forked from wekan/wekan
-
Notifications
You must be signed in to change notification settings - Fork 0
Let's Encrypt and Google Auth
Lauri Ojansivu edited this page Dec 18, 2017
·
4 revisions
Tested on Ubuntu 16.04 based distro.
Wekan installed with https://github.com/wekan/wekan/wiki/Export-Docker-Mongo-Data
- https://caddyserver.com config Caddyfile:
my.domain.com {
proxy / localhost:8080
}- Depending with what user you use to run Caddy, adding privileges to that user:
sudo setcap cap_net_bind_service=+ep ./caddy- https://caddyserver.com config Caddyfile:
my.domain.com {
proxy / localhost:7000
}- Depending with what user you use to run Caddy, adding privileges to that user:
sudo setcap cap_net_bind_service=+ep ./caddy- Adding Google Auth, so only those email addresses can login:
https://www.npmjs.com/package/proxybouncer
- Create nologin user for proxybouncer:
useradd -M proxybouncer
usermod -L proxyboucer- /etc/systemd/system/proxybouncer.service:
[Unit]
Description=Proxybouncer
[Service]
ExecStart=/usr/local/bin/proxybouncer
Restart=always
RestartSec=5 # Restart service after 10 seconds if node service crashes
StandardOutput=syslog # Output to syslog
StandardError=syslog # Output to syslog
SyslogIdentifier=proxybouncer
User=proxybouncer
Group=proxybouncer
Environment=PORT=7000 MY_URL=https://my.domain.com PROXY_TARGET=http://localhost:8080 GOOGLE_CLIENT_ID=... GOOGLE_CLIENT_SECRET=... ALLOWED_EMAILS=.*@domain.com$ COOKIE_SECRET=...
[Install]
WantedBy=multi-user.target- Enable proxybouncer service:
sudo systemctl enable proxybouncer
sudo systemclt start proxybouncerQuestion: Does this setup imply that everyone will be logged in to Wekan as 'proxybouncer'? Is there a way to pass username from Google via headers, etc.?
Answer: First login to Proxybouncer can limit login domain of G Suite. Second login is using Wekan username and password. There is no integrated login yet for standalone Wekan like there is for https://sandstorm.io
- About
- No UI major redesign
- Test Edge
- FAQ
- IRC FAQ - answers to questions asked at IRC
- Roadmap - board at Wekan demo
- Team
- Press
- Blog
- NOT related to Wekan
- Wekan vs Trello vs Restyaboard
- Features
- Custom Logo
- Gantt Chart
- Admin: Impersonate user
- Emoji etc syntax
- Numbered text syntax
- Time Tracking
- Subtasks <== Has fix
- Templates
- Archive and Delete
- Adding Users
- LDAP
- Keycloak
- Google login
- Azure
- OAuth2, Auth0, GitLab, RocketChat
- Oracle OIM on premise using OAuth2
- ADFS 4.0 using OAuth2 and OpenID
- Nextcloud
- CAS Please test
- SAML Please test
- IFTTT
- Custom Fields
- Due Date
- Forgot Password
- Requirements
- Translations
- Roadmap
- Fix Export board menu not visible on some boards
- Integrations
- RAM usage
- Demo
- Swimlane Documentation
- Wekan Markdown
- Download Wekan for various Platforms: Supported by xet7, Operating Systems, NAS, Cloud
- Example: New card with Python3 and REST API
- Python client to REST API
- Java
- Wekan Sandstorm cards to CSV using Python
- Excel and VBA
- Global Webhook
- Limiting Webhook data
- Receiving Webhooks
- Outgoing Webhook to Discord/Slack/RocketChat/Riot
- Outgoing Webhook to NodeRed
- Outgoing Webhook to PowerShell
- Security: Webhook and CA
- Outgoing Webhooks Data
- Outgoing Webhooks and Let's Encrypt
- Outgoing Webhooks Original Pull Request, multiple Webhooks, more parameters and response order