Djeex/DjeexLab
Djeex/DjeexLab
1
0
Fork 0
Code Issues 7 Pull Requests Projects 1 Wiki Activity
DjeexLab/site/serveex/authentik/index.html
Djeex 5876325118 resync
2024-12-28 22:55:49 +00:00

2290 lines
121 KiB
HTML
Executable File
Raw Permalink Blame History

<!doctype html>
<html lang="fr" class="no-js">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width,initial-scale=1">
<meta name="description" content="De la doc, encore de la doc">
<meta name="author" content="Djeex">
<link rel="canonical" href="https://docs.djeex.fr/serveex/authentik/">
<link rel="prev" href="../wireguard/">
<link rel="next" href="../cloudflare/">
<link rel="icon" href="/img/logo/book_pixel.svg">
<meta name="generator" content="mkdocs-1.6.0, mkdocs-material-9.5.27">
<title>Authentik - Djeex Lab</title>
<link rel="stylesheet" href="../../assets/stylesheets/main.6543a935.min.css">
<link rel="stylesheet" href="../../assets/stylesheets/palette.06af60db.min.css">
<style>:root{--md-annotation-icon:url('data:image/svg+xml;charset=utf-8,<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 9.5A2.5 2.5 0 0 0 9.5 12a2.5 2.5 0 0 0 2.5 2.5 2.5 2.5 0 0 0 2.5-2.5A2.5 2.5 0 0 0 12 9.5m0 3.5a1 1 0 0 1-1-1 1 1 0 0 1 1-1 1 1 0 0 1 1 1 1 1 0 0 1-1 1m0-3.5A2.5 2.5 0 0 0 9.5 12a2.5 2.5 0 0 0 2.5 2.5 2.5 2.5 0 0 0 2.5-2.5A2.5 2.5 0 0 0 12 9.5m0 3.5a1 1 0 0 1-1-1 1 1 0 0 1 1-1 1 1 0 0 1 1 1 1 1 0 0 1-1 1m0-11A10 10 0 0 0 2 12a10 10 0 0 0 10 10 10 10 0 0 0 10-10A10 10 0 0 0 12 2m0 14c-2.63 0-5-1.57-6-4a6.505 6.505 0 0 1 8.5-3.5A6.52 6.52 0 0 1 18 12c-1 2.43-3.37 4-6 4m0-6.5A2.5 2.5 0 0 0 9.5 12a2.5 2.5 0 0 0 2.5 2.5 2.5 2.5 0 0 0 2.5-2.5A2.5 2.5 0 0 0 12 9.5m0 3.5a1 1 0 0 1-1-1 1 1 0 0 1 1-1 1 1 0 0 1 1 1 1 1 0 0 1-1 1Z"/></svg>');}</style>
<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,700,700i%7CRoboto+Mono:400,400i,700,700i&display=fallback">
<style>:root{--md-text-font:"Roboto";--md-code-font:"Roboto Mono"}</style>
<link rel="stylesheet" href="../../stylesheets/extra.css">
<script>__md_scope=new URL("../..",location),__md_hash=e=>[...e].reduce((e,_)=>(e<<5)-e+_.charCodeAt(0),0),__md_get=(e,_=localStorage,t=__md_scope)=>JSON.parse(_.getItem(t.pathname+"."+e)),__md_set=(e,_,t=localStorage,a=__md_scope)=>{try{t.setItem(a.pathname+"."+e,JSON.stringify(_))}catch(e){}}</script>
<script id="__analytics">function __md_analytics(){function n(){dataLayer.push(arguments)}window.dataLayer=window.dataLayer||[],n("js",new Date),n("config","G-SN71Y331VQ"),document.addEventListener("DOMContentLoaded",function(){document.forms.search&&document.forms.search.query.addEventListener("blur",function(){this.value&&n("event","search",{search_term:this.value})}),document$.subscribe(function(){var a=document.forms.feedback;if(void 0!==a)for(var e of a.querySelectorAll("[type=submit]"))e.addEventListener("click",function(e){e.preventDefault();var t=document.location.pathname,e=this.getAttribute("data-md-value");n("event","feedback",{page:t,data:e}),a.firstElementChild.disabled=!0;e=a.querySelector(".md-feedback__note [data-md-value='"+e+"']");e&&(e.hidden=!1)}),a.hidden=!1}),location$.subscribe(function(e){n("config","G-SN71Y331VQ",{page_path:e.pathname})})});var e=document.createElement("script");e.async=!0,e.src="https://www.googletagmanager.com/gtag/js?id=G-SN71Y331VQ",document.getElementById("__analytics").insertAdjacentElement("afterEnd",e)}</script>
<script>"undefined"!=typeof __md_analytics&&__md_analytics()</script>
<meta property="og:type" content="website" >
<meta property="og:title" content="Authentik - Djeex Lab" >
<meta property="og:description" content="De la doc, encore de la doc" >
<meta property="og:image" content="https://docs.djeex.fr/assets/images/social/serveex/authentik.png" >
<meta property="og:image:type" content="image/png" >
<meta property="og:image:width" content="1200" >
<meta property="og:image:height" content="630" >
<meta property="og:url" content="https://docs.djeex.fr/serveex/authentik/" >
<meta name="twitter:card" content="summary_large_image" >
<meta name="twitter:title" content="Authentik - Djeex Lab" >
<meta name="twitter:description" content="De la doc, encore de la doc" >
<meta name="twitter:image" content="https://docs.djeex.fr/assets/images/social/serveex/authentik.png" >
</head>
<body dir="ltr" data-md-color-scheme="slate" data-md-color-primary="cyan" data-md-color-accent="cyan">
<input class="md-toggle" data-md-toggle="drawer" type="checkbox" id="__drawer" autocomplete="off">
<input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
<label class="md-overlay" for="__drawer"></label>
<div data-md-component="skip">
<a href="#authentik" class="md-skip">
Aller au contenu
</a>
</div>
<div data-md-component="announce">
</div>
<header class="md-header md-header--shadow" data-md-component="header">
<nav class="md-header__inner md-grid" aria-label="En-tête">
<a href="../.." title="Djeex Lab" class="md-header__button md-logo" aria-label="Djeex Lab" data-md-component="logo">
<img src="/img/logo/book_pixel.png" alt="logo">
</a>
<label class="md-header__button md-icon" for="__drawer">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M3 6h18v2H3V6m0 5h18v2H3v-2m0 5h18v2H3v-2Z"/></svg>
</label>
<div class="md-header__title" data-md-component="header-title">
<div class="md-header__ellipsis">
<div class="md-header__topic">
<span class="md-ellipsis">
Djeex Lab
</span>
</div>
<div class="md-header__topic" data-md-component="header-topic">
<span class="md-ellipsis">
Authentik
</span>
</div>
</div>
</div>
<label class="md-header__button md-icon" for="__search">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5Z"/></svg>
</label>
<div class="md-search" data-md-component="search" role="dialog">
<label class="md-search__overlay" for="__search"></label>
<div class="md-search__inner" role="search">
<form class="md-search__form" name="search">
<input type="text" class="md-search__input" name="query" aria-label="Rechercher" placeholder="Rechercher" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="search-query" required>
<label class="md-search__icon md-icon" for="__search">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5Z"/></svg>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11h12Z"/></svg>
</label>
<nav class="md-search__options" aria-label="Recherche">
<button type="reset" class="md-search__icon md-icon" title="Effacer" aria-label="Effacer" tabindex="-1">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M19 6.41 17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12 19 6.41Z"/></svg>
</button>
</nav>
<div class="md-search__suggest" data-md-component="search-suggest"></div>
</form>
<div class="md-search__output">
<div class="md-search__scrollwrap" tabindex="0" data-md-scrollfix>
<div class="md-search-result" data-md-component="search-result">
<div class="md-search-result__meta">
Initialisation de la recherche
</div>
<ol class="md-search-result__list" role="presentation"></ol>
</div>
</div>
</div>
</div>
</div>
<div class="md-header__source">
<a href="https://git.djeex.fr/Djeex/DjeexLab" title="Aller au dépôt" class="md-source" data-md-component="source">
<div class="md-source__icon md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M4.209 4.603c-.247 0-.525.02-.84.088-.333.07-1.28.283-2.054 1.027C-.403 7.25.035 9.685.089 10.052c.065.446.263 1.687 1.21 2.768 1.749 2.141 5.513 2.092 5.513 2.092s.462 1.103 1.168 2.119c.955 1.263 1.936 2.248 2.89 2.367 2.406 0 7.212-.004 7.212-.004s.458.004 1.08-.394c.535-.324 1.013-.893 1.013-.893s.492-.527 1.18-1.73c.21-.37.385-.729.538-1.068 0 0 2.107-4.471 2.107-8.823-.042-1.318-.367-1.55-.443-1.627-.156-.156-.366-.153-.366-.153s-4.475.252-6.792.306c-.508.011-1.012.023-1.512.027v4.474l-.634-.301c0-1.39-.004-4.17-.004-4.17-1.107.016-3.405-.084-3.405-.084s-5.399-.27-5.987-.324c-.187-.011-.401-.032-.648-.032zm.354 1.832h.111s.271 2.269.6 3.597C5.549 11.147 6.22 13 6.22 13s-.996-.119-1.641-.348c-.99-.324-1.409-.714-1.409-.714s-.73-.511-1.096-1.52C1.444 8.73 2.021 7.7 2.021 7.7s.32-.859 1.47-1.145c.395-.106.863-.12 1.072-.12zm8.33 2.554c.26.003.509.127.509.127l.868.422-.529 1.075a.686.686 0 0 0-.614.359.685.685 0 0 0 .072.756l-.939 1.924a.69.69 0 0 0-.66.527.687.687 0 0 0 .347.763.686.686 0 0 0 .867-.206.688.688 0 0 0-.069-.882l.916-1.874a.667.667 0 0 0 .237-.02.657.657 0 0 0 .271-.137 8.826 8.826 0 0 1 1.016.512.761.761 0 0 1 .286.282c.073.21-.073.569-.073.569-.087.29-.702 1.55-.702 1.55a.692.692 0 0 0-.676.477.681.681 0 1 0 1.157-.252c.073-.141.141-.282.214-.431.19-.397.515-1.16.515-1.16.035-.066.218-.394.103-.814-.095-.435-.48-.638-.48-.638-.467-.301-1.116-.58-1.116-.58s0-.156-.042-.27a.688.688 0 0 0-.148-.241l.516-1.062 2.89 1.401s.48.218.583.619c.073.282-.019.534-.069.657-.24.587-2.1 4.317-2.1 4.317s-.232.554-.748.588a1.065 1.065 0 0 1-.393-.045l-.202-.08-4.31-2.1s-.417-.218-.49-.596c-.083-.31.104-.691.104-.691l2.073-4.272s.183-.37.466-.497a.855.855 0 0 1 .35-.077z"/></svg>
</div>
<div class="md-source__repository">
Djeex/DjeexLab
</div>
</a>
</div>
</nav>
</header>
<div class="md-container" data-md-component="container">
<main class="md-main" data-md-component="main">
<div class="md-main__inner md-grid">
<div class="md-sidebar md-sidebar--primary" data-md-component="sidebar" data-md-type="navigation" >
<div class="md-sidebar__scrollwrap">
<div class="md-sidebar__inner">
<nav class="md-nav md-nav--primary" aria-label="Navigation" data-md-level="0">
<label class="md-nav__title" for="__drawer">
<a href="../.." title="Djeex Lab" class="md-nav__button md-logo" aria-label="Djeex Lab" data-md-component="logo">
<img src="/img/logo/book_pixel.png" alt="logo">
</a>
Djeex Lab
</label>
<div class="md-nav__source">
<a href="https://git.djeex.fr/Djeex/DjeexLab" title="Aller au dépôt" class="md-source" data-md-component="source">
<div class="md-source__icon md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M4.209 4.603c-.247 0-.525.02-.84.088-.333.07-1.28.283-2.054 1.027C-.403 7.25.035 9.685.089 10.052c.065.446.263 1.687 1.21 2.768 1.749 2.141 5.513 2.092 5.513 2.092s.462 1.103 1.168 2.119c.955 1.263 1.936 2.248 2.89 2.367 2.406 0 7.212-.004 7.212-.004s.458.004 1.08-.394c.535-.324 1.013-.893 1.013-.893s.492-.527 1.18-1.73c.21-.37.385-.729.538-1.068 0 0 2.107-4.471 2.107-8.823-.042-1.318-.367-1.55-.443-1.627-.156-.156-.366-.153-.366-.153s-4.475.252-6.792.306c-.508.011-1.012.023-1.512.027v4.474l-.634-.301c0-1.39-.004-4.17-.004-4.17-1.107.016-3.405-.084-3.405-.084s-5.399-.27-5.987-.324c-.187-.011-.401-.032-.648-.032zm.354 1.832h.111s.271 2.269.6 3.597C5.549 11.147 6.22 13 6.22 13s-.996-.119-1.641-.348c-.99-.324-1.409-.714-1.409-.714s-.73-.511-1.096-1.52C1.444 8.73 2.021 7.7 2.021 7.7s.32-.859 1.47-1.145c.395-.106.863-.12 1.072-.12zm8.33 2.554c.26.003.509.127.509.127l.868.422-.529 1.075a.686.686 0 0 0-.614.359.685.685 0 0 0 .072.756l-.939 1.924a.69.69 0 0 0-.66.527.687.687 0 0 0 .347.763.686.686 0 0 0 .867-.206.688.688 0 0 0-.069-.882l.916-1.874a.667.667 0 0 0 .237-.02.657.657 0 0 0 .271-.137 8.826 8.826 0 0 1 1.016.512.761.761 0 0 1 .286.282c.073.21-.073.569-.073.569-.087.29-.702 1.55-.702 1.55a.692.692 0 0 0-.676.477.681.681 0 1 0 1.157-.252c.073-.141.141-.282.214-.431.19-.397.515-1.16.515-1.16.035-.066.218-.394.103-.814-.095-.435-.48-.638-.48-.638-.467-.301-1.116-.58-1.116-.58s0-.156-.042-.27a.688.688 0 0 0-.148-.241l.516-1.062 2.89 1.401s.48.218.583.619c.073.282-.019.534-.069.657-.24.587-2.1 4.317-2.1 4.317s-.232.554-.748.588a1.065 1.065 0 0 1-.393-.045l-.202-.08-4.31-2.1s-.417-.218-.49-.596c-.083-.31.104-.691.104-.691l2.073-4.272s.183-.37.466-.497a.855.855 0 0 1 .35-.077z"/></svg>
</div>
<div class="md-source__repository">
Djeex/DjeexLab
</div>
</a>
</div>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../.." class="md-nav__link">
<span class="md-ellipsis">
Bienvenue sur Djeex Lab
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--section md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_2" >
<label class="md-nav__link" for="__nav_2" id="__nav_2_label" tabindex="">
<span class="md-ellipsis">
Généralités
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_2_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_2">
<span class="md-nav__icon md-icon"></span>
Généralités
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../nat/" class="md-nav__link">
<span class="md-ellipsis">
NAT & DHCP
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../dns/" class="md-nav__link">
<span class="md-ellipsis">
Zone DNS
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../samba/" class="md-nav__link">
<span class="md-ellipsis">
Samba
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--active md-nav__item--section md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_3" checked>
<label class="md-nav__link" for="__nav_3" id="__nav_3_label" tabindex="">
<span class="md-ellipsis">
Serveex
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_3_label" aria-expanded="true">
<label class="md-nav__title" for="__nav_3">
<span class="md-nav__icon md-icon"></span>
Serveex
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../introduction/" class="md-nav__link">
<span class="md-ellipsis">
Introduction
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_3_2" >
<label class="md-nav__link" for="__nav_3_2" id="__nav_3_2_label" tabindex="0">
<span class="md-ellipsis">
Le coeur du serveur
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_3_2_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_3_2">
<span class="md-nav__icon md-icon"></span>
Le coeur du serveur
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../installation/" class="md-nav__link">
<span class="md-ellipsis">
Debian 12
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../docker/" class="md-nav__link">
<span class="md-ellipsis">
Docker
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../swag/" class="md-nav__link">
<span class="md-ellipsis">
SWAG
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--active md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_3_3" checked>
<label class="md-nav__link" for="__nav_3_3" id="__nav_3_3_label" tabindex="0">
<span class="md-ellipsis">
La sécurité
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_3_3_label" aria-expanded="true">
<label class="md-nav__title" for="__nav_3_3">
<span class="md-nav__icon md-icon"></span>
La sécurité
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../wireguard/" class="md-nav__link">
<span class="md-ellipsis">
Wireguard
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--active">
<input class="md-nav__toggle md-toggle" type="checkbox" id="__toc">
<label class="md-nav__link md-nav__link--active" for="__toc">
<span class="md-ellipsis">
Authentik
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<a href="./" class="md-nav__link md-nav__link--active">
<span class="md-ellipsis">
Authentik
</span>
</a>
<nav class="md-nav md-nav--secondary" aria-label="Table des matières">
<label class="md-nav__title" for="__toc">
<span class="md-nav__icon md-icon"></span>
Table des matières
</label>
<ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
<li class="md-nav__item">
<a href="#installation" class="md-nav__link">
<span class="md-ellipsis">
Installation
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#exposer-authentik" class="md-nav__link">
<span class="md-ellipsis">
Exposer authentik
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#activer-le-multifacteur" class="md-nav__link">
<span class="md-ellipsis">
Activer le multifacteur
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#proteger-une-app-native" class="md-nav__link">
<span class="md-ellipsis">
Protéger une app native
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#proteger-une-app-par-reverse-proxy" class="md-nav__link">
<span class="md-ellipsis">
Protéger une app par reverse proxy
</span>
</a>
<nav class="md-nav" aria-label="Protéger une app par reverse proxy">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#configuration-de-authentik" class="md-nav__link">
<span class="md-ellipsis">
Configuration de Authentik
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#configuration-de-swag" class="md-nav__link">
<span class="md-ellipsis">
Configuration de SWAG
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#proteger-un-service-sur-un-serveur-distant" class="md-nav__link">
<span class="md-ellipsis">
Protéger un service sur un serveur distant
</span>
</a>
<nav class="md-nav" aria-label="Protéger un service sur un serveur distant">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#configuration-dauthentik" class="md-nav__link">
<span class="md-ellipsis">
Configuration d'Authentik
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#configuration-de-la-machine-distante" class="md-nav__link">
<span class="md-ellipsis">
Configuration de la machine distante
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#migrer-une-base-authentik" class="md-nav__link">
<span class="md-ellipsis">
Migrer une base authentik
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../cloudflare/" class="md-nav__link">
<span class="md-ellipsis">
Cloudflare Zero Trust
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_3_4" >
<label class="md-nav__link" for="__nav_3_4" id="__nav_3_4_label" tabindex="0">
<span class="md-ellipsis">
Monitoring
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_3_4_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_3_4">
<span class="md-nav__icon md-icon"></span>
Monitoring
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../uptime-kuma/" class="md-nav__link">
<span class="md-ellipsis">
Uptime-Kuma
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../dozzle/" class="md-nav__link">
<span class="md-ellipsis">
Dozzle
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_3_5" >
<label class="md-nav__link" for="__nav_3_5" id="__nav_3_5_label" tabindex="0">
<span class="md-ellipsis">
Media & Seedbox
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_3_5_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_3_5">
<span class="md-nav__icon md-icon"></span>
Media & Seedbox
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../plex/" class="md-nav__link">
<span class="md-ellipsis">
Plex
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../qbittorrent/" class="md-nav__link">
<span class="md-ellipsis">
Qbittorrent
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_3_6" >
<label class="md-nav__link" for="__nav_3_6" id="__nav_3_6_label" tabindex="0">
<span class="md-ellipsis">
Cloud Drive & Photos
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_3_6_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_3_6">
<span class="md-nav__icon md-icon"></span>
Cloud Drive & Photos
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../immich/" class="md-nav__link">
<span class="md-ellipsis">
Immich
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../nextcloud/" class="md-nav__link">
<span class="md-ellipsis">
Nextcloud
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_3_7" >
<label class="md-nav__link" for="__nav_3_7" id="__nav_3_7_label" tabindex="0">
<span class="md-ellipsis">
Développement
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_3_7_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_3_7">
<span class="md-nav__icon md-icon"></span>
Développement
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../code-server/" class="md-nav__link">
<span class="md-ellipsis">
Code-Server
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../gitea/" class="md-nav__link">
<span class="md-ellipsis">
Gitea
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../it-tools/" class="md-nav__link">
<span class="md-ellipsis">
IT Tools
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_3_8" >
<label class="md-nav__link" for="__nav_3_8" id="__nav_3_8_label" tabindex="0">
<span class="md-ellipsis">
Applications utiles
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_3_8_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_3_8">
<span class="md-nav__icon md-icon"></span>
Applications utiles
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../filebrowser/" class="md-nav__link">
<span class="md-ellipsis">
File Browser
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../adguard/" class="md-nav__link">
<span class="md-ellipsis">
Adguard Home
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../vaultwarden/" class="md-nav__link">
<span class="md-ellipsis">
Vaultwarden
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</div>
</div>
</div>
<div class="md-sidebar md-sidebar--secondary" data-md-component="sidebar" data-md-type="toc" >
<div class="md-sidebar__scrollwrap">
<div class="md-sidebar__inner">
<nav class="md-nav md-nav--secondary" aria-label="Table des matières">
<label class="md-nav__title" for="__toc">
<span class="md-nav__icon md-icon"></span>
Table des matières
</label>
<ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
<li class="md-nav__item">
<a href="#installation" class="md-nav__link">
<span class="md-ellipsis">
Installation
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#exposer-authentik" class="md-nav__link">
<span class="md-ellipsis">
Exposer authentik
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#activer-le-multifacteur" class="md-nav__link">
<span class="md-ellipsis">
Activer le multifacteur
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#proteger-une-app-native" class="md-nav__link">
<span class="md-ellipsis">
Protéger une app native
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#proteger-une-app-par-reverse-proxy" class="md-nav__link">
<span class="md-ellipsis">
Protéger une app par reverse proxy
</span>
</a>
<nav class="md-nav" aria-label="Protéger une app par reverse proxy">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#configuration-de-authentik" class="md-nav__link">
<span class="md-ellipsis">
Configuration de Authentik
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#configuration-de-swag" class="md-nav__link">
<span class="md-ellipsis">
Configuration de SWAG
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#proteger-un-service-sur-un-serveur-distant" class="md-nav__link">
<span class="md-ellipsis">
Protéger un service sur un serveur distant
</span>
</a>
<nav class="md-nav" aria-label="Protéger un service sur un serveur distant">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#configuration-dauthentik" class="md-nav__link">
<span class="md-ellipsis">
Configuration d'Authentik
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#configuration-de-la-machine-distante" class="md-nav__link">
<span class="md-ellipsis">
Configuration de la machine distante
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#migrer-une-base-authentik" class="md-nav__link">
<span class="md-ellipsis">
Migrer une base authentik
</span>
</a>
</li>
</ul>
</nav>
</div>
</div>
</div>
<div class="md-content" data-md-component="content">
<article class="md-content__inner md-typeset">
<a href="https://git.djeex.fr/Djeex/DjeexLab/src/branch/main/docs/files/serveex/authentik.md" title="Editer cette page" class="md-content__button md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><!--! Font Awesome Free 6.5.2 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2024 Fonticons, Inc.--><path d="M441 58.9 453.1 71c9.4 9.4 9.4 24.6 0 33.9L424 134.1 377.9 88 407 58.9c9.4-9.4 24.6-9.4 33.9 0zM209.8 256.2 344 121.9l46.1 46.1-134.3 134.2c-2.9 2.9-6.5 5-10.4 6.1L186.9 325l16.7-58.5c1.1-3.9 3.2-7.5 6.1-10.4zM373.1 25 175.8 222.2c-8.7 8.7-15 19.4-18.3 31.1l-28.6 100c-2.4 8.4-.1 17.4 6.1 23.6s15.2 8.5 23.6 6.1l100-28.6c11.8-3.4 22.5-9.7 31.1-18.3L487 138.9c28.1-28.1 28.1-73.7 0-101.8L474.9 25c-28.1-28.1-73.7-28.1-101.8 0zM88 64c-48.6 0-88 39.4-88 88v272c0 48.6 39.4 88 88 88h272c48.6 0 88-39.4 88-88V312c0-13.3-10.7-24-24-24s-24 10.7-24 24v112c0 22.1-17.9 40-40 40H88c-22.1 0-40-17.9-40-40V152c0-22.1 17.9-40 40-40h112c13.3 0 24-10.7 24-24s-10.7-24-24-24H88z"/></svg>
</a>
<h1 id="authentik">Authentik</h1>
<div class="admonition abstract">
<p class="admonition-title">Objectifs</p>
<ul>
<li>Installer et exposer Authentik</li>
<li>Paramétrer le Multi-Facteur</li>
<li>Protéger une app native ou via reverse proxy</li>
</ul>
</div>
<p><a href="https://goauthentik.io">Authentik</a> est un outil d'authentification unique permettant de vous logger une seule fois sur les plateformes compatibles OpenID. Il permet également de sécuriser l'accès aux services que vous exposez, en s'injectant via SWAG aux requetes vers vos services. </p>
<p>Ainsi, si vous exposez Dockge sur internet via <code>dockge.mondomaine.fr</code>, au moment de l'accès à cette page, vous tomberez sur une page de login d'authentik. Si vous avez déjà été identifié sur un autre service sécurisé par authentik auparavant, alors vous serez déjà identifié. cela permet d'avoir à vous identifiez qu'une seule fois par jour sur l'ensemble des services protégés par authentik.</p>
<p>Authentik permet aussi d'utiliser le multi-facteur, notamment par TOTP (code généré par une application d'authentification de votre choix. Enfin, authentik permet aussi de se connecter directement via un compte Microsoft ou Google, si vous avez configuré une application d'un de ces services.</p>
<p>C'est une bonne manière de se passer de VPN pour exposer vos services, et d'exposer des services qui ne sont pas protégés par du MFA voir pas protégés par des login (comme le dashboard de swag). </p>
<p>Authentik dipose d'<a href="https://docs.goauthentik.io/docs/installation/docker-compose">une doc très fournie</a> et des <a href="https://www.youtube.com/@cooptonian">fabuleux tuto de Cooptonian</a>. Ici, nous montrerons juste les bases, avec l'exemple de l'exposition de Dockge.</p>
<p>Deux modes principaux sont à connaitre: </p>
<ul>
<li>Le premier permet à une application qui dispose nativement d'une intégration avec du SSO compatible OpenID de se connecter directement à Authentik. C'est la solution à privilégier car elle permet de laisser l'application décider de ce qui est public et de ce qui est protégé.</li>
</ul>
<p><img alt="Picture" src="/img/serveex/auth-native.svg" /></p>
<ul>
<li>Le second permet d'injecter une authentification via authentik grace à SWAG avant d'arriver sur le service désiré.</li>
</ul>
<p><img alt="Picture" src="/img/serveex/auth-proxy.svg" /></p>
<p>Les deux modes son configurables application par application.</p>
<h2 id="installation">Installation</h2>
<hr />
<p>Structure des dossiers :
<div class="language-bash highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span></span><span class="normal"><a href="#__codelineno-0-1">1</a></span>
<span class="normal"><a href="#__codelineno-0-2">2</a></span>
<span class="normal"><a href="#__codelineno-0-3">3</a></span>
<span class="normal"><a href="#__codelineno-0-4">4</a></span>
<span class="normal"><a href="#__codelineno-0-5">5</a></span>
<span class="normal"><a href="#__codelineno-0-6">6</a></span>
<span class="normal"><a href="#__codelineno-0-7">7</a></span>
<span class="normal"><a href="#__codelineno-0-8">8</a></span>
<span class="normal"><a href="#__codelineno-0-9">9</a></span></pre></div></td><td class="code"><div><pre><span></span><code><span id="__span-0-1"><a id="__codelineno-0-1" name="__codelineno-0-1"></a>root
</span><span id="__span-0-2"><a id="__codelineno-0-2" name="__codelineno-0-2"></a>└──<span class="w"> </span>docker
</span><span id="__span-0-3"><a id="__codelineno-0-3" name="__codelineno-0-3"></a><span class="w"> </span>└──<span class="w"> </span>authentik
</span><span id="__span-0-4"><a id="__codelineno-0-4" name="__codelineno-0-4"></a><span class="w"> </span>├──<span class="w"> </span>.env
</span><span id="__span-0-5"><a id="__codelineno-0-5" name="__codelineno-0-5"></a><span class="w"> </span>├──<span class="w"> </span>compose.yml
</span><span id="__span-0-6"><a id="__codelineno-0-6" name="__codelineno-0-6"></a><span class="w"> </span>├──<span class="w"> </span>media
</span><span id="__span-0-7"><a id="__codelineno-0-7" name="__codelineno-0-7"></a><span class="w"> </span>├──<span class="w"> </span>certs
</span><span id="__span-0-8"><a id="__codelineno-0-8" name="__codelineno-0-8"></a><span class="w"> </span>├──<span class="w"> </span>custom-template
</span><span id="__span-0-9"><a id="__codelineno-0-9" name="__codelineno-0-9"></a><span class="w"> </span>└──<span class="w"> </span>ssh
</span></code></pre></div></td></tr></table></div></p>
<p>Créez les dossiers : </p>
<div class="language-console highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span></span><span class="normal"><a href="#__codelineno-1-1">1</a></span></pre></div></td><td class="code"><div><pre><span></span><code><span id="__span-1-1"><a id="__codelineno-1-1" name="__codelineno-1-1"></a><span class="gp">$ </span>sudo<span class="w"> </span>mkdir<span class="w"> </span>-p<span class="w"> </span>/docker/authentik/media<span class="w"> </span>/docker/authentik/certs<span class="w"> </span>/docker/authentik/custom-template<span class="w"> </span>/docker/authentik/ssh
</span></code></pre></div></td></tr></table></div>
<p>Positionnez vous dans le dossier <code>authentik</code> et générez un mot de passe et une clé secrete que l'on va intégrer dans le .env :</p>
<div class="language-console highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span></span><span class="normal"><a href="#__codelineno-2-1">1</a></span>
<span class="normal"><a href="#__codelineno-2-2">2</a></span></pre></div></td><td class="code"><div><pre><span></span><code><span id="__span-2-1"><a id="__codelineno-2-1" name="__codelineno-2-1"></a><span class="gp">$ </span>sudo<span class="w"> </span><span class="nb">echo</span><span class="w"> </span><span class="s2">&quot;PG_PASS=</span><span class="k">$(</span>openssl<span class="w"> </span>rand<span class="w"> </span><span class="m">36</span><span class="w"> </span><span class="p">|</span><span class="w"> </span>base64<span class="k">)</span><span class="s2">&quot;</span><span class="w"> </span>&gt;&gt;<span class="w"> </span>.env
</span><span id="__span-2-2"><a id="__codelineno-2-2" name="__codelineno-2-2"></a><span class="gp">$ </span>sudo<span class="w"> </span><span class="nb">echo</span><span class="w"> </span><span class="s2">&quot;AUTHENTIK_SECRET_KEY=</span><span class="k">$(</span>openssl<span class="w"> </span>rand<span class="w"> </span><span class="m">60</span><span class="w"> </span><span class="p">|</span><span class="w"> </span>base64<span class="k">)</span><span class="s2">&quot;</span><span class="w"> </span>&gt;&gt;<span class="w"> </span>.env
</span></code></pre></div></td></tr></table></div>
<div class="admonition info">
<p class="admonition-title">Info</p>
<p>Afin de générer la clé, nous avons créé les dossiers en amont du déploiement via Dockge. Dockge vous empechera de créer une stack du meme nom dans ces dossiers s'il n'existe pas de <code>compose.yml</code>.
Il faut donc créer un <code>compose.yml</code> vide afin que ce dernier la reconnaisse comme existante dans les stacks inactives :</p>
<div class="language-console highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span></span><span class="normal"><a href="#__codelineno-3-1">1</a></span></pre></div></td><td class="code"><div><pre><span></span><code><span id="__span-3-1"><a id="__codelineno-3-1" name="__codelineno-3-1"></a><span class="gp">$ </span>sudo<span class="w"> </span>vi<span class="w"> </span>/docker/authentik/compose.yml
</span></code></pre></div></td></tr></table></div>
</div>
<p>Ouvrez dockge, et cherchez "authentik" dans les stack inactives.
Nommez la stack authentik et collez la configuration suivante, en changeant les chiffres de <code class="language-properties highlight"><span class="na">{AUTHENTIK_TAG</span><span class="o">:</span><span class="s">-2024.2.3}</span></code> par <a href="https://version-2024-6.goauthentik.io/docs/releases">la dernière version de Authentik</a>. </p>
<div class="language-yaml highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span></span><span class="normal"><a href="#__codelineno-4-1"> 1</a></span>
<span class="normal"><a href="#__codelineno-4-2"> 2</a></span>
<span class="normal"><a href="#__codelineno-4-3"> 3</a></span>
<span class="normal"><a href="#__codelineno-4-4"> 4</a></span>
<span class="normal"><a href="#__codelineno-4-5"> 5</a></span>
<span class="normal"><a href="#__codelineno-4-6"> 6</a></span>
<span class="normal"><a href="#__codelineno-4-7"> 7</a></span>
<span class="normal"><a href="#__codelineno-4-8"> 8</a></span>
<span class="normal"><a href="#__codelineno-4-9"> 9</a></span>
<span class="normal"><a href="#__codelineno-4-10"> 10</a></span>
<span class="normal"><a href="#__codelineno-4-11"> 11</a></span>
<span class="normal"><a href="#__codelineno-4-12"> 12</a></span>
<span class="normal"><a href="#__codelineno-4-13"> 13</a></span>
<span class="normal"><a href="#__codelineno-4-14"> 14</a></span>
<span class="normal"><a href="#__codelineno-4-15"> 15</a></span>
<span class="normal"><a href="#__codelineno-4-16"> 16</a></span>
<span class="normal"><a href="#__codelineno-4-17"> 17</a></span>
<span class="normal"><a href="#__codelineno-4-18"> 18</a></span>
<span class="normal"><a href="#__codelineno-4-19"> 19</a></span>
<span class="normal"><a href="#__codelineno-4-20"> 20</a></span>
<span class="normal"><a href="#__codelineno-4-21"> 21</a></span>
<span class="normal"><a href="#__codelineno-4-22"> 22</a></span>
<span class="normal"><a href="#__codelineno-4-23"> 23</a></span>
<span class="normal"><a href="#__codelineno-4-24"> 24</a></span>
<span class="normal"><a href="#__codelineno-4-25"> 25</a></span>
<span class="normal"><a href="#__codelineno-4-26"> 26</a></span>
<span class="normal"><a href="#__codelineno-4-27"> 27</a></span>
<span class="normal"><a href="#__codelineno-4-28"> 28</a></span>
<span class="normal"><a href="#__codelineno-4-29"> 29</a></span>
<span class="normal"><a href="#__codelineno-4-30"> 30</a></span>
<span class="normal"><a href="#__codelineno-4-31"> 31</a></span>
<span class="normal"><a href="#__codelineno-4-32"> 32</a></span>
<span class="normal"><a href="#__codelineno-4-33"> 33</a></span>
<span class="normal"><a href="#__codelineno-4-34"> 34</a></span>
<span class="normal"><a href="#__codelineno-4-35"> 35</a></span>
<span class="normal"><a href="#__codelineno-4-36"> 36</a></span>
<span class="normal"><a href="#__codelineno-4-37"> 37</a></span>
<span class="normal"><a href="#__codelineno-4-38"> 38</a></span>
<span class="normal"><a href="#__codelineno-4-39"> 39</a></span>
<span class="normal"><a href="#__codelineno-4-40"> 40</a></span>
<span class="normal"><a href="#__codelineno-4-41"> 41</a></span>
<span class="normal"><a href="#__codelineno-4-42"> 42</a></span>
<span class="normal"><a href="#__codelineno-4-43"> 43</a></span>
<span class="normal"><a href="#__codelineno-4-44"> 44</a></span>
<span class="normal"><a href="#__codelineno-4-45"> 45</a></span>
<span class="normal"><a href="#__codelineno-4-46"> 46</a></span>
<span class="normal"><a href="#__codelineno-4-47"> 47</a></span>
<span class="normal"><a href="#__codelineno-4-48"> 48</a></span>
<span class="normal"><a href="#__codelineno-4-49"> 49</a></span>
<span class="normal"><a href="#__codelineno-4-50"> 50</a></span>
<span class="normal"><a href="#__codelineno-4-51"> 51</a></span>
<span class="normal"><a href="#__codelineno-4-52"> 52</a></span>
<span class="normal"><a href="#__codelineno-4-53"> 53</a></span>
<span class="normal"><a href="#__codelineno-4-54"> 54</a></span>
<span class="normal"><a href="#__codelineno-4-55"> 55</a></span>
<span class="normal"><a href="#__codelineno-4-56"> 56</a></span>
<span class="normal"><a href="#__codelineno-4-57"> 57</a></span>
<span class="normal"><a href="#__codelineno-4-58"> 58</a></span>
<span class="normal"><a href="#__codelineno-4-59"> 59</a></span>
<span class="normal"><a href="#__codelineno-4-60"> 60</a></span>
<span class="normal"><a href="#__codelineno-4-61"> 61</a></span>
<span class="normal"><a href="#__codelineno-4-62"> 62</a></span>
<span class="normal"><a href="#__codelineno-4-63"> 63</a></span>
<span class="normal"><a href="#__codelineno-4-64"> 64</a></span>
<span class="normal"><a href="#__codelineno-4-65"> 65</a></span>
<span class="normal"><a href="#__codelineno-4-66"> 66</a></span>
<span class="normal"><a href="#__codelineno-4-67"> 67</a></span>
<span class="normal"><a href="#__codelineno-4-68"> 68</a></span>
<span class="normal"><a href="#__codelineno-4-69"> 69</a></span>
<span class="normal"><a href="#__codelineno-4-70"> 70</a></span>
<span class="normal"><a href="#__codelineno-4-71"> 71</a></span>
<span class="normal"><a href="#__codelineno-4-72"> 72</a></span>
<span class="normal"><a href="#__codelineno-4-73"> 73</a></span>
<span class="normal"><a href="#__codelineno-4-74"> 74</a></span>
<span class="normal"><a href="#__codelineno-4-75"> 75</a></span>
<span class="normal"><a href="#__codelineno-4-76"> 76</a></span>
<span class="normal"><a href="#__codelineno-4-77"> 77</a></span>
<span class="normal"><a href="#__codelineno-4-78"> 78</a></span>
<span class="normal"><a href="#__codelineno-4-79"> 79</a></span>
<span class="normal"><a href="#__codelineno-4-80"> 80</a></span>
<span class="normal"><a href="#__codelineno-4-81"> 81</a></span>
<span class="normal"><a href="#__codelineno-4-82"> 82</a></span>
<span class="normal"><a href="#__codelineno-4-83"> 83</a></span>
<span class="normal"><a href="#__codelineno-4-84"> 84</a></span>
<span class="normal"><a href="#__codelineno-4-85"> 85</a></span>
<span class="normal"><a href="#__codelineno-4-86"> 86</a></span>
<span class="normal"><a href="#__codelineno-4-87"> 87</a></span>
<span class="normal"><a href="#__codelineno-4-88"> 88</a></span>
<span class="normal"><a href="#__codelineno-4-89"> 89</a></span>
<span class="normal"><a href="#__codelineno-4-90"> 90</a></span>
<span class="normal"><a href="#__codelineno-4-91"> 91</a></span>
<span class="normal"><a href="#__codelineno-4-92"> 92</a></span>
<span class="normal"><a href="#__codelineno-4-93"> 93</a></span>
<span class="normal"><a href="#__codelineno-4-94"> 94</a></span>
<span class="normal"><a href="#__codelineno-4-95"> 95</a></span>
<span class="normal"><a href="#__codelineno-4-96"> 96</a></span>
<span class="normal"><a href="#__codelineno-4-97"> 97</a></span>
<span class="normal"><a href="#__codelineno-4-98"> 98</a></span>
<span class="normal"><a href="#__codelineno-4-99"> 99</a></span>
<span class="normal"><a href="#__codelineno-4-100">100</a></span>
<span class="normal"><a href="#__codelineno-4-101">101</a></span>
<span class="normal"><a href="#__codelineno-4-102">102</a></span>
<span class="normal"><a href="#__codelineno-4-103">103</a></span>
<span class="normal"><a href="#__codelineno-4-104">104</a></span>
<span class="normal"><a href="#__codelineno-4-105">105</a></span>
<span class="normal"><a href="#__codelineno-4-106">106</a></span>
<span class="normal"><a href="#__codelineno-4-107">107</a></span>
<span class="normal"><a href="#__codelineno-4-108">108</a></span>
<span class="normal"><a href="#__codelineno-4-109">109</a></span></pre></div></td><td class="code"><div><pre><span></span><code><span id="__span-4-1"><a id="__codelineno-4-1" name="__codelineno-4-1"></a><span class="nt">version</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;3.4&quot;</span>
</span><span id="__span-4-2"><a id="__codelineno-4-2" name="__codelineno-4-2"></a><span class="nt">services</span><span class="p">:</span>
</span><span id="__span-4-3"><a id="__codelineno-4-3" name="__codelineno-4-3"></a>
</span><span id="__span-4-4"><a id="__codelineno-4-4" name="__codelineno-4-4"></a><span class="w"> </span><span class="nt">postgresql</span><span class="p">:</span>
</span><span id="__span-4-5"><a id="__codelineno-4-5" name="__codelineno-4-5"></a><span class="w"> </span><span class="nt">image</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">docker.io/library/postgres:12-alpine</span>
</span><span id="__span-4-6"><a id="__codelineno-4-6" name="__codelineno-4-6"></a><span class="w"> </span><span class="nt">container_name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">authentik-postgresql</span>
</span><span id="__span-4-7"><a id="__codelineno-4-7" name="__codelineno-4-7"></a><span class="w"> </span><span class="nt">restart</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">unless-stopped</span>
</span><span id="__span-4-8"><a id="__codelineno-4-8" name="__codelineno-4-8"></a><span class="w"> </span><span class="nt">healthcheck</span><span class="p">:</span>
</span><span id="__span-4-9"><a id="__codelineno-4-9" name="__codelineno-4-9"></a><span class="w"> </span><span class="nt">test</span><span class="p">:</span>
</span><span id="__span-4-10"><a id="__codelineno-4-10" name="__codelineno-4-10"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">CMD-SHELL</span>
</span><span id="__span-4-11"><a id="__codelineno-4-11" name="__codelineno-4-11"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}</span>
</span><span id="__span-4-12"><a id="__codelineno-4-12" name="__codelineno-4-12"></a><span class="w"> </span><span class="nt">start_period</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">20s</span>
</span><span id="__span-4-13"><a id="__codelineno-4-13" name="__codelineno-4-13"></a><span class="w"> </span><span class="nt">interval</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">30s</span>
</span><span id="__span-4-14"><a id="__codelineno-4-14" name="__codelineno-4-14"></a><span class="w"> </span><span class="nt">retries</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">5</span>
</span><span id="__span-4-15"><a id="__codelineno-4-15" name="__codelineno-4-15"></a><span class="w"> </span><span class="nt">timeout</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">5s</span>
</span><span id="__span-4-16"><a id="__codelineno-4-16" name="__codelineno-4-16"></a><span class="w"> </span><span class="nt">volumes</span><span class="p">:</span>
</span><span id="__span-4-17"><a id="__codelineno-4-17" name="__codelineno-4-17"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">database:/var/lib/postgresql/data</span>
</span><span id="__span-4-18"><a id="__codelineno-4-18" name="__codelineno-4-18"></a><span class="w"> </span><span class="nt">environment</span><span class="p">:</span>
</span><span id="__span-4-19"><a id="__codelineno-4-19" name="__codelineno-4-19"></a><span class="w"> </span><span class="nt">POSTGRES_PASSWORD</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">${PG_PASS:?database password required}</span>
</span><span id="__span-4-20"><a id="__codelineno-4-20" name="__codelineno-4-20"></a><span class="w"> </span><span class="nt">POSTGRES_USER</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">${PG_USER:-authentik}</span>
</span><span id="__span-4-21"><a id="__codelineno-4-21" name="__codelineno-4-21"></a><span class="w"> </span><span class="nt">POSTGRES_DB</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">${PG_DB:-authentik}</span>
</span><span id="__span-4-22"><a id="__codelineno-4-22" name="__codelineno-4-22"></a><span class="w"> </span><span class="nt">env_file</span><span class="p">:</span>
</span><span id="__span-4-23"><a id="__codelineno-4-23" name="__codelineno-4-23"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">.env</span>
</span><span id="__span-4-24"><a id="__codelineno-4-24" name="__codelineno-4-24"></a><span class="w"> </span><span class="nt">networks</span><span class="p">:</span>
</span><span id="__span-4-25"><a id="__codelineno-4-25" name="__codelineno-4-25"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">swag</span>
</span><span id="__span-4-26"><a id="__codelineno-4-26" name="__codelineno-4-26"></a>
</span><span id="__span-4-27"><a id="__codelineno-4-27" name="__codelineno-4-27"></a><span class="w"> </span><span class="nt">redis</span><span class="p">:</span>
</span><span id="__span-4-28"><a id="__codelineno-4-28" name="__codelineno-4-28"></a><span class="w"> </span><span class="nt">image</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">docker.io/library/redis:alpine</span>
</span><span id="__span-4-29"><a id="__codelineno-4-29" name="__codelineno-4-29"></a><span class="w"> </span><span class="nt">container_name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">authentik-redis</span>
</span><span id="__span-4-30"><a id="__codelineno-4-30" name="__codelineno-4-30"></a><span class="w"> </span><span class="nt">command</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">--save 60 1 --loglevel warning</span>
</span><span id="__span-4-31"><a id="__codelineno-4-31" name="__codelineno-4-31"></a><span class="w"> </span><span class="nt">restart</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">unless-stopped</span>
</span><span id="__span-4-32"><a id="__codelineno-4-32" name="__codelineno-4-32"></a><span class="w"> </span><span class="nt">healthcheck</span><span class="p">:</span>
</span><span id="__span-4-33"><a id="__codelineno-4-33" name="__codelineno-4-33"></a><span class="w"> </span><span class="nt">test</span><span class="p">:</span>
</span><span id="__span-4-34"><a id="__codelineno-4-34" name="__codelineno-4-34"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">CMD-SHELL</span>
</span><span id="__span-4-35"><a id="__codelineno-4-35" name="__codelineno-4-35"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">redis-cli ping | grep PONG</span>
</span><span id="__span-4-36"><a id="__codelineno-4-36" name="__codelineno-4-36"></a><span class="w"> </span><span class="nt">start_period</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">20s</span>
</span><span id="__span-4-37"><a id="__codelineno-4-37" name="__codelineno-4-37"></a><span class="w"> </span><span class="nt">interval</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">30s</span>
</span><span id="__span-4-38"><a id="__codelineno-4-38" name="__codelineno-4-38"></a><span class="w"> </span><span class="nt">retries</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">5</span>
</span><span id="__span-4-39"><a id="__codelineno-4-39" name="__codelineno-4-39"></a><span class="w"> </span><span class="nt">timeout</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">3s</span>
</span><span id="__span-4-40"><a id="__codelineno-4-40" name="__codelineno-4-40"></a><span class="w"> </span><span class="nt">volumes</span><span class="p">:</span>
</span><span id="__span-4-41"><a id="__codelineno-4-41" name="__codelineno-4-41"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">redis:/data</span>
</span><span id="__span-4-42"><a id="__codelineno-4-42" name="__codelineno-4-42"></a><span class="w"> </span><span class="nt">networks</span><span class="p">:</span>
</span><span id="__span-4-43"><a id="__codelineno-4-43" name="__codelineno-4-43"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">swag</span>
</span><span id="__span-4-44"><a id="__codelineno-4-44" name="__codelineno-4-44"></a>
</span><span id="__span-4-45"><a id="__codelineno-4-45" name="__codelineno-4-45"></a><span class="w"> </span><span class="nt">server</span><span class="p">:</span>
</span><span id="__span-4-46"><a id="__codelineno-4-46" name="__codelineno-4-46"></a><span class="w"> </span><span class="nt">image</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2024.2.3}</span>
</span><span id="__span-4-47"><a id="__codelineno-4-47" name="__codelineno-4-47"></a><span class="w"> </span><span class="nt">container_name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">authentik-server</span>
</span><span id="__span-4-48"><a id="__codelineno-4-48" name="__codelineno-4-48"></a><span class="w"> </span><span class="nt">restart</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">unless-stopped</span>
</span><span id="__span-4-49"><a id="__codelineno-4-49" name="__codelineno-4-49"></a><span class="w"> </span><span class="nt">command</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">server</span>
</span><span id="__span-4-50"><a id="__codelineno-4-50" name="__codelineno-4-50"></a><span class="w"> </span><span class="nt">environment</span><span class="p">:</span>
</span><span id="__span-4-51"><a id="__codelineno-4-51" name="__codelineno-4-51"></a><span class="w"> </span><span class="nt">AUTHENTIK_REDIS__HOST</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">redis</span>
</span><span id="__span-4-52"><a id="__codelineno-4-52" name="__codelineno-4-52"></a><span class="w"> </span><span class="nt">AUTHENTIK_POSTGRESQL__HOST</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">postgresql</span>
</span><span id="__span-4-53"><a id="__codelineno-4-53" name="__codelineno-4-53"></a><span class="w"> </span><span class="nt">AUTHENTIK_POSTGRESQL__USER</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">${PG_USER:-authentik}</span>
</span><span id="__span-4-54"><a id="__codelineno-4-54" name="__codelineno-4-54"></a><span class="w"> </span><span class="nt">AUTHENTIK_POSTGRESQL__NAME</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">${PG_DB:-authentik}</span>
</span><span id="__span-4-55"><a id="__codelineno-4-55" name="__codelineno-4-55"></a><span class="w"> </span><span class="nt">AUTHENTIK_POSTGRESQL__PASSWORD</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">${PG_PASS}</span>
</span><span id="__span-4-56"><a id="__codelineno-4-56" name="__codelineno-4-56"></a><span class="w"> </span><span class="nt">volumes</span><span class="p">:</span>
</span><span id="__span-4-57"><a id="__codelineno-4-57" name="__codelineno-4-57"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">./media:/media</span>
</span><span id="__span-4-58"><a id="__codelineno-4-58" name="__codelineno-4-58"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">./custom-templates:/templates</span>
</span><span id="__span-4-59"><a id="__codelineno-4-59" name="__codelineno-4-59"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">./auth.css:/web/dist/custom.css</span>
</span><span id="__span-4-60"><a id="__codelineno-4-60" name="__codelineno-4-60"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">./ssh:/authentik/.ssh</span>
</span><span id="__span-4-61"><a id="__codelineno-4-61" name="__codelineno-4-61"></a><span class="w"> </span><span class="nt">env_file</span><span class="p">:</span>
</span><span id="__span-4-62"><a id="__codelineno-4-62" name="__codelineno-4-62"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">.env</span>
</span><span id="__span-4-63"><a id="__codelineno-4-63" name="__codelineno-4-63"></a><span class="w"> </span><span class="nt">ports</span><span class="p">:</span>
</span><span id="__span-4-64"><a id="__codelineno-4-64" name="__codelineno-4-64"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">${COMPOSE_PORT_HTTP:-9000}:9000</span>
</span><span id="__span-4-65"><a id="__codelineno-4-65" name="__codelineno-4-65"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">${COMPOSE_PORT_HTTPS:-9443}:9443</span>
</span><span id="__span-4-66"><a id="__codelineno-4-66" name="__codelineno-4-66"></a><span class="w"> </span><span class="nt">depends_on</span><span class="p">:</span>
</span><span id="__span-4-67"><a id="__codelineno-4-67" name="__codelineno-4-67"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">postgresql</span>
</span><span id="__span-4-68"><a id="__codelineno-4-68" name="__codelineno-4-68"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">redis</span>
</span><span id="__span-4-69"><a id="__codelineno-4-69" name="__codelineno-4-69"></a><span class="w"> </span><span class="nt">networks</span><span class="p">:</span>
</span><span id="__span-4-70"><a id="__codelineno-4-70" name="__codelineno-4-70"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">swag</span>
</span><span id="__span-4-71"><a id="__codelineno-4-71" name="__codelineno-4-71"></a>
</span><span id="__span-4-72"><a id="__codelineno-4-72" name="__codelineno-4-72"></a><span class="w"> </span><span class="nt">worker</span><span class="p">:</span>
</span><span id="__span-4-73"><a id="__codelineno-4-73" name="__codelineno-4-73"></a><span class="w"> </span><span class="nt">image</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2024.2.3}</span>
</span><span id="__span-4-74"><a id="__codelineno-4-74" name="__codelineno-4-74"></a><span class="w"> </span><span class="nt">container_name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">authentik-worker</span>
</span><span id="__span-4-75"><a id="__codelineno-4-75" name="__codelineno-4-75"></a><span class="w"> </span><span class="nt">restart</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">unless-stopped</span>
</span><span id="__span-4-76"><a id="__codelineno-4-76" name="__codelineno-4-76"></a><span class="w"> </span><span class="nt">command</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">worker</span>
</span><span id="__span-4-77"><a id="__codelineno-4-77" name="__codelineno-4-77"></a><span class="w"> </span><span class="nt">environment</span><span class="p">:</span>
</span><span id="__span-4-78"><a id="__codelineno-4-78" name="__codelineno-4-78"></a><span class="w"> </span><span class="nt">AUTHENTIK_REDIS__HOST</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">redis</span>
</span><span id="__span-4-79"><a id="__codelineno-4-79" name="__codelineno-4-79"></a><span class="w"> </span><span class="nt">AUTHENTIK_POSTGRESQL__HOST</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">postgresql</span>
</span><span id="__span-4-80"><a id="__codelineno-4-80" name="__codelineno-4-80"></a><span class="w"> </span><span class="nt">AUTHENTIK_POSTGRESQL__USER</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">${PG_USER:-authentik}</span>
</span><span id="__span-4-81"><a id="__codelineno-4-81" name="__codelineno-4-81"></a><span class="w"> </span><span class="nt">AUTHENTIK_POSTGRESQL__NAME</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">${PG_DB:-authentik}</span>
</span><span id="__span-4-82"><a id="__codelineno-4-82" name="__codelineno-4-82"></a><span class="w"> </span><span class="nt">AUTHENTIK_POSTGRESQL__PASSWORD</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">${PG_PASS}</span>
</span><span id="__span-4-83"><a id="__codelineno-4-83" name="__codelineno-4-83"></a><span class="w"> </span><span class="c1"># `user: root` and the docker socket volume are optional.</span>
</span><span id="__span-4-84"><a id="__codelineno-4-84" name="__codelineno-4-84"></a><span class="w"> </span><span class="c1"># See more for the docker socket integration here:</span>
</span><span id="__span-4-85"><a id="__codelineno-4-85" name="__codelineno-4-85"></a><span class="w"> </span><span class="c1"># https://goauthentik.io/docs/outposts/integrations/docker</span>
</span><span id="__span-4-86"><a id="__codelineno-4-86" name="__codelineno-4-86"></a><span class="w"> </span><span class="c1"># Removing `user: root` also prevents the worker from fixing the permissions</span>
</span><span id="__span-4-87"><a id="__codelineno-4-87" name="__codelineno-4-87"></a><span class="w"> </span><span class="c1"># on the mounted folders, so when removing this make sure the folders have the correct UID/GID</span>
</span><span id="__span-4-88"><a id="__codelineno-4-88" name="__codelineno-4-88"></a><span class="w"> </span><span class="c1"># (1000:1000 by default)</span>
</span><span id="__span-4-89"><a id="__codelineno-4-89" name="__codelineno-4-89"></a><span class="w"> </span><span class="nt">user</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">root</span>
</span><span id="__span-4-90"><a id="__codelineno-4-90" name="__codelineno-4-90"></a><span class="w"> </span><span class="nt">volumes</span><span class="p">:</span>
</span><span id="__span-4-91"><a id="__codelineno-4-91" name="__codelineno-4-91"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/var/run/docker.sock:/var/run/docker.sock</span>
</span><span id="__span-4-92"><a id="__codelineno-4-92" name="__codelineno-4-92"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">./media:/media</span>
</span><span id="__span-4-93"><a id="__codelineno-4-93" name="__codelineno-4-93"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">./certs:/certs</span>
</span><span id="__span-4-94"><a id="__codelineno-4-94" name="__codelineno-4-94"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">./custom-templates:/templates</span>
</span><span id="__span-4-95"><a id="__codelineno-4-95" name="__codelineno-4-95"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">./auth.css:/web/dist/custom.css</span>
</span><span id="__span-4-96"><a id="__codelineno-4-96" name="__codelineno-4-96"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">./ssh:/authentik/.ssh</span>
</span><span id="__span-4-97"><a id="__codelineno-4-97" name="__codelineno-4-97"></a><span class="w"> </span><span class="nt">env_file</span><span class="p">:</span>
</span><span id="__span-4-98"><a id="__codelineno-4-98" name="__codelineno-4-98"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">.env</span>
</span><span id="__span-4-99"><a id="__codelineno-4-99" name="__codelineno-4-99"></a><span class="w"> </span><span class="nt">depends_on</span><span class="p">:</span>
</span><span id="__span-4-100"><a id="__codelineno-4-100" name="__codelineno-4-100"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">postgresql</span>
</span><span id="__span-4-101"><a id="__codelineno-4-101" name="__codelineno-4-101"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">redis</span>
</span><span id="__span-4-102"><a id="__codelineno-4-102" name="__codelineno-4-102"></a><span class="w"> </span><span class="nt">networks</span><span class="p">:</span>
</span><span id="__span-4-103"><a id="__codelineno-4-103" name="__codelineno-4-103"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">swag</span>
</span><span id="__span-4-104"><a id="__codelineno-4-104" name="__codelineno-4-104"></a>
</span><span id="__span-4-105"><a id="__codelineno-4-105" name="__codelineno-4-105"></a><span class="nt">volumes</span><span class="p">:</span>
</span><span id="__span-4-106"><a id="__codelineno-4-106" name="__codelineno-4-106"></a><span class="w"> </span><span class="nt">database</span><span class="p">:</span>
</span><span id="__span-4-107"><a id="__codelineno-4-107" name="__codelineno-4-107"></a><span class="w"> </span><span class="nt">driver</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">local</span>
</span><span id="__span-4-108"><a id="__codelineno-4-108" name="__codelineno-4-108"></a><span class="w"> </span><span class="nt">redis</span><span class="p">:</span>
</span><span id="__span-4-109"><a id="__codelineno-4-109" name="__codelineno-4-109"></a><span class="w"> </span><span class="nt">driver</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">local</span>
</span></code></pre></div></td></tr></table></div>
<div class="admonition note">
<p class="admonition-title">Note</p>
<p>Ici nous partons du principe que le réseau de Swag est <code>swag_default</code>.</p>
</div>
<p>Dans le point <code>.env</code>, les variables <code>PG_PASS</code> et <code>AUTHENTIK_SECRET_KEY</code> sont déjà remplies.
Déployez la stack.</p>
<p>Vous pouvez alors commencer le set-up d'authentik en tappant <code>http://ipduserveur:9000/if/flow/initial-setup/</code>.</p>
<div class="admonition warning">
<p class="admonition-title">Attention</p>
<p>Il est conseillé de créer un nouveau compte admin, et de <strong>désactiver</strong> le compte admin de base <code>akadmin</code>.</p>
</div>
<h2 id="exposer-authentik">Exposer authentik</h2>
<hr />
<p>Pour être utilisable hors de chez vous, vous devez exposer authentik.</p>
<div class="admonition info">
<p class="admonition-title">Au préalable</p>
<p>Nous partons du principe quer vous avez créé dans votre <a href="../../dns">zone DNS</a> un sous domaine du type <code>auth.mondomaine.fr</code> avec pour CNAME <code>mondomaine.fr</code> et, <a href="/serveex/cloudflare">à moins que vous utilisiez Cloudflare Zero Trust</a>, vous avez déjà redirigé le port <code>443</code> de votre box vers le <code>443</code> de votre serveur dans <a href="../../nat">les règles NAT</a>.</p>
</div>
<p>Ouvrez le fichier <code>authentik-server.conf</code>.</p>
<div class="admonition tip">
<p class="admonition-title">Astuce pour les allergiques au terminal</p>
<p>Vous pouvez utiliser <a href="/serveex/filebrowser">File Browser</a> pour naviguer dans vos fichier et éditer vos documents au lieu d'utiliser les commandes du terminal.</p>
</div>
<div class="language-console highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span></span><span class="normal"><a href="#__codelineno-5-1">1</a></span></pre></div></td><td class="code"><div><pre><span></span><code><span id="__span-5-1"><a id="__codelineno-5-1" name="__codelineno-5-1"></a><span class="gp">$ </span>sudo<span class="w"> </span>vi<span class="w"> </span>/docker/swag/config/nginx/authentik-server.conf
</span></code></pre></div></td></tr></table></div>
<p>Vérifiez que dans chaque cas les variables ci-dessous sont correctes :</p>
<div class="language-properties highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span></span><span class="normal"><a href="#__codelineno-6-1">1</a></span>
<span class="normal"><a href="#__codelineno-6-2">2</a></span></pre></div></td><td class="code"><div><pre><span></span><code><span id="__span-6-1"><a id="__codelineno-6-1" name="__codelineno-6-1"></a><span class="na">set</span><span class="w"> </span><span class="s">$upstream_authentik authentik-server;</span>
</span><span id="__span-6-2"><a id="__codelineno-6-2" name="__codelineno-6-2"></a><span class="na">proxy_pass</span><span class="w"> </span><span class="s">http://$upstream_authentik:9000;</span>
</span></code></pre></div></td></tr></table></div>
<p>Si ce n'est pas le cas, passez en mode modification en tapant <code>i</code> et éditez les. Sauvegardez et quittez en tapant sur <code>Echap</code> puis <code>:x</code>.</p>
<p>Créez le fichier <code>auth.subdomain.conf</code></p>
<div class="language-console highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span></span><span class="normal"><a href="#__codelineno-7-1">1</a></span></pre></div></td><td class="code"><div><pre><span></span><code><span id="__span-7-1"><a id="__codelineno-7-1" name="__codelineno-7-1"></a><span class="gp">$ </span>sudo<span class="w"> </span>vi<span class="w"> </span>/docker/swag/config/nginx/proxy-confs/auth.subdomain.conf
</span></code></pre></div></td></tr></table></div>
<p>Appuyez sur <code>i</code> pour rentrer en mode modification puis collez la configuration suivante :</p>
<div class="language-nginx highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span></span><span class="normal"><a href="#__codelineno-8-1"> 1</a></span>
<span class="normal"><a href="#__codelineno-8-2"> 2</a></span>
<span class="normal"><a href="#__codelineno-8-3"> 3</a></span>
<span class="normal"><a href="#__codelineno-8-4"> 4</a></span>
<span class="normal"><a href="#__codelineno-8-5"> 5</a></span>
<span class="normal"><a href="#__codelineno-8-6"> 6</a></span>
<span class="normal"><a href="#__codelineno-8-7"> 7</a></span>
<span class="normal"><a href="#__codelineno-8-8"> 8</a></span>
<span class="normal"><a href="#__codelineno-8-9"> 9</a></span>
<span class="normal"><a href="#__codelineno-8-10">10</a></span>
<span class="normal"><a href="#__codelineno-8-11">11</a></span>
<span class="normal"><a href="#__codelineno-8-12">12</a></span>
<span class="normal"><a href="#__codelineno-8-13">13</a></span>
<span class="normal"><a href="#__codelineno-8-14">14</a></span>
<span class="normal"><a href="#__codelineno-8-15">15</a></span>
<span class="normal"><a href="#__codelineno-8-16">16</a></span>
<span class="normal"><a href="#__codelineno-8-17">17</a></span>
<span class="normal"><a href="#__codelineno-8-18">18</a></span>
<span class="normal"><a href="#__codelineno-8-19">19</a></span>
<span class="normal"><a href="#__codelineno-8-20">20</a></span>
<span class="normal"><a href="#__codelineno-8-21">21</a></span>
<span class="normal"><a href="#__codelineno-8-22">22</a></span>
<span class="normal"><a href="#__codelineno-8-23">23</a></span>
<span class="normal"><a href="#__codelineno-8-24">24</a></span>
<span class="normal"><a href="#__codelineno-8-25">25</a></span>
<span class="normal"><a href="#__codelineno-8-26">26</a></span>
<span class="normal"><a href="#__codelineno-8-27">27</a></span>
<span class="normal"><a href="#__codelineno-8-28">28</a></span>
<span class="normal"><a href="#__codelineno-8-29">29</a></span>
<span class="normal"><a href="#__codelineno-8-30">30</a></span>
<span class="normal"><a href="#__codelineno-8-31">31</a></span>
<span class="normal"><a href="#__codelineno-8-32">32</a></span>
<span class="normal"><a href="#__codelineno-8-33">33</a></span>
<span class="normal"><a href="#__codelineno-8-34">34</a></span>
<span class="normal"><a href="#__codelineno-8-35">35</a></span></pre></div></td><td class="code"><div><pre><span></span><code><span id="__span-8-1"><a id="__codelineno-8-1" name="__codelineno-8-1"></a><span class="c1">## Version 2023/05/31</span>
</span><span id="__span-8-2"><a id="__codelineno-8-2" name="__codelineno-8-2"></a><span class="c1"># make sure that your authentik container is named authentik-server</span>
</span><span id="__span-8-3"><a id="__codelineno-8-3" name="__codelineno-8-3"></a><span class="c1"># make sure that your dns has a cname set for authentik</span>
</span><span id="__span-8-4"><a id="__codelineno-8-4" name="__codelineno-8-4"></a>
</span><span id="__span-8-5"><a id="__codelineno-8-5" name="__codelineno-8-5"></a><span class="k">server</span><span class="w"> </span><span class="p">{</span>
</span><span id="__span-8-6"><a id="__codelineno-8-6" name="__codelineno-8-6"></a><span class="w"> </span><span class="kn">listen</span><span class="w"> </span><span class="mi">443</span><span class="w"> </span><span class="s">ssl</span><span class="w"> </span><span class="s">http2</span><span class="p">;</span>
</span><span id="__span-8-7"><a id="__codelineno-8-7" name="__codelineno-8-7"></a><span class="w"> </span><span class="kn">listen</span><span class="w"> </span><span class="s">[::]:443</span><span class="w"> </span><span class="s">ssl</span><span class="w"> </span><span class="s">http2</span><span class="p">;</span>
</span><span id="__span-8-8"><a id="__codelineno-8-8" name="__codelineno-8-8"></a>
</span><span id="__span-8-9"><a id="__codelineno-8-9" name="__codelineno-8-9"></a><span class="w"> </span><span class="kn">server_name</span><span class="w"> </span><span class="s">auth.*</span><span class="p">;</span>
</span><span id="__span-8-10"><a id="__codelineno-8-10" name="__codelineno-8-10"></a>
</span><span id="__span-8-11"><a id="__codelineno-8-11" name="__codelineno-8-11"></a><span class="w"> </span><span class="kn">include</span><span class="w"> </span><span class="s">/config/nginx/ssl.conf</span><span class="p">;</span>
</span><span id="__span-8-12"><a id="__codelineno-8-12" name="__codelineno-8-12"></a>
</span><span id="__span-8-13"><a id="__codelineno-8-13" name="__codelineno-8-13"></a><span class="w"> </span><span class="kn">client_max_body_size</span><span class="w"> </span><span class="mi">0</span><span class="p">;</span>
</span><span id="__span-8-14"><a id="__codelineno-8-14" name="__codelineno-8-14"></a>
</span><span id="__span-8-15"><a id="__codelineno-8-15" name="__codelineno-8-15"></a><span class="w"> </span><span class="kn">location</span><span class="w"> </span><span class="s">/</span><span class="w"> </span><span class="p">{</span>
</span><span id="__span-8-16"><a id="__codelineno-8-16" name="__codelineno-8-16"></a>
</span><span id="__span-8-17"><a id="__codelineno-8-17" name="__codelineno-8-17"></a><span class="w"> </span><span class="kn">include</span><span class="w"> </span><span class="s">/config/nginx/proxy.conf</span><span class="p">;</span>
</span><span id="__span-8-18"><a id="__codelineno-8-18" name="__codelineno-8-18"></a><span class="w"> </span><span class="kn">include</span><span class="w"> </span><span class="s">/config/nginx/resolver.conf</span><span class="p">;</span>
</span><span id="__span-8-19"><a id="__codelineno-8-19" name="__codelineno-8-19"></a><span class="w"> </span><span class="kn">set</span><span class="w"> </span><span class="nv">$upstream_app</span><span class="w"> </span><span class="s">authentik-server</span><span class="p">;</span>
</span><span id="__span-8-20"><a id="__codelineno-8-20" name="__codelineno-8-20"></a><span class="w"> </span><span class="kn">set</span><span class="w"> </span><span class="nv">$upstream_port</span><span class="w"> </span><span class="mi">9000</span><span class="p">;</span>
</span><span id="__span-8-21"><a id="__codelineno-8-21" name="__codelineno-8-21"></a><span class="w"> </span><span class="kn">set</span><span class="w"> </span><span class="nv">$upstream_proto</span><span class="w"> </span><span class="s">http</span><span class="p">;</span>
</span><span id="__span-8-22"><a id="__codelineno-8-22" name="__codelineno-8-22"></a><span class="w"> </span><span class="kn">proxy_pass</span><span class="w"> </span><span class="nv">$upstream_proto://$upstream_app:$upstream_port</span><span class="p">;</span>
</span><span id="__span-8-23"><a id="__codelineno-8-23" name="__codelineno-8-23"></a>
</span><span id="__span-8-24"><a id="__codelineno-8-24" name="__codelineno-8-24"></a><span class="w"> </span><span class="p">}</span>
</span><span id="__span-8-25"><a id="__codelineno-8-25" name="__codelineno-8-25"></a>
</span><span id="__span-8-26"><a id="__codelineno-8-26" name="__codelineno-8-26"></a><span class="w"> </span><span class="kn">location</span><span class="w"> </span><span class="p">~</span><span class="w"> </span><span class="sr">(/authentik)?/api</span><span class="w"> </span><span class="p">{</span>
</span><span id="__span-8-27"><a id="__codelineno-8-27" name="__codelineno-8-27"></a><span class="w"> </span><span class="kn">include</span><span class="w"> </span><span class="s">/config/nginx/proxy.conf</span><span class="p">;</span>
</span><span id="__span-8-28"><a id="__codelineno-8-28" name="__codelineno-8-28"></a><span class="w"> </span><span class="kn">include</span><span class="w"> </span><span class="s">/config/nginx/resolver.conf</span><span class="p">;</span>
</span><span id="__span-8-29"><a id="__codelineno-8-29" name="__codelineno-8-29"></a><span class="w"> </span><span class="kn">set</span><span class="w"> </span><span class="nv">$upstream_app</span><span class="w"> </span><span class="s">authentik-server</span><span class="p">;</span>
</span><span id="__span-8-30"><a id="__codelineno-8-30" name="__codelineno-8-30"></a><span class="w"> </span><span class="kn">set</span><span class="w"> </span><span class="nv">$upstream_port</span><span class="w"> </span><span class="mi">9000</span><span class="p">;</span>
</span><span id="__span-8-31"><a id="__codelineno-8-31" name="__codelineno-8-31"></a><span class="w"> </span><span class="kn">set</span><span class="w"> </span><span class="nv">$upstream_proto</span><span class="w"> </span><span class="s">http</span><span class="p">;</span>
</span><span id="__span-8-32"><a id="__codelineno-8-32" name="__codelineno-8-32"></a><span class="w"> </span><span class="kn">proxy_pass</span><span class="w"> </span><span class="nv">$upstream_proto://$upstream_app:$upstream_port</span><span class="p">;</span>
</span><span id="__span-8-33"><a id="__codelineno-8-33" name="__codelineno-8-33"></a>
</span><span id="__span-8-34"><a id="__codelineno-8-34" name="__codelineno-8-34"></a><span class="w"> </span><span class="p">}</span>
</span><span id="__span-8-35"><a id="__codelineno-8-35" name="__codelineno-8-35"></a><span class="p">}</span>
</span></code></pre></div></td></tr></table></div>
<p>Sauvegardez et quittez en appuyant sue <code>Echap</code> puis en tapant <code>:x</code></p>
<p>Et voilà ! Vous pouvez accéder à authentik via <code>https://auth.mondomaine.fr</code></p>
<h2 id="activer-le-multifacteur">Activer le multifacteur</h2>
<hr />
<p>Tout l'intérêt de authentik c'est de disposer du multifacteur pour toutes les apps que l'on protègera.</p>
<ul>
<li>Rendez vous sur <code>https://auth.mondomaine.fr</code></li>
<li>Identifiez-vous</li>
<li>Rendez-vous dans <em>paramètres</em></li>
<li>Cliquez sur la section <em>MFA</em></li>
<li>Cliquez sur <em>s'inscrire</em></li>
<li>Choisissez une méthode comme <em>TOTP device</em> ( dans ce cas vous devrez utilisez une app d'authentification telle que Google Authenticator par exemple)</li>
<li>Suivez les étapes</li>
</ul>
<p>Et voilà, vous serez invité à saisir un code à usage unique à chaque connexion.</p>
<h2 id="proteger-une-app-native">Protéger une app native</h2>
<hr />
<p>Authentik est compatible nativement avec un certain nombre d'application, vous retrouverez la liste et <a href="https://docs.goauthentik.io/integrations/services/">le support ici</a></p>
<h2 id="proteger-une-app-par-reverse-proxy">Protéger une app par reverse proxy</h2>
<hr />
<p>Swag permet d'intercaler la page d'authentik entre la requête et l'accès à votre service. Pour cela il va falloir :</p>
<ul>
<li>Configurer le service d'authentification dans authentik.</li>
<li>Configurer le fichier proxy du domaine pour que swag puisse intercaler la page.</li>
</ul>
<p>Pourquoi le faire alors que Dockge a déjà une page d'authentification ? Tout simplement parce que l'authentification HTTP utilisée par Dockge est faible. Avec Authentik, vous aurez directement une authentification forte par MFA, et vous serez loggé automatiquement à toutes vos apps déjà protégées par authentik. Cela permet de sécuriser l'accès à Dockge et aux autres apps que vous protégerez, sans avoir à passer par un VPN.</p>
<h3 id="configuration-de-authentik">Configuration de Authentik</h3>
<ul>
<li>Rendez vous dans Authentik</li>
<li>Allez dans le panneau d'administration</li>
<li>Sélectionnez <em>application</em> puis <em>créer avec l'assistant</em></li>
<li>Renseignez les champs comme suit :</li>
</ul>
<p><img alt="Picture" src="/img/serveex/auth1.png" /></p>
<ul>
<li>Puis à l'étape suivante choisissez "Transférer l'authentification (application unique)" et éditez comme suit (attention aux flow, c'est important) :</li>
</ul>
<p><img alt="Picture" src="/img/serveex/auth2.png" /></p>
<ul>
<li>Ensuite, allez dans le menu à gauche dans <em>Avant-poste</em> et éditez <em>authentik Embedded Outpost</em></li>
</ul>
<p><img alt="Picture" src="/img/serveex/auth3.png" /></p>
<ul>
<li>Ajoutez l'application <code>dockge</code> en la faisant passer à droite et validez.</li>
</ul>
<h3 id="configuration-de-swag">Configuration de SWAG</h3>
<p>Ensuite rendez-vous dans le fichier <code>dockge.mondomaine.fr</code>.</p>
<div class="language-console highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span></span><span class="normal"><a href="#__codelineno-9-1">1</a></span></pre></div></td><td class="code"><div><pre><span></span><code><span id="__span-9-1"><a id="__codelineno-9-1" name="__codelineno-9-1"></a><span class="gp">$ </span>sudo<span class="w"> </span>vi<span class="w"> </span>/docker/swag/config/nginx/proxy-confs/dockge.subdomain.conf
</span></code></pre></div></td></tr></table></div>
<p>Puis entrez en modification en appuyant sur <code>i</code> et enlevez les <code>#</code> des deux lignes <code class="language-nginx highlight"><span class="c1">#include /config/nginx/authentik-server.conf;</span></code>.</p>
<p>Appuyez sur <code>Echap</code> puis tapez <code>:x</code> et appuyez sur <code>Entrée</code> pour sauvegarder et quitter.</p>
<p>Et voilà ! En tapant <code>https://dockge.mondomaine.fr</code>, vous tomberez à présent sur la mire d'authentification de authentik. </p>
<div class="admonition tip">
<p class="admonition-title">Astuce</p>
<p>Dans Dockge, dans les paramètres, vous pouvez désactiver l'authentification de Dockge afin de ne pas avoir à vous identifier deux fois. <strong>Attention</strong>, cela voudra dire que si vous avez exposé un port sur votre réseau local, il n'y aura plus aucune authentification.</p>
</div>
<div class="admonition note">
<p class="admonition-title">Note</p>
<p>Vous pouvez répétez l'opération pour chaque application que vous souhaitez protéger (si elle ne dipose pas d'intégration directe avec Authentik).</p>
</div>
<p>Voilà votre nouvelle architecture :</p>
<p><img alt="Picture" src="/img/serveex/authentik.svg" /></p>
<h2 id="proteger-un-service-sur-un-serveur-distant">Protéger un service sur un serveur distant</h2>
<hr />
<p>Dans le cas d'une application <a href="/serveex/authentik/#proteger-une-app-native">native</a> (via OAuth 2.0 ou autre), rien ne change.</p>
<p>Dans le cas d'une application non native à protéger derrière un reverse proxy, vous devrez déployer un <strong>avant-poste</strong>. Un avant-poste est un conteneur qui jouera le rôle de proxy local, c'est à dire que c'est vers ce conteneur que les requêtes d'authentification de vos applications seront redirigées. C'est le seul qui est autorisé à dialoguer avec l'API de votre instance authentik.</p>
<div class="admonition abstract">
<p class="admonition-title">Prérequis</p>
<p>Pour déployer cet avant-poste, vous aurez besoin :</p>
<ul>
<li>D'avoir installé <a href="/serveex/docker">docker</a> sur votre machine distante hébergeant le service à protéger.</li>
<li>Si l'application n'a pas d'intégration native, vous aurez besoin également d'avoir un reverse proxy compatible. Comme partout ici, nous utiliserons <a href="/serveex/swag">SWAG</a>.</li>
</ul>
</div>
<p>Ce conteneur redirigera ensuite les requetes vers votre instance <a href="/serveex/authentik">Authentik</a> principale, à travers le web (ou votre réseau local). Le serveur executera les controle et renverra la réponse à l'<em>avant-poste</em>, qui bloquera ou non la connexion à l'app protégée.</p>
<p><img alt="auth-outpost" src="/img/serveex/auth-outpost.svg" /></p>
<h3 id="configuration-dauthentik">Configuration d'Authentik</h3>
<p>Créez vos <a href="/serveex/authentik/#proteger-une-app-native">fournisseurs et applications</a> comme nous l'avons vu plus haut.</p>
<p>Puis, dans votre panneau admin, allez dans la rubrique <em>Applications &gt; Avant-postes</em>, puis créez un nouvel avant-poste.</p>
<p>Remplissez comme suit :</p>
<table>
<thead>
<tr>
<th>Champs</th>
<th>Valeur</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>Nom</code></td>
<td>Le nom que vous souhaitez</td>
</tr>
<tr>
<td><code>Type</code></td>
<td><code>Proxy</code></td>
</tr>
<tr>
<td><code>Intégration</code></td>
<td>Laissez vide</td>
</tr>
<tr>
<td><code>Applications</code></td>
<td>Sélectionnez le ou les applications que vous avez créées précédemment</td>
</tr>
</tbody>
</table>
<p>Dans la section <code>Paramètres avancés</code>, supprimez l'existant, et complétez comme suit :</p>
<div class="language-yaml highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span></span><span class="normal"><a href="#__codelineno-10-1">1</a></span>
<span class="normal"><a href="#__codelineno-10-2">2</a></span>
<span class="normal"><a href="#__codelineno-10-3">3</a></span>
<span class="normal"><a href="#__codelineno-10-4">4</a></span>
<span class="normal"><a href="#__codelineno-10-5">5</a></span>
<span class="normal"><a href="#__codelineno-10-6">6</a></span>
<span class="normal"><a href="#__codelineno-10-7">7</a></span>
<span class="normal"><a href="#__codelineno-10-8">8</a></span>
<span class="normal"><a href="#__codelineno-10-9">9</a></span></pre></div></td><td class="code"><div><pre><span></span><code><span id="__span-10-1"><a id="__codelineno-10-1" name="__codelineno-10-1"></a><span class="nt">log_level</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">info</span>
</span><span id="__span-10-2"><a id="__codelineno-10-2" name="__codelineno-10-2"></a><span class="nt">docker_labels</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">null</span>
</span><span id="__span-10-3"><a id="__codelineno-10-3" name="__codelineno-10-3"></a><span class="nt">authentik_host</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">https://domaine_de_votre_serveur_authentik/</span>
</span><span id="__span-10-4"><a id="__codelineno-10-4" name="__codelineno-10-4"></a><span class="nt">object_naming_template</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ak-outpost-%(name)s</span>
</span><span id="__span-10-5"><a id="__codelineno-10-5" name="__codelineno-10-5"></a><span class="nt">authentik_host_insecure</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">false</span>
</span><span id="__span-10-6"><a id="__codelineno-10-6" name="__codelineno-10-6"></a><span class="nt">container_image</span><span class="p">:</span>
</span><span id="__span-10-7"><a id="__codelineno-10-7" name="__codelineno-10-7"></a><span class="nt">docker_network</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">null</span>
</span><span id="__span-10-8"><a id="__codelineno-10-8" name="__codelineno-10-8"></a><span class="nt">docker_map_ports</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
</span><span id="__span-10-9"><a id="__codelineno-10-9" name="__codelineno-10-9"></a><span class="nt">docker_labels</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">null</span>
</span></code></pre></div></td></tr></table></div>
<p>Enrtegistrez et quittez.</p>
<p>Sur l'écran affichant les avant-postes créés, vous verrez le nouvel avant-poste que vous venez de créer. A la fin de la ligne, cliquez sur <em>afficher les informations</em>, et copiez précieusement le jeton d'accès.</p>
<h3 id="configuration-de-la-machine-distante">Configuration de la machine distante</h3>
<p>Nous partons du principe que vous avez déjà installé <a href="/serveex/docker">Docker</a> et <a href="/serveex/swag">SWAG</a> sur cette machine distante.</p>
<p>Sur votre machine distante, à l'aide de <a href="/serveex/docker/#installer-dockge-pour-gerer-et-deployer-les-conteneurs">Dockge</a>, créez une stack <code>authentik-outpost</code>.</p>
<p>Si vous n'avez pas installé <a href="/serveex/docker/#installer-dockge-pour-gerer-et-deployer-les-conteneurs">Dockge</a>, créez un dossier <code>/docker/authentik-outpost</code>, ou directement en ligne de commande :</p>
<div class="language-console highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span></span><span class="normal"><a href="#__codelineno-11-1">1</a></span></pre></div></td><td class="code"><div><pre><span></span><code><span id="__span-11-1"><a id="__codelineno-11-1" name="__codelineno-11-1"></a><span class="gp">$ </span>sudo<span class="w"> </span>mkdir<span class="w"> </span>-P<span class="w"> </span>/docker/authentik-outpost
</span></code></pre></div></td></tr></table></div>
<div class="admonition tip">
<p class="admonition-title">Astuce pour les allergiques au terminal</p>
<p>Vous pouvez utiliser <a href="/serveex/filebrowser">File Browser</a> pour naviguer dans vos fichier et éditer vos documents au lieu d'utiliser les commandes du terminal.</p>
</div>
<p>Créez le fichier <code>compose.yaml</code> ou copiez la configuration directement dans le champs si vous avez Dockge <a href="/serveex/docker/#installer-dockge-pour-gerer-et-deployer-les-conteneurs">Dockge</a>)</p>
<p>En ligne de commande :</p>
<p><div class="language-console highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span></span><span class="normal"><a href="#__codelineno-12-1">1</a></span></pre></div></td><td class="code"><div><pre><span></span><code><span id="__span-12-1"><a id="__codelineno-12-1" name="__codelineno-12-1"></a><span class="gp">$ </span>sudo<span class="w"> </span>vi<span class="w"> </span>/docker/authentik-outpost/compose.yaml
</span></code></pre></div></td></tr></table></div>
Entrez en mode modification avec <code>i</code> et collez la configuration suivante, en changeant les chiffres de <code class="language-properties highlight"><span class="na">{AUTHENTIK_TAG</span><span class="o">:</span><span class="s">proxy:2024.2.3}</span></code> par <a href="/serveex/authentik/#__codelineno-4-46">la meme version que celle de votre serveur Authentik</a>. </p>
<div class="language-yaml highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span></span><span class="normal"><a href="#__codelineno-13-1"> 1</a></span>
<span class="normal"><a href="#__codelineno-13-2"> 2</a></span>
<span class="normal"><a href="#__codelineno-13-3"> 3</a></span>
<span class="normal"><a href="#__codelineno-13-4"> 4</a></span>
<span class="normal"><a href="#__codelineno-13-5"> 5</a></span>
<span class="normal"><a href="#__codelineno-13-6"> 6</a></span>
<span class="normal"><a href="#__codelineno-13-7"> 7</a></span>
<span class="normal"><a href="#__codelineno-13-8"> 8</a></span>
<span class="normal"><a href="#__codelineno-13-9"> 9</a></span>
<span class="normal"><a href="#__codelineno-13-10">10</a></span>
<span class="normal"><a href="#__codelineno-13-11">11</a></span>
<span class="normal"><a href="#__codelineno-13-12">12</a></span>
<span class="normal"><a href="#__codelineno-13-13">13</a></span>
<span class="normal"><a href="#__codelineno-13-14">14</a></span>
<span class="normal"><a href="#__codelineno-13-15">15</a></span>
<span class="normal"><a href="#__codelineno-13-16">16</a></span>
<span class="normal"><a href="#__codelineno-13-17">17</a></span>
<span class="normal"><a href="#__codelineno-13-18">18</a></span>
<span class="normal"><a href="#__codelineno-13-19">19</a></span>
<span class="normal"><a href="#__codelineno-13-20">20</a></span>
<span class="normal"><a href="#__codelineno-13-21">21</a></span>
<span class="normal"><a href="#__codelineno-13-22">22</a></span>
<span class="normal"><a href="#__codelineno-13-23">23</a></span>
<span class="normal"><a href="#__codelineno-13-24">24</a></span>
<span class="normal"><a href="#__codelineno-13-25">25</a></span>
<span class="normal"><a href="#__codelineno-13-26">26</a></span>
<span class="normal"><a href="#__codelineno-13-27">27</a></span></pre></div></td><td class="code"><div><pre><span></span><code><span id="__span-13-1"><a id="__codelineno-13-1" name="__codelineno-13-1"></a><span class="nt">version</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;3.5&quot;</span>
</span><span id="__span-13-2"><a id="__codelineno-13-2" name="__codelineno-13-2"></a><span class="nt">services</span><span class="p">:</span>
</span><span id="__span-13-3"><a id="__codelineno-13-3" name="__codelineno-13-3"></a><span class="w"> </span><span class="nt">authentik_proxy</span><span class="p">:</span>
</span><span id="__span-13-4"><a id="__codelineno-13-4" name="__codelineno-13-4"></a><span class="w"> </span><span class="nt">container_name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">authentik-outpost</span>
</span><span id="__span-13-5"><a id="__codelineno-13-5" name="__codelineno-13-5"></a><span class="w"> </span><span class="nt">image</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ghcr.io/goauthentik/proxy:2024.2.3</span>
</span><span id="__span-13-6"><a id="__codelineno-13-6" name="__codelineno-13-6"></a><span class="w"> </span><span class="c1"># Optionally specify which networks the container should be</span>
</span><span id="__span-13-7"><a id="__codelineno-13-7" name="__codelineno-13-7"></a><span class="w"> </span><span class="c1"># might be needed to reach the core authentik server</span>
</span><span id="__span-13-8"><a id="__codelineno-13-8" name="__codelineno-13-8"></a><span class="w"> </span><span class="nt">restart</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">unless-stopped</span>
</span><span id="__span-13-9"><a id="__codelineno-13-9" name="__codelineno-13-9"></a><span class="w"> </span><span class="nt">env_file</span><span class="p">:</span>
</span><span id="__span-13-10"><a id="__codelineno-13-10" name="__codelineno-13-10"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">.env</span>
</span><span id="__span-13-11"><a id="__codelineno-13-11" name="__codelineno-13-11"></a><span class="w"> </span><span class="nt">networks</span><span class="p">:</span>
</span><span id="__span-13-12"><a id="__codelineno-13-12" name="__codelineno-13-12"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">swag_default</span>
</span><span id="__span-13-13"><a id="__codelineno-13-13" name="__codelineno-13-13"></a><span class="w"> </span><span class="c1"># - foo</span>
</span><span id="__span-13-14"><a id="__codelineno-13-14" name="__codelineno-13-14"></a><span class="w"> </span><span class="nt">ports</span><span class="p">:</span>
</span><span id="__span-13-15"><a id="__codelineno-13-15" name="__codelineno-13-15"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">9000:9000</span>
</span><span id="__span-13-16"><a id="__codelineno-13-16" name="__codelineno-13-16"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">9443:9443</span>
</span><span id="__span-13-17"><a id="__codelineno-13-17" name="__codelineno-13-17"></a><span class="w"> </span><span class="nt">environment</span><span class="p">:</span>
</span><span id="__span-13-18"><a id="__codelineno-13-18" name="__codelineno-13-18"></a><span class="w"> </span><span class="nt">AUTHENTIK_HOST</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">${HOST}</span>
</span><span id="__span-13-19"><a id="__codelineno-13-19" name="__codelineno-13-19"></a><span class="w"> </span><span class="nt">AUTHENTIK_INSECURE</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;false&quot;</span>
</span><span id="__span-13-20"><a id="__codelineno-13-20" name="__codelineno-13-20"></a><span class="w"> </span><span class="nt">AUTHENTIK_TOKEN</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">${TOKEN}</span>
</span><span id="__span-13-21"><a id="__codelineno-13-21" name="__codelineno-13-21"></a><span class="w"> </span><span class="c1"># Starting with 2021.9, you can optionally set this too</span>
</span><span id="__span-13-22"><a id="__codelineno-13-22" name="__codelineno-13-22"></a><span class="w"> </span><span class="c1"># when authentik_host for internal communication doesn&#39;t match the public URL</span>
</span><span id="__span-13-23"><a id="__codelineno-13-23" name="__codelineno-13-23"></a><span class="w"> </span><span class="c1"># AUTHENTIK_HOST_BROWSER: https://external-domain.tld</span>
</span><span id="__span-13-24"><a id="__codelineno-13-24" name="__codelineno-13-24"></a><span class="nt">networks</span><span class="p">:</span>
</span><span id="__span-13-25"><a id="__codelineno-13-25" name="__codelineno-13-25"></a><span class="w"> </span><span class="nt">swag_default</span><span class="p">:</span>
</span><span id="__span-13-26"><a id="__codelineno-13-26" name="__codelineno-13-26"></a><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">swag_default</span>
</span><span id="__span-13-27"><a id="__codelineno-13-27" name="__codelineno-13-27"></a><span class="w"> </span><span class="nt">external</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
</span></code></pre></div></td></tr></table></div>
<p>Appuyez sur <code>Echap</code> puis tapez <code>:x</code> et appuyez sur <code>Entrée</code> pour sauvegarder et quitter.</p>
<div class="admonition note">
<p class="admonition-title">Note</p>
<p>Ici nous partons du principe que le réseau de Swag est <code>swag_default</code>.</p>
</div>
<p>Creez (ou remplissez directement si vous avez <a href="/serveex/docker/#installer-dockge-pour-gerer-et-deployer-les-conteneurs">Dockge</a>) le fichier <code>.env</code> dans le même dossier.</p>
<p>En ligne de commande :</p>
<div class="language-console highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span></span><span class="normal"><a href="#__codelineno-14-1">1</a></span></pre></div></td><td class="code"><div><pre><span></span><code><span id="__span-14-1"><a id="__codelineno-14-1" name="__codelineno-14-1"></a><span class="gp">$ </span>sudo<span class="w"> </span>vi<span class="w"> </span>/docker/authentik-outpost/.env
</span></code></pre></div></td></tr></table></div>
<p>Entrez en mode modification avec <code>i</code> et collez la configuration suivante</p>
<p><div class="language-properties highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span></span><span class="normal"><a href="#__codelineno-15-1">1</a></span>
<span class="normal"><a href="#__codelineno-15-2">2</a></span></pre></div></td><td class="code"><div><pre><span></span><code><span id="__span-15-1"><a id="__codelineno-15-1" name="__codelineno-15-1"></a><span class="na">HOST</span><span class="o">=</span>
</span><span id="__span-15-2"><a id="__codelineno-15-2" name="__codelineno-15-2"></a><span class="na">TOKEN</span><span class="o">=</span>
</span></code></pre></div></td></tr></table></div>
Remplissez comme suit</p>
<table>
<thead>
<tr>
<th>Variable</th>
<th>Valeur</th>
<th>Exemple</th>
</tr>
</thead>
<tbody>
<tr>
<td><code class="language-properties highlight"><span class="na">HOST</span><span class="o">=</span></code></td>
<td>L'url de votre serveur authentik</td>
<td><code>https://auth.domaine.fr</code></td>
</tr>
<tr>
<td><code class="language-properties highlight"><span class="na">TOKEN</span><span class="o">=</span></code></td>
<td>Le token que vous avez précédemment copié précieusement</td>
<td><code>Q2pVEqsTNRkJSO9SkJzU3KZ2</code></td>
</tr>
</tbody>
</table>
<p>Appuyez sur <code>Echap</code> puis tapez <code>:x</code> et appuyez sur <code>Entrée</code> pour sauvegarder et quitter.</p>
<p>Si vous avez <a href="/serveex/docker/#installer-dockge-pour-gerer-et-deployer-les-conteneurs">Dockge</a>, déployez la stack.</p>
<p>Sinon, via le terminal :</p>
<div class="language-console highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span></span><span class="normal"><a href="#__codelineno-16-1">1</a></span>
<span class="normal"><a href="#__codelineno-16-2">2</a></span></pre></div></td><td class="code"><div><pre><span></span><code><span id="__span-16-1"><a id="__codelineno-16-1" name="__codelineno-16-1"></a><span class="gp">$ </span><span class="nb">cd</span><span class="w"> </span>/docker/authentik-outpost/
</span><span id="__span-16-2"><a id="__codelineno-16-2" name="__codelineno-16-2"></a><span class="gp">$ </span>sudo<span class="w"> </span>docker<span class="w"> </span>compose<span class="w"> </span>up<span class="w"> </span>-d
</span></code></pre></div></td></tr></table></div>
<p>Le conteneur est en route, vous pouvez vérifier son état dans votre panneau admin de votre instance Authentik, section <em>Applications &gt; Avant-postes</em>. </p>
<p>Nous allons a présent configurer SWAG.</p>
<p>Ouvrez le fichier <code>authentik-server.conf</code>.</p>
<div class="language-console highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span></span><span class="normal"><a href="#__codelineno-17-1">1</a></span></pre></div></td><td class="code"><div><pre><span></span><code><span id="__span-17-1"><a id="__codelineno-17-1" name="__codelineno-17-1"></a><span class="gp">$ </span>sudo<span class="w"> </span>vi<span class="w"> </span>/docker/swag/config/nginx/authentik-server.conf
</span></code></pre></div></td></tr></table></div>
<p>Dans le fichier, passez en mode modification en tapant <code>i</code> et changez <code>authentik-server</code> par <code>authentik-outpost</code> comme suit :</p>
<div class="language-properties highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span></span><span class="normal"><a href="#__codelineno-18-1">1</a></span>
<span class="normal"><a href="#__codelineno-18-2">2</a></span></pre></div></td><td class="code"><div><pre><span></span><code><span id="__span-18-1"><a id="__codelineno-18-1" name="__codelineno-18-1"></a><span class="na">set</span><span class="w"> </span><span class="s">$upstream_authentik authentik-outpost;</span>
</span><span id="__span-18-2"><a id="__codelineno-18-2" name="__codelineno-18-2"></a><span class="na">proxy_pass</span><span class="w"> </span><span class="s">http://$upstream_authentik:9000;</span>
</span></code></pre></div></td></tr></table></div>
<p>Sauvegardez et quittez en tapant sur <code>Echap</code> puis <code>:x</code> et sur <code>Entrée</code>.</p>
<p>Ensuite, configurez les applications à protéger selon si elles sont <a href="/serveex/authentik/#proteger-une-app-native">natives</a> ou par <a href="serveex/authentik/#proteger-une-app-par-reverse-proxy">proxy</a> comme vous l'avez fait sur votre serveur principal.</p>
<h2 id="migrer-une-base-authentik">Migrer une base authentik</h2>
<hr />
<p>Sur la machine d'origine, dumper la bdd :</p>
<div class="language-console highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span></span><span class="normal"><a href="#__codelineno-19-1">1</a></span></pre></div></td><td class="code"><div><pre><span></span><code><span id="__span-19-1"><a id="__codelineno-19-1" name="__codelineno-19-1"></a><span class="gp">$ </span>sudo<span class="w"> </span>docker<span class="w"> </span><span class="nb">exec</span><span class="w"> </span>authentik-postgres<span class="w"> </span>pg_dump<span class="w"> </span>-U<span class="w"> </span>authentik<span class="w"> </span>-F<span class="w"> </span>t<span class="w"> </span>authentik<span class="w"> </span>&gt;<span class="w"> </span>/path/to/mydb.tar
</span></code></pre></div></td></tr></table></div>
<p>Puis l'envoyer sur la machine cible. Sur la machine cible, copier le fichier dans le container docker</p>
<div class="language-console highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span></span><span class="normal"><a href="#__codelineno-20-1">1</a></span></pre></div></td><td class="code"><div><pre><span></span><code><span id="__span-20-1"><a id="__codelineno-20-1" name="__codelineno-20-1"></a><span class="gp">$ </span>cp<span class="w"> </span>/path/to/mydb.tar<span class="w"> </span>authentik-postgres:/path/to/wherever
</span></code></pre></div></td></tr></table></div>
<p>(Optionnel) Purgez les tables existantes :</p>
<div class="language-console highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span></span><span class="normal"><a href="#__codelineno-21-1">1</a></span>
<span class="normal"><a href="#__codelineno-21-2">2</a></span>
<span class="normal"><a href="#__codelineno-21-3">3</a></span></pre></div></td><td class="code"><div><pre><span></span><code><span id="__span-21-1"><a id="__codelineno-21-1" name="__codelineno-21-1"></a><span class="gp">$ </span>sudo<span class="w"> </span>docker<span class="w"> </span><span class="nb">exec</span><span class="w"> </span>-i<span class="w"> </span>authentik-postgres<span class="w"> </span>psql<span class="w"> </span>-U<span class="w"> </span>authentik<span class="w"> </span>-c<span class="w"> </span><span class="s2">&quot;SELECT pg_terminate_backend(pg_stat_activity.pid) FROM pg_stat_activity WHERE pg_stat_activity.datname = &#39;authentik&#39; AND pid &lt;&gt; pg_backend_pid();&quot;</span><span class="w"> </span><span class="o">&amp;&amp;</span><span class="w"> </span><span class="se">\</span>
</span><span id="__span-21-2"><a id="__codelineno-21-2" name="__codelineno-21-2"></a><span class="gp">$ </span>sudo<span class="w"> </span>docker<span class="w"> </span><span class="nb">exec</span><span class="w"> </span>-i<span class="w"> </span>authentik-postgres<span class="w"> </span>psql<span class="w"> </span>-U<span class="w"> </span>authentik<span class="w"> </span>-d<span class="w"> </span>postgres<span class="w"> </span>-c<span class="w"> </span><span class="s2">&quot;DROP DATABASE IF EXISTS authentik;&quot;</span><span class="w"> </span><span class="o">&amp;&amp;</span><span class="w"> </span><span class="se">\</span>
</span><span id="__span-21-3"><a id="__codelineno-21-3" name="__codelineno-21-3"></a><span class="gp">$ </span>sudo<span class="w"> </span>docker<span class="w"> </span><span class="nb">exec</span><span class="w"> </span>-i<span class="w"> </span>authentik-postgres<span class="w"> </span>psql<span class="w"> </span>-U<span class="w"> </span>authentik<span class="w"> </span>-d<span class="w"> </span>postgres<span class="w"> </span>-c<span class="w"> </span><span class="s2">&quot;CREATE DATABASE authentik;&quot;</span><span class="w"> </span><span class="o">&amp;&amp;</span><span class="w"> </span><span class="se">\</span>
</span></code></pre></div></td></tr></table></div>
<p>Restaurez la bdd</p>
<div class="language-console highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span></span><span class="normal"><a href="#__codelineno-22-1">1</a></span></pre></div></td><td class="code"><div><pre><span></span><code><span id="__span-22-1"><a id="__codelineno-22-1" name="__codelineno-22-1"></a><span class="gp">$ </span>sudo<span class="w"> </span>docker<span class="w"> </span><span class="nb">exec</span><span class="w"> </span>authentik-postgresql<span class="w"> </span>pg_restore<span class="w"> </span>-U<span class="w"> </span>authentik<span class="w"> </span>-d<span class="w"> </span>authentik<span class="w"> </span>/path/to/wherever/mydb.tar
</span></code></pre></div></td></tr></table></div>
</article>
</div>
<script>var target=document.getElementById(location.hash.slice(1));target&&target.name&&(target.checked=target.name.startsWith("__tabbed_"))</script>
</div>
<button type="button" class="md-top md-icon" data-md-component="top" hidden>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M13 20h-2V8l-5.5 5.5-1.42-1.42L12 4.16l7.92 7.92-1.42 1.42L13 8v12Z"/></svg>
Retour en haut de la page
</button>
</main>
<footer class="md-footer">
<div class="md-footer-meta md-typeset">
<div class="md-footer-meta__inner md-grid">
<div class="md-copyright">
<div class="md-copyright__highlight">
&copy; 2020-2024 djeex.fr
</div>
Made with
<a href="https://squidfunk.github.io/mkdocs-material/" target="_blank" rel="noopener">
Material for MkDocs
</a>
</div>
<div class="md-social">
<a href="https://discord.gg/nAwtwCxQ" target="_blank" rel="noopener" title="discord.gg" class="md-social__link">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 640 512"><!--! Font Awesome Free 6.5.2 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2024 Fonticons, Inc.--><path d="M524.531 69.836a1.5 1.5 0 0 0-.764-.7A485.065 485.065 0 0 0 404.081 32.03a1.816 1.816 0 0 0-1.923.91 337.461 337.461 0 0 0-14.9 30.6 447.848 447.848 0 0 0-134.426 0 309.541 309.541 0 0 0-15.135-30.6 1.89 1.89 0 0 0-1.924-.91 483.689 483.689 0 0 0-119.688 37.107 1.712 1.712 0 0 0-.788.676C39.068 183.651 18.186 294.69 28.43 404.354a2.016 2.016 0 0 0 .765 1.375 487.666 487.666 0 0 0 146.825 74.189 1.9 1.9 0 0 0 2.063-.676A348.2 348.2 0 0 0 208.12 430.4a1.86 1.86 0 0 0-1.019-2.588 321.173 321.173 0 0 1-45.868-21.853 1.885 1.885 0 0 1-.185-3.126 251.047 251.047 0 0 0 9.109-7.137 1.819 1.819 0 0 1 1.9-.256c96.229 43.917 200.41 43.917 295.5 0a1.812 1.812 0 0 1 1.924.233 234.533 234.533 0 0 0 9.132 7.16 1.884 1.884 0 0 1-.162 3.126 301.407 301.407 0 0 1-45.89 21.83 1.875 1.875 0 0 0-1 2.611 391.055 391.055 0 0 0 30.014 48.815 1.864 1.864 0 0 0 2.063.7A486.048 486.048 0 0 0 610.7 405.729a1.882 1.882 0 0 0 .765-1.352c12.264-126.783-20.532-236.912-86.934-334.541ZM222.491 337.58c-28.972 0-52.844-26.587-52.844-59.239s23.409-59.241 52.844-59.241c29.665 0 53.306 26.82 52.843 59.239 0 32.654-23.41 59.241-52.843 59.241Zm195.38 0c-28.971 0-52.843-26.587-52.843-59.239s23.409-59.241 52.843-59.241c29.667 0 53.307 26.82 52.844 59.239 0 32.654-23.177 59.241-52.844 59.241Z"/></svg>
</a>
</div>
</div>
</div>
</footer>
</div>
<div class="md-dialog" data-md-component="dialog">
<div class="md-dialog__inner md-typeset"></div>
</div>
<script id="__config" type="application/json">{"base": "../..", "features": ["content.action.edit", "search.highlight", "search.suggest", "navigation.top", "content.code.copy", "navigation.sections", "navigation.indexes", "navigation.tracking", "navigation.path"], "search": "../../assets/javascripts/workers/search.b8dbb3d2.min.js", "translations": {"clipboard.copied": "Copi\u00e9 dans le presse-papier", "clipboard.copy": "Copier dans le presse-papier", "search.result.more.one": "1 de plus sur cette page", "search.result.more.other": "# de plus sur cette page", "search.result.none": "Aucun document trouv\u00e9", "search.result.one": "1 document trouv\u00e9", "search.result.other": "# documents trouv\u00e9s", "search.result.placeholder": "Taper pour d\u00e9marrer la recherche", "search.result.term.missing": "Non trouv\u00e9", "select.version": "S\u00e9lectionner la version"}}</script>
<script src="../../assets/javascripts/bundle.ad660dcc.min.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/mathjax/2.7.6/MathJax.js?config=TeX-MML-AM_CHTML"></script>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink