3rd April 2023
Coding⚑
Languages⚑
Configure Docker to host the application⚑
-
New: Disable ipv6.
sysctl net.ipv6.conf.all.disable_ipv6=1 sysctl net.ipv6.conf.default.disable_ipv6=1
DevOps⚑
Authentication⚑
Authentik⚑
-
New: Protect applications that don't have authentication.
Some applications don't have authentication, for example prometheus. You can use Authentik in front of such applications to add the authentication and authorization layer.
Authentik can be used as a (very) simple reverse proxy by using its Provider feature with the regular "Proxy" setting. This let's you wrap authentication around a sub-domain / app where it normally wouldn't have authentication (or not the type of auth that you would specifically want) and then have Authentik handle the proxy forwarding and Auth.
In this mode, there is no domain level nor 'integrated' authentication into your desired app; Authentik becomes both your reverse proxy and auth for this one particular app or (sub) domain. This mode does not forward authentication nor let you log in into any app. It's just acts like an authentication wrapper.
It's best to use a normal reverse proxy out front of Authentik. This adds a second layer of routing to deal with but Authentik is not NGINX or a reverse proxy system, so it does not have that many configuration options.
We'll use the following fake domains in this example:
- Authentik domain: auth.yourdomain.com
- App domain: app.yourdomain.com
- Nginx: nginx.yourdomain.com
- Authentik's docker conter name: auth_server
The steps are:
- Configure the proxy provider:
# --------------- # -- Variables -- # --------------- variable "prometheus_url" { type = string description = "The url to access the service." } # ---------- # -- Data -- # ---------- data "authentik_flow" "default-authorization-flow" { slug = "default-provider-authorization-implicit-consent" } # -------------------- # -- Provider -- # -------------------- resource "authentik_provider_proxy" "prometheus" { name = "Prometheus" internal_host = "http://prometheus:9090" external_host = var.prometheus_url authorization_flow = data.authentik_flow.default-authorization-flow.id internal_host_ssl_validation = false }
Operating Systems⚑
Linux⚑
-
New: Interesting learning pages.
Linux Snippets⚑
-
New: Automatic reboot after power failure.
That's not something you can control in your operating system. That's what the BIOS is for. In most BIOS setups there'll be an option like After power loss with possible values like Power off and Reboot.
You can also edit
/etc/default/grub
and add:GRUB_RECORDFAIL_TIMEOUT=5
Then run:
sudo update-grub
This will make your machine display the boot options for 5 seconds before it boot the default option (instead of waiting forever for you to choose one).