Djeex/docudjeex
1
1
Fork 0
Code Issues Pull Requests Projects Wiki Activity

Better sh hl

Browse Source
This commit is contained in:
Djeex
2025-08-10 22:59:47 +00:00
parent 6eaf8a5c94
commit 876d0a6ff5
28 changed files with 134 additions and 118 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
content/3.serveex/3.security/1.wireguard.md
View File

@@ -63,7 +63,7 @@ So only VPN-connected devices can communicate with each other on the VPN, not wi
Folder structure:
```console
```sh
root
└── docker
└── wg-easy
@@ -142,7 +142,7 @@ Deploy the stack.
To allow communication between VPN clients, enable:
```shell
```sh
sudo sysctl net.ipv4.ip_forward=1
sudo sysctl net.ipv4.conf.all.src_valid_mark=1
```
@@ -172,7 +172,7 @@ To configure clients, download the config files from the server:
Folder structure:
```console
```sh
root
└── docker
└── wireguard
@@ -187,7 +187,7 @@ Create the folder `/docker/wireguard/config/wg_confs`:
__Tip:__ Use [File Browser](/serveex/files/file-browser) to browse and edit files without terminal
::
```shell
```sh
sudo mkdir -p /docker/wireguard/config/wg_confs
```
@@ -196,14 +196,14 @@ Copy the `wg0.conf` file downloaded earlier:
::alert{type="success"}
__Tip:__ Easiest way is to transfer the file via SFTP to `/home/youruser`, then move it:
```shell
```sh
sudo cp ~/wg0.conf /docker/wireguard/config/wg_confs
```
::
Create `compose.yaml` in `/docker/wireguard`:
```shell
```sh
sudo vi /docker/wireguard/compose.yaml
```
@@ -230,7 +230,7 @@ Press `Esc` then type `:x` to save and exit.
Start the container:
```shell
```sh
cd /docker/wireguard
sudo docker compose up -d
```

36
content/3.serveex/3.security/2.authentik.md
View File

@@ -39,7 +39,7 @@ Both modes can be configured on a per-application basis.
## Installation
---
Folder structure:
```console
```sh
root
└── docker
└── authentik
@@ -53,13 +53,13 @@ root
Create the folders:
```shell
```sh
sudo mkdir -p /docker/authentik/media /docker/authentik/certs /docker/authentik/custom-template /docker/authentik/ssh
```
Navigate to the `authentik` folder and generate a password and secret key to include in the `.env` file:
```shell
```sh
sudo echo "PG_PASS=$(openssl rand 36 | base64)" >> .env
sudo echo "AUTHENTIK_SECRET_KEY=$(openssl rand 60 | base64)" >> .env
```
@@ -68,7 +68,7 @@ sudo echo "AUTHENTIK_SECRET_KEY=$(openssl rand 60 | base64)" >> .env
:::list{type="info"}
- To generate the keys, we created the folders ahead of deployment using Dockge. Dockge will prevent you from creating a stack with the same name in these folders unless a `compose.yml` file exists. So, create an empty `compose.yml` so it appears as an inactive stack:
:::
```shell
```sh
sudo vi /docker/authentik/compose.yml
::
@@ -205,7 +205,7 @@ Open the `authentik-server.conf` file:
You can use [File Browser](/serveex/files/file-browser) to navigate and edit files instead of using terminal commands.
::
```shell
```sh
sudo vi /docker/swag/config/nginx/authentik-server.conf
```
@@ -220,7 +220,7 @@ If not, press `i` to enter edit mode, make the necessary changes, then save and
Create the `auth.subdomain.conf` file:
```shell
```sh
sudo vi /docker/swag/config/nginx/proxy-confs/auth.subdomain.conf
```
@@ -335,7 +335,7 @@ Why do this when Dockge already has authentication? Because Dockge uses weak HTT
Edit the file `dockge.mydomain.com`:
```shell
```sh
sudo vi /docker/swag/config/nginx/proxy-confs/dockge.subdomain.conf
```
@@ -417,7 +417,7 @@ On your remote machine, use [Dockge](/serveex/core/docker/#installer-dockge-pour
If you havent installed [Dockge](/serveex/core/docker/#installer-dockge-pour-gérer-et-déployer-les-conteneurs), create a folder `/docker/authentik-outpost`, or directly via command line:
```shell
```sh
sudo mkdir -P /docker/authentik-outpost
```
@@ -430,7 +430,7 @@ Create the `compose.yaml` file or paste the configuration directly into Dockge i
Via command line:
```shell
```sh
sudo vi /docker/authentik-outpost/compose.yaml
```
Enter edit mode by pressing `i` and paste the following configuration, updating the version in `{AUTHENTIK_TAG:proxy:2024.2.3}`{lang=properties} to match your Authentik server version.
@@ -457,7 +457,7 @@ services:
Go to the SWAG stack on the remote machine (or edit directly using Dockge) and add the authentik-outpost network in the configuration file like this (see `networks` section):
```shell
```sh
sudo vi /docker/swag/compose.yaml
```
@@ -488,7 +488,7 @@ If using [Dockge](/serveex/core/docker/#installer-dockge-pour-gérer-et-déploye
Otherwise, via terminal:
```shell
```sh
cd /docker/swag/
sudo docker compose up -d
```
@@ -497,7 +497,7 @@ Create (or fill using Dockge) the `.env` file in the `authentik-outpost` directo
Via command line:
```shell
```sh
sudo vi /docker/authentik-outpost/.env
```
@@ -521,7 +521,7 @@ If using Dockge, deploy the stack.
Otherwise, via terminal:
```shell
```sh
cd /docker/authentik-outpost/
sudo docker compose up -d
```
@@ -532,7 +532,7 @@ Now, lets configure SWAG.
Open the `authentik-server.conf` file:
```shell
```sh
sudo vi /docker/swag/config/nginx/authentik-server.conf
```
@@ -551,24 +551,24 @@ Then configure the applications to protect as you did on your main server, wheth
---
On the source machine, dump the database:
```shell
```sh
sudo docker exec authentik-postgres pg_dump -U authentik -F t authentik > /path/to/mydb.tar
```
Then transfer it to the target machine. On the target machine, copy the file into the Docker container:
```shell
```sh
cp /path/to/mydb.tar authentik-postgres:/path/to/wherever
```
(Optional) Purge existing tables:
```shell
```sh
sudo docker exec -i authentik-postgres psql -U authentik -c "SELECT pg_terminate_backend(pg_stat_activity.pid) FROM pg_stat_activity WHERE pg_stat_activity.datname = 'authentik' AND pid <> pg_backend_pid();" && sudo docker exec -i authentik-postgres psql -U authentik -d postgres -c "DROP DATABASE IF EXISTS authentik;" && sudo docker exec -i authentik-postgres psql -U authentik -d postgres -c "CREATE DATABASE authentik;"
```
Restore the database:
```shell
```sh
sudo docker exec authentik-postgresql pg_restore -U authentik -d authentik /path/to/wherever/mydb.tar
```

4
content/3.serveex/3.security/3.cloudflare.md
View File

@@ -97,7 +97,7 @@ Create a file `tunnelconfig.yml` to reference in your SWAG `compose.yaml`.
__Tip:__ Use [File Browser](/serveex/files/file-browser) to navigate and edit files instead of using the terminal.
::
```shell
```sh
sudo vi /docker/swag/config/tunnelconfig.yml
```
@@ -120,7 +120,7 @@ Now configure _Cloudflare Real IP_.
Open the `nginx.conf` file:
```shell
```sh
sudo vi /docker/swag/config/nginx/nginx.conf
```