Updates for SSO across all apps
This commit is contained in:
root
parent
c719bbdefa
commit
2f969592bd
@ -252,7 +252,7 @@ OIDC_END_SESSION_ENDPOINT=https://authelia.$DOMAIN/logout
|
||||
EOF
|
||||
|
||||
# Add in extra hosts config
|
||||
[[ ! $(grep extra_hosts /federated/apps/bookstack/docker-compose.yml 2>/dev/null) ]] && sed -i "/172.99.0.36/a \ extra_hosts:\n\ - \"authelia.$DOMAIN:$EXTERNALIP\"" /federated/apps/bookstack/docker-compose.yml
|
||||
add_authelia_config_to_dockercompose "$APP"
|
||||
|
||||
# Setup external_auth_id for each user in bookstack users table
|
||||
BOOKSTACK_SECRET=$(cat /federated/apps/bookstack/.env | grep "DB_PASS" | awk -F= '{ print $2 }')
|
||||
|
||||
@ -41,7 +41,7 @@ EOF
|
||||
cat > /federated/apps/dashboard/.env <<EOF
|
||||
IMAGE_VERSION="latest"
|
||||
DOMAIN="$DOMAIN"
|
||||
TIER="$BUNDLE"
|
||||
TIER="$TIER"
|
||||
EOF
|
||||
chmod 600 /federated/apps/dashboard/.env
|
||||
|
||||
|
||||
@ -90,7 +90,7 @@ echo -ne "done.\n"
|
||||
}
|
||||
start_espocrm() {
|
||||
# Start service with command to make sure it's up before proceeding
|
||||
start_service "espocrm" "nc -z 172.99.0.39 80 &> /dev/null" "7"
|
||||
start_service "espocrm" "nc -z 172.99.0.39 80 &> /dev/null" "15"
|
||||
|
||||
docker exec pdns pdnsutil add-record $DOMAIN espocrm A 86400 $EXTERNALIP &> /dev/null
|
||||
[ $? -ne 0 ] && fail "Couldn't add dns record for espocrm"
|
||||
@ -235,6 +235,7 @@ cat >> /federated/apps/authelia/data/config/idproviders.yml <<EOF
|
||||
- 'openid'
|
||||
- 'profile'
|
||||
- 'email'
|
||||
- 'groups'
|
||||
userinfo_signed_response_alg: 'none'
|
||||
token_endpoint_auth_method: 'client_secret_post'
|
||||
EOF
|
||||
@ -246,7 +247,6 @@ EOF
|
||||
cat >> /federated/apps/espocrm/.env <<EOF
|
||||
ESPOCRM_CONFIG_AUTHENTICATION_METHOD=Oidc
|
||||
ESPOCRM_CONFIG_OIDC_USERNAME_CLAIM=preferred_username
|
||||
ESPOCRM_CONFIG_OIDC_GROUP_CLAIM=groups
|
||||
ESPOCRM_CONFIG_OIDC_FALLBACK=true
|
||||
ESPOCRM_CONFIG_OIDC_CLIENT_ID=espocrm
|
||||
ESPOCRM_CONFIG_OIDC_CLIENT_SECRET=$ESPOCRM_CLIENT_SECRET
|
||||
@ -268,7 +268,7 @@ EOF
|
||||
sed -i "/authenticationMethod/a \ 'oidcScopes' => [\n\ 0 => 'profile',\n\ 1 => 'email',\n\ 2 => 'groups',\n\ 3 => 'openid'\n\ ]," /federated/apps/espocrm/data/var/www/html/data/config.php
|
||||
|
||||
# Add in extra_hosts to docker-compose
|
||||
[[ ! $(grep extra_hosts /federated/apps/espocrm/docker-compose.yml 2>/dev/null) ]] && sed -i "/restart: always/a \ extra_hosts:\n\ - \"authelia.$DOMAIN:$EXTERNALIP\"" /federated/apps/espocrm/docker-compose.yml
|
||||
add_authelia_config_to_dockercompose "$APP"
|
||||
|
||||
# Set auth method to Oidc only
|
||||
sed -i "s/ESPOCRM_CONFIG_AUTHENTICATION_METHOD=LDAP/#ESPOCRM_CONFIG_AUTHENTICATION_METHOD=LDAP/g" /federated/apps/espocrm/.env
|
||||
|
||||
@ -1727,3 +1727,12 @@ run_finishtasks() {
|
||||
docker exec -u 33 nextcloud truncate /var/www/html/data/nextcloud.log --size 0
|
||||
docker system prune -a -f
|
||||
}
|
||||
add_authelia_config_to_dockercompose() {
|
||||
if [[ ! $(grep authelia /federated/apps/$1/docker-compose.yml) ]]; then
|
||||
if [[ $(grep extra_hosts /federated/apps/$1/docker-compose.yml) ]]; then
|
||||
sed -i "/extra_hosts/a \ - \"authelia.$DOMAIN:$EXTERNALIP\"" /federated/apps/$1/docker-compose.yml
|
||||
else
|
||||
sed -i "/restart: always/a \ extra_hosts:\n\ - \"authelia.$DOMAIN:$EXTERNALIP\"" /federated/apps/$1/docker-compose.yml
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
@ -262,7 +262,7 @@ uninstall_gitea() {
|
||||
docker exec pdns pdnsutil delete-rrset $DOMAIN gitea A
|
||||
|
||||
# Uninstall the SSO configuration if it exists in authelia (authelia must exist too)
|
||||
if [[ $(grep "### Matrix" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]]; then
|
||||
if [[ $(grep "### Gitea" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]]; then
|
||||
sed -i '/### Gitea/,/### /{/### PowerDNS/!{/### /!d}}' /federated/apps/authelia/data/config/idproviders.yml
|
||||
sed -i '/### Gitea/d' /federated/apps/authelia/data/config/idproviders.yml
|
||||
/federated/bin/stop authelia
|
||||
|
||||
@ -279,6 +279,8 @@ EOF
|
||||
/federated/bin/stop authelia
|
||||
/federated/bin/start authelia
|
||||
|
||||
add_authelia_config_to_dockercompose "$APP"
|
||||
|
||||
cat >> /federated/apps/matrix/data/matrix/homeserver.yaml <<EOF
|
||||
oidc_providers:
|
||||
- idp_id: authelia
|
||||
|
||||
@ -350,6 +350,7 @@ uninstall_nextcloud() {
|
||||
configsso_nextcloud() {
|
||||
[ ! -d "/federated/apps/authelia" ] && failcheck "Authelia is not installed. You need this first before continuing."
|
||||
[ ! -f "/federated/apps/authelia/data/config/idproviders.yml" ] && failcheck "Authelia idproviders.yml is missing."
|
||||
get_appvars
|
||||
[[ $(grep "### Nextcloud" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]] && failcheck "Authelia already has a Nextcloud configuration."
|
||||
|
||||
NEXTCLOUD_CLIENT_SECRET=$(create_password);
|
||||
@ -376,6 +377,8 @@ cat >> /federated/apps/authelia/data/config/idproviders.yml <<EOF
|
||||
token_endpoint_auth_method: 'client_secret_basic'
|
||||
EOF
|
||||
|
||||
add_authelia_config_to_dockercompose "$APP"
|
||||
|
||||
# Restart Authelia for changes to take the above configuration
|
||||
/federated/bin/stop authelia
|
||||
/federated/bin/start authelia
|
||||
@ -384,4 +387,7 @@ EOF
|
||||
docker exec -u 33 nextcloud /var/www/html/occ app:enable user_oidc
|
||||
docker exec -u 33 nextcloud /var/www/html/occ config:system:set --value=true --type=boolean user_oidc use_pkce
|
||||
docker exec -u 33 nextcloud /var/www/html/occ user_oidc:provider Authelia --clientid="nextcloud" --clientsecret="$NEXTCLOUD_CLIENT_SECRET" --discoveryuri="https://authelia.$DOMAIN/.well-known/openid-configuration" --mapping-uid=name --endsessionendpointuri=https://authelia.$DOMAIN/logout
|
||||
|
||||
/federated/bin/stop nextcloud
|
||||
/federated/bin/start nextcloud
|
||||
}
|
||||
|
||||
@ -176,8 +176,8 @@ EOF
|
||||
/federated/bin/start authelia
|
||||
|
||||
# Add in extra hosts config
|
||||
[[ ! $(grep extra_hosts /federated/apps/roundcube/docker-compose.yml 2>/dev/null) ]] && sed -i "/restart: always/a \ extra_hosts:\n\ - \"authelia.$DOMAIN:$EXTERNALIP\"" /federated/apps/roundcube/docker-compose.yml
|
||||
[[ ! $(grep extra_hosts /federated/apps/mail/docker-compose.yml 2>/dev/null) ]] && sed -i "/restart: always/a \ extra_hosts:\n\ - \"authelia.$DOMAIN:$EXTERNALIP\"" /federated/apps/mail/docker-compose.yml
|
||||
add_authelia_config_to_dockercompose "$APP"
|
||||
add_authelia_config_to_dockercompose "mail"
|
||||
|
||||
sed -i "/?php/a \ \$config['oauth_provider'] = 'generic'; \n\
|
||||
\$config['oauth_provider_name'] = 'Authelia'; \n\
|
||||
|
||||
@ -239,13 +239,7 @@ EOF
|
||||
/federated/bin/stop authelia
|
||||
/federated/bin/start authelia
|
||||
|
||||
if [[ ! $(grep authelia /federated/apps/wordpress/docker-compose.yml) ]]; then
|
||||
if [[ $(grep extra_hosts /federated/apps/wordpress/docker-compose.yml) ]]; then
|
||||
sed -i "/extra_hosts/a \ - \"authelia.$DOMAIN:$EXTERNALIP\"" /federated/apps/wordpress/docker-compose.yml
|
||||
else
|
||||
sed -i "/restart: always/a \ extra_hosts:\n\ - \"authelia.$DOMAIN:$EXTERNALIP\"" /federated/apps/wordpress/docker-compose.yml
|
||||
fi
|
||||
fi
|
||||
add_authelia_config_to_dockercompose "$APP"
|
||||
|
||||
sed -i "/Add any custom values/a \
|
||||
define( 'OIDC_CLIENT_ID', 'wordpress' );\n\
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user