Reformat
This commit is contained in:
parent
9d7060f531
commit
e0651eea6c
@ -9,8 +9,10 @@ visible: false
|
||||
|
||||
### Network and Pod
|
||||
|
||||
`# podman network create net_authentik`
|
||||
`# podman pod create --name pod_authentik --network net_authentik -p `
|
||||
```sh
|
||||
podman network create net_authentik
|
||||
podman pod create --name pod_authentik --network net_authentik -p
|
||||
```
|
||||
|
||||
#### Port Mappings
|
||||
|
||||
@ -21,7 +23,7 @@ visible: false
|
||||
### Database
|
||||
|
||||
```sh
|
||||
# podman run --name authentik_db \
|
||||
podman run --name authentik_db \
|
||||
-e PGDATA=/var/lib/postgresql/data/pgdata \
|
||||
-e POSTGRES_USER=authentik \
|
||||
-e POSTGRES_PASSWORD=authentik \
|
||||
@ -34,7 +36,7 @@ visible: false
|
||||
### Redis
|
||||
|
||||
```sh
|
||||
# podman run --name authentik_redis \
|
||||
podman run --name authentik_redis \
|
||||
-v /mnt/authentik_redis:/data \
|
||||
--pod pod_authentik \
|
||||
-d docker.io/redis:7 \
|
||||
@ -45,27 +47,27 @@ visible: false
|
||||
|
||||
https://goauthentik.io/docs/installation/docker-compose
|
||||
|
||||
```
|
||||
server:
|
||||
image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2022.9.0}
|
||||
restart: unless-stopped
|
||||
command: server
|
||||
environment:
|
||||
AUTHENTIK_REDIS__HOST: redis
|
||||
AUTHENTIK_POSTGRESQL__HOST: postgresql
|
||||
AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
|
||||
AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
|
||||
AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
|
||||
# AUTHENTIK_ERROR_REPORTING__ENABLED: "true"
|
||||
volumes:
|
||||
- ./media:/media
|
||||
- ./custom-templates:/templates
|
||||
- geoip:/geoip
|
||||
env_file:
|
||||
- .env
|
||||
ports:
|
||||
- "0.0.0.0:${AUTHENTIK_PORT_HTTP:-9000}:9000"
|
||||
- "0.0.0.0:${AUTHENTIK_PORT_HTTPS:-9443}:9443"
|
||||
```yaml
|
||||
server:
|
||||
image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2022.9.0}
|
||||
restart: unless-stopped
|
||||
command: server
|
||||
environment:
|
||||
AUTHENTIK_REDIS__HOST: redis
|
||||
AUTHENTIK_POSTGRESQL__HOST: postgresql
|
||||
AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
|
||||
AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
|
||||
AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
|
||||
# AUTHENTIK_ERROR_REPORTING__ENABLED: "true"
|
||||
volumes:
|
||||
- ./media:/media
|
||||
- ./custom-templates:/templates
|
||||
- geoip:/geoip
|
||||
env_file:
|
||||
- .env
|
||||
ports:
|
||||
- "0.0.0.0:${AUTHENTIK_PORT_HTTP:-9000}:9000"
|
||||
- "0.0.0.0:${AUTHENTIK_PORT_HTTPS:-9443}:9443"
|
||||
```
|
||||
|
||||
```
|
||||
@ -74,30 +76,30 @@ https://goauthentik.io/docs/installation/docker-compose
|
||||
|
||||
### Application Worker
|
||||
|
||||
```
|
||||
```yaml
|
||||
worker:
|
||||
image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2022.9.0}
|
||||
restart: unless-stopped
|
||||
command: worker
|
||||
environment:
|
||||
AUTHENTIK_REDIS__HOST: redis
|
||||
AUTHENTIK_POSTGRESQL__HOST: postgresql
|
||||
AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
|
||||
AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
|
||||
AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
|
||||
# AUTHENTIK_ERROR_REPORTING__ENABLED: "true"
|
||||
# This is optional, and can be removed. If you remove this, the following will happen
|
||||
# - The permissions for the /media folders aren't fixed, so make sure they are 1000:1000
|
||||
# - The docker socket can't be accessed anymore
|
||||
user: root
|
||||
volumes:
|
||||
- ./media:/media
|
||||
- ./certs:/certs
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
- ./custom-templates:/templates
|
||||
- geoip:/geoip
|
||||
env_file:
|
||||
- .env
|
||||
image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2022.9.0}
|
||||
restart: unless-stopped
|
||||
command: worker
|
||||
environment:
|
||||
AUTHENTIK_REDIS__HOST: redis
|
||||
AUTHENTIK_POSTGRESQL__HOST: postgresql
|
||||
AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
|
||||
AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
|
||||
AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
|
||||
# AUTHENTIK_ERROR_REPORTING__ENABLED: "true"
|
||||
# This is optional, and can be removed. If you remove this, the following will happen
|
||||
# - The permissions for the /media folders aren't fixed, so make sure they are 1000:1000
|
||||
# - The docker socket can't be accessed anymore
|
||||
user: root
|
||||
volumes:
|
||||
- ./media:/media
|
||||
- ./certs:/certs
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
- ./custom-templates:/templates
|
||||
- geoip:/geoip
|
||||
env_file:
|
||||
- .env
|
||||
```
|
||||
|
||||
```
|
||||
|
@ -11,7 +11,9 @@ The VM template needs a few cloud-init tools installed before we can use it with
|
||||
|
||||
### Debian
|
||||
|
||||
`# apt install cloud-init cloud-initramfs-growroot`
|
||||
```sh
|
||||
apt install cloud-init cloud-initramfs-growroot
|
||||
```
|
||||
|
||||
### AlmaLinux
|
||||
|
||||
|
@ -7,53 +7,71 @@ visible: true
|
||||
|
||||
## Installation
|
||||
|
||||
`# apt install isc-dhcp-server`
|
||||
```sh
|
||||
apt install isc-dhcp-server
|
||||
```
|
||||
|
||||
## Configuration
|
||||
|
||||
Edit `/etc/default/isc-dhcp-server`
|
||||
`INTERFACESv4="(interface 1) (interface 2)"`
|
||||
Edit `/etc/default/isc-dhcp-server`
|
||||
|
||||
```
|
||||
INTERFACESv4="{INTERFACE 1} {INTERFACE 2}"
|
||||
```
|
||||
|
||||
Edit `/etc/dhcp/dhcpd.conf` to set a subnet
|
||||
|
||||
```
|
||||
subnet (netaddress) netmask (subnetmask) {
|
||||
range (first dhcp) (last dhcp);
|
||||
option subnet-mask (subnetmask);
|
||||
option routers (gateway);
|
||||
option domain-name "(name)";
|
||||
option domain-name-servers (dns server);
|
||||
subnet {NETADDRESS} netmask {SUBNETMASK} {
|
||||
range {FIRST DHCP} {LAST DHCP};
|
||||
option subnet-mask {SUBNETMASK};
|
||||
option routers {GATEWAY};
|
||||
option domain-name "{NAME}";
|
||||
option domain-name-servers {DNS SERVER};
|
||||
}
|
||||
```
|
||||
|
||||
Edit `/etc/network/interfaces`
|
||||
|
||||
```
|
||||
auto (interface)
|
||||
iface (interface) inet static
|
||||
address (address)
|
||||
network (netaddress)
|
||||
netmask (netmask)
|
||||
broadcast (broadcast)
|
||||
auto {INTERFACE}
|
||||
iface {INTERFACE} inet static
|
||||
address {ADDRESS}
|
||||
network {NETADDRESS}
|
||||
netmask {NETMASK}
|
||||
broadcast {BROADCAST}
|
||||
```
|
||||
|
||||
Enable the interface
|
||||
`# ifup (interface)`
|
||||
Enable the interface
|
||||
|
||||
Restart DHCP Server
|
||||
`# systemctl restart isc-dhcp-server.service`
|
||||
```sh
|
||||
ifup {INTERFACE}
|
||||
```
|
||||
|
||||
Restart DHCP Server
|
||||
|
||||
```sh
|
||||
systemctl restart isc-dhcp-server.service
|
||||
```
|
||||
|
||||
### Enable routing
|
||||
|
||||
`# echo "net.ipv4.ip_forward=1" >> /etc/sysctl.d/80-forwarding.conf`
|
||||
`# sysctl -p /etc/sysctl.d/80-forwarding.conf`
|
||||
```sh
|
||||
echo "net.ipv4.ip_forward=1" >> /etc/sysctl.d/80-forwarding.conf
|
||||
sysctl -p /etc/sysctl.d/80-forwarding.conf
|
||||
```
|
||||
|
||||
`# iptables -t nat -A POSTROUTING -o (WAN interface) -j MASQUERADE`
|
||||
`# iptables -A FORWARD -i (LAN interface) -j ACCEPT`
|
||||
```sh
|
||||
iptables -t nat -A POSTROUTING -o (WAN interface) -j MASQUERADE
|
||||
iptables -A FORWARD -i (LAN interface) -j ACCEPT
|
||||
```
|
||||
|
||||
Make iptables permanent
|
||||
Select `Yes` during the installation to save current rules
|
||||
`# apt install iptables-persistent`
|
||||
Select `Yes` during the installation to save current rules
|
||||
|
||||
```sh
|
||||
apt install iptables-persistent
|
||||
```
|
||||
|
||||
### Enable DHCP-managed fixed IP address
|
||||
|
||||
@ -97,8 +115,14 @@ zone 7.168.192.in-addr.arpa. {
|
||||
|
||||
## Client
|
||||
|
||||
DHCP Request
|
||||
`# dhclient -v`
|
||||
DHCP Request
|
||||
|
||||
Release IP
|
||||
`# dhclient -v -r`
|
||||
```sh
|
||||
dhclient -v
|
||||
```
|
||||
|
||||
Release IP
|
||||
|
||||
```sh
|
||||
# dhclient -v -r
|
||||
```
|
||||
|
Loading…
Reference in New Issue
Block a user