docs: github links (#5230)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>pull/5150/head^2
parent
85e9792cf3
commit
db130dad48
|
@ -61,7 +61,7 @@ authelia --config configuration.yml,config-acl.yml,config-other.yml
|
||||||
```
|
```
|
||||||
|
|
||||||
Authelia's configuration files use the YAML format. A template with all possible options can be found at the root of the
|
Authelia's configuration files use the YAML format. A template with all possible options can be found at the root of the
|
||||||
repository [here](https://github.com/authelia/authelia/blob/master/config.template.yml).
|
repository {{< github-link name="here" path="config.template.yml" >}}.
|
||||||
|
|
||||||
*__Important Note:__ You should not have configuration sections such as Access Control Rules or OpenID Connect clients
|
*__Important Note:__ You should not have configuration sections such as Access Control Rules or OpenID Connect clients
|
||||||
configured in multiple files. If you wish to split these into their own files that is fine, but if you have two files that
|
configured in multiple files. If you wish to split these into their own files that is fine, but if you have two files that
|
||||||
|
|
|
@ -16,9 +16,8 @@ toc: true
|
||||||
|
|
||||||
We document the configuration in two ways:
|
We document the configuration in two ways:
|
||||||
|
|
||||||
1. The [YAML] configuration template
|
1. The [YAML] configuration template {{< github-link path="config.template.yml" >}} has comments with very limited
|
||||||
[config.template.yml](https://github.com/authelia/authelia/blob/master/config.template.yml) has comments with very
|
documentation on the effective use of a particular option. All documentation lines start with `##`. Lines
|
||||||
limited documentation on the effective use of a particular option. All documentation lines start with `##`. Lines
|
|
||||||
starting with a single `#` are [YAML] configuration options which are commented to disable them or as examples.
|
starting with a single `#` are [YAML] configuration options which are commented to disable them or as examples.
|
||||||
2. This documentation site. Generally each section of the configuration is in its own section of the documentation
|
2. This documentation site. Generally each section of the configuration is in its own section of the documentation
|
||||||
site. Each configuration option is listed in its relevant section as a heading, under that heading generally are two
|
site. Each configuration option is listed in its relevant section as a heading, under that heading generally are two
|
||||||
|
|
|
@ -38,6 +38,23 @@ The additional tools are recommended:
|
||||||
* [yamllint]
|
* [yamllint]
|
||||||
* [VSCodium] or [GoLand]
|
* [VSCodium] or [GoLand]
|
||||||
|
|
||||||
|
## Certificate
|
||||||
|
|
||||||
|
Authelia utilizes a self-signed Root CA certificate for the development environment. This allows us to sign elements of
|
||||||
|
the CI process uniformly and only trust a single additional Root CA Certificate. The private key for this certificate is
|
||||||
|
maintained by the [Core Team] so if you need an additional certificate signed for this purpose please reach out to them.
|
||||||
|
|
||||||
|
While developing for Authelia you may also want to trust this Root CA. It is critical that you are aware of what this
|
||||||
|
means if you decide to do so.
|
||||||
|
|
||||||
|
1. It will allow us to generate trusted certificates for machines this is installed on.
|
||||||
|
2. If compromised there is no formal revocation process at this time as we are not a certified CA.
|
||||||
|
3. Trusting Root CA's is not necessary for the development process it only makes it smoother.
|
||||||
|
4. Trusting additional Root CA's for prolonged periods is not generally a good idea.
|
||||||
|
|
||||||
|
If you'd still like to trust the Root CA Certificate it's located (encoded as a PEM) in the main git repository at
|
||||||
|
[/internal/suites/common/pki/ca/ca.public.crt](https://github.com/authelia/authelia/blob/master/internal/suites/common/pki/ca/ca.public.crt).
|
||||||
|
|
||||||
## Scripts
|
## Scripts
|
||||||
|
|
||||||
There is a scripting context provided with __Authelia__ which can easily be configured. It allows running integration
|
There is a scripting context provided with __Authelia__ which can easily be configured. It allows running integration
|
||||||
|
|
|
@ -25,8 +25,8 @@ bootstrapping *Authelia*.
|
||||||
|
|
||||||
We publish two example [systemd] unit files:
|
We publish two example [systemd] unit files:
|
||||||
|
|
||||||
* [authelia.service](https://github.com/authelia/authelia/blob/master/authelia.service)
|
* {{< github-link path="authelia.service" >}}
|
||||||
* [authelia@.service](https://github.com/authelia/authelia/blob/master/authelia%40.service)
|
* {{< github-link path="authelia@.service" >}}
|
||||||
|
|
||||||
## Arch Linux
|
## Arch Linux
|
||||||
|
|
||||||
|
|
|
@ -23,24 +23,31 @@ common scenarios however those using more advanced architectures are likely goin
|
||||||
help with answering less specific questions about this and it may be possible if provided adequate information more
|
help with answering less specific questions about this and it may be possible if provided adequate information more
|
||||||
specific questions may be answered.
|
specific questions may be answered.
|
||||||
|
|
||||||
|
1. Authelia *__MUST__* be served via the `https` scheme. This is not optional even for testing. This is a deliberate
|
||||||
|
design decision to improve security directly (by using encrypted communication) and indirectly by reducing complexity.
|
||||||
|
|
||||||
### Forwarded Authentication
|
### Forwarded Authentication
|
||||||
|
|
||||||
Forwarded Authentication is a simple per-request authorization flow that checks the metadata of a request and a session
|
Forwarded Authentication is a simple per-request authorization flow that checks the metadata of a request and a session
|
||||||
cookie to determine if a user must be forwarded to the authentication portal.
|
cookie to determine if a user must be forwarded to the authentication portal.
|
||||||
|
|
||||||
Due to the fact a cookie is used, it's an intentional design decision that *__ALL__* applications/domains protected via
|
In addition to the `https` scheme requirement for Authelia itself:
|
||||||
|
|
||||||
|
1. Due to the fact a cookie is used, it's an intentional design decision that *__ALL__* applications/domains protected via
|
||||||
this method *__MUST__* use secure schemes (`https` and `wss`) for all of their communication.
|
this method *__MUST__* use secure schemes (`https` and `wss`) for all of their communication.
|
||||||
|
|
||||||
### OpenID Connect
|
### OpenID Connect
|
||||||
|
|
||||||
Only requires Authelia to be accessible via a secure scheme (`https`).
|
No additional requirements other than the use of the `https` scheme for Authelia itself exist excluding those mandated
|
||||||
|
by the relevant specifications.
|
||||||
|
|
||||||
## Configuration
|
## Configuration
|
||||||
|
|
||||||
It's important to customize the configuration for *Authelia* in advance of deploying it. The configuration is static and
|
It's important to customize the configuration for *Authelia* in advance of deploying it. The configuration is static and
|
||||||
not configured via web GUI. You can find a
|
not configured via web GUI. You can find a configuration template named {{< github-link path="config.template.yml" >}}
|
||||||
[configuration template](https://github.com/authelia/authelia/blob/master/config.template.yml) on GitHub which can be
|
on GitHub which can be used as a basis for configuration, alternatively *Authelia* will write this template relevant for
|
||||||
used as a basis for configuration.
|
your version the first time it is started. Users should expect that they have to configure elements of this file as part
|
||||||
|
of initial setup.
|
||||||
|
|
||||||
The important sections to consider in initial configuration are as follows:
|
The important sections to consider in initial configuration are as follows:
|
||||||
|
|
||||||
|
|
|
@ -44,7 +44,7 @@ case you have multiple devices available, you will be asked to select your prefe
|
||||||
### Why don't I have access to the *Push Notification* option?
|
### Why don't I have access to the *Push Notification* option?
|
||||||
|
|
||||||
It's likely that you have not configured __Authelia__ correctly. Please read this documentation again and be sure you
|
It's likely that you have not configured __Authelia__ correctly. Please read this documentation again and be sure you
|
||||||
had a look at [config.template.yml](https://github.com/authelia/authelia/blob/master/config.template.yml) and
|
had a look at {{< github-link path="config.template.yml" >}} and
|
||||||
[configuration documentation](../../../configuration/second-factor/duo.md).
|
[configuration documentation](../../../configuration/second-factor/duo.md).
|
||||||
|
|
||||||
[Duo]: https://duo.com/
|
[Duo]: https://duo.com/
|
||||||
|
|
|
@ -0,0 +1,17 @@
|
||||||
|
{{- $repo := "authelia/authelia" }}{{ with .Get "repo" }}{{ $repo = . }}{{ end }}
|
||||||
|
{{- $branch := printf "v%s" .Site.Data.misc.latest }}{{ with .Get "branch" }}{{ $branch = . }}{{ end }}
|
||||||
|
{{- $path := "" }}{{ with .Get "path" }}{{ $path = . }}{{ end }}
|
||||||
|
{{- $link := printf "https://github.com/%s/blob/%s/%s" $repo $branch (urlquery $path) }}
|
||||||
|
{{- $name := "" }}
|
||||||
|
{{- with .Get "name" }}
|
||||||
|
{{- $name = . }}
|
||||||
|
{{- else }}
|
||||||
|
{{- if (eq $repo "authelia/authelia") }}
|
||||||
|
{{- $name = $path }}
|
||||||
|
{{- else }}
|
||||||
|
{{- $name = printf "https://github.com/%s/blob/%s/%s" $repo $branch $path }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- "" -}}
|
||||||
|
<a href="{{ $link }}" target="_blank">{{ $name }}</a>
|
||||||
|
{{- "" -}}
|
Loading…
Reference in New Issue