dashy/docs/authentication/index.html

20 lines
57 KiB
HTML
Raw Normal View History

2021-08-29 21:39:19 +03:00
<!doctype html>
<html lang="en" dir="ltr">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width,initial-scale=1">
<meta name="generator" content="Docusaurus v2.0.0-beta.2">
<title data-react-helmet="true">Authentication | Dashy</title><meta data-react-helmet="true" property="og:url" content="https://dashy.to/docs/authentication"><meta data-react-helmet="true" name="docusaurus_locale" content="en"><meta data-react-helmet="true" name="docusaurus_version" content="current"><meta data-react-helmet="true" name="docusaurus_tag" content="docs-default-current"><meta data-react-helmet="true" property="og:title" content="Authentication | Dashy"><meta data-react-helmet="true" name="description" content="- Basic Auth"><meta data-react-helmet="true" property="og:description" content="- Basic Auth"><link data-react-helmet="true" rel="shortcut icon" href="/img/favicon.ico"><link data-react-helmet="true" rel="canonical" href="https://dashy.to/docs/authentication"><link data-react-helmet="true" rel="alternate" href="https://dashy.to/docs/authentication" hreflang="en"><link data-react-helmet="true" rel="alternate" href="https://dashy.to/docs/authentication" hreflang="x-default"><link rel="stylesheet" href="/assets/css/styles.becbbfc3.css">
<link rel="preload" href="/assets/js/runtime~main.02cab8fc.js" as="script">
<link rel="preload" href="/assets/js/main.dc7bf884.js" as="script">
2021-08-29 21:39:19 +03:00
</head>
<body>
<script>!function(){function t(t){document.documentElement.setAttribute("data-theme",t)}var e=function(){var t=null;try{t=localStorage.getItem("theme")}catch(t){}return t}();t(null!==e?e:"light")}()</script><div id="__docusaurus">
<div><a href="#main" class="skipToContent_1oUP">Skip to main content</a></div><nav class="navbar navbar--fixed-top"><div class="navbar__inner"><div class="navbar__items"><a class="navbar__brand" href="/"><img src="/img/dashy.png" alt="Dashy Logo" class="themedImage_1VuW themedImage--light_3UqQ navbar__logo"><img src="/img/dashy.png" alt="Dashy Logo" class="themedImage_1VuW themedImage--dark_hz6m navbar__logo"><b class="navbar__title">Dashy</b></a></div><div class="navbar__items navbar__items--right"><div class="react-toggle displayOnlyInLargeViewport_GrZ2 react-toggle--disabled"><div class="react-toggle-track" role="button" tabindex="-1"><div class="react-toggle-track-check"><span class="toggle_71bT">🌜</span></div><div class="react-toggle-track-x"><span class="toggle_71bT">🌞</span></div><div class="react-toggle-thumb"></div></div><input type="checkbox" class="react-toggle-screenreader-only" aria-label="Switch between dark and light mode"></div></div></div><div role="presentation" class="navbar-sidebar__backdrop"></div><div class="navbar-sidebar"><div class="navbar-sidebar__brand"><a class="navbar__brand" href="/"><img src="/img/dashy.png" alt="Dashy Logo" class="themedImage_1VuW themedImage--light_3UqQ navbar__logo"><img src="/img/dashy.png" alt="Dashy Logo" class="themedImage_1VuW themedImage--dark_hz6m navbar__logo"><b class="navbar__title">Dashy</b></a></div><div class="navbar-sidebar__items"><div class="menu"><ul class="menu__list"></ul></div></div></div></nav><div class="main-wrapper docs-wrapper doc-page"><div class="docPage_31aa"><aside class="docSidebarContainer_3Kbt"><div class="sidebar_15mo"><nav class="menu menu--responsive thin-scrollbar menu_Bmed menuWithAnnouncementBar_2WvA" aria-label="Sidebar navigation"><button aria-label="Open menu" aria-haspopup="true" class="button button--secondary button--sm menu__button" type="button"><svg class="sidebarMenuIcon_fgN0" width="24" height="24" viewBox="0 0 30 30" aria-hidden="true"><path stroke="currentColor" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2" d="M4 7h22M4 15h22M4 23h22"></path></svg></button><ul class="menu__list"><li class="menu__list-item menu__list-item--collapsed"><a class="menu__link menu__link--sublist" href="#!">Running Dashy</a><ul class="menu__list"><li class="menu__list-item"><a class="menu__link" tabindex="-1" href="/docs/quick-start">Quick Start</a></li><li class="menu__list-item"><a class="menu__link" tabindex="-1" href="/docs/deployment">Deployment</a></li><li class="menu__list-item"><a class="menu__link" tabindex="-1" href="/docs/configuring">Configuring</a></li><li class="menu__list-item"><a class="menu__link" tabindex="-1" href="/docs/management">Management</a></li><li class="menu__list-item"><a class="menu__link" tabindex="-1" href="/docs/troubleshooting">Troubleshooting</a></li></ul></li><li class="menu__list-item menu__list-item--collapsed"><a class="menu__link menu__link--sublist" href="#!">Community</a><ul class="menu__list"><li class="menu__list-item"><a class="menu__link" tabindex="-1" href="/docs/showcase">User Showcase</a></li><li class="menu__list-item"><a class="menu__link" tabindex="-1" href="/docs/contributing">Contributing</a></li><li class="menu__list-item"><a class="menu__link" tabindex="-1" href="/docs/developing">Developing</a></li><li class="menu__list-item"><a class="menu__link" tabindex="-1" href="/docs/development-guides">Development Guides</a></li></ul></li><li class="menu__list-item"><a class="menu__link menu__link--sublist menu__link--active" href="#!">Feature Docs</a><ul class="menu__list"><li class="menu__list-item"><a class="menu__link" tabindex="0" href="/docs/icons">Icons</a></li><li class="menu__list-item"><a class="menu__link" tabindex="0" href="/docs/theming">Theming</a></li><li class="menu__list-item"><a class="menu__link" tabindex="0" href="/docs/status-indicators">Status Indicators</a></li><li class="menu__list-item"><a aria-current="page" class="menu__link menu__link--active active" tabindex="0" href="/docs/authentication">Authentication</a></li><li class="menu__list-item"><a cla
The following guide will walk you through setting up Keycloak with Dashy. If you already have a Keycloak instance configured, then skip to Step 3.</p><h3><a aria-hidden="true" tabindex="-1" class="anchor enhancedAnchor_2LWZ" id="1-deploy-keycloak"></a>1. Deploy Keycloak<a class="hash-link" href="#1-deploy-keycloak" title="Direct link to heading">#</a></h3><p>First thing to do is to spin up a new instance of Keycloak. You will need <a href="https://docs.docker.com/engine/install/" target="_blank" rel="noopener noreferrer">Docker installed</a>, and can then choose a tag, and pull the container from <a href="https://quay.io/repository/keycloak/keycloak" target="_blank" rel="noopener noreferrer">quay.io/keycloak/keycloak</a></p><p>Use the following run command, replacing the attributes (default credentials, port and name), or incorporate this into your docker-compose file.</p><div class="codeBlockContainer_K1bP"><div class="codeBlockContent_hGly bash"><pre tabindex="0" class="prism-code language-bash codeBlock_23N8 thin-scrollbar" style="color:#393A34;background-color:#f6f8fa"><code class="codeBlockLines_39YC"><span class="token-line" style="color:#393A34"><span class="token plain">docker run -d </span><span class="token punctuation" style="color:#393A34">\</span><span class="token plain"></span></span><span class="token-line" style="color:#393A34"><span class="token plain"> -p </span><span class="token number" style="color:#36acaa">8081</span><span class="token plain">:8080 </span><span class="token punctuation" style="color:#393A34">\</span><span class="token plain"></span></span><span class="token-line" style="color:#393A34"><span class="token plain"> --name auth-server </span><span class="token punctuation" style="color:#393A34">\</span><span class="token plain"></span></span><span class="token-line" style="color:#393A34"><span class="token plain"> -e </span><span class="token assign-left variable" style="color:#36acaa">KEYCLOAK_USER</span><span class="token operator" style="color:#393A34">=</span><span class="token plain">admin </span><span class="token punctuation" style="color:#393A34">\</span><span class="token plain"></span></span><span class="token-line" style="color:#393A34"><span class="token plain"> -e </span><span class="token assign-left variable" style="color:#36acaa">KEYCLOAK_PASSWORD</span><span class="token operator" style="color:#393A34">=</span><span class="token plain">admin </span><span class="token punctuation" style="color:#393A34">\</span><span class="token plain"></span></span><span class="token-line" style="color:#393A34"><span class="token plain"> quay.io/keycloak/keycloak:15.0.2</span></span></code></pre><button type="button" aria-label="Copy code to clipboard" class="copyButton_Ue-o clean-btn">Copy</button></div></div><p>If you need to pull from DockerHub, a non-official image is available <a href="https://registry.hub.docker.com/r/jboss/keycloak" target="_blank" rel="noopener noreferrer">here</a>. Or if you would prefer not to use Docker, you can also directly install Keycloak from source, following <a href="https://www.keycloak.org/docs/latest/getting_started/index.html" target="_blank" rel="noopener noreferrer">this guide</a>.</p><p>You should now be able to access the Keycloak web interface, using the port specified above (e.g. <code>http://127.0.0.1:8081</code>), login with the default credentials, and when prompted create a new password.</p><h3><a aria-hidden="true" tabindex="-1" class="anchor enhancedAnchor_2LWZ" id="2-setup-keycloak-users"></a>2. Setup Keycloak Users<a class="hash-link" href="#2-setup-keycloak-users" title="Direct link to heading">#</a></h3><p>Before we can use Keycloak, we must first set it up with some users. Keycloak uses Realms (similar to tenants) to create isolated groups of users. You must create a Realm before you will be able to add your first user. </p><ol><li>Head over to the admin console</li><li>In the top-left corner there is a dropdown called &#x27;Master&#x27;, hover over it and then click &#x27;Add Realm&#x27;</li><li>Give your realm a name, and h
For example:</p><div class="codeBlockContainer_K1bP"><div class="codeBlockContent_hGly yaml"><pre tabindex="0" class="prism-code language-yaml codeBlock_23N8 thin-scrollbar" style="color:#393A34;background-color:#f6f8fa"><code class="codeBlockLines_39YC"><span class="token-line" style="color:#393A34"><span class="token key atrule" style="color:#00a4db">appConfig</span><span class="token punctuation" style="color:#393A34">:</span><span class="token plain"></span></span><span class="token-line" style="color:#393A34"><span class="token plain"> </span><span class="token punctuation" style="color:#393A34">...</span><span class="token plain"></span></span><span class="token-line" style="color:#393A34"><span class="token plain"> </span><span class="token key atrule" style="color:#00a4db">auth</span><span class="token punctuation" style="color:#393A34">:</span><span class="token plain"></span></span><span class="token-line" style="color:#393A34"><span class="token plain"> </span><span class="token key atrule" style="color:#00a4db">enableKeycloak</span><span class="token punctuation" style="color:#393A34">:</span><span class="token plain"> </span><span class="token boolean important" style="color:#36acaa">true</span><span class="token plain"></span></span><span class="token-line" style="color:#393A34"><span class="token plain"> </span><span class="token key atrule" style="color:#00a4db">keycloak</span><span class="token punctuation" style="color:#393A34">:</span><span class="token plain"></span></span><span class="token-line" style="color:#393A34"><span class="token plain"> </span><span class="token key atrule" style="color:#00a4db">serverUrl</span><span class="token punctuation" style="color:#393A34">:</span><span class="token plain"> </span><span class="token string" style="color:#e3116c">&#x27;http://localhost:8081&#x27;</span><span class="token plain"></span></span><span class="token-line" style="color:#393A34"><span class="token plain"> </span><span class="token key atrule" style="color:#00a4db">realm</span><span class="token punctuation" style="color:#393A34">:</span><span class="token plain"> </span><span class="token string" style="color:#e3116c">&#x27;alicia-homelab&#x27;</span><span class="token plain"></span></span><span class="token-line" style="color:#393A34"><span class="token plain"> </span><span class="token key atrule" style="color:#00a4db">clientId</span><span class="token punctuation" style="color:#393A34">:</span><span class="token plain"> </span><span class="token string" style="color:#e3116c">&#x27;dashy&#x27;</span></span></code></pre><button type="button" aria-label="Copy code to clipboard" class="copyButton_Ue-o clean-btn">Copy</button></div></div><p>Your app is now secured :) When you load Dashy, it will redirect to your Keycloak login page, and any user without valid credentials will be prevented from accessing your dashboard.</p><p>From within the Keycloak console, you can then configure things like user permissions, time outs, password policies, access, etc. You can also backup your full Keycloak config, and it is recommended to do this, along with your Dashy config. You can spin up both Dashy and Keycloak simultaneously and restore both applications configs using a <code>docker-compose.yml</code> file, and this is recommended.</p><hr><h2><a aria-hidden="true" tabindex="-1" class="anchor enhancedAnchor_2LWZ" id="alternative-authentication-methods"></a>Alternative Authentication Methods<a class="hash-link" href="#alternative-authentication-methods" title="Direct link to heading">#</a></h2><p>If you are self-hosting Dashy, and require secure authentication to prevent unauthorized access, then you can either use Keycloak, or one of the following options:</p><ul><li><a href="#authentication-server">Authentication Server</a> - Put Dashy behind a self-hosted auth server</li><li><a href="#vpn">VPN</a> - Use a VPN to tunnel into the network where Dashy is running</li><li><a href="#ip-based-access">IP-Based Access</a> - Disallow access from all IP addresses, except your own</li><li><a h
</span></span><span class="token-line" style="color:#393A34"><span class="token plain">$HTTP[&quot;host&quot;] == &quot;dashy.my-domain.net&quot; {</span></span><span class="token-line" style="color:#393A34"><span class="token plain"> server.document-root = &quot;/home/lighttpd/dashy.my-domain.net/http&quot;</span></span><span class="token-line" style="color:#393A34"><span class="token plain"> server.errorlog = &quot;/var/log/lighttpd/dashy.my-domain.net/error.log&quot;</span></span><span class="token-line" style="color:#393A34"><span class="token plain"> accesslog.filename = &quot;/var/log/lighttpd/dashy.my-domain.net/access.log&quot;</span></span><span class="token-line" style="color:#393A34"><span class="token plain"> auth.require = (</span></span><span class="token-line" style="color:#393A34"><span class="token plain"> &quot;/docs/&quot; =&gt; (</span></span><span class="token-line" style="color:#393A34"><span class="token plain"> &quot;method&quot; =&gt; &quot;basic&quot;,</span></span><span class="token-line" style="color:#393A34"><span class="token plain"> &quot;realm&quot; =&gt; &quot;Password protected area&quot;,</span></span><span class="token-line" style="color:#393A34"><span class="token plain"> &quot;require&quot; =&gt; &quot;user=alicia&quot;</span></span><span class="token-line" style="color:#393A34"><span class="token plain"> )</span></span><span class="token-line" style="color:#393A34"><span class="token plain"> )</span></span><span class="token-line" style="color:#393A34"><span class="token plain">}</span></span></code></pre><button type="button" aria-label="Copy code to clipboard" class="copyButton_Ue-o clean-btn">Copy</button></div></div><p>Restart your web server for changes to take effect.</p><h3><a aria-hidden="true" tabindex="-1" class="anchor enhancedAnchor_2LWZ" id="oauth-services"></a>OAuth Services<a class="hash-link" href="#oauth-services" title="Direct link to heading">#</a></h3><p>There are also authentication services, such as <a href="https://www.ory.sh/" target="_blank" rel="noopener noreferrer">Ory.sh</a>, <a href="https://developer.okta.com/" target="_blank" rel="noopener noreferrer">Okta</a>, <a href="https://auth0.com/" target="_blank" rel="noopener noreferrer">Auth0</a>, <a href="https://firebase.google.com/docs/auth/" target="_blank" rel="noopener noreferrer">Firebase</a>. Implementing one of these solutions would involve some changes to the <a href="https://github.com/Lissy93/dashy/blob/master/src/utils/Auth.js" target="_blank" rel="noopener noreferrer"><code>Auth.js</code></a> file, but should be fairly straight forward.</p><h3><a aria-hidden="true" tabindex="-1" class="anchor enhancedAnchor_2LWZ" id="static-site-hosting-providers"></a>Static Site Hosting Providers<a class="hash-link" href="#static-site-hosting-providers" title="Direct link to heading">#</a></h3><p>If you are hosting Dashy on a cloud platform, you will probably find that it has built-in support for password protected access to web apps. For more info, see the relevant docs for your provider, for example: <a href="https://docs.netlify.com/visitor-access/password-protection/" target="_blank" rel="noopener noreferrer">Netlify Password Protection</a>, <a href="https://www.cloudflare.com/teams/access/" target="_blank" rel="noopener noreferrer">Cloudflare Access</a>, <a href="https://aws.amazon.com/cognito/" target="_blank" rel="noopener noreferrer">AWS Cognito</a>, <a href="https://docs.microsoft.com/en-us/azure/app-service/scenario-secure-app-authentication-app-service" target="_blank" rel="noopener noreferrer">Azure Authentication</a> and <a href="https://vercel.com/docs/platform/projects#password-protection" target="_blank" rel="noopener noreferrer">Vercel Password Protection</a>.</p><p><strong><a href="#">⬆️ Back to Top</a></strong></p></div><footer class="row docusaurus-mt-lg"><div class="col"><a href="https://github.com/Lissy93/dashy/edit/gh-pages/docs/docs/authentication.md" target="_blank" rel="noreferrer noopener"><svg fill="currentColor" height="20" width="20" viewBox="0 0 40
<script src="/assets/js/runtime~main.02cab8fc.js"></script>
<script src="/assets/js/main.dc7bf884.js"></script>
2021-08-29 21:39:19 +03:00
</body>
</html>