*3pFxBnK`)ct|g5>P|KweKA^6X*KY0M*u> zpV6oaz4w4l@php(bLwPIzA&0~p8lWUa~+`C?Auvbj5o)p`AlUsOop@m81hPV7gcy! z2TUI7_ZH9Y^``k0CtRNIQD;#!o7dgL`1nAobqAy#m^BZtLhk`OJzaqo+!d zS7Mz>*chLSFl-^JuJcfYjP#FNOxIl*|oX#Pw&iyU$+6Hv*5% zXt~d5ocv)X8~UVjightf!CM*dCCGrbWGlABL7lpKP~2*TrzKTq(ya1%&UEZWH=D-J zoaFV#Ah3`}K+~^{o-aZZj8P$qwHGM>-@?T?LjpgYlCHhL?jtk?D04*Is<6~D(Gk4A zn+ROFtW>RTrK)T`>7CD2E#!SP@d!+Ld59=udb+u5GH=6upd&-bd1@ie0eM4Y15PsR z9axMZszZtB2L#b5b8wYSyQ!`S+@FSA-hEzU*|57Yx2?k_WitJ#Ok9Cp63b(vq0Vty z($5cYhAlh&1HUS^f13HLrZMp^dT10Z>CC;>gPAuqldU$oU*9P*9V7nEV~1M+^?a{l zNtpd!Fdq?+oY3S~*EHXh*Yw@+bCq}1^P_J{9uWT@+87guarEaQqQCuu$ix(qXKR{J z+oxg)+8H=X=h@Kr zqw{P%n-;5FQbLh&y8K<(d3k4ug|YJ}y^|rqohI`u{@~AYT0*=yii97;zcZ)KNWq~i z*f95DFTcnmCh}deg|tcn%GH>-cb#30v6~Au^CePX$1TWGZ8YrBXZA3QA!=NC|B~uy z;VqnYG0FFDt-a*tQg*1)r*s#8tH6PK>^(^Q#tS!_# zl&O)cP2U6&;FqM!GHFU)|`pE&0n&vpRJbPixX}{9Tl zDBr9ifcyxl+UcG8?60fr#GbA{SV<8ye}Qz0a~=fC&yXKK@{7MAL4{ZEnu|{Tj)-{3 zxgWR&0lUqLnVH+Y#c`sB3XL!?(zI22yP#Wv5n9M3Z2wF$7}Gs6JRJEx?tZcuycb;3 zE8BP%AX~APp-dC%B}I~(8w?e!j)-LP$Mta6=UT6d94EcnZO|jWUH7dxcot3(9#;?j z0x#LJsyN@W{WyDaF>xM8WEkPJPavf?bC~>RmxQ!%PP1{UZy%igUCFC`NmA#4m)sn8Th3|uTG!QBXMCn;9e9{n>*$&5^U|5J0ghfdz(47V z(DuAlD5DEBar~-79zYK2t8v8tuz#p_)c(3JGiZ9l96uLL<!0qDG3r$%qZqsMPK)?xnMKbJza~< zEm&;Wzv_L38*k~$^@!LElv?YB01+Z;O zrjy(4p4YQ@<_R=ijFTG-KYUpBeo0}%my^heR=;@G631I!P(AQ+z%$J0=aYBxCQ#D9 z4kx(li}Q1oak&{^gb=>D+&gWWXjH?^!;*KsRKq0I_ZE505aKdyyTeovn4**hTFtc_ zU(y%|qSbp^o-Cq<_{y(}g?j>wpGcwJciXR-yZa;IDFLJ*Z zbI$5Ktk}W3%;yr0=U{bS_+o+|20>zM<1D$7IoZ}p2d2DQ(dF69 zS_Oabq2>o{_s&bl}O6(Y6dTL5@3qxtvI3{CzIID;zJT|=^gVF)y zoT`Hz0_pL&RT($L4Cqq%JsD;g>u1u(xDyS`JO{{*^@W|z$%Xj|VD^$z#ZaHF5iOZ9EPUH7(WVH>6f?W^}%oAt=Gl&3i0c3*0gc!w1wwgfZubSoMN5Da|z6sxsrFy2QNC!jQ>NZ@k5uCIN*5(ZIU#r*V{ zx*jeg;SUO_oqfx;7FNMoz@h#2(*p4KQnHbHc_kM#U`XjFDs0`ewSHkDUWJ5!e!%SJ>Me>vlSf9_Rceu0TeOmKp(*cPt`rvj zPJJ}H3>m!O%ap)fxA<0LTuanVw_b;v*Z9$`Uuqcb)@{n_7arHrF|jSC?#d*)Dl=|z zg=s#6P}N;%>MdSOgL`os6%sIQ2$@Z$(ON8!8`vrc1v5g_-KOhxhf9t& z=9EVmTXh0$bvpq#8C~@Sl`E9cZ7lo67|fcsetohJ3ygu31ljY#85JXZbu&+{c$VWu z2j|$duR#$vAp3%mjtgeR?y3a~vk}BSM%9;#&VZs!nc3M$=PHg04w?mp5dHbXip>}_t^DIwn!tg?wz0!^jd->*F?H|q1mNR|7#_Rvu6S3R2iksE-cGBMF3B(yjeVWnbHXIiQZ&G zQOUMeygtOuUspnmwq|)-@;L{twG#3La~MU``a**_g~@x3_QdvX>)FnTedVM_neFjB z7Uywlc0bi7DjV}Sov-O(7oSM~cg%IzY7zs2^O&6Nq8i)&c9*z*qW_V#uRy+> z6@EF2^QWz>ugETvii`pO02`nr4l?gF{*$9+3<@<%Au#%KJaBBYcF7u`6!J-L+pLB> zGc&mCAk%TGmC3-z9v%HM(Nsxip@=ephFQd>gqr$`Z)r0&lVpvtmMfJ0-`dh~b!J8g z^UI&1u#kH__PeeVXsEEYqC=Jl+afzoGbfjN>29EmDh-JWo%MbY-n=d(4a^>X_Tc&9 zUMG0xl8s!%V|#qPl;5OM@+;Wt_ZvZT3%p_#g@K<|ncQEcB1Bf-@%FOZ>1+ow4*EHu z0woDGyvkGnZPe~on~S)HeEu-w@d@bZLOQ*dp-U*Wc$o;@ppsd+Vy(W?=hReYi&QRC ze1*?vGFkrSb6=UR7Vkj2=P}Hhgv9CRP)g4?qOy0MQl%cZ+!WP|jYiXT{t{=TUw@Is zS*c0+HEF(#@GzUoguGcwN47}Abj~hyO@u3BMNZQSU?|*Lg!SbtE~Sdo^bp7G?u|Sn z{MhgorA4JeTRWr4@};FXBY&Fk(yj#4{xlEUOMD5#L@1{sW6T}L3m@D#>?xPyaUzF% zF#zJ2(AfXEuWTR&{qrOl@(K|Kjb%TYPh^@pO{PBy| zmm=Yv;8(xv8tn^Vg>G}{6orU^*=$v@QELBY0`Y7h(XaMkLwfblbB#5M0V zQaS+hyJx0e#4yL#${p{sz2iQ}On<{)&_oaSz)jzXnN0#!lsHNys};PZ#@sB&n2w{C zL363y8C$bDEMNJ7HzPYBcvxDsIYN>%Yo?CS<^-1W`&-dtA!O_=#{z`9^2BJnEb`JtINduSyiOZZwldc4A1?KT zcB@}5;zPe1^y3~c&CNzeteekce0V3XJ1*IP1Shh%rZY1p9Op4TN4RrV+1ojHwT|Jy z{i|*MjhT9>c$*N$L6lnfePgIsQ0batuWsFZ!$RmEY&k#cgN$g8+gl2Y;%Ss$AaCxD zK~3Y<(h5^rnBKOME*j9V`-K(l{U`>=XooU#K1*1LwAnbd=&;dk9N~Q0EH@1UIS_}C z>cnkpiD^|UMNwKm-dnp?|7HJM>Fkl6`Sb}BahPC@1iwqDbu@~B zEUAU#l-<1{z8sDdPImBmnVL(#AMj*Nk_nlZ2F@=Mn~&EDsc48lu4vUj@8BA)Vq{OJ zRggcuh!Eq;u~vYNiKLz3B=D$(vF{yQbeGP$$N1=9p6U&DEi{{`gPtp~mbxrEBf&I~ z!}oz6h8&9>zh?LFPp+1zJqHVQE+O*z#UegMvnVSN=T;m%Y6L$MS>N4?x|k7uavq0} zbT3+C)oZj{PXNBR=h(r_fbu;!F$_Qm46a2O5)qU|!#v6o8_7n93HQ4GE9N(&SI_$K z-j~O{&jw0spRxk$|ES#i4k#gkR==)1%`VGue&i)+Q==it`VJC|H|$4>W$42mzZn8W#{_^fn`egX@LMI2v0!| zfS0=K=K}=6Az`A%maXY)Q%Y)bbgT*g$#d1w!xccIvk6gPhh6OWT zRxaA4r?eP_h|XEJH#mZzu{;Led&DnZniiol*+cFOG^v=(J`{hkOpO=Lb-E0lBr^=S zBJ(i1Z|vCKwt1iwFu7V&49?62r~GYQ0X?OF*&%xtq)ydAlm~-0%g2e{w88jj-)u>Z z;8};%WA5|H5pObqujc+O8kp12g#QrOUXM+gnPULIsV}-PMwXaKF!f=D`Qw6$mHk!U zy0`Mxxtf+LFZ_c6|1V9n4m!~xtxmH{LRPi_Mq`g78`tEwQ|5^v=H87G*IuCkpfL$vu}FIE*l&B z$$yZTeIDSug;TZ+p`!L{?tP+_Sb2oHC30xHY=UHOn-T8eKx@fw4@K}~jJtk^6asPf zXay2krxx5T>8H8d9h2tYD2MAWxXU<4&cGvg-%(;E3j;xvWs*dvl=_NN!>2!nq-u0+ zWU)uoakai(ztI-wqUk8(%jr()E1NtBI^0)`a-Y1iP4B!sfw1{?(z2(f_;{%<{~Yc8 ztzB1ZUT|aB0&t)hEhbi2NkH9Ff631#ny9w{S$d>j%^4ZxoEf!oW^e3KqE@`P*@TBlyD@q0hxBZ}m8icel;T#WZae|~&M>Q(( zhCK+7B9Hk`g~!lKP97$=Vcw(sQQ_)f!J-e<%hy7zULVT9%CC4i&vsrff+g#N`TxA|$_+#QLP7l3-9ENXCVJf&{ zdAl{D2J(wM&_@Z{eBzBl&YK~WNo8Y!H56bddM_TNTk;0u4{hT95~MleaH4_epJRJJ z2kBnB1F7W{u1+wtU9&j@Lumrhkrd{!9nQ~Q8R+DSVhTozJ-wPV_D&>OJRrq{v#(+B zM+%w*>Qygir8Pbw3G%zwo~<&Hn*AYT*AT@oAfIe7doXUl*qiKmw*Sr?08FxNWI^G@ zz$yL=gvR*YL_nY|MX)q>X6nv$g)LK2io&asx@t#_mWS5;0b))YjJYHR`j}}%QE~ik zJT%gargv6LG}SP`f0Gi0mVr(^6lTba$rmoBBGwZUP~&hARzJcEr&3}>Nn1_?Uz-O+ zcYkggI+Zh#Lc{SC2t3*{r1WBjF!=Cyn=`uA3f!s!S_ZB*Dtua(x1x2`!W>jMC0GiLVPp~Mt>m&jC(AI% z5eepjN_+o$`-t>sYKdw}9*qHcHQQ~7Oc%n+@BP%zSEh!l%MWb)(LeKRCGFCx+ktor zQ6AX7cw@j<-ZIj65p;X3U*Hxna8mc152-LOS?6t0yaTms=MB}vY)<|Px z;AH;&_WlRRa*CUdwigfH@juec79h=piPrKFp@BAkv~KM(fjpnOo9{m(nfklU>b`8; zy4_vGNT(hir4|DFk@Uzj@jYBiFo4r<8i|Jueig0dW4*$-9R-T6G0QriJY-7T-UnFz zXG5NGz{rtn(h!8HcYgy*yBWbNHSo15Omk?Y37`NQ0Ha?7LoC1( zwPTY8fVxm*8T*PHFbn`y<|hSk`*wf}poU2d(PYTz#?SBVC8*bKAOuXTG3-VziaPoJ zdqly$#18g}!3!G!D7Sk|fOF;iZ|!&|Mrl)8qTu$Dif}Odu3(bHr-9?|J!gzX|3ItK z{Pn2uut4ucQOU&pztS!=ZwYX-<7iH~iIdVm2E)QsQi6|(z#|xYE$dvy{K!JAy49?M zei&5&-0wJua|d`v3Lo}Gc3mKdy1T#*&Z59FEz^@fr5DRJ$wk>j1t1pwj=BAINwixS z*ZKP_f@W*OYIvIS=l~ns6N&^AunEF{_<`Pmxmc@i+P+B^WK2@fhi4AOb6bR|8}}2w0h4Qy6}DqSBZw~|H9XdUTyE@i&a zW7XEn*43hXCLc@>|goT~L(PS(X=#L+tjVU$f&k15gJ3SU>21;)oU?vhMW8 znPOh~r4=BDJsrlY3JxYq0F!7+0N+pi;PrN*#UlrxGTli7$l+8_G!SXB!L~BGA|Q7J zleMS}fOw1!74ux$*l0`!8!$w$1Txg}%uvOJHjg1OB7r)Q@(8+rp461yDHe>OeuR10I&yQ56?k4vtYb1wI~t)lqXS9Fdo37XmM5PVJ zbyjMKkHeJ;qf3$iKC(!m1^<72xa@)hfnHy4AQ^sAZmT%J&z6A{Wz}S=rA&hU2aF$X A;s5{u diff --git a/docs/content/en/integration/kubernetes/secrets.md b/docs/content/en/integration/kubernetes/secrets.md index 59fcec0ef..ec035bdfe 100644 --- a/docs/content/en/integration/kubernetes/secrets.md +++ b/docs/content/en/integration/kubernetes/secrets.md @@ -40,6 +40,7 @@ can manually create a secret like this with `kubectl apply -f`. ##### secret.yaml +{{< details "secret.yml" >}} ```yaml --- kind: Secret @@ -97,10 +98,13 @@ stringData: -----END RSA PRIVATE KEY----- ... ``` +{{< /details >}} + ##### Base64 Data Example This is the same manifest as above but encoded in base64. +{{< details "secret.yml" >}} ```yaml --- kind: Secret @@ -122,14 +126,15 @@ data: STORAGE_PASSWORD: Tk1IZjlaN0M1VVFZdUtLZ2g5QkpUS2VjY29adDZjNjQ3RlFxc0VIaGthcGtrbmRQa1B3M2Q4Ym52a3FMZ2laNQ== ... ``` +{{< /details >}} + ### Kustomize The following example is a [Kustomize](https://kustomize.io/) example which can be utilized with `kubectl apply -k`. The files listed in the `secretGenerator` section of the `kustomization.yaml` must exist and contain the contents of your desired secret value. -##### kustomization.yaml - +{{< details "kustomization.yaml" >}} ```yaml --- generatorOptions: @@ -153,6 +158,7 @@ secretGenerator: - STORAGE_PASSWORD ... ``` +{{< /details >}} ## Usage @@ -162,6 +168,7 @@ details. The example is an excerpt for a manifest which can mount volumes. Examples of these are the [Pod], [Deployment], [StatefulSet], and [DaemonSet]. +{{< details "deployment.yml" >}} ```yaml --- spec: @@ -221,6 +228,7 @@ spec: path: STORAGE_PASSWORD ... ``` +{{< /details >}} [Kubernetes]: https://kubernetes.io/ [Pod]: https://kubernetes.io/docs/concepts/workloads/pods/ diff --git a/docs/content/en/integration/kubernetes/traefik-ingress.md b/docs/content/en/integration/kubernetes/traefik-ingress.md index 654863629..4dc9f30ff 100644 --- a/docs/content/en/integration/kubernetes/traefik-ingress.md +++ b/docs/content/en/integration/kubernetes/traefik-ingress.md @@ -45,7 +45,9 @@ configured it to be served on the URL `https://auth.example.com` and there is a `authelia` in the `default` namespace with TCP port `80` configured to route to the Authelia pod's HTTP port and that your cluster is configured with the default DNS domain name of `cluster.local`. +{{< details "middleware.yml" >}} ```yaml +--- apiVersion: traefik.containo.us/v1alpha1 kind: Middleware metadata: @@ -63,7 +65,9 @@ spec: - Remote-Name - Remote-Email - Remote-Groups +... ``` +{{< /details >}} ## Ingress @@ -71,7 +75,9 @@ This is an example Ingress manifest which uses the above [Middleware](#middlewar application you wish to serve on `https://app.example.com` and there is a Kubernetes Service with the name `app` in the `default` namespace with TCP port `80` configured to route to the application pod's HTTP port. +{{< details "ingress.yml" >}} ```yaml +--- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: @@ -93,7 +99,9 @@ spec: name: app port: number: 80 +... ``` +{{< /details >}} ## IngressRoute @@ -101,7 +109,9 @@ This is an example IngressRoute manifest which uses the above [Middleware](#midd application you wish to serve on `https://app.example.com` and there is a Kubernetes Service with the name `app` in the `default` namespace with TCP port `80` configured to route to the application pod's HTTP port. +{{< details "ingressRoute.yml" >}} ```yaml +--- apiVersion: traefik.containo.us/v1alpha1 kind: IngressRoute metadata: @@ -124,7 +134,9 @@ spec: scheme: http strategy: RoundRobin weight: 10 +... ``` +{{< /details >}} [Traefik Kubernetes Ingress]: https://doc.traefik.io/traefik/providers/kubernetes-ingress/ [Traefik Kubernetes CRD]: https://doc.traefik.io/traefik/providers/kubernetes-crd/ diff --git a/docs/content/en/integration/proxies/caddy.md b/docs/content/en/integration/proxies/caddy.md index 220136c06..55b2e502a 100644 --- a/docs/content/en/integration/proxies/caddy.md +++ b/docs/content/en/integration/proxies/caddy.md @@ -78,8 +78,7 @@ support to ensure the basic example covers your use case in a secure way. #### Subdomain -##### Caddyfile - +{{< details "Caddyfile" >}} ```caddyfile ## It is important to read the following document before enabling this section: ## https://www.authelia.com/integration/proxies/caddy/#forwarded-header-trust#trusted-proxies @@ -111,11 +110,11 @@ nextcloud.example.com { } } ``` +{{< /details >}} #### Subpath -##### Caddyfile - +{{< details "Caddyfile" >}} ```caddyfile ## It is important to read the following document before enabling this section: ## https://www.authelia.com/integration/proxies/caddy/#forwarded-header-trust#trusted-proxies @@ -151,7 +150,7 @@ example.com { } } ``` - +{{< /details >}} ### Advanced example The advanced example allows for more flexible customization, however the [basic example](#basic-examples) should be @@ -159,8 +158,7 @@ preferred in *most* situations. If you are unsure of what you're doing please do *__Important:__ Making a mistake when configuring the advanced example could lead to authentication bypass or errors.* -##### Caddyfile - +{{< details "Caddyfile" >}} ```caddyfile ## It is important to read the following document before enabling this section: ## https://www.authelia.com/integration/proxies/caddy/#forwarded-header-trust#trusted-proxies @@ -209,6 +207,7 @@ nextcloud.example.com { } } ``` +{{< /details >}} ## See Also diff --git a/docs/content/en/integration/proxies/nginx.md b/docs/content/en/integration/proxies/nginx.md index 6508bca85..3a195e380 100644 --- a/docs/content/en/integration/proxies/nginx.md +++ b/docs/content/en/integration/proxies/nginx.md @@ -74,10 +74,7 @@ This example is for using the __Authelia__ portal redirection flow on a specific files exist in the `/config/nginx/` directory. The `/config/nginx/ssl.conf` snippet is expected to have the configuration for TLS or SSL but is not included as part of the examples. -#### Authelia Portal - -##### auth.example.com.conf - +{{< details "Authelia Portal (auth.example.com.conf)" >}} ```nginx server { listen 80; @@ -100,11 +97,9 @@ server { } } ``` +{{< /details >}} -#### Protected Endpoint - -##### nextcloud.example.com.conf - +{{< details "Protected Endpoint (nextcloud.example.com.conf)" >}} ```nginx server { listen 80; @@ -129,6 +124,7 @@ server { } } ``` +{{< /details >}} ### HTTP Basic Authentication Example @@ -138,10 +134,10 @@ to have the [authelia-location-basic.conf](#authelia-location-basicconf), example these files exist in the `/config/nginx/` directory. The `/config/nginx/ssl.conf` snippet is expected to have the configuration for TLS or SSL but is not included as part of the examples. -The [Authelia Portal](#authelia-portal) configuration can be reused for this example as such it isn't repeated. - -#### HTTP Basic Authentication Protected Endpoint +The Authelia Portal file from the [Standard Example](#standard-example) configuration can be reused for this example as +such it isn't repeated. +{{< details "Protected Endpoint (nextcloud.example.com.conf)" >}} ```nginx server { listen 80; @@ -166,6 +162,7 @@ server { } } ``` +{{< /details >}} ### Supporting Configuration Snippets @@ -181,6 +178,7 @@ The following is an example `proxy.conf`. The important directives include the ` [Trusted Proxies](#trusted-proxies) section to understand, or set the `X-Forwarded-Proto`, `X-Forwarded-Host`, `X-Forwarded-Uri`, and `X-Forwarded-For` headers. +{{< details "proxy.conf" >}} ```nginx ## Headers proxy_set_header Host $host; @@ -217,11 +215,14 @@ proxy_read_timeout 360; proxy_send_timeout 360; proxy_connect_timeout 360; ``` +{{< /details >}} #### authelia-location.conf *The following snippet is used within the `server` block of a virtual host as a supporting endpoint used by `auth_request` and is paired with [authelia-authrequest.conf](#authelia-authrequestconf).* + +{{< details "authelia-location.conf" >}} ```nginx set $upstream_authelia http://authelia:9091/api/verify; @@ -259,12 +260,14 @@ location /authelia { proxy_connect_timeout 240; } ``` +{{< /details >}} #### authelia-authrequest.conf *The following snippet is used within a `location` block of a virtual host which uses the appropriate location block and is paired with [authelia-location.conf](#authelia-locationconf).* +{{< details "authelia-authrequest.conf" >}} ```nginx ## Send a subrequest to Authelia to verify if the user is authenticated and has permission to access the resource. auth_request /authelia; @@ -287,6 +290,7 @@ proxy_set_header Remote-Email $email; ## If the subreqest returns 200 pass to the backend, if the subrequest returns 401 redirect to the portal. error_page 401 =302 https://auth.example.com/?rd=$target_url; ``` +{{< /details >}} #### authelia-location-basic.conf @@ -296,6 +300,7 @@ snippet is rarely required. It's only used if you want to only allow [HTTP Basic Authentication](https://developer.mozilla.org/en-US/docs/Web/HTTP/Authentication) for a particular endpoint. It's recommended to use [authelia-location.conf](#authelia-locationconf) instead.* +{{< details "authelia-location-basic.conf" >}} ```nginx set $upstream_authelia http://authelia:9091/api/verify?auth=basic; @@ -333,6 +338,7 @@ location /authelia-basic { proxy_connect_timeout 240; } ``` +{{< /details >}} #### authelia-authrequest-basic.conf @@ -342,6 +348,7 @@ required. It's only used if you want to only allow [HTTP Basic Authentication](https://developer.mozilla.org/en-US/docs/Web/HTTP/Authentication) for a particular endpoint. It's recommended to use [authelia-authrequest.conf](#authelia-authrequestconf) instead.* +{{< details "authelia-authrequest-basic.conf" >}} ```nginx ## Send a subrequest to Authelia to verify if the user is authenticated and has permission to access the resource. auth_request /authelia-basic; @@ -361,6 +368,7 @@ proxy_set_header Remote-Groups $groups; proxy_set_header Remote-Name $name; proxy_set_header Remote-Email $email; ``` +{{< /details >}} #### authelia-location-detect.conf @@ -370,6 +378,7 @@ snippet is rarely required. It's only used if you want to conditionally require [HTTP Basic Authentication](https://developer.mozilla.org/en-US/docs/Web/HTTP/Authentication) for a particular endpoint. It's recommended to use [authelia-location.conf](#authelia-locationconf) instead.* +{{< details "authelia-location-detect.conf" >}} ```nginx include /config/nginx/authelia-location.conf; @@ -398,6 +407,7 @@ location /authelia-detect { return 302 https://auth.example.com/$is_args$args; } ``` +{{< /details >}} #### authelia-authrequest-detect.conf @@ -407,6 +417,7 @@ required. It's only used if you want to conditionally require [HTTP Basic Authentication](https://developer.mozilla.org/en-US/docs/Web/HTTP/Authentication) for a particular endpoint. It's recommended to use [authelia-authrequest.conf](#authelia-authrequestconf) instead.* +{{< details "authelia-authrequest-detect.conf" >}} ```nginx ## Send a subrequest to Authelia to verify if the user is authenticated and has permission to access the resource. auth_request /authelia; @@ -429,6 +440,7 @@ proxy_set_header Remote-Email $email; ## If the subreqest returns 200 pass to the backend, if the subrequest returns 401 redirect to the portal. error_page 401 =302 /authelia-detect?rd=$target_url; ``` +{{< /details >}} ## See Also diff --git a/docs/content/en/integration/proxies/traefik.md b/docs/content/en/integration/proxies/traefik.md index 70f0b978a..a1c40d9bb 100644 --- a/docs/content/en/integration/proxies/traefik.md +++ b/docs/content/en/integration/proxies/traefik.md @@ -80,9 +80,9 @@ Please ensure that you also setup the respective [ACME configuration](https://do This is an example configuration using [docker compose] labels: -##### docker-compose.yml - +{{< details "docker-compose.yml" >}} ```yaml +--- version: "3.8" networks: net: @@ -199,7 +199,9 @@ services: - 'traefik.http.routers.heimdall.entryPoints=https' - 'traefik.http.routers.heimdall.tls=true' - 'traefik.http.routers.heimdall.middlewares=authelia-basic@docker' +... ``` +{{< /details >}} ### YAML @@ -215,9 +217,9 @@ This example uses a `docker-compose.yml` similar to the one above however it has all `forwardAuth` middlewares, adjusting the `authelia` router in the `http.routers` section to use the `authelia-net@docker` service, and commenting the `authelia` service in the `http.service` section. -##### docker-compose.yml - +{{< details "docker-compose.yml" >}} ```yaml +--- version: "3.8" networks: net: @@ -319,16 +321,17 @@ services: TZ: "Australia/Melbourne" labels: - "traefik.enable=true" - +... ``` - -##### traefik.yml +{{< /details >}} This file is part of the dynamic configuration and should have the path `${PWD}/data/traefik/config/dynamic/traefik.yml`. Please see the [Traefik] service and the volume that mounts the `${PWD}/data/traefik/config` in the docker compose above. +{{< details "traefik.yml" >}} ```yaml +--- entryPoints: web: proxyProtocol: @@ -462,7 +465,9 @@ http: keyFile: /certificates/traefik.private.pem rootCAs: - /certificates/ca.public.crt +... ``` +{{< /details >}} ## FAQ