Skip to content

Commit e59345f

Browse files
steveiliop56steveiliop56
committed
refactor: configuration updates
1 parent 44cc60e commit e59345f

2 files changed

Lines changed: 67 additions & 41 deletions

File tree

docs/getting-started.md

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -13,9 +13,9 @@ A tinyauth user consists of 3 things, a username, a password hash and an optiona
1313
```mermaid
1414
flowchart BR
1515
user["username:hash:totp"]
16-
user --> username["Username is your username in plaintext"]
17-
user --> hash["Hash is your password hashed in bcrypt"]
18-
user --> totp["TOTP is an optional TOTP secret"]
16+
user --> username["Username in plain text"]
17+
user --> hash["Password hashed in bcrypt"]
18+
user --> totp["Optional TOTP secret"]
1919
```
2020

2121
To generate your user you can use the tinyauth CLI like so:
@@ -34,13 +34,13 @@ You can repeat this step as many times as you like and create a comma separated
3434

3535
## Setting up your domains
3636

37-
The way tinyauth works is by setting a cookie for the parent domain of the app URL, in other words if your app URL is `http://tinyauth.sub.example.com`, tinyauth will set a cookie for `.sub.example.com` in order to be able to authenticate you. This means that all your apps will have to be under this subdomain. Here is an example:
37+
The way tinyauth works is by setting a cookie for the parent domain of the app URL, in other words if your app URL is `http://tinyauth.example.com`, tinyauth will set a cookie for `.example.com` in order to be able to authenticate you. This means that all your apps will have to be under this subdomain. Here is an example:
3838

3939
```mermaid
4040
flowchart BR
41-
domain["sub.example.com"]
42-
domain --> tinyauth["tinyauth.sub.example.com"]
43-
domain --> app["app.sub.example.com"]
41+
domain["example.com"]
42+
domain --> tinyauth["tinyauth.example.com"]
43+
domain --> app["app.example.com"]
4444
```
4545

4646
::: warning

docs/reference/configuration.md

Lines changed: 60 additions & 34 deletions
Original file line numberDiff line numberDiff line change
@@ -1,36 +1,62 @@
11
# Configuration
22

3-
Tinyauth can be either configured with environment variables or CLI flags, the full list of configuration options is available below:
4-
5-
| Name | Environment Variable | CLI FLag | Description | Default | Required |
6-
| ---------------------------- | ------------------------------ | -------------------------------- | ----------------------------------------------------------------------------------------------------------------------- | ---------- | ----------------------------------- |
7-
| Port | `PORT` | `--port` | The port that the API/UI listens on. | `3000` | no |
8-
| Address | `ADDRESS` | `--address` | The address the API/UI listens on. | `0.0.0.0` | no |
9-
| App URL | `APP_URL` | `--app-url` | The URL that tinyauth uses when redirecting for authentication. | - | yes |
10-
| Secret | `SECRET` | `--secret` | A 32 character long key used to encrypt the cookies. | - | yes (except if secret file is used) |
11-
| Secret File | `SECRET_FILE` | `--secret-file` | Path to a file containing the secret. | - | no |
12-
| Users | `USERS` | `--users` | A comma separated list of `username:hash:totp-secret` combinations used for logging in (needs to be escaped in docker). | - | yes (except if users file is used) |
13-
| Users File | `USERS_FILE` | `--users-file` | A file with a list of of `username:hash:totp-secret` combinations in every line (`.htpasswd` equivalent) | - | no |
14-
| Cookie Secure | `COOKIE_SECURE` | `--cookie-secure` | Send cookie only with a secure connection (https). | false | no |
15-
| Github Client ID | `GITHUB_CLIENT_ID` | `--github-client-id` | Client ID to use for Github OAuth. | - | no |
16-
| Github Client Secret | `GITHUB_CLIENT_SECRET` | `--github-client-secret` | Client secret to use for Github OAuth. | - | no |
17-
| Github Client Secret File | `GITHUB_CLIENT_SECRET_FILE` | `--github-client-secret-file` | Path to a file containing the client secret. | - | no |
18-
| Google Client ID | `GOOGLE_CLIENT_ID` | `--google-client-id` | Client ID to use for Google OAuth. | - | no |
19-
| Google Client Secret | `GOOGLE_CLIENT_SECRET` | `--google-client-secret` | Client secret to use for Google OAuth. | - | no |
20-
| Google Client Secret File | `GOOGLE_CLIENT_SECRET_FILE` | `--google-client-secret-file` | Path to a file containing the client secret. | - | no |
21-
| Generic Client ID | `GENERIC_CLIENT_ID` | `--generic-client-id` | Client ID to use for Generic OAuth. | - | no |
22-
| Generic Client Secret | `GENERIC_CLIENT_SECRET` | `--generic-client-secret` | Client secret to use for Generic OAuth. | - | no |
23-
| Generic Client Secret File | `GENERIC_CLIENT_SECRET_FILE` | `--generic-client-secret-file` | Path to a file containing the client secret. | - | no |
24-
| Tailscale Client ID | `TAILSCALE_CLIENT_ID` | `--tailscale-client-id` | Client ID to use for Tailscale OAuth. | - | no |
25-
| Tailscale Client Secret | `TAILSCALE_CLIENT_SECRET` | `--tailscale-client-secret` | Client secret to use for Tailscale OAuth. | - | no |
26-
| Tailscale Client Secret File | `TAILSCALE_CLIENT_SECRET_FILE` | `--tailscale-client-secret-file` | Path to a file containing the client secret. | - | no |
27-
| Generic Scopes | `GENERIC_SCOPES` | `--generic-scopes` | Comma separated list of scopes to use in Generic OAuth. | - | no |
28-
| Generic Auth URL | `GENERIC_AUTH_URL` | `--generic-auth-url` | Authentication URL to use for Generic OAuth. | - | no |
29-
| Generic Token URL | `GENERIC_TOKEN_URL` | `--generic-token-url` | The URL to use when requesting the token for Generic OAuth. | - | no |
30-
| Generic User URL | `GENERIC_USER_URL` | `--generic-user-url` | The URL to use when retrieving user information in Generic OAuth. | - | no |
31-
| Generic Provider Name | `GENERIC_NAME` | `--generic-name` | Set a custom name for the generic OAuth provider button. | `Generic` | no |
32-
| Disable Continue | `DISABLE_CONTINUE` | `--disable-continue` | Disables the continue screen and immediately redirects when the user logins. | `false` | no |
33-
| OAuth Whitelist | `OAUTH_WHITELIST` | `--oauth-whitelist` | Comma separated list of emails to whitelist for OAuth. | - | no |
34-
| Session Expiry | `SESSION_EXPIRY` | `--session-expiry` | Set cookie max age and session expiry in seconds. | 86400 | no |
35-
| Log Level | `LOG_LEVEL` | `--log-level` | Set the log level for the logger. | 1 | no |
36-
| Title | `APP_TITLE` | `--app-title` | Set a custom title for the login screen. | `Tinyauth` | no |
3+
Tinyauth can be either configured with environment variables or CLI flags, the full list of configuration options is available below.
4+
5+
::: info
6+
Every configuration option that has a `FILE` equivalent (e.g. `USERS` and `USERS_FILE`), then the file can be used instead of the environment variable.
7+
:::
8+
9+
## General
10+
11+
| Name | Description | Default | Required |
12+
| --------------------------------------- | -------------------------------------------------------------- | ---------- | -------- |
13+
| `PORT`/`--port` | The port the UI and API listens on. | 3000 | no |
14+
| `ADDRESS`/`--address` | The address the UI and API listens on. | `0.0.0.0` | no |
15+
| `APP_URL`/`--app-url` | The URL tinyauth uses for the redirects and the cookie domain. | - | yes |
16+
| `SECRET`/`--secret` | The secret tinyauth uses to encrypt the cookies. | - | yes |
17+
| `USERS`/`--users` | A comma separated list of tinyauth users. | - | yes |
18+
| `USERS_FILE`/`--users-file` | A file containing a list of tinyauth users. | - | no |
19+
| `SECRET_FILE`/`--secret-file` | A file containing the cookie secret. | - | no |
20+
| `COOKIE_SECURE`/`--cookie-secure` | Send cookie only with HTTPS. | `false` | no |
21+
| `DISABLE_CONTINUE`/`--disable-continue` | Disable the continue screen. | `false` | no |
22+
| `OAUTH_WHITELIST`/`--oauth-whitelist` | A list of usernames that are allowed to login with OAuth. | - | no |
23+
| `SESSION_EXPIRY`/`--session-expiry` | Set cookie and session expiry in seconds. | 86400 | no |
24+
| `LOG_LEVEL`/`--log-level` | Set the log level for the app (-1 through 6). | 1 | no |
25+
| `APP_TITLE`/`--app-title` | Set the login screen title. | `Tinyauth` | no |
26+
27+
## Github OAuth
28+
29+
| Name | Description | Default | Required |
30+
| --------------------------------------------------------- | ------------------------------------------- | ------- | -------- |
31+
| `GITHUB_CLIENT_ID`/`--github-client-id` | The Github client ID. | - | no |
32+
| `GITHUB_CLIENT_SECRET`/`--github-client-secret` | The Github client secret. | - | no |
33+
| `GITHUB_CLIENT_SECRET_FILE`/`--github-client-secret-file` | A file containing the Github client secret. | - | no |
34+
35+
## Google OAuth
36+
37+
| Name | Description | Default | Required |
38+
| --------------------------------------------------------- | ------------------------------------------- | ------- | -------- |
39+
| `GOOGLE_CLIENT_ID`/`--google-client-id` | The Google client ID. | - | no |
40+
| `GOOGLE_CLIENT_SECRET`/`--google-client-secret` | The Google client secret. | - | no |
41+
| `GOOGLE_CLIENT_SECRET_FILE`/`--google-client-secret-file` | A file containing the Google client secret. | - | no |
42+
43+
## Tailscale OAuth
44+
45+
| Name | Description | Default | Required |
46+
| --------------------------------------------------------------- | ---------------------------------------------- | ------- | -------- |
47+
| `TAILSCALE_CLIENT_ID`/`--tailscale-client-id` | The Tailscale client ID. | - | no |
48+
| `TAILSCALE_CLIENT_SECRET`/`--tailscale-client-secret` | The Tailscale client secret. | - | no |
49+
| `TAILSCALE_CLIENT_SECRET_FILE`/`--tailscale-client-secret-file` | A file containing the Tailscale client secret. | - | no |
50+
51+
## Generic OAuth
52+
53+
| Name | Description | Default | Required |
54+
| ----------------------------------------------------------- | ----------------------------------------------------- | --------- | -------- |
55+
| `GENERIC_CLIENT_ID`/`--generic-client-id` | The generic provider client ID. | - | no |
56+
| `GENERIC_CLIENT_SECRET`/`--generic-client-secret` | The generic provider client secret. | - | no |
57+
| `GENERIC_CLIENT_SECRET_FILE`/`--generic-client-secret-file` | A file containing the generic provider client secret. | - | no |
58+
| `GENERIC_AUTH_URL`/`--generic-auth-url` | The authentication URL for the generic provider. | - | no |
59+
| `GENERIC_TOKEN_URL`/`--generic-token-url` | The token URL for the generic provider. | - | no |
60+
| `GENERIC_USER_URL`/`--generic-user-url` | The user information URL for the generic provider. | - | no |
61+
| `GENERIC_SCOPES`/`--generic-scopes` | The generic provider scopes. | - | no |
62+
| `GENERIC_NAME`/`--generic-name` | The name for the generic client button on the UI. | `Generic` | no |

0 commit comments

Comments
 (0)