Merge pull request #722 from hedgedoc/docs/various-fixes

This commit is contained in:
Yannick Bungers 2021-01-14 21:48:58 +01:00 committed by GitHub
commit f8757382af
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
14 changed files with 106 additions and 83 deletions

View file

@ -17,7 +17,7 @@
6. Add the Client ID and Client Secret to your config.json file or pass them as environment variables 6. Add the Client ID and Client Secret to your config.json file or pass them as environment variables
- `config.json`: - `config.json`:
```js ```json
{ {
"production": { "production": {
"github": { "github": {
@ -29,7 +29,7 @@
``` ```
- environment variables: - environment variables:
```sh ```shell
CMD_GITHUB_CLIENTID=3747d30eaccXXXXXXXXX CMD_GITHUB_CLIENTID=3747d30eaccXXXXXXXXX
CMD_GITHUB_CLIENTSECRET=2a8e682948eee0c580XXXXXXXXXXXXXXXXXXXXXX CMD_GITHUB_CLIENTSECRET=2a8e682948eee0c580XXXXXXXXXXXXXXXXXXXXXX
```` ```

View file

@ -1,6 +1,6 @@
# GitLab (self-hosted) # GitLab (self-hosted)
*Note:* This guide was written before the renaming. Just replace `HackMD` with `HedgeDoc` in your mind :smile: thanks! **Note:** *This guide was written before the renaming. Just replace `HackMD` with `HedgeDoc` in your mind 😃 thanks!*
1. Sign in to your GitLab 1. Sign in to your GitLab
2. Navigate to the application management page at `https://your.gitlab.domain/admin/applications` (admin permissions required) 2. Navigate to the application management page at `https://your.gitlab.domain/admin/applications` (admin permissions required)
@ -9,13 +9,14 @@
![New GitLab application](../../images/auth/gitlab-new-application.png) ![New GitLab application](../../images/auth/gitlab-new-application.png)
4. Click **Submit** 4. Click **Submit**
5. In the list of applications select **HackMD**. Leave that site open to copy the application ID and secret in the next step. 5. In the list of applications select **HackMD**. Leave that site open to copy the application ID and secret in the next
step.
![Application: HackMD](../../images/auth/gitlab-application-details.png) ![Application: HackMD](../../images/auth/gitlab-application-details.png)
6. In the `docker-compose.yml` add the following environment variables to `app:` `environment:` 6. In the `docker-compose.yml` add the following environment variables to `app:` `environment:`
```Dockerfile ```yaml
- CMD_DOMAIN=your.hedgedoc.domain - CMD_DOMAIN=your.hedgedoc.domain
- CMD_URL_ADDPORT=true - CMD_URL_ADDPORT=true
- CMD_PROTOCOL_USESSL=true - CMD_PROTOCOL_USESSL=true

View file

@ -30,7 +30,7 @@ You may note that a separate realm is specified throughout this tutorial. It is
5. In the `docker-compose.yml` add the following environment variables to `app:` `environment:` 5. In the `docker-compose.yml` add the following environment variables to `app:` `environment:`
```Dockerfile ```yaml
CMD_OAUTH2_USER_PROFILE_URL=https://keycloak.example.com/auth/realms/your-realm/protocol/openid-connect/userinfo CMD_OAUTH2_USER_PROFILE_URL=https://keycloak.example.com/auth/realms/your-realm/protocol/openid-connect/userinfo
CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR=preferred_username CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR=preferred_username
CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR=name CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR=name

View file

@ -2,19 +2,22 @@
To setup your HedgeDoc instance with Active Directory you need the following configs: To setup your HedgeDoc instance with Active Directory you need the following configs:
```env ```shell
CMD_LDAP_URL=ldap://internal.example.com CMD_LDAP_URL=ldap://internal.example.com
CMD_LDAP_BINDDN=cn=binduser,cn=Users,dc=internal,dc=example,dc=com CMD_LDAP_BINDDN=cn=binduser,cn=Users,dc=internal,dc=example,dc=com
CMD_LDAP_BINDCREDENTIALS=<super secret password> CMD_LDAP_BINDCREDENTIALS="<super secret password>"
CMD_LDAP_SEARCHBASE=dc=internal,dc=example,dc=com CMD_LDAP_SEARCHBASE=dc=internal,dc=example,dc=com
CMD_LDAP_SEARCHFILTER=(&(objectcategory=person)(objectclass=user)(|(sAMAccountName={{username}})(mail={{username}}))) CMD_LDAP_SEARCHFILTER=(&(objectcategory=person)(objectclass=user)(|(sAMAccountName={{username}})(mail={{username}})))
CMD_LDAP_USERIDFIELD=sAMAccountName CMD_LDAP_USERIDFIELD=sAMAccountName
CMD_LDAP_PROVIDERNAME=Example Inc AD CMD_LDAP_PROVIDERNAME="Example Inc AD"
``` ```
`CMD_LDAP_BINDDN` is either the `distinguishedName` or the `userPrincipalName`. *This can cause "username/password is invalid" when either this value or the password from `CMD_LDAP_BINDCREDENTIALS` are incorrect.* `CMD_LDAP_BINDDN` is either the `distinguishedName` or the `userPrincipalName`.
*This can cause "username/password is invalid" when either this value or the password from `CMD_LDAP_BINDCREDENTIALS`
are incorrect.*
`CMD_LDAP_SEARCHFILTER` matches on all users and uses either the email address or the `sAMAccountName` (usually the login name you also use to login to Windows). `CMD_LDAP_SEARCHFILTER` matches on all users and uses either the email address or the `sAMAccountName` (usually the
login name you also use to login to Windows).
*Only using `sAMAccountName` looks like this:* `(&(objectcategory=person)(objectclass=user)(sAMAccountName={{username}}))` *Only using `sAMAccountName` looks like this:* `(&(objectcategory=person)(objectclass=user)(sAMAccountName={{username}}))`

View file

@ -24,7 +24,7 @@ This guide uses the generic OAuth2 module for compatibility with Mattermost vers
7. Add the Client ID and Client Secret to your config.json file or pass them as environment variables 7. Add the Client ID and Client Secret to your config.json file or pass them as environment variables
- `config.json`: - `config.json`:
```javascript ```json
{ {
"production": { "production": {
"oauth2": { "oauth2": {

View file

@ -1,8 +1,13 @@
# Authentication guide - Nextcloud (self-hosted) # Authentication guide - Nextcloud (self-hosted)
*This has been constructed using the [Nextcloud OAuth2 Documentation](https://docs.nextcloud.com/server/14/admin_manual/configuration_server/oauth2.html?highlight=oauth2) combined with [this issue comment on the nextcloud bugtracker](https://github.com/nextcloud/server/issues/5694#issuecomment-314761326).* *This has been constructed using
the [Nextcloud OAuth2 Documentation](https://docs.nextcloud.com/server/14/admin_manual/configuration_server/oauth2.html?highlight=oauth2)
combined
with [this issue comment on the nextcloud bugtracker](https://github.com/nextcloud/server/issues/5694#issuecomment-314761326)
.*
This guide uses the generic OAuth2 module for compatibility with Nextcloud 13 and above (this guide has been tested successfully with Nextcloud 14). This guide uses the generic OAuth2 module for compatibility with Nextcloud 13 and above (this guide has been tested
successfully with Nextcloud 14 and Nextcloud 20).
1. Sign-in with an administrator account to your Nextcloud server 1. Sign-in with an administrator account to your Nextcloud server
@ -18,11 +23,14 @@ This guide uses the generic OAuth2 module for compatibility with Nextcloud 13 an
4. You'll now see a line containing a *client identifier* and a *Secret*. 4. You'll now see a line containing a *client identifier* and a *Secret*.
![Successfully added OAuth2-client](../../images/auth/nextcloud-oauth2-3-clientid-secret.png) ![Successfully added OAuth2-client](../../images/auth/nextcloud-oauth2-3-clientid-secret.png)
5. That's it for Nextcloud, the rest is configured in your HedgeDoc `config.json` or via the `CMD_` environment variables! 5. That's it for Nextcloud, the rest is configured in your HedgeDoc `config.json` or via the `CMD_` environment
variables!
6. Add the Client ID and Client Secret to your `config.json` file or pass them as environment variables. Make sure you also replace `<your-nextcloud-domain>` with the right domain name. 6. Add the Client ID and Client Secret to your `config.json` file or pass them as environment variables. Make sure you
also replace `<your-nextcloud-domain>` with the right domain name.
- `config.json`: - `config.json`:
```javascript
```json
{ {
"production": { "production": {
"oauth2": { "oauth2": {
@ -40,6 +48,7 @@ This guide uses the generic OAuth2 module for compatibility with Nextcloud 13 an
``` ```
- environment variables: - environment variables:
```sh ```sh
CMD_OAUTH2_CLIENT_ID=ii4p1u3jz7dXXXXXXXXXXXXXXX CMD_OAUTH2_CLIENT_ID=ii4p1u3jz7dXXXXXXXXXXXXXXX
CMD_OAUTH2_CLIENT_SECRET=mqzzx6fydbXXXXXXXXXXXXXXXX CMD_OAUTH2_CLIENT_SECRET=mqzzx6fydbXXXXXXXXXXXXXXXX

View file

@ -107,7 +107,7 @@ The configured mappers should look like this:
} }
``` ```
It you configure HedgeDoc with enviroment variables, these are the ones you have to set: It you configure HedgeDoc with enviroment variables, these are the ones you have to set:
```bash ```shell
CMD_SAML_ATTRIBUTE_USERNAME=username CMD_SAML_ATTRIBUTE_USERNAME=username
CMD_SAML_ATTRIBUTE_EMAIL=email CMD_SAML_ATTRIBUTE_EMAIL=email
``` ```

View file

@ -1,6 +1,6 @@
# Authentication guide - SAML (OneLogin) # Authentication guide - SAML (OneLogin)
**Note:** *This guide was written before the renaming. Just replace `HackMD` with `HedgeDoc` in your mind :smile: thanks!* **Note:** *This guide was written before the renaming. Just replace `HackMD` with `HedgeDoc` in your mind 😃 thanks!*
1. Sign-in or sign-up for an OneLogin account. (available free trial for 2 weeks) 1. Sign-in or sign-up for an OneLogin account. (available free trial for 2 weeks)
@ -34,7 +34,7 @@
8. In your HedgeDoc server, create IdP certificate file from (A) 8. In your HedgeDoc server, create IdP certificate file from (A)
9. Add the IdP URL (B) and the Idp certificate file path to your config.json file or pass them as environment variables. 9. Add the IdP URL (B) and the Idp certificate file path to your config.json file or pass them as environment variables.
- `config.json`: - `config.json`:
```javascript ```json
{ {
"production": { "production": {
"saml": { "saml": {
@ -46,7 +46,7 @@
``` ```
- environment variables - environment variables
```sh ```shell
CMD_SAML_IDPSSOURL=https://*******.onelogin.com/trust/saml2/http-post/sso/****** CMD_SAML_IDPSSOURL=https://*******.onelogin.com/trust/saml2/http-post/sso/******
CMD_SAML_IDPCERT=/path/to/idp_cert.pem CMD_SAML_IDPCERT=/path/to/idp_cert.pem
``` ```

View file

@ -1,17 +1,19 @@
# Authentication guide - SAML # Authentication guide - SAML
*Note:* This guide was written before the renaming. Just replace `HackMD` with `HedgeDoc` in your mind :smile: thanks! *Note:* This guide was written before the renaming. Just replace `HackMD` with `HedgeDoc` in your mind 😃 thanks!
The basic procedure is the same as the case of OneLogin which is mentioned in [OneLogin-Guide](./saml-onelogin.md). If you want to match your IdP, you can use more configurations as below. The basic procedure is the same as the case of OneLogin which is mentioned in [OneLogin-Guide](./saml-onelogin.md). If
you want to match your IdP, you can use more configurations as below.
- If your IdP accepts metadata XML of the service provider to ease configuration, use this url to download metadata XML. - If your IdP accepts metadata XML of the service provider to ease configuration, use this url to download metadata XML:
- {{your-serverurl}}/auth/saml/metadata `{{your-serverurl}}/auth/saml/metadata`
- *Note:* If not accessible from IdP, download to local once and upload to IdP. *Note:* If not accessible from IdP, download to local once and upload to IdP.
- Change the value of `issuer`, `identifierFormat` to match your IdP. - Change the value of `issuer`, `identifierFormat` to match your IdP.
- `issuer`: A unique id to identify the application to the IdP, which is the base URL of your HedgeDoc as default - `issuer`: A unique id to identify the application to the IdP, which is the base URL of your HedgeDoc as default
- `identifierFormat`: A format of unique id to identify the user of IdP, which is the format based on email address as default. It is recommend that you use as below. - `identifierFormat`: A format of unique id to identify the user of IdP, which is the format based on email address as
default. It is recommend that you use as below.
- urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress (default) - urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress (default)
- urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified - urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
@ -29,7 +31,7 @@ The basic procedure is the same as the case of OneLogin which is mentioned in [O
``` ```
- environment variables - environment variables
```env ```shell
CMD_SAML_ISSUER=myhedgedoc CMD_SAML_ISSUER=myhedgedoc
CMD_SAML_IDENTIFIERFORMAT=urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified CMD_SAML_IDENTIFIERFORMAT=urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
``` ```
@ -42,10 +44,11 @@ The basic procedure is the same as the case of OneLogin which is mentioned in [O
- `attribute.username`: Attribute name of displaying user name on HedgeDoc - `attribute.username`: Attribute name of displaying user name on HedgeDoc
- `attribute.email`: Attribute name of email address, which will be also used for Gravatar - `attribute.email`: Attribute name of email address, which will be also used for Gravatar
- *Note:* Default value of all attributes is NameID of SAML response, which is email address if `identifierFormat` is default. - *Note:* Default value of all attributes is NameID of SAML response, which is email address if `identifierFormat`
is default.
- `config.json`: - `config.json`:
```javascript ```json
{ {
"production": { "production": {
"saml": { "saml": {
@ -61,22 +64,25 @@ The basic procedure is the same as the case of OneLogin which is mentioned in [O
``` ```
- environment variables - environment variables
```sh ```shell
CMD_SAML_ATTRIBUTE_ID=sAMAccountName CMD_SAML_ATTRIBUTE_ID=sAMAccountName
CMD_SAML_ATTRIBUTE_USERNAME=nickName CMD_SAML_ATTRIBUTE_USERNAME=nickName
CMD_SAML_ATTRIBUTE_EMAIL=mail CMD_SAML_ATTRIBUTE_EMAIL=mail
``` ```
- If you want to control permission by group membership, add group attribute name and required group (allowed) or external group (not allowed). - If you want to control permission by group membership, add group attribute name and required group (allowed) or
external group (not allowed).
- `groupAttribute`: An attribute name of group membership - `groupAttribute`: An attribute name of group membership
- `requiredGroups`: Group names array for allowed access to HedgeDoc. Use vertical bar to separate for environment variables. - `requiredGroups`: Group names array for allowed access to HedgeDoc. Use vertical bar to separate for environment
variables.
- `externalGroups`: Group names array for not allowed access to HedgeDoc. Use vertical bar to separate for environment variables. - `externalGroups`: Group names array for not allowed access to HedgeDoc. Use vertical bar to separate for environment
variables.
- *Note:* Evaluates `externalGroups` first - *Note:* Evaluates `externalGroups` first
- `config.json`: - `config.json`:
```javascript ```json
{ {
"production": { "production": {
"saml": { "saml": {
@ -90,7 +96,7 @@ The basic procedure is the same as the case of OneLogin which is mentioned in [O
``` ```
- environment variables - environment variables
```sh ```shell
CMD_SAML_GROUPATTRIBUTE=memberOf CMD_SAML_GROUPATTRIBUTE=memberOf
CMD_SAML_REQUIREDGROUPS=hedgedoc-users|board-members CMD_SAML_REQUIREDGROUPS=hedgedoc-users|board-members
CMD_SAML_EXTERNALGROUPS=temporary-staff CMD_SAML_EXTERNALGROUPS=temporary-staff

View file

@ -1,6 +1,6 @@
# Authentication guide - Twitter # Authentication guide - Twitter
*Note:* This guide was written before the renaming. Just replace `HackMD` with `HedgeDoc` in your mind :smile: thanks! **Note:** *This guide was written before the renaming. Just replace `HackMD` with `HedgeDoc` in your mind 😃 thanks!*
1. Sign-in or sign-up for a Twitter account 1. Sign-in or sign-up for a Twitter account
@ -24,7 +24,7 @@
7. Add your Consumer Key and Consumer Secret to your `config.json` file or pass them as environment variables: 7. Add your Consumer Key and Consumer Secret to your `config.json` file or pass them as environment variables:
- `config.json`: - `config.json`:
```javascript ```json
{ {
"production": { "production": {
"twitter": { "twitter": {
@ -36,7 +36,7 @@
``` ```
- environment variables: - environment variables:
```sh ```shell
CMD_TWITTER_CONSUMERKEY=esTCJFXXXXXXXXXXXXXXXXXXX CMD_TWITTER_CONSUMERKEY=esTCJFXXXXXXXXXXXXXXXXXXX
CMD_TWITTER_CONSUMERSECRET=zpCs4tU86pRVXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX CMD_TWITTER_CONSUMERSECRET=zpCs4tU86pRVXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
``` ```

View file

@ -1,6 +1,6 @@
# Minio Guide for HedgeDoc # Minio Guide for HedgeDoc
*Note:* This guide was written before the renaming. Just replace `HackMD` with `HedgeDoc` in your mind :smile: thanks! **Note:** *This guide was written before the renaming. Just replace `HackMD` with `HedgeDoc` in your mind 😃 thanks!*
1. First of all you need to setup Minio itself. 1. First of all you need to setup Minio itself.

View file

@ -1,6 +1,6 @@
# Guide - Setup HedgeDoc S3 image upload # Guide - Setup HedgeDoc S3 image upload
**Note:** *This guide was written before the renaming. Just replace `HackMD` with `HedgeDoc` in your mind :smile: thanks!* **Note:** *This guide was written before the renaming. Just replace `HackMD` with `HedgeDoc` in your mind 😃 thanks!*
1. Go to [AWS S3 console](https://console.aws.amazon.com/s3/home) and create a new bucket. 1. Go to [AWS S3 console](https://console.aws.amazon.com/s3/home) and create a new bucket.
![create-bucket](../images/s3-image-upload/create-bucket.png) ![create-bucket](../images/s3-image-upload/create-bucket.png)

View file

@ -21,18 +21,18 @@ nav:
- OAuth: guides/auth/oauth.md - OAuth: guides/auth/oauth.md
- SAML: guides/auth/saml.md - SAML: guides/auth/saml.md
- SAML Keycloak: guides/auth/saml-keycloak.md - SAML Keycloak: guides/auth/saml-keycloak.md
- SAML Onelogin : guides/auth/saml-onelogin.md - SAML OneLogin: guides/auth/saml-onelogin.md
- GitHub: guides/auth/github.md - GitHub: guides/auth/github.md
- GitLab: guides/auth/gitlab-self-hosted.md - GitLab: guides/auth/gitlab-self-hosted.md
- Keycloak: guides/auth/keycloak.md - Keycloak: guides/auth/keycloak.md
- NextCloud: guides/auth/nextcloud.md - Nextcloud: guides/auth/nextcloud.md
- Twitter: guides/auth/twitter.md - Twitter: guides/auth/twitter.md
- Media Backend:
- MinIO: guides/minio-image-upload.md
- S3: guides/s3-image-upload.md
- Migrate from Etherpad: guides/migrate-etherpad.md - Migrate from Etherpad: guides/migrate-etherpad.md
- Breaking Changes: guides/migrations-and-breaking-changes.md - Breaking Changes: guides/migrations-and-breaking-changes.md
- Media Backend: - Terms of Use Setup: guides/providing-terms.md
- Minion: guides/minio-image-upload.md
- S3: guides/s3-image-upload.md
- Setting Terms: guides/providing-terms.md
- Configuration: configuration.md - Configuration: configuration.md
- Developer: - Developer:
- 'Getting Started': dev/getting-started.md - 'Getting Started': dev/getting-started.md
@ -44,6 +44,9 @@ nav:
markdown_extensions: markdown_extensions:
- toc: - toc:
permalink: true permalink: true
- pymdownx.highlight
- pymdownx.superfences
- mdx_truly_sane_lists
theme: theme:
name: 'material' name: 'material'
language: en language: en

View file

@ -1,3 +1,4 @@
mkdocs==1.1.2 mkdocs==1.1.2
mkdocs-material==6.2.3 mkdocs-material==6.2.3
pymdown-extensions==8.1 pymdown-extensions==8.1
mdx_truly_sane_lists==1.2