Auto Publish new pages

authentication.md

@@ -161,6 +161,8 @@ sections:
         groups: ['ProductTeam']
 ```
 
+Depending on how you're hosting Dashy and Keycloak, you may also need to set some HTTP headers, to prevent a CORS error. This would typically be the `Access-Control-Allow-Origin [URL-of Dashy]` on your Keycloak instance. See the [Setting Headers](https://github.com/Lissy93/dashy/blob/master/docs/management.md#setting-headers) guide in the management docs for more info.
+
 Your app is now secured :) When you load Dashy, it will redirect to your Keycloak login page, and any user without valid credentials will be prevented from accessing your dashboard.
 
 From within the Keycloak console, you can then configure things like time-outs, password policies, etc. You can also backup your full Keycloak config, and it is recommended to do this, along with your Dashy config. You can spin up both Dashy and Keycloak simultaneously and restore both applications configs using a `docker-compose.yml` file, and this is recommended.

credits.md

@@ -32,6 +32,21 @@
             <sub><b>Vlad Timofeev</b></sub>
         </a>
     </td>
+    <td align="center">
+        <a href="https://github.com/aghybris">
+            <img src="https://avatars.githubusercontent.com/u/11677119?v=4" width="80;" alt="aghybris"/>
+            <br />
+            <sub><b>Aghybris</b></sub>
+        </a>
+    </td>
+    <td align="center">
+        <a href="https://github.com/Byolock">
+            <img src="https://avatars.githubusercontent.com/u/25748003?v=4" width="80;" alt="Byolock"/>
+            <br />
+            <sub><b>Byolock</b></sub>
+        </a>
+    </td></tr>
+<tr>
     <td align="center">
         <a href="https://github.com/Famku">
             <img src="https://avatars.githubusercontent.com/u/27890413?v=4" width="80;" alt="Famku"/>
@@ -43,10 +58,9 @@
         <a href="https://github.com/hugalafutro">
             <img src="https://avatars.githubusercontent.com/u/30209689?v=4" width="80;" alt="hugalafutro"/>
             <br />
-            <sub><b>hugalafutro</b></sub>
+            <sub><b>Hugalafutro</b></sub>
         </a>
-    </td></tr>
-<tr>
+    </td>
     <td align="center">
         <a href="https://github.com/KierenConnell">
             <img src="https://avatars.githubusercontent.com/u/46445781?u=5502f8fb780938e2825735d7bbb9236642d212c0&v=4" width="80;" alt="KierenConnell"/>
@@ -267,6 +281,13 @@
             <br />
             <sub><b>Jnach</b></sub>
         </a>
+    </td>
+    <td align="center">
+        <a href="https://github.com/tazboyz16">
+            <img src="https://avatars.githubusercontent.com/u/12215340?v=4" width="80;" alt="tazboyz16"/>
+            <br />
+            <sub><b>tazboyz16</b></sub>
+        </a>
     </td></tr>
 </table>
 <!-- readme: contributors -end -->

deployment.md

@@ -189,7 +189,7 @@ https://vercel.com/new/project?template=https://github.com/lissy93/dashy
 #### DigitalOcean
 [![Deploy to DO](https://i.ibb.co/PFt0PkB/deploy-digital-ocean-button.png)](https://cloud.digitalocean.com/apps/new?repo=https://github.com/lissy93/dashy/tree/deploy_digital-ocean&refcode=3838338e7f79)
 
-[DigitalOcan](https://www.digitalocean.com/) is a cloud service providing affordable developer-friendly virtual machines from $5/month. But they also have an app platform, where you can run web apps, static sites, APIs and background workers. CDN-backed static sites are free for personal use.
+[DigitalOcean](https://www.digitalocean.com/) is a cloud service providing affordable developer-friendly virtual machines from $5/month. But they also have an app platform, where you can run web apps, static sites, APIs and background workers. CDN-backed static sites are free for personal use.
 
 ```
 https://cloud.digitalocean.com/apps/new?repo=https://github.com/lissy93/dashy/tree/deploy_digital-ocean

management.md

@@ -15,6 +15,7 @@ _The following article is a primer on managing self-hosted apps. It covers every
 - [Authentication](#authentication)
 - [Managing with Compose](#managing-containers-with-docker-compose)
 - [Environmental Variables](#passing-in-environmental-variables)
+- [Setting Headers](#setting-headers)
 - [Remote Access](#remote-access)
 - [Custom Domain](#custom-domain)
 - [Securing Containers](#container-security)
@@ -288,6 +289,89 @@ If you've got many environmental variables, you might find it useful to put them
 
 ---
 
+## Setting Headers
+
+Any external requests made to a different origin (app/ service under a different domain) will be blocked if the correct headers are not specified. This is known as [Cross-Origin Resource Sharing](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS) (CORS) and is a security feature built into modern browsers.
+
+If you see a CORS error in your console, this can be easily fixed by setting the correct headers. This is not a bug with Dashy, so please don't raise it as a bug!
+
+### Example Headers
+- [Caddy](#caddy)
+- [NGINX](#nginx)
+- [Træfɪk](#traefik)
+- [HAProxy](#haproxy)
+- [Apache](#apache)
+
+_The following section briefly outlines how you can set headers for common web proxies/ servers. More info can be found in the documentation for the proxy that you are using, or in the [MDN Docs](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS)._
+
+These examples are using:
+- `Access-Control-Allow-Origin` header, but depending on what type of content you are enabling, this will vary. For example, to allow a site to be loaded in an iframe (for the modal or workspace views) you would use `X-Frame-Options`.
+- The domain root (`/`), if your're hosting from a sub-page, replace that with your path.
+- A wildcard (`*`), which would allow access from traffic on any domain, this is discorouaged, and you should replace it with the URL where you are hosting Dashy. Note that for requests that transport sensitive info, like credentials (e.g. Keycloak login), the wildcard is [disallowed all together](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#requests_with_credentials) and will be blocked.
+
+#### Caddy
+
+> See [Caddy `header` docs](https://caddyserver.com/docs/caddyfile/directives/header) for more info.
+
+```
+headers / {
+  Access-Control-Allow-Origin *
+}
+```
+
+#### NGINX
+
+> See [NGINX `ngx_http_headers_module` docs](https://nginx.org/en/docs/http/ngx_http_headers_module.html) for more info.
+
+```
+location / {
+  add_header Access-Control-Allow-Origin *;      
+}
+```
+
+Note this can also be done through the UI, using NGINX Proxy Manager.
+
+#### Traefik
+
+> See [Træfɪk CORS headers docs](https://doc.traefik.io/traefik/middlewares/http/headers/#cors-headers) for more info.
+
+```
+labels:
+  - "traefik.http.middlewares.testheader.headers.accesscontrolallowmethods=GET,OPTIONS,PUT"
+  - "traefik.http.middlewares.testheader.headers.accesscontrolalloworiginlist=https://foo.bar.org,https://example.org"
+  - "traefik.http.middlewares.testheader.headers.accesscontrolmaxage=100"
+  - "traefik.http.middlewares.testheader.headers.addvaryheader=true"
+```
+
+#### HAProxy
+
+> See [HAProxy Rewrite Response Docs](https://www.haproxy.com/documentation/hapee/latest/traffic-routing/rewrites/rewrite-responses/) for more info.
+
+```
+/
+   http-response add-header Access-Control-Allow-Origin *
+```
+
+#### Apache
+
+> See [Apache `mode_headers` docs](https://httpd.apache.org/docs/current/mod/mod_headers.html) for more info.
+
+```
+Header always set Access-Control-Allow-Origin "*"
+```
+
+#### Squid
+
+> See [Squid `request_header_access` docs](http://www2.gr.squid-cache.org/Doc/config/request_header_access/) for more info.
+
+```
+request_header_access Authorization allow all
+```
+
+**[⬆️ Back to Top](#management)**
+
+---
+
 ## Remote Access
 
 - [WireGuard](#wireguard)

troubleshooting.md

@@ -9,6 +9,8 @@
 - [404 On Static Hosting](#404-on-static-hosting)
 - [Yarn Build or Run Error](#yarn-error)
 - [Auth Validation Error: "should be object"](#auth-validation-error-should-be-object)
+- [Keycloak Redirect Error](#keycloak-redirect-error)
+- [Docker Directory Error](#docker-directory)
 - [Config Not Updating](#config-not-updating)
 - [Config Still not Updating](#config-still-not-updating)
 - [Styles and Assets not Updating](#styles-and-assets-not-updating)
@@ -114,6 +116,41 @@ auth:
 
 ---
 
+## Keycloak Redirect Error
+
+Check the [browser's console output](#how-to-open-browser-console), if you've not set any headers, you will likely see a CORS error here, which would be the source of the issue.
+
+You need to allow Dashy to make requests to Keycloak, and Keycloak to redirect to Dashy. The way you do this depends on how you're hosting these applications / which proxy you are using, and examples can be found in the [Management Docs](/docs/management.md#setting-headers).
+
+For example, add the access control header to Keycloak, like:
+
+`Access-Control-Allow-Origin [URL-of Dashy]`
+
+Note that for requests that transport sensitive info like credentials, setting the accept header to a wildcard (`*`) is not allowed - see [MDN Docs](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#requests_with_credentials), so you will need to specify the actual URL.
+
+You should also ensure that Keycloak is correctly configured, with a user, realm and application, and be sure that you have set a valid redirect URL in Keycloak ([screenshot](https://user-images.githubusercontent.com/1862727/148599768-db4ee4f8-72c5-402d-8f00-051d999e6267.png)).
+
+For more details on how to set headers, see the [Example Headers](/docs/management.md#setting-headers) in the management docs, or reference the documentation for your proxy.
+
+See also: #479, #409, #507, #491, #341, #520
+
+---
+
+## Docker Directory
+
+```
+Error response from daemon: OCI runtime create failed: container_linux.go:380:
+starting container process caused: process_linux.go:545: container init caused:
+rootfs_linux.go:76: mounting "/home/ubuntu/my-conf.yml" to rootfs at 
+"/app/public/conf.yml" caused: mount through procfd: not a directory: 
+unknown: Are you trying to mount a directory onto a file (or vice-versa)?
+Check if the specified host path exists and is the expected type.
+```
+
+If you get an error similar to the one above, you are mounting a directory to the config file's location, when a plain file is expected. Create a YAML file, (`touch my-conf.yml`), populate it with a sample config, then pass it as a volume: `-v ./my-local-conf.yml:/app/public/conf.yml` 
+
+---
+
 ## Config Not Updating
 
 Dashy has the option to save settings and config locally, in browser storage. Anything here will take precedence over whatever is in your config file, sometimes with unintended consequences. If you've updated the config file manually, and are not seeing changes reflected in the UI, then try visiting the site in Incognito mode. If that works, then the solution is just to clear local storage. This can be done from the config menu, under "Clear Local Settings".
@@ -262,6 +299,8 @@ or
 Access-Control-Allow-Origin: *
 ```
 
+For more info on how to set headers, see: [Setting Headers](/docs/management.md#setting-headers) in the management docs
+
 #### Option 3 - Proxying Request
 
 You can route requests through Dashy's built-in CORS proxy. Instructions and more details can be found [here](/docs/widgets.md#proxying-requests). If you don't have control over the target origin, and you are running Dashy either through Docker, with the Node server or on Netlify, then this solution will work for you.