Djeex/docudjeex
1
1
Fork 0
Code Issues Pull Requests Projects Wiki Activity

'excurity" urls fixed + language switcher

Browse Source
This commit is contained in:
Djeex
2025-07-04 14:54:28 +00:00
parent 7aadc4378c
commit 6046093b24
25 changed files with 50 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
app.config.ts
View File

@ -29,6 +29,11 @@ export default defineAppConfig({
image: '/img/social.png',
socials: {
github:'',
Language: {
label: '🇫🇷',
icon:'material-symbols:language-french',
href: 'https:/docu.djeex.fr/fr/',
},
Gitea: {
label: 'Gitea',
icon: 'cib:gitea',

3
content/0.index.md
View File

@ -13,6 +13,9 @@ main:
cta:
- Access the Docs
- /about/welcome
secondary:
- 🇫🇷 →
- https://docu.djeex.fr/fr/
---
#title

6
content/3.serveex/1.introduction.md
View File

@ -76,21 +76,21 @@ Security
#title
__VPN__
#description
[Install and deploy Wireguard](/serveex/securite/wireguard)
[Install and deploy Wireguard](/serveex/security/wireguard)
::
::card{icon=noto:key}
#title
__SSO & MFA__
#description
[Install and deploy Authentik](/serveex/securite/authentik)
[Install and deploy Authentik](/serveex/security/authentik)
::
::card{icon=logos:cloudflare-icon}
#title
__Zero Trust__
#description
[Install and deploy Cloudflared](/serveex/securite/cloudflare)
[Install and deploy Cloudflared](/serveex/security/cloudflare)
::
::

6
content/3.serveex/2.core/3.swag.md
View File

@ -20,7 +20,7 @@ main:
::alert{type="warning"}
:::list{type="warning"}
- SWAG is only useful for exposing your services to the internet—i.e., accessing them via a public URL like `https://service.mydomain.com`. If you dont want to expose your services and prefer to always use a VPN to connect remotely, you can go [here instead](/serveex/securite/wireguard).
- SWAG is only useful for exposing your services to the internet—i.e., accessing them via a public URL like `https://service.mydomain.com`. If you dont want to expose your services and prefer to always use a VPN to connect remotely, you can go [here instead](/serveex/security/wireguard).
:::
::
@ -265,14 +265,14 @@ server {
---
::alert{type="info"}
📋 __Prerequisite:__ <br/><br/>
We assume that you have created a subdomain like `dockge.mydomain.com` in your [DNS zone](/general/dns), with a `CNAME` pointing to `mydomain.com` and — unless you're using [Cloudflare Zero Trust](/serveex/securite/cloudflare) — that you've forwarded port `443` from your router to the server's `443` in [your NAT rules](/general/nat).
We assume that you have created a subdomain like `dockge.mydomain.com` in your [DNS zone](/general/dns), with a `CNAME` pointing to `mydomain.com` and — unless you're using [Cloudflare Zero Trust](/serveex/security/cloudflare) — that you've forwarded port `443` from your router to the server's `443` in [your NAT rules](/general/nat).
::
Now it's time to expose Dockge on the internet so you can access and manage your containers remotely. We assume you've set up the subdomain `dockge.mydomain.com` with a `CNAME` pointing to `mydomain.com`.
::alert{type="warning"}
:::list{type="warning"}
- Dockge does not support multi-factor authentication. Exposing it online could compromise all connected machines. Only do this if you're using an MFA solution like [Authentik](/serveex/securite/authentik/). Otherwise, dont expose it with SWAG — use a VPN like [Wireguard](/serveex/securite/wireguard) instead.
- Dockge does not support multi-factor authentication. Exposing it online could compromise all connected machines. Only do this if you're using an MFA solution like [Authentik](/serveex/security/authentik/). Otherwise, dont expose it with SWAG — use a VPN like [Wireguard](/serveex/security/wireguard) instead.
:::
::

0
content/3.serveex/3.securite/1.wireguard.md → content/3.serveex/3.security/1.wireguard.md
View File

10
content/3.serveex/3.securite/2.authentik.md → content/3.serveex/3.security/2.authentik.md
View File

@ -197,7 +197,7 @@ To use Authentik outside your local network, you must expose it.
::alert{type="info"}
📋 __Prerequisites:__ <br/><br/>
We assume you have already created a subdomain like `auth.mydomain.com` in your [DNS zone](/general/dns), with a CNAME pointing to `mydomain.com`. Also, unless you're using [Cloudflare Zero Trust](/serveex/securite/cloudflare), you must have already forwarded port `443` from your router to port `443` of your server in your [NAT rules](/general/nat).
We assume you have already created a subdomain like `auth.mydomain.com` in your [DNS zone](/general/dns), with a CNAME pointing to `mydomain.com`. Also, unless you're using [Cloudflare Zero Trust](/serveex/security/cloudflare), you must have already forwarded port `443` from your router to port `443` of your server in your [NAT rules](/general/nat).
::
Open the `authentik-server.conf` file:
@ -363,7 +363,7 @@ Your new architecture looks like this:
## Protecting a Remote Server Service
---
For a [native application](/serveex/securite/authentik/#protecting-a-native-app) (via OAuth 2.0 or other), nothing changes.
For a [native application](/serveex/security/authentik/#protecting-a-native-app) (via OAuth 2.0 or other), nothing changes.
For a non-native app behind a reverse proxy, you must deploy an __Outpost__. An Outpost is a container acting as a local proxy — it's the target of your app's auth requests and the only one authorized to communicate with your Authentik API.
@ -373,13 +373,13 @@ Prerequisites:
- If the app has no native integration, use a compatible reverse proxy. We will use [SWAG](/serveex/core/swag) here.
::
This container will forward requests to your main [Authentik](/serveex/securite/authentik#authentik) instance over the internet (or your local network). The server will perform checks and respond to the Outpost, which will allow or block access accordingly.
This container will forward requests to your main [Authentik](/serveex/security/authentik#authentik) instance over the internet (or your local network). The server will perform checks and respond to the Outpost, which will allow or block access accordingly.
![auth-outpost](/img/serveex/auth-outpost.svg)
### Configuring Authentik
Create your [providers and applications](/serveex/securite/authentik/#protecting-a-native-app) as shown earlier.
Create your [providers and applications](/serveex/security/authentik/#protecting-a-native-app) as shown earlier.
Then, in the admin panel, go to _Applications > Outposts_, and create a new outpost.
@ -547,7 +547,7 @@ proxy_pass http://$upstream_authentik:9000;
Save and exit with `Esc`, then `:x` and `Enter`.
Then configure the applications to protect as you did on your main server, whether they are [native](/serveex/securite/authentik/#protecting-a-native-app) or protected via [reverse proxy](/serveex/securite/authentik#protecting-an-app-via-reverse-proxy).
Then configure the applications to protect as you did on your main server, whether they are [native](/serveex/security/authentik/#protecting-a-native-app) or protected via [reverse proxy](/serveex/security/authentik#protecting-an-app-via-reverse-proxy).
## Migrating an Authentik Database
---

2
content/3.serveex/3.securite/3.cloudflare.md → content/3.serveex/3.security/3.cloudflare.md
View File

@ -21,7 +21,7 @@ main:
---
The _Zero Trust_ architecture is the practice of designing systems based on the principle of __"never trust, always verify"__, as opposed to the traditional principle of __"trust, but verify"__. This concept has become increasingly popular recently due to the growing number of attacks targeting user data. Its a broad concept, but well focus on how to apply _Zero Trust_ to the web services we host.
_Cloudflare tunnels_ offer a simple way to implement _Zero Trust_, using [SWAG](/serveex/core/swag) and [Authentik](/serveex/securite/authentik).
_Cloudflare tunnels_ offer a simple way to implement _Zero Trust_, using [SWAG](/serveex/core/swag) and [Authentik](/serveex/security/authentik).
Simply put, Cloudflare Tunnels allow you to:

0
content/3.serveex/3.securite/_dir.yml → content/3.serveex/3.security/_dir.yml
View File

6
content/3.serveex/4.monitoring/1.uptime-kuma.md
View File

@ -68,12 +68,12 @@ You can now access the tool via `http://yourserverip:3200`.
::alert{type="info"}
📋 __Before you begin:__
<br/><br/>
We assume you have the subdomain `stats.mydomain.com` with a `CNAME` pointing to `mydomain.com` in your [DNS zone](/general/dns). And of course, [unless you're using Cloudflare Zero Trust](/serveex/securite/cloudflare), port `443` of your router should point to port `443` of your server via [NAT rules](/general/nat).
We assume you have the subdomain `stats.mydomain.com` with a `CNAME` pointing to `mydomain.com` in your [DNS zone](/general/dns). And of course, [unless you're using Cloudflare Zero Trust](/serveex/security/cloudflare), port `443` of your router should point to port `443` of your server via [NAT rules](/general/nat).
::
::alert{type="warning"}
:::list{type="warning"}
- Uptime-Kuma does not use multi-factor authentication. Exposing Uptime-Kuma on the internet could compromise the machines it monitors. Only do this if you're using an MFA system like [Authentik](/serveex/securite/authentik/). Otherwise, dont expose it with SWAG; use a VPN like [Wireguard](/serveex/securite/wireguard) instead.
- Uptime-Kuma does not use multi-factor authentication. Exposing Uptime-Kuma on the internet could compromise the machines it monitors. Only do this if you're using an MFA system like [Authentik](/serveex/security/authentik/). Otherwise, dont expose it with SWAG; use a VPN like [Wireguard](/serveex/security/wireguard) instead.
:::
::
@ -177,7 +177,7 @@ You can protect this app with Authentik by opening `stats.subdomain.conf` and un
`include /config/nginx/authentik-server.conf;`
and
`include /config/nginx/authentik-location.conf;`.
Dont forget to [create an application and provider in Authentik](/serveex/securite/authentik#protecting-an-app-via-reverse-proxy). If you want the public stats page to be accessible without authentication:
Dont forget to [create an application and provider in Authentik](/serveex/security/authentik#protecting-an-app-via-reverse-proxy). If you want the public stats page to be accessible without authentication:
- Edit the Uptime-Kuma provider
- In *Advanced Protocol Settings > Authenticated Paths*, enter:

6
content/3.serveex/4.monitoring/2.dozzle.md
View File

@ -72,7 +72,7 @@ Deploy the container and go to `http://yourserverip:9135`. Voilà, your Dozzle w
::alert{type="warning"}
:::list{type="warning"}
- Dozzle does not use multi-factor authentication. Exposing Dozzle to the internet could compromise the connected machines. Only do this if you use a multi-factor authentication system like [Authentik](/serveex/securite/authentik/). Otherwise, do not expose it with SWAG and instead use a VPN like [Wireguard](/serveex/securite/wireguard).
- Dozzle does not use multi-factor authentication. Exposing Dozzle to the internet could compromise the connected machines. Only do this if you use a multi-factor authentication system like [Authentik](/serveex/security/authentik/). Otherwise, do not expose it with SWAG and instead use a VPN like [Wireguard](/serveex/security/wireguard).
:::
::
@ -81,7 +81,7 @@ You may want to access Dozzle remotely and on all your devices. To do so, wel
::alert{type="info"}
📋 __Before you begin:__
<br/><br/>
We assume you have created a subdomain like `dozzle.mydomain.com` in your [DNS zone](/general/dns) with a `CNAME` pointing to `mydomain.com` and that, [unless you're using Cloudflare Zero Trust](/serveex/securite/cloudflare), youve redirected port `443` from your router to port `443` on your server in your [NAT rules](/general/nat).
We assume you have created a subdomain like `dozzle.mydomain.com` in your [DNS zone](/general/dns) with a `CNAME` pointing to `mydomain.com` and that, [unless you're using Cloudflare Zero Trust](/serveex/security/cloudflare), youve redirected port `443` from your router to port `443` on your server in your [NAT rules](/general/nat).
::
Go to Dockge and edit the SWAG compose file to add Dozzles network:
@ -177,5 +177,5 @@ Press `Esc`, then save and exit by typing `:x` and pressing `Enter`.
And there you go, Dozzle is now exposed!
::alert{type="success"}
✨ You can protect this app with Authentik by opening `dozzle.subdomain.conf` and removing the `#` in front of `include /config/nginx/authentik-server.conf;`{lang=nginx} and `include /config/nginx/authentik-location.conf;`{lang=nginx}. Dont forget to [create an application and a provider in Authentik](/serveex/securite/authentik#protecting-an-app-via-reverse-proxy).
✨ You can protect this app with Authentik by opening `dozzle.subdomain.conf` and removing the `#` in front of `include /config/nginx/authentik-server.conf;`{lang=nginx} and `include /config/nginx/authentik-location.conf;`{lang=nginx}. Dont forget to [create an application and a provider in Authentik](/serveex/security/authentik#protecting-an-app-via-reverse-proxy).
::

6
content/3.serveex/4.monitoring/3.speedtest-tracker.md
View File

@ -91,14 +91,14 @@ Deploy the container and go to `http://yourserverip:3225`. Log in with the accou
---
::alert{type="info"}
📋 **Prerequisites:**
We assume that you've already created a subdomain like `speedtest.yourdomain.com` in your [DNS zone](/general/dns) with a `CNAME` pointing to `yourdomain.com`, and [unless youre using Cloudflare Zero Trust](/serveex/securite/cloudflare), you've also forwarded port `443` from your router to port `443` of your server in your [NAT rules](/general/nat).
We assume that you've already created a subdomain like `speedtest.yourdomain.com` in your [DNS zone](/general/dns) with a `CNAME` pointing to `yourdomain.com`, and [unless youre using Cloudflare Zero Trust](/serveex/security/cloudflare), you've also forwarded port `443` from your router to port `443` of your server in your [NAT rules](/general/nat).
::
Now we want to expose Speedtest Tracker to the internet so you can access it remotely. We assume you've set up the DNS `CNAME` for `speedtest.yourdomain.com` pointing to `yourdomain.com`.
::alert{type="warning"}
:::list{type="warning"}
- Speedtest Tracker does not use multi-factor authentication. Exposing it on the internet could compromise connected devices. Do so only if you use a multi-factor system like [Authentik](/serveex/securite/authentik/). Otherwise, avoid using SWAG and prefer a VPN like [Wireguard](/serveex/securite/wireguard).
- Speedtest Tracker does not use multi-factor authentication. Exposing it on the internet could compromise connected devices. Do so only if you use a multi-factor system like [Authentik](/serveex/security/authentik/). Otherwise, avoid using SWAG and prefer a VPN like [Wireguard](/serveex/security/wireguard).
:::
::
@ -192,5 +192,5 @@ Wait a moment, then visit `https://speedtest.yourdomain.com` in your browser —
::alert{type="success"}
✨ You can protect this app with Authentik by opening `speedtest.subdomain.conf` and uncommenting
`include /config/nginx/authentik-server.conf;` and `include /config/nginx/authentik-location.conf;`.
Dont forget to [create an application and provider in Authentik](/serveex/securite/authentik#protecting-an-app-via-reverse-proxy).
Dont forget to [create an application and provider in Authentik](/serveex/security/authentik#protecting-an-app-via-reverse-proxy).
::

4
content/3.serveex/4.monitoring/4.beszel.md
View File

@ -148,7 +148,7 @@ Deploy the stack on the remote server. Data will begin flowing into the web UI a
::alert{type="warning"}
:::list{type="warning"}
- Beszel does not support multi-factor authentication. Exposing it on the internet could compromise connected machines. Only do this if you're using a system like [Authentik](/serveex/securite/authentik/). Otherwise, do not expose with SWAG—use a VPN like [Wireguard](/serveex/securite/wireguard) instead.
- Beszel does not support multi-factor authentication. Exposing it on the internet could compromise connected machines. Only do this if you're using a system like [Authentik](/serveex/security/authentik/). Otherwise, do not expose with SWAG—use a VPN like [Wireguard](/serveex/security/wireguard) instead.
:::
::
@ -247,5 +247,5 @@ Press `Esc`, type `:x`, and hit `Enter` to save and exit.
Thats it—Beszel is now exposed!
::alert{type="success"}
✨ You can protect this app with Authentik by opening `beszel.subdomain.conf` and removing the `#` in front of `include /config/nginx/authentik-server.conf;` and `include /config/nginx/authentik-location.conf;`. Dont forget to [create an application and provider in Authentik](/serveex/securite/authentik#protecting-an-app-via-reverse-proxy).
✨ You can protect this app with Authentik by opening `beszel.subdomain.conf` and removing the `#` in front of `include /config/nginx/authentik-server.conf;` and `include /config/nginx/authentik-location.conf;`. Dont forget to [create an application and provider in Authentik](/serveex/security/authentik#protecting-an-app-via-reverse-proxy).
::

4
content/3.serveex/4.monitoring/5.upsnap.md
View File

@ -85,7 +85,7 @@ Deploy the container and go to `http://yourserverip:8095`. Just follow the steps
::alert{type="warning"}
:::list{type="warning"}
- UpSnap does not support multi-factor authentication. Exposing it on the internet could compromise connected machines. Do this only if you're using a multi-factor authentication system like [Authentik](/serveex/securite/authentik/). Otherwise, avoid exposing it with SWAG and use a VPN like [Wireguard](/serveex/securite/wireguard) instead.
- UpSnap does not support multi-factor authentication. Exposing it on the internet could compromise connected machines. Do this only if you're using a multi-factor authentication system like [Authentik](/serveex/security/authentik/). Otherwise, avoid exposing it with SWAG and use a VPN like [Wireguard](/serveex/security/wireguard) instead.
:::
::
@ -190,5 +190,5 @@ Press `Escape`, then save and exit by typing `:x` and pressing `Enter`.
And thats it — youve exposed UpSnap!
::alert{type="success"}
✨ You can protect this app with Authentik by opening `upsnap.subdomain.conf` and removing the `#` in front of `include /config/nginx/authentik-server.conf;`{lang=nginx} and `include /config/nginx/authentik-location.conf;`{lang=nginx}. Dont forget to [create an application and provider in Authentik](/serveex/securite/authentik#protecting-an-app-via-reverse-proxy).
✨ You can protect this app with Authentik by opening `upsnap.subdomain.conf` and removing the `#` in front of `include /config/nginx/authentik-server.conf;`{lang=nginx} and `include /config/nginx/authentik-location.conf;`{lang=nginx}. Dont forget to [create an application and provider in Authentik](/serveex/security/authentik#protecting-an-app-via-reverse-proxy).
::

4
content/3.serveex/5.media/1.plex.md
View File

@ -175,7 +175,7 @@ However, you may want to expose Tautulli so you can view stats from a simple URL
::alert{type="info"}
:::list{type="info"}
- We assume you have the subdomain `tautulli.mydomain.com` with a `CNAME` pointing to `mydomain.com` in your [DNS zone](/general/dns). And of course, [unless you use Cloudflare Zero Trust](/serveex/securite/cloudflare), your box's port `443` must be forwarded to your server's port `443` in [NAT rules](/general/nat).
- We assume you have the subdomain `tautulli.mydomain.com` with a `CNAME` pointing to `mydomain.com` in your [DNS zone](/general/dns). And of course, [unless you use Cloudflare Zero Trust](/serveex/security/cloudflare), your box's port `443` must be forwarded to your server's port `443` in [NAT rules](/general/nat).
:::
::
@ -298,7 +298,7 @@ server {
```
::alert{type="success"}
✨ You can protect this app with Authentik by removing the `#` before `include /config/nginx/authentik-server.conf;` and `include /config/nginx/authentik-location.conf;`. Dont forget to [create an application and provider in Authentik](/serveex/securite/authentik#protecting-an-app-via-reverse-proxy).
✨ You can protect this app with Authentik by removing the `#` before `include /config/nginx/authentik-server.conf;` and `include /config/nginx/authentik-location.conf;`. Dont forget to [create an application and provider in Authentik](/serveex/security/authentik#protecting-an-app-via-reverse-proxy).
::
Press `Esc` then save and quit by typing `:x`

4
content/3.serveex/5.media/2.qbittorrent.md
View File

@ -209,7 +209,7 @@ When adding a download, remember to select the proper directory so Plex can sync
::alert{type="warning"}
:::list{type="warning"}
- Qbittorrent does not support multi-factor authentication. Exposing it to the internet may put your system at risk. Only do this if you use MFA via [Authentik](/serveex/securite/authentik/). Otherwise, dont expose it with SWAG—use a VPN like [Wireguard](/serveex/securite/wireguard) instead.
- Qbittorrent does not support multi-factor authentication. Exposing it to the internet may put your system at risk. Only do this if you use MFA via [Authentik](/serveex/security/authentik/). Otherwise, dont expose it with SWAG—use a VPN like [Wireguard](/serveex/security/wireguard) instead.
:::
::
@ -311,7 +311,7 @@ server {
```
::alert{type="success"}
✨ You can secure this app with Authentik by uncommenting the `authentik-server.conf` and `authentik-location.conf` lines. Dont forget to [create an app and provider in Authentik](/serveex/securite/authentik#protecting-an-app-via-reverse-proxy).
✨ You can secure this app with Authentik by uncommenting the `authentik-server.conf` and `authentik-location.conf` lines. Dont forget to [create an app and provider in Authentik](/serveex/security/authentik#protecting-an-app-via-reverse-proxy).
::
Press `Esc`, type `:x` to save and quit.

2
content/3.serveex/5.media/3.servarr.md
View File

@ -385,7 +385,7 @@ It can be useful to expose Overseerr if you want to send requests from outside y
::alert{type="info"}
:::list{type="info"}
- We assume you have the subdomain `films.mydomain.com` with a `CNAME` pointing to `films.fr` in your [DNS zone](/general/dns). And that [unless youre using Cloudflare Zero Trust](/serveex/securite/cloudflare), port `443` on your router is forwarded to port `443` on your server via [NAT rules](/general/nat).
- We assume you have the subdomain `films.mydomain.com` with a `CNAME` pointing to `films.fr` in your [DNS zone](/general/dns). And that [unless youre using Cloudflare Zero Trust](/serveex/security/cloudflare), port `443` on your router is forwarded to port `443` on your server via [NAT rules](/general/nat).
:::
::

2
content/3.serveex/6.cloud/1.immich.md
View File

@ -59,7 +59,7 @@ The main benefit of this setup is being able to access Immich remotely on all yo
::alert{type="info"}
📋 __Before you begin:__
<br/><br/>
We assume that you have a subdomain `immich.yourdomain.com` with a `CNAME` pointing to `yourdomain.com` in your [DNS zone](/general/dns). Also, unless you're using [Cloudflare Zero Trust](/serveex/securite/cloudflare), make sure port `443` on your router is forwarded to port `443` on your server via [NAT rules](/general/nat).
We assume that you have a subdomain `immich.yourdomain.com` with a `CNAME` pointing to `yourdomain.com` in your [DNS zone](/general/dns). Also, unless you're using [Cloudflare Zero Trust](/serveex/security/cloudflare), make sure port `443` on your router is forwarded to port `443` on your server via [NAT rules](/general/nat).
::
In Dockge, open the SWAG stack and edit the compose file to add Immich's network:

2
content/3.serveex/6.cloud/2.nextcloud.md
View File

@ -89,7 +89,7 @@ The goal of this setup is to access Nextcloud remotely from all your devices. We
::alert{type="info"}
:::list{type="info"}
- We assume you have a subdomain `nextcloud.yourdomain.com` with a `CNAME` pointing to `yourdomain.com` in your [DNS zone](/general/dns). And unless youre using [Cloudflare Zero Trust](/serveex/securite/cloudflare), port `443` on your router must be forwarded to port `443` on your server using [NAT rules](/general/nat).
- We assume you have a subdomain `nextcloud.yourdomain.com` with a `CNAME` pointing to `yourdomain.com` in your [DNS zone](/general/dns). And unless youre using [Cloudflare Zero Trust](/serveex/security/cloudflare), port `443` on your router must be forwarded to port `443` on your server using [NAT rules](/general/nat).
:::
::

4
content/3.serveex/7.files/1.file-browser.md
View File

@ -59,7 +59,7 @@ Deploy the container and go to `http://yourserverip:8010`. Thats it—your Fi
::alert{type="warning"}
:::list{type="warning"}
- File Browser does not support multi-factor authentication. Exposing it publicly could put your systems at risk. Only do this if youre using a secure authentication solution like [Authentik](/serveex/securite/authentik/). Otherwise, do not expose it with SWAG—use a VPN like [Wireguard](/serveex/securite/wireguard) instead.
- File Browser does not support multi-factor authentication. Exposing it publicly could put your systems at risk. Only do this if youre using a secure authentication solution like [Authentik](/serveex/security/authentik/). Otherwise, do not expose it with SWAG—use a VPN like [Wireguard](/serveex/security/wireguard) instead.
:::
::
@ -160,5 +160,5 @@ Press `Esc`, then save and exit with `:x` followed by `Enter`.
Thats it—File Browser is now exposed!
::alert{type="success"}
✨ __Tip:__ You can protect this app with Authentik by opening `files.subdomain.conf` and uncommenting `include /config/nginx/authentik-server.conf;`{lang=nginx} and `include /config/nginx/authentik-location.conf;`{lang=nginx}. Dont forget to [create an application and provider in Authentik](/serveex/securite/authentik#protecting-an-app-via-reverse-proxy).
✨ __Tip:__ You can protect this app with Authentik by opening `files.subdomain.conf` and uncommenting `include /config/nginx/authentik-server.conf;`{lang=nginx} and `include /config/nginx/authentik-location.conf;`{lang=nginx}. Dont forget to [create an application and provider in Authentik](/serveex/security/authentik#protecting-an-app-via-reverse-proxy).
::

2
content/3.serveex/7.files/2.pingvin.md
View File

@ -81,7 +81,7 @@ Tout l'intérêt d'une telle solution, c'est de pouvoir y accéder à distance e
::alert{type="info"}
📋 __Au préalable :__
<br/><br/>
Nous partons du principe que vous avez le sous-domaine `pingvin.mondomaine.fr` avec un `CNAME` qui pointe vers `mondomaine.fr` dans votre [zone DNS](/general/dns). Et que bien sûr, [à moins que vous utilisiez Cloudflare Zero Trust](/serveex/securite/cloudflare), le port `443` de votre box pointe bien sur le port `443` de votre serveur via [les règles NAT](/general/nat).
Nous partons du principe que vous avez le sous-domaine `pingvin.mondomaine.fr` avec un `CNAME` qui pointe vers `mondomaine.fr` dans votre [zone DNS](/general/dns). Et que bien sûr, [à moins que vous utilisiez Cloudflare Zero Trust](/serveex/security/cloudflare), le port `443` de votre box pointe bien sur le port `443` de votre serveur via [les règles NAT](/general/nat).
::
Dans Dockge, rendez-vous dans la stack de SWAG et éditez le compose en ajoutant le réseau de pingvin :

4
content/3.serveex/8.development/1.code-server.md
View File

@ -122,7 +122,7 @@ The whole point of such a solution is to access it remotely from any device. To
::alert{type="info"}
:::list{type="info"}
- __Preliminary:__ We assume youve created a subdomain like `code.yourdomain.com` with a `CNAME` pointing to `yourdomain.com` in your [DNS zone](/general/dns), and—unless you're using [Cloudflare Zero Trust](/serveex/securite/cloudflare)—that youve forwarded port `443` from your router to port `443` on your server using [NAT rules](/general/nat).
- __Preliminary:__ We assume youve created a subdomain like `code.yourdomain.com` with a `CNAME` pointing to `yourdomain.com` in your [DNS zone](/general/dns), and—unless you're using [Cloudflare Zero Trust](/serveex/security/cloudflare)—that youve forwarded port `443` from your router to port `443` on your server using [NAT rules](/general/nat).
:::
::
@ -219,5 +219,5 @@ Press `Esc`, then save and exit by typing `:x` and pressing `Enter`.
Thats it — code-server is now exposed!
::alert{type="success"}
✨ __Tip:__ You can protect this app with Authentik by opening `code.subdomain.conf` and uncommenting the lines `include /config/nginx/authentik-server.conf;` and `include /config/nginx/authentik-location.conf;`. Dont forget to [create an application and provider in Authentik](/serveex/securite/authentik#protecting-an-app-via-reverse-proxy).
✨ __Tip:__ You can protect this app with Authentik by opening `code.subdomain.conf` and uncommenting the lines `include /config/nginx/authentik-server.conf;` and `include /config/nginx/authentik-location.conf;`. Dont forget to [create an application and provider in Authentik](/serveex/security/authentik#protecting-an-app-via-reverse-proxy).
::

2
content/3.serveex/8.development/2.gitea.md
View File

@ -74,7 +74,7 @@ The benefit of this setup is being able to access it remotely from any of your d
::alert{type="info"}
:::list{type="info"}
- __Prerequisite:__ We assume you have created a subdomain such as `gitea.yourdomain.com` in your [DNS zone](/general/dns) with `CNAME` pointing to `yourdomain.com`, and [unless you're using Cloudflare Zero Trust](/serveex/securite/cloudflare), you have already forwarded port `443` from your router to your servers port `443` in the [NAT rules](/general/nat).
- __Prerequisite:__ We assume you have created a subdomain such as `gitea.yourdomain.com` in your [DNS zone](/general/dns) with `CNAME` pointing to `yourdomain.com`, and [unless you're using Cloudflare Zero Trust](/serveex/security/cloudflare), you have already forwarded port `443` from your router to your servers port `443` in the [NAT rules](/general/nat).
:::
::

4
content/3.serveex/8.development/3.it-tools.md
View File

@ -58,7 +58,7 @@ You might want to access it remotely on all your devices. To do that, we'll expo
::alert{type="info"}
:::list{type="info"}
- __Pre-requisite:__ We assume youve created a subdomain like `tools.yourdomain.com` in your [DNS zone](/general/dns) with `CNAME` set to `yourdomain.com`. Also, unless youre using [Cloudflare Zero Trust](/serveex/securite/cloudflare), make sure youve already forwarded port `443` from your router to port `443` on your server in the [NAT rules](/general/nat).
- __Pre-requisite:__ We assume youve created a subdomain like `tools.yourdomain.com` in your [DNS zone](/general/dns) with `CNAME` set to `yourdomain.com`. Also, unless youre using [Cloudflare Zero Trust](/serveex/security/cloudflare), make sure youve already forwarded port `443` from your router to port `443` on your server in the [NAT rules](/general/nat).
:::
::
@ -162,5 +162,5 @@ Press `Esc`, then save and exit by typing `:x` and pressing `Enter`.
And thats it — IT Tools is now exposed!
::alert{type="success"}
✨ __Tip:__ You can secure this app with Authentik by opening `tools.subdomain.conf` and uncommenting the lines `include /config/nginx/authentik-server.conf;` and `include /config/nginx/authentik-location.conf;`. Dont forget to [create an application and a provider in Authentik](/serveex/securite/authentik#protecting-an-app-via-reverse-proxy).
✨ __Tip:__ You can secure this app with Authentik by opening `tools.subdomain.conf` and uncommenting the lines `include /config/nginx/authentik-server.conf;` and `include /config/nginx/authentik-location.conf;`. Dont forget to [create an application and a provider in Authentik](/serveex/security/authentik#protecting-an-app-via-reverse-proxy).
::

2
content/3.serveex/9.apps/1.adguard.md
View File

@ -231,7 +231,7 @@ server {
::alert{type="success"}
__Tip:__
<br/><br/>
You can protect this app with Authentik by opening `adguard.subdomain.conf` and removing the `#` in front of `include /config/nginx/authentik-server.conf;`{lang=nginx} and `include /config/nginx/authentik-location.conf;`{lang=nginx}. Dont forget to [create an application and a provider in Authentik](/serveex/securite/authentik/#protéger-une-app-par-reverse-proxy). Youll need to exclude the URL `https://adguard.mydomain.com/dns-query` from authentication:
You can protect this app with Authentik by opening `adguard.subdomain.conf` and removing the `#` in front of `include /config/nginx/authentik-server.conf;`{lang=nginx} and `include /config/nginx/authentik-location.conf;`{lang=nginx}. Dont forget to [create an application and a provider in Authentik](/serveex/security/authentik/#protéger-une-app-par-reverse-proxy). Youll need to exclude the URL `https://adguard.mydomain.com/dns-query` from authentication:
- Edit the AdGuard provider
- Under *Advanced Protocol Settings > Authenticated Paths*, enter `^/dns-query`

2
content/3.serveex/9.apps/2.vaultwarden.md
View File

@ -240,5 +240,5 @@ And there you go — Vaultwarden is now exposed! Visit `vault.yourdomain.com` to
Don't forget to install Bitwarden browser extensions (they work with Vaultwarden) for [Chrome](https://chromewebstore.google.com/detail/gestionnaire-de-mots-de-p/nngceckbapebfimnlniiiahkandclblb) and [Firefox](https://addons.mozilla.org/fr/firefox/addon/bitwarden-password-manager/), as well as [iOS](https://apps.apple.com/fr/app/bitwarden/id1137397744) and [Android](https://play.google.com/store/apps/details?id=com.x8bit.bitwarden&hl=fr) apps to sync your passwords.
::alert{type="success"}
__Tip:__ You can protect this app with Authentik by opening `tools.subdomain.conf` and removing the `#` in front of `include /config/nginx/authentik-server.conf;` and `include /config/nginx/authentik-location.conf;`. Don't forget to [create an application and provider in Authentik](/serveex/securite/authentik#protecting-an-app-via-reverse-proxy).
__Tip:__ You can protect this app with Authentik by opening `tools.subdomain.conf` and removing the `#` in front of `include /config/nginx/authentik-server.conf;` and `include /config/nginx/authentik-location.conf;`. Don't forget to [create an application and provider in Authentik](/serveex/security/authentik#protecting-an-app-via-reverse-proxy).
::