Reformat
This commit is contained in:
parent
9d7060f531
commit
e0651eea6c
@ -9,8 +9,10 @@ visible: false
|
|||||||
|
|
||||||
### Network and Pod
|
### Network and Pod
|
||||||
|
|
||||||
`# podman network create net_authentik`
|
```sh
|
||||||
`# podman pod create --name pod_authentik --network net_authentik -p `
|
podman network create net_authentik
|
||||||
|
podman pod create --name pod_authentik --network net_authentik -p
|
||||||
|
```
|
||||||
|
|
||||||
#### Port Mappings
|
#### Port Mappings
|
||||||
|
|
||||||
@ -21,7 +23,7 @@ visible: false
|
|||||||
### Database
|
### Database
|
||||||
|
|
||||||
```sh
|
```sh
|
||||||
# podman run --name authentik_db \
|
podman run --name authentik_db \
|
||||||
-e PGDATA=/var/lib/postgresql/data/pgdata \
|
-e PGDATA=/var/lib/postgresql/data/pgdata \
|
||||||
-e POSTGRES_USER=authentik \
|
-e POSTGRES_USER=authentik \
|
||||||
-e POSTGRES_PASSWORD=authentik \
|
-e POSTGRES_PASSWORD=authentik \
|
||||||
@ -34,7 +36,7 @@ visible: false
|
|||||||
### Redis
|
### Redis
|
||||||
|
|
||||||
```sh
|
```sh
|
||||||
# podman run --name authentik_redis \
|
podman run --name authentik_redis \
|
||||||
-v /mnt/authentik_redis:/data \
|
-v /mnt/authentik_redis:/data \
|
||||||
--pod pod_authentik \
|
--pod pod_authentik \
|
||||||
-d docker.io/redis:7 \
|
-d docker.io/redis:7 \
|
||||||
@ -45,27 +47,27 @@ visible: false
|
|||||||
|
|
||||||
https://goauthentik.io/docs/installation/docker-compose
|
https://goauthentik.io/docs/installation/docker-compose
|
||||||
|
|
||||||
```
|
```yaml
|
||||||
server:
|
server:
|
||||||
image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2022.9.0}
|
image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2022.9.0}
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
command: server
|
command: server
|
||||||
environment:
|
environment:
|
||||||
AUTHENTIK_REDIS__HOST: redis
|
AUTHENTIK_REDIS__HOST: redis
|
||||||
AUTHENTIK_POSTGRESQL__HOST: postgresql
|
AUTHENTIK_POSTGRESQL__HOST: postgresql
|
||||||
AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
|
AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
|
||||||
AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
|
AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
|
||||||
AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
|
AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
|
||||||
# AUTHENTIK_ERROR_REPORTING__ENABLED: "true"
|
# AUTHENTIK_ERROR_REPORTING__ENABLED: "true"
|
||||||
volumes:
|
volumes:
|
||||||
- ./media:/media
|
- ./media:/media
|
||||||
- ./custom-templates:/templates
|
- ./custom-templates:/templates
|
||||||
- geoip:/geoip
|
- geoip:/geoip
|
||||||
env_file:
|
env_file:
|
||||||
- .env
|
- .env
|
||||||
ports:
|
ports:
|
||||||
- "0.0.0.0:${AUTHENTIK_PORT_HTTP:-9000}:9000"
|
- "0.0.0.0:${AUTHENTIK_PORT_HTTP:-9000}:9000"
|
||||||
- "0.0.0.0:${AUTHENTIK_PORT_HTTPS:-9443}:9443"
|
- "0.0.0.0:${AUTHENTIK_PORT_HTTPS:-9443}:9443"
|
||||||
```
|
```
|
||||||
|
|
||||||
```
|
```
|
||||||
@ -74,30 +76,30 @@ https://goauthentik.io/docs/installation/docker-compose
|
|||||||
|
|
||||||
### Application Worker
|
### Application Worker
|
||||||
|
|
||||||
```
|
```yaml
|
||||||
worker:
|
worker:
|
||||||
image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2022.9.0}
|
image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2022.9.0}
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
command: worker
|
command: worker
|
||||||
environment:
|
environment:
|
||||||
AUTHENTIK_REDIS__HOST: redis
|
AUTHENTIK_REDIS__HOST: redis
|
||||||
AUTHENTIK_POSTGRESQL__HOST: postgresql
|
AUTHENTIK_POSTGRESQL__HOST: postgresql
|
||||||
AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
|
AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
|
||||||
AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
|
AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
|
||||||
AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
|
AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
|
||||||
# AUTHENTIK_ERROR_REPORTING__ENABLED: "true"
|
# AUTHENTIK_ERROR_REPORTING__ENABLED: "true"
|
||||||
# This is optional, and can be removed. If you remove this, the following will happen
|
# This is optional, and can be removed. If you remove this, the following will happen
|
||||||
# - The permissions for the /media folders aren't fixed, so make sure they are 1000:1000
|
# - The permissions for the /media folders aren't fixed, so make sure they are 1000:1000
|
||||||
# - The docker socket can't be accessed anymore
|
# - The docker socket can't be accessed anymore
|
||||||
user: root
|
user: root
|
||||||
volumes:
|
volumes:
|
||||||
- ./media:/media
|
- ./media:/media
|
||||||
- ./certs:/certs
|
- ./certs:/certs
|
||||||
- /var/run/docker.sock:/var/run/docker.sock
|
- /var/run/docker.sock:/var/run/docker.sock
|
||||||
- ./custom-templates:/templates
|
- ./custom-templates:/templates
|
||||||
- geoip:/geoip
|
- geoip:/geoip
|
||||||
env_file:
|
env_file:
|
||||||
- .env
|
- .env
|
||||||
```
|
```
|
||||||
|
|
||||||
```
|
```
|
||||||
|
@ -11,7 +11,9 @@ The VM template needs a few cloud-init tools installed before we can use it with
|
|||||||
|
|
||||||
### Debian
|
### Debian
|
||||||
|
|
||||||
`# apt install cloud-init cloud-initramfs-growroot`
|
```sh
|
||||||
|
apt install cloud-init cloud-initramfs-growroot
|
||||||
|
```
|
||||||
|
|
||||||
### AlmaLinux
|
### AlmaLinux
|
||||||
|
|
||||||
|
@ -7,53 +7,71 @@ visible: true
|
|||||||
|
|
||||||
## Installation
|
## Installation
|
||||||
|
|
||||||
`# apt install isc-dhcp-server`
|
```sh
|
||||||
|
apt install isc-dhcp-server
|
||||||
|
```
|
||||||
|
|
||||||
## Configuration
|
## Configuration
|
||||||
|
|
||||||
Edit `/etc/default/isc-dhcp-server`
|
Edit `/etc/default/isc-dhcp-server`
|
||||||
`INTERFACESv4="(interface 1) (interface 2)"`
|
|
||||||
|
```
|
||||||
|
INTERFACESv4="{INTERFACE 1} {INTERFACE 2}"
|
||||||
|
```
|
||||||
|
|
||||||
Edit `/etc/dhcp/dhcpd.conf` to set a subnet
|
Edit `/etc/dhcp/dhcpd.conf` to set a subnet
|
||||||
|
|
||||||
```
|
```
|
||||||
subnet (netaddress) netmask (subnetmask) {
|
subnet {NETADDRESS} netmask {SUBNETMASK} {
|
||||||
range (first dhcp) (last dhcp);
|
range {FIRST DHCP} {LAST DHCP};
|
||||||
option subnet-mask (subnetmask);
|
option subnet-mask {SUBNETMASK};
|
||||||
option routers (gateway);
|
option routers {GATEWAY};
|
||||||
option domain-name "(name)";
|
option domain-name "{NAME}";
|
||||||
option domain-name-servers (dns server);
|
option domain-name-servers {DNS SERVER};
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
Edit `/etc/network/interfaces`
|
Edit `/etc/network/interfaces`
|
||||||
|
|
||||||
```
|
```
|
||||||
auto (interface)
|
auto {INTERFACE}
|
||||||
iface (interface) inet static
|
iface {INTERFACE} inet static
|
||||||
address (address)
|
address {ADDRESS}
|
||||||
network (netaddress)
|
network {NETADDRESS}
|
||||||
netmask (netmask)
|
netmask {NETMASK}
|
||||||
broadcast (broadcast)
|
broadcast {BROADCAST}
|
||||||
```
|
```
|
||||||
|
|
||||||
Enable the interface
|
Enable the interface
|
||||||
`# ifup (interface)`
|
|
||||||
|
|
||||||
Restart DHCP Server
|
```sh
|
||||||
`# systemctl restart isc-dhcp-server.service`
|
ifup {INTERFACE}
|
||||||
|
```
|
||||||
|
|
||||||
|
Restart DHCP Server
|
||||||
|
|
||||||
|
```sh
|
||||||
|
systemctl restart isc-dhcp-server.service
|
||||||
|
```
|
||||||
|
|
||||||
### Enable routing
|
### Enable routing
|
||||||
|
|
||||||
`# echo "net.ipv4.ip_forward=1" >> /etc/sysctl.d/80-forwarding.conf`
|
```sh
|
||||||
`# sysctl -p /etc/sysctl.d/80-forwarding.conf`
|
echo "net.ipv4.ip_forward=1" >> /etc/sysctl.d/80-forwarding.conf
|
||||||
|
sysctl -p /etc/sysctl.d/80-forwarding.conf
|
||||||
|
```
|
||||||
|
|
||||||
`# iptables -t nat -A POSTROUTING -o (WAN interface) -j MASQUERADE`
|
```sh
|
||||||
`# iptables -A FORWARD -i (LAN interface) -j ACCEPT`
|
iptables -t nat -A POSTROUTING -o (WAN interface) -j MASQUERADE
|
||||||
|
iptables -A FORWARD -i (LAN interface) -j ACCEPT
|
||||||
|
```
|
||||||
|
|
||||||
Make iptables permanent
|
Make iptables permanent
|
||||||
Select `Yes` during the installation to save current rules
|
Select `Yes` during the installation to save current rules
|
||||||
`# apt install iptables-persistent`
|
|
||||||
|
```sh
|
||||||
|
apt install iptables-persistent
|
||||||
|
```
|
||||||
|
|
||||||
### Enable DHCP-managed fixed IP address
|
### Enable DHCP-managed fixed IP address
|
||||||
|
|
||||||
@ -97,8 +115,14 @@ zone 7.168.192.in-addr.arpa. {
|
|||||||
|
|
||||||
## Client
|
## Client
|
||||||
|
|
||||||
DHCP Request
|
DHCP Request
|
||||||
`# dhclient -v`
|
|
||||||
|
|
||||||
Release IP
|
```sh
|
||||||
`# dhclient -v -r`
|
dhclient -v
|
||||||
|
```
|
||||||
|
|
||||||
|
Release IP
|
||||||
|
|
||||||
|
```sh
|
||||||
|
# dhclient -v -r
|
||||||
|
```
|
||||||
|
Loading…
Reference in New Issue
Block a user