Fix geoip_account_id typo. From accc to acc

Fix geoip_account_id typo from accc to acc
2024-08-10 14:17:43 -04:00 · 2024-08-10 14:13:10 -04:00 · 2024-08-10 14:07:00 -04:00 · 2024-07-19 08:04:02 -04:00 · 2024-07-05 21:34:36 -05:00 · 2024-07-05 21:31:50 -05:00
130 changed files with 1716 additions and 971 deletions
--- a/.env
+++ b/.env
@ -1,54 +0,0 @@
-# .env (in ALL)  
-DOCKERDIR=/ssd/compose  # CHANGEME
-PUID=1100               # CHANGEME
-PGID=1100               # CHANGEME
-TZ=America/New_York
-DOMAIN=CHANGEME.net     # CHANGEME
-
-
-################################################################  
-# PostgreSQL
-################################################################  
-POSTGRES_DB=/run/secrets/authentik_postgresql_db
-POSTGRES_USER=/run/secrets/authentik_postgresql_user
-POSTGRES_PASSWORD=/run/secrets/authentik_postgresql_password
-
-
-################################################################  
-# Authentik
-################################################################  
-AUTHENTIK_REDIS__HOST=redis
-
-AUTHENTIK_POSTGRESQL__HOST=postgresql
-AUTHENTIK_POSTGRESQL__NAME=$POSTGRES_DB
-AUTHENTIK_POSTGRESQL__USER=$POSTGRES_USER
-AUTHENTIK_POSTGRESQL__PASSWORD=$POSTGRES_PASSWORD
-
-AUTHENTIK_ERROR_REPORTING__ENABLED: "false"
-AUTHENTIK_SECRET_KEY=/run/secrets/authentik_secret_key
-AUTHENTIK_COOKIE_DOMAIN=$DOMAIN
-# WORKERS=2
-
-# SMTP Host Emails are sent to
-AUTHENTIK_EMAIL__HOST=smtp.gmail.com
-AUTHENTIK_EMAIL__PORT=587
-# Optionally authenticate (don't add quotation marks to your password)
-AUTHENTIK_EMAIL__USERNAME=CHANGEME@gmail.com
-AUTHENTIK_EMAIL__PASSWORD=/run/secrets/authelia_notifier_smtp_password
-# Use StartTLS
-AUTHENTIK_EMAIL__USE_TLS=false
-# Use SSL
-AUTHENTIK_EMAIL__USE_SSL=false
-AUTHENTIK_EMAIL__TIMEOUT=10
-# Email address authentik will send from, should have a correct @domain
-AUTHENTIK_EMAIL__FROM=CHANGEME@gmail.com
-
-
-################################################################  
-# GeoIP
-################################################################  
-GEOIPUPDATE_ACCOUNT_ID=CHANGEME
-GEOIPUPDATE_LICENSE_KEY=CHANGEME
-AUTHENTIK_AUTHENTIK__GEOIP=/geoip/GeoLite2-City.mmdb
-GEOIPUPDATE_EDITION_IDS=GeoLite2-City
-GEOIPUPDATE_FREQUENCY=8
--- a/README.md
+++ b/README.md
--- a/appdata/traefik/config/traefik.yaml
+++ b/appdata/traefik/config/traefik.yaml
@ -0,0 +1,125 @@
+# Traefik 3.x (YAML)
+# Updated 2024-June-04
+
+################################################################
+# Global configuration - https://doc.traefik.io/traefik/reference/static-configuration/file/
+################################################################
+global:
+  checkNewVersion: false
+  sendAnonymousUsage: false
+
+################################################################
+# Entrypoints - https://doc.traefik.io/traefik/routing/entrypoints/
+################################################################
+entryPoints:
+  web:
+    address: ":80"
+    # Global HTTP to HTTPS redirection
+    http:
+      redirections:
+        entrypoint:
+          to: websecure
+          scheme: https
+
+  websecure:
+    address: ":443"
+    http:
+      tls:
+        options: tls-opts@file
+        certResolver: le
+        domains:
+          - main: "domain.tld"
+            sans:
+              - "*.domain.tld"
+    forwardedHeaders:
+      trustedIPs:
+        # Cloudflare (https://www.cloudflare.com/ips-v4)
+        - "173.245.48.0/20"
+        - "103.21.244.0/22"
+        - "103.22.200.0/22"
+        - "103.31.4.0/22"
+        - "141.101.64.0/18"
+        - "108.162.192.0/18"
+        - "190.93.240.0/20"
+        - "188.114.96.0/20"
+        - "197.234.240.0/22"
+        - "198.41.128.0/17"
+        - "162.158.0.0/15"
+        - "104.16.0.0/13"
+        - "104.24.0.0/14"
+        - "172.64.0.0/13"
+        - "131.0.72.0/22"
+        # Local IPs
+        - "127.0.0.1/32"
+        - "10.0.0.0/8"
+        - "192.168.0.0/16"
+        - "172.16.0.0/12"
+
+################################################################
+# Logs - https://doc.traefik.io/traefik/observability/logs/
+################################################################
+log:
+  level: INFO # Options: DEBUG, PANIC, FATAL, ERROR (Default), WARN, and INFO
+  filePath: /logs/traefik-container.log # Default is to STDOUT
+  # format: json # Uses text format (common) by default
+  noColor: false # Recommended to be true when using common
+  maxSize: 100 # In megabytes
+  compress: true # gzip compression when rotating
+
+################################################################
+# Access logs - https://doc.traefik.io/traefik/observability/access-logs/
+################################################################
+accessLog:
+  addInternals: true  # things like ping@internal
+  filePath: /logs/traefik-access.log # In the Common Log Format (CLF) by default
+  bufferingSize: 100 # Number of log lines
+  fields:
+    names:
+      StartUTC: drop  # Write logs in Container Local Time instead of UTC
+  filters:
+    statusCodes:
+      - "204-299"
+      - "400-499"
+      - "500-599"
+
+################################################################
+# API and Dashboard
+################################################################
+api:
+  dashboard: true
+  # Rely on api@internal and Traefik with Middleware to control access
+  # insecure: true
+
+################################################################
+# Providers - https://doc.traefik.io/traefik/providers/docker/
+################################################################
+providers:
+  docker:
+    #endpoint: "unix:///var/run/docker.sock" # Comment if using socket-proxy
+    endpoint: "tcp://socket-proxy:2375" # Uncomment if using socket proxy
+    exposedByDefault: false
+    network: traefik  # network to use for connections to all containers
+    # defaultRule: TODO
+
+  # Enable auto loading of newly created rules by watching a directory
+  file:
+  # Apps, LoadBalancers, TLS Options, Middlewares, Middleware Chains
+    directory: /rules
+    watch: true
+
+################################################################
+# Let's Encrypt (ACME)
+################################################################
+certificatesResolvers:
+  le:
+    acme:
+      email: "CHANGEME@gmail.com"
+      storage: "/data/acme.json"
+      #caServer: "https://acme-staging-v02.api.letsencrypt.org/directory" # Comment out when going prod
+      dnsChallenge:
+        provider: cloudflare
+        #delayBeforeCheck: 30 # Default is 2m0s.  This changes the delay (in seconds)
+        # Custom DNS server resolution
+        resolvers:
+          - "1.1.1.1:53"
+          - "8.8.8.8:53"
--- a/appdata/traefik/rules/chain-no-auth.yaml
+++ b/appdata/traefik/rules/chain-no-auth.yaml
@ -0,0 +1,8 @@
+http:
+  middlewares:
+    chain-no-auth:
+      chain:
+        middlewares:
+          - middlewares-rate-limit
+          - middlewares-secure-headers
+          - middlewares-compress
--- a/appdata/traefik/rules/forwardAuth-authentik.yaml
+++ b/appdata/traefik/rules/forwardAuth-authentik.yaml
@ -0,0 +1,30 @@
+################################################################
+# Middlewares (https://github.com/htpcBeginner/docker-traefik/blob/master/appdata/traefik2/rules/cloudserver/middlewares.yml)
+# 2024 update: https://github.com/htpcBeginner/docker-traefik/tree/master/appdata/traefik3/rules/hs
+# https://www.smarthomebeginner.com/traefik-docker-compose-guide-2022/
+#
+# Dynamic configuration
+################################################################
+http:
+  middlewares:
+    ################################################################
+    # Forward Authentication - OAUTH / 2FA
+    ################################################################
+    #
+    # https://github.com/goauthentik/authentik/issues/2366
+    forwardAuth-authentik:
+      forwardAuth:
+        address: "http://authentik_server:9000/outpost.goauthentik.io/auth/traefik"
+        trustForwardHeader: true
+        authResponseHeaders:
+          - X-authentik-username
+          - X-authentik-groups
+          - X-authentik-email
+          - X-authentik-name
+          - X-authentik-uid
+          - X-authentik-jwt
+          - X-authentik-meta-jwks
+          - X-authentik-meta-outpost
+          - X-authentik-meta-provider
+          - X-authentik-meta-app
+          - X-authentik-meta-version
--- a/appdata/traefik/rules/middlewares-authentik.yaml
+++ b/appdata/traefik/rules/middlewares-authentik.yaml
@ -1,19 +1,19 @@
-http:
-  middlewares:
-    # https://github.com/goauthentik/authentik/issues/2366
-    middlewares-authentik:
-      forwardAuth:
-        address: "http://authentik_server:9000/outpost.goauthentik.io/auth/traefik"
-        trustForwardHeader: true
-        authResponseHeaders:
-          - X-authentik-username
-          - X-authentik-groups
-          - X-authentik-email
-          - X-authentik-name
-          - X-authentik-uid
-          - X-authentik-jwt
-          - X-authentik-meta-jwks
-          - X-authentik-meta-outpost
-          - X-authentik-meta-provider
-          - X-authentik-meta-app
-          - X-authentik-meta-version
+http:
+  middlewares:
+# https://github.com/goauthentik/authentik/issues/2366
+    middlewares-authentik:
+      forwardAuth:
+        address: "http://authentik_server:9000/outpost.goauthentik.io/auth/traefik"
+        trustForwardHeader: true
+        authResponseHeaders:
+          - X-authentik-username
+          - X-authentik-groups
+          - X-authentik-email
+          - X-authentik-name
+          - X-authentik-uid
+          - X-authentik-jwt
+          - X-authentik-meta-jwks
+          - X-authentik-meta-outpost
+          - X-authentik-meta-provider
+          - X-authentik-meta-app
+          - X-authentik-meta-version
--- a/appdata/traefik/rules/middlewares-buffering.yaml
+++ b/appdata/traefik/rules/middlewares-buffering.yaml
@ -0,0 +1,18 @@
+################################################################
+# Middlewares (https://github.com/htpcBeginner/docker-traefik/blob/master/appdata/traefik2/rules/cloudserver/middlewares.yml)
+# 2024 update: https://github.com/htpcBeginner/docker-traefik/tree/master/appdata/traefik3/rules/hs
+# https://www.smarthomebeginner.com/traefik-docker-compose-guide-2022/
+#
+# Dynamic configuration
+################################################################
+http:
+  middlewares:
+    # Prevent too large of a body
+    # https://stackoverflow.com/questions/49717670/how-to-config-upload-body-size-restriction-in-traefik
+    middlewares-buffering:
+      buffering:
+        maxRequestBodyBytes: 10485760
+        memRequestBodyBytes: 2097152
+        maxResponseBodyBytes: 10485760
+        memResponseBodyBytes: 2097152
+        retryExpression: "IsNetworkError() && Attempts() <= 2"
--- a/appdata/traefik/rules/middlewares-compress.yaml
+++ b/appdata/traefik/rules/middlewares-compress.yaml
@ -0,0 +1,15 @@
+################################################################
+# Middlewares (https://github.com/htpcBeginner/docker-traefik/blob/master/appdata/traefik2/rules/cloudserver/middlewares.yml)
+# 2024 update: https://github.com/htpcBeginner/docker-traefik/tree/master/appdata/traefik3/rules/hs
+# https://www.smarthomebeginner.com/traefik-docker-compose-guide-2022/
+#
+# Dynamic configuration
+################################################################
+http:
+  middlewares:
+    # Compress to save bandwidth
+    middlewares-compress:
+      compress: {}
+
+-----------------------
+ middlewares-https-redirectscheme.yaml
--- a/appdata/traefik/rules/middlewares-https-redirectscheme.yaml
+++ b/appdata/traefik/rules/middlewares-https-redirectscheme.yaml
@ -0,0 +1,15 @@
+################################################################
+# Middlewares (https://github.com/htpcBeginner/docker-traefik/blob/master/appdata/traefik2/rules/cloudserver/middlewares.yml)
+# 2024 update: https://github.com/htpcBeginner/docker-traefik/tree/master/appdata/traefik3/rules/hs
+# https://www.smarthomebeginner.com/traefik-docker-compose-guide-2022/
+#
+# Dynamic configuration
+################################################################
+http:
+  middlewares:
+    # Middleware for Redirection
+    # This can be used instead of global redirection
+    middlewares-https-redirectscheme:
+      redirectScheme:
+        scheme: https
+        permanent: true
--- a/appdata/traefik/rules/middlewares-rate-limit.yaml
+++ b/appdata/traefik/rules/middlewares-rate-limit.yaml
@ -0,0 +1,14 @@
+################################################################
+# Middlewares (https://github.com/htpcBeginner/docker-traefik/blob/master/appdata/traefik2/rules/cloudserver/middlewares.yml)
+# 2024 update: https://github.com/htpcBeginner/docker-traefik/tree/master/appdata/traefik3/rules/hs
+# https://www.smarthomebeginner.com/traefik-docker-compose-guide-2022/
+#
+# Dynamic configuration
+################################################################
+http:
+  middlewares:
+    # DDoS Prevention
+    middlewares-rate-limit:
+      rateLimit:
+        average: 100
+        burst: 50
--- a/appdata/traefik/rules/middlewares-secure-headers.yaml
+++ b/appdata/traefik/rules/middlewares-secure-headers.yaml
@ -0,0 +1,38 @@
+################################################################
+# Middlewares (https://github.com/htpcBeginner/docker-traefik/blob/master/appdata/traefik2/rules/cloudserver/middlewares.yml)
+# 2024 update: https://github.com/htpcBeginner/docker-traefik/tree/master/appdata/traefik3/rules/hs
+# https://www.smarthomebeginner.com/traefik-docker-compose-guide-2022/
+#
+# Dynamic configuration
+################################################################
+http:
+  middlewares:
+    ################################################################
+    # Good Basic Security Practices
+    ################################################################
+    middlewares-secure-headers:
+      headers:
+        accessControlAllowMethods:
+          - GET
+          - OPTIONS
+          - PUT
+        accessControlMaxAge: 100
+        hostsProxyHeaders:
+          - "X-Forwarded-Host"
+        stsSeconds: 63072000
+        stsIncludeSubdomains: true
+        stsPreload: true
+        forceSTSHeader: true
+        customFrameOptionsValue: "allow-from https:{{env "DOMAINNAME"}}" #CSP takes care of this but may be needed for organizr.
+        # customFrameOptionsValue: SAMEORIGIN # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
+        contentTypeNosniff: true
+        browserXssFilter: true
+        # sslForceHost: true # add sslHost to all of the services
+        # sslHost: "{{env "DOMAINNAME"}}"
+        referrerPolicy: "same-origin"
+        permissionsPolicy: "camera=(), microphone=(), geolocation=(), payment=(), usb=()"
+        customResponseHeaders:
+          X-Robots-Tag: "none,noarchive,nosnippet,notranslate,noimageindex,"
+          server: ""
+          # https://community.traefik.io/t/how-to-make-websockets-work-with-traefik-2-0-setting-up-rancher/1732
+          # X-Forwarded-Proto: "https"
--- a/appdata/traefik/rules/tls-opts.yaml
+++ b/appdata/traefik/rules/tls-opts.yaml
@ -0,0 +1,35 @@
+################################################################
+# TLS Options (https://jellyfin.org/docs/general/networking/traefik2.html#traefik-providertoml)
+# toml -> yml
+# 2024 updates to cipherSuites from (https://www.smarthomebeginner.com/traefik-v3-docker-compose-guide-2024/)
+#
+# Set secure options by disabling insecure older TLS/SSL versions
+# and insecure ciphers. SNIStrict disabled leaves TLS1.0 open.
+# If you have problems with older clients, you can may need to relax
+# these minimums. This configuration will give you an A+ SSL security
+# score supporting TLS1.2 and TLS1.3
+#
+# Dynamic configuration
+# https://doc.traefik.io/traefik/https/tls/
+################################################################
+tls:
+  options:
+    tls-opts:
+      sniStrict: true
+      minVersion: VersionTLS12
+      cipherSuites:
+        - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+        - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+        - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+        - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+        - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
+        - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
+        - TLS_AES_128_GCM_SHA256
+        - TLS_AES_256_GCM_SHA384
+        - TLS_CHACHA20_POLY1305_SHA256
+        - TLS_FALLBACK_SCSV # Client is doing version fallback. See RFC 7507
+      curvePreferences:
+        - secp521r1 # CurveP521
+        - secp384r1 # CurveP384
+    mintls13:
+      minVersion: VersionTLS13
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -1,179 +0,0 @@
-version: "3.9"
-
-###############################################################
-# Services
-###############################################################
-services:
-
-  postgresql:
-    image: postgres:12-alpine
-    container_name: authentik_postgres
-    restart: unless-stopped
-    healthcheck:
-      test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
-      start_period: 20s
-      interval: 30s
-      retries: 5
-      timeout: 5s
-    networks:
-      - traefik
-    volumes:
-      - "$DOCKERDIR/apps/authentik/postgresql/data:/var/lib/postgresql/data"
-    environment:
-      - POSTGRES_DB
-      - POSTGRES_USER
-      - POSTGRES_PASSWORD
-    secrets:
-      - authentik_postgresql_db
-      - authentik_postgresql_user
-      - authentik_postgresql_password
-
-
-  redis:
-    image: redis:alpine
-    container_name: authentik_redis
-    restart: unless-stopped
-    healthcheck:
-      test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
-      start_period: 20s
-      interval: 30s
-      retries: 5
-      timeout: 3s
-    networks:
-      - traefik
-
-
-  # Use the embedded outpost (2021.8.1+) instead of the seperate Forward Auth / Proxy Provider container
-  authentik_server:
-    image: ghcr.io/goauthentik/server:latest
-    container_name: authentik_server
-    restart: unless-stopped
-    command: server
-    networks:
-      - traefik
-    volumes:
-      - "$DOCKERDIR/apps/authentik/media:/media"
-      - "$DOCKERDIR/apps/authentik/custom-templates:/templates"
-      - "$DOCKERDIR/apps/authentik/geoip/data:/geoip"
-    environment:
-      - AUTHENTIK_REDIS__HOST
-      - AUTHENTIK_POSTGRESQL__HOST
-      - AUTHENTIK_POSTGRESQL__NAME
-      - AUTHENTIK_POSTGRESQL__USER
-      - AUTHENTIK_POSTGRESQL__PASSWORD
-      - AUTHENTIK_EMAIL__PASSWORD
-      - AUTHENTIK_ERROR_REPORTING__ENABLED
-      - AUTHENTIK_SECRET_KEY
-      - AUTHENTIK_COOKIE_DOMAIN
-      # - WORKERS
-    secrets:
-      - authentik_postgresql_db
-      - authentik_postgresql_user
-      - authentik_postgresql_password
-      - authelia_notifier_smtp_password
-      - authentik_secret_key
-    labels:
-      - "traefik.enable=true"
-      ## HTTP Routers
-      - "traefik.http.routers.authentik-rtr.rule=Host(`authentik.$DOMAIN`)"
-      - "traefik.http.routers.authentik-rtr.entrypoints=websecure"
-      - "traefik.http.routers.authentik-rtr.tls=true"
-      - "traefik.http.routers.authentik-rtr.tls.certresolver=le"
-      ## Individual Application forwardAuth regex (catch any subdomain using individual application forwardAuth)  
-      - "traefik.http.routers.authentik-rtr-outpost.rule=HostRegexp(`{subdomain:[a-z0-9-]+}.$DOMAIN`) && PathPrefix(`/outpost.goauthentik.io/`)"
-      - "traefik.http.routers.authentik-rtr-outpost.entrypoints=websecure"
-      - "traefik.http.routers.authentik-rtr-outpost.tls=true"
-      - "traefik.http.routers.authentik-rtr-outpost.tls.certresolver=le"
-      ## HTTP Services
-      - "traefik.http.routers.authentik-rtr.service=authentik-svc"
-      - "traefik.http.services.authentik-svc.loadBalancer.server.port=9000"
-
-
-  authentik_worker:
-    image: ghcr.io/goauthentik/server:latest
-    container_name: authentik_worker
-    restart: unless-stopped
-    command: worker
-    networks:
-      - traefik
-    volumes:
-      - "$DOCKERDIR/apps/authentik/media:/media"
-      - "$DOCKERDIR/apps/authentik/custom-templates:/templates"
-      - "$DOCKERDIR/apps/authentik/geoip/data:/geoip"
-    environment:
-      - AUTHENTIK_REDIS__HOST
-      - AUTHENTIK_POSTGRESQL__HOST
-      - AUTHENTIK_POSTGRESQL__NAME
-      - AUTHENTIK_POSTGRESQL__USER
-      - AUTHENTIK_POSTGRESQL__PASSWORD
-      - AUTHENTIK_EMAIL__PASSWORD
-      - AUTHENTIK_ERROR_REPORTING__ENABLED
-      - AUTHENTIK_SECRET_KEY
-      - AUTHENTIK_COOKIE_DOMAIN
-    secrets:
-      - authentik_postgresql_db
-      - authentik_postgresql_user
-      - authentik_postgresql_password
-      - authelia_notifier_smtp_password
-      - authentik_secret_key
-    
-
-  geoipupdate:
-    image: maxmindinc/geoipupdate:latest
-    container_name: geoipupdate
-    restart: unless-stopped
-    volumes:
-      - "$DOCKERDIR/apps/authentik/geoip/data:/usr/share/GeoIP"
-    environment:
-      - GEOIPUPDATE_EDITION_IDS
-      - GEOIPUPDATE_FREQUENCY
-      - GEOIPUPDATE_ACCOUNT_ID
-      - GEOIPUPDATE_LICENSE_KEY
-
-
-  whoami-test:
-    image: traefik/whoami
-    container_name: whoami-test
-    restart: unless-stopped
-    security_opt:
-      - no-new-privileges:true
-    networks:
-      - traefik
-    environment:
-      - TZ
-    labels:
-      - "traefik.enable=true"
-      ## HTTP Routers
-      - "traefik.http.routers.whoami-test-rtr.rule=Host(`whoami-test.$DOMAIN`)"
-      - "traefik.http.routers.whoami-test-rtr.entrypoints=websecure"
-      - "traefik.http.routers.whoami-test-rtr.tls=true"
-      - "traefik.http.routers.whoami-test-rtr.tls.certresolver=le"
-      ## Middlewares
-      - "traefik.http.routers.whoami-test-rtr.middlewares=middlewares-authentik@file"
-
-
-###############################################################
-# Docker Secrets
-###############################################################
-secrets:
-  # Authentik Postgres
-  authentik_postgresql_db:
-    file: $DOCKERDIR/secrets/authentik_postgresql_db
-  authentik_postgresql_user:
-    file: $DOCKERDIR/secrets/authentik_postgresql_user
-  authentik_postgresql_password:
-    file: $DOCKERDIR/secrets/authentik_postgresql_password
-  # Authentik
-  authentik_secret_key:
-    file: $DOCKERDIR/secrets/authentik_secret_key
-  # GMail Auth Account
-  authelia_notifier_smtp_password:
-    file: $DOCKERDIR/secrets/authelia_notifier_smtp_password
-
-
-###############################################################
-# Networks
-###############################################################
-networks:
-  traefik:
-    external: true
--- a/images/account_create_info.png
+++ b/images/account_create_info.png
--- a/images/add_existing1.png
+++ b/images/add_existing1.png
--- a/images/admin-interface-button.png
+++ b/images/admin-interface-button.png
--- a/images/admins_open.png
+++ b/images/admins_open.png
--- a/images/after_add.png
+++ b/images/after_add.png
--- a/images/after_add_2nd.png
+++ b/images/after_add_2nd.png
--- a/images/akadmin-edit.png
+++ b/images/akadmin-edit.png
--- a/images/akadmin-user-update.png
+++ b/images/akadmin-user-update.png
--- a/images/akadmin-user.png
+++ b/images/akadmin-user.png
--- a/images/applications_page.png
+++ b/images/applications_page.png
--- a/images/authentik-application-create.png
+++ b/images/authentik-application-create.png
--- a/images/authentik-application-domain-settings.png
+++ b/images/authentik-application-domain-settings.png
--- a/images/authentik-application-individual-create.png
+++ b/images/authentik-application-individual-create.png
--- a/images/authentik-application-individual-settings.png
+++ b/images/authentik-application-individual-settings.png
--- a/images/authentik-domain-wide-application-and-provider.png
+++ b/images/authentik-domain-wide-application-and-provider.png
--- a/images/authentik-edit-outpost-individual-app.png
+++ b/images/authentik-edit-outpost-individual-app.png
--- a/images/authentik-edit-outpost.png
+++ b/images/authentik-edit-outpost.png
--- a/images/authentik-individual-application-bound-to-provider.png
+++ b/images/authentik-individual-application-bound-to-provider.png
--- a/images/authentik-providers-create.png
+++ b/images/authentik-providers-create.png
--- a/images/authentik-providers-individual-provider-create.png
+++ b/images/authentik-providers-individual-provider-create.png
--- a/images/authentik-proxy-provider-creation-individual.png
+++ b/images/authentik-proxy-provider-creation-individual.png
--- a/images/authentik-proxy-provider-creation.png
+++ b/images/authentik-proxy-provider-creation.png
--- a/images/authentik-proxy-provider-individual-not-bound.png
+++ b/images/authentik-proxy-provider-individual-not-bound.png
--- a/images/authentik-proxy-provider-not-assigned.png
+++ b/images/authentik-proxy-provider-not-assigned.png
--- a/images/authentik-proxy-provider.png
+++ b/images/authentik-proxy-provider.png
--- a/images/authentik-setup.png
+++ b/images/authentik-setup.png
--- a/images/authentik-stages-menu.png
+++ b/images/authentik-stages-menu.png
--- a/images/authentik-users-create.png
+++ b/images/authentik-users-create.png
--- a/images/backup-admin-creation.png
+++ b/images/backup-admin-creation.png
--- a/images/backup-admin-set-password.png
+++ b/images/backup-admin-set-password.png
--- a/images/before_add.png
+++ b/images/before_add.png
--- a/images/before_add_2nd.png
+++ b/images/before_add_2nd.png
--- a/images/catch_all_p1.png
+++ b/images/catch_all_p1.png
--- a/images/catch_all_p2.png
+++ b/images/catch_all_p2.png
--- a/images/catch_all_p3.png
+++ b/images/catch_all_p3.png
--- a/images/choose_path.png
+++ b/images/choose_path.png
--- a/images/def-flows.png
+++ b/images/def-flows.png
--- a/images/default_mfa.png
+++ b/images/default_mfa.png
--- a/images/domain-def.png
+++ b/images/domain-def.png
--- a/images/edit-mfa-stage-button.png
+++ b/images/edit-mfa-stage-button.png
--- a/images/edit_admin_name.png
+++ b/images/edit_admin_name.png
--- a/images/edit_embed.png
+++ b/images/edit_embed.png
--- a/images/edit_webauthn.png
+++ b/images/edit_webauthn.png
--- a/images/embed_outpost_edit2.png
+++ b/images/embed_outpost_edit2.png
--- a/images/error_before_setup.png
+++ b/images/error_before_setup.png
--- a/images/fa_splash.png
+++ b/images/fa_splash.png
--- a/images/fa_splash2.png
+++ b/images/fa_splash2.png
--- a/images/finish_mfa_reg.png
+++ b/images/finish_mfa_reg.png
--- a/images/firstscreen.png
+++ b/images/firstscreen.png
--- a/images/force-mfa.png
+++ b/images/force-mfa.png
--- a/images/forwardAuth-domain-redirect-screen.png
+++ b/images/forwardAuth-domain-redirect-screen.png
--- a/images/forwardAuth-domain-splash.png
+++ b/images/forwardAuth-domain-splash.png
--- a/images/forwardAuth-individual-splash.png
+++ b/images/forwardAuth-individual-splash.png
--- a/images/m-app-bound.png
+++ b/images/m-app-bound.png
--- a/images/m-app-c.png
+++ b/images/m-app-c.png
--- a/images/m-app.png
+++ b/images/m-app.png
--- a/images/m-pp-settings.png
+++ b/images/m-pp-settings.png
--- a/images/m-pp.png
+++ b/images/m-pp.png
--- a/images/manual_create_p.png
+++ b/images/manual_create_p.png
--- a/images/mfa-remove-static-tokens.png
+++ b/images/mfa-remove-static-tokens.png
--- a/images/mfa-selections.png
+++ b/images/mfa-selections.png
--- a/images/mfa-settings-force.png
+++ b/images/mfa-settings-force.png
--- a/images/mfa-stage-default-settings.png
+++ b/images/mfa-stage-default-settings.png
--- a/images/mfa-stage-defaults.png
+++ b/images/mfa-stage-defaults.png
--- a/images/mfa-webauthn-devices-shown.png
+++ b/images/mfa-webauthn-devices-shown.png
--- a/images/mfa-webauthn-pin.png
+++ b/images/mfa-webauthn-pin.png
--- a/images/mfa_dev.png
+++ b/images/mfa_dev.png
--- a/images/name_change.png
+++ b/images/name_change.png
--- a/images/no-static.png
+++ b/images/no-static.png
--- a/images/open_user.png
+++ b/images/open_user.png
--- a/images/outpost-after-domain-update.png
+++ b/images/outpost-after-domain-update.png
--- a/images/outpost-after-individual-app.png
+++ b/images/outpost-after-individual-app.png
--- a/images/outpost-before-domain-update.png
+++ b/images/outpost-before-domain-update.png
--- a/images/outpost-before-individual-app.png
+++ b/images/outpost-before-individual-app.png
--- a/images/outpost-screen-with-both-providers.png
+++ b/images/outpost-screen-with-both-providers.png
--- a/images/outpost-screen-with-domain-provider.png
+++ b/images/outpost-screen-with-domain-provider.png
--- a/images/outpost_with2.png
+++ b/images/outpost_with2.png
--- a/images/res_key_change.png
+++ b/images/res_key_change.png
--- a/images/res_key_def.png
+++ b/images/res_key_def.png
--- a/images/set_pw.png
+++ b/images/set_pw.png
--- a/images/settings_cog.png
+++ b/images/settings_cog.png
--- a/images/setup.png
+++ b/images/setup.png
--- a/images/token-create-on-key.png
+++ b/images/token-create-on-key.png
--- a/images/token-setup-chrome-prompt.png
+++ b/images/token-setup-chrome-prompt.png
--- a/images/unbound-provider.png
+++ b/images/unbound-provider.png
--- a/images/updated_provider.png
+++ b/images/updated_provider.png
--- a/images/user-interface-button.png
+++ b/images/user-interface-button.png
--- a/Show more
+++ b/Show more
Author	SHA1	Message	Date
brokenscripts	30eb905c9a	Fix `geoip_account_id` typo. From accc to acc	2024-08-10 14:17:43 -04:00
brokenscripts	769262ced5	Fix `geoip_account_id` typo. From accc to acc	2024-08-10 14:13:10 -04:00
brokenscripts	0d6dea65b7	Fix geoip_account_id typo from accc to acc	2024-08-10 14:07:00 -04:00
brokenscripts	d34188a3a7	Update README.md Clarify individual priority is higher than catch all so that you can use both. Fix wizard vs manual statement	2024-07-19 08:04:02 -04:00
brokenscripts	3f56230805	Add note about updating branch names/content	2024-07-05 21:34:36 -05:00
brokenscripts	bd49d728ad	Traefik 3.x and Authentik 2024.x	2024-07-05 21:31:50 -05:00
brokenscripts	90ccb0e4f4	Clean up for Traefik 3 and Authentik 2024	2024-07-05 21:30:08 -05:00