ComputerSurge/komodo
3
0
Fork 0
forked from github-starred/komodo
Code Pull Requests 1 Actions Packages Releases Activity
Files
d41315b8a44b0eb209da21da86b8a1b4e64d721c
komodo/docsite/docs/setup/advanced.mdx
Maxwell Becker 9a7b6ebd51 1.19.2 (#764) 
* 1.19.2-dev-0

* deploy 1.19.2-dev-1

* Add option to make run command detachable (#766)

* improve missing files log to include the missing paths

* bump mungos for urlencoding mongo creds

* Update permissioning.md - typo: "priviledges" -> "privileges" (#770)

* Add support for monaco-yaml and docker compose spec validatiaon (#772)

* deploy 1.19.2-dev-2

* on delete user, remove from all user groups

* fix Google login issues around `picture`

* unsafe_unsanitized_startup_config

* improve git provider support re #355

* should fix #468

* should fix exit code re #597

* deploy 1.19.2-dev-3

* fix container ports sorting (#776)

* missing serde default

* deploy 1.19.2-dev-4

* ensure git tokens trimmed in remote url

* Add link to Authentik support docs

* Fix incorrect commit branch when using linked repo re #634

* Better display container port ranges (#786)

* ensure build and sync also commit to correct branch. re #634

* deploy 1.19.2-dev-5

* Improve login form (#788)

* Use proper form for login, add autocomplete and names to input fields

* Do not return null if loading

* Remove unused function

* Cleanup and streamline

* improve login screen flash on reload

* first builder given same name as first server

* 1.19.2

---------

Co-authored-by: mbecker20 <max@mogh.tech>
Co-authored-by: Brian Bradley <brian.bradley.p@gmail.com>
Co-authored-by: Ravi Wolter-Krishan <rkn@gedikas.net>
Co-authored-by: Christopher Hoage <iam@chrishoage.com>
Co-authored-by: jack <45038833+jackra1n@users.noreply.github.com>
2025-08-31 19:08:45 -07:00

62 lines
2.8 KiB
Plaintext
Raw Blame History

# Advanced Configuration
### OIDC / Oauth2
To enable OAuth2 login, you must create a client on the respective OAuth provider,
for example [Github](https://docs.github.com/en/apps/oauth-apps/building-oauth-apps/creating-an-oauth-app)
or [Google](https://developers.google.com/identity/protocols/oauth2).
Komodo also supports self hosted Oauth2 providers like [Authentik](https://docs.goauthentik.io/docs/providers/oauth2/), [Gitea](https://docs.gitea.com/development/oauth2-provider) and [Keycloak](https://www.keycloak.org).
- Komodo uses the `web application` login flow.
- The redirect uri is:
- `<KOMODO_HOST>/auth/github/callback` for Github.
- `<KOMODO_HOST>/auth/google/callback` for Google.
- `<KOMODO_HOST>/auth/oidc/callback` for OIDC.
### Authentik
Check out the [Authentik official support documentation](https://integrations.goauthentik.io/infrastructure/komodo/).
### Keycloak
- Create an [OIDC client](https://www.keycloak.org/docs/latest/server_admin/index.html#proc-creating-oidc-client_server_administration_guide) in Keycloak.
- Note down the `Client ID` that you enter (e.g.: "komodo"), you will need it for Komodo configuration
- `Valid Redirect URIs`: use `<KOMODO_HOST>/auth/oidc/callback` and substitute `<KOMODO_HOST>` with your Komodo url.
- Turn `Client authentication` to `On`.
- After you finished creating the client, open it and go to `Credentials` tab and copy the `Client Secret`
- Edit your environment variables for komodo core docker container and set the following:
- `KOMODO_OIDC_ENABLED=true`
- `KOMODO_OIDC_PROVIDER=https://<your Keycloak url>/realms/master` or replace `master` with another realm if you don't want to use the default one
- `KOMODO_OIDC_CLIENT_ID=...` what you specified as `Client ID`
- `KOMODO_OIDC_CLIENT_SECRET=...` that you copied from Keycloak
### Mount a config file
If you prefer to keep sensitive information out of environment variables, you can optionally
write a config file on your host, and mount it to `/config/config.toml` in the Komodo core container.
The configuration can also be passed as **YAML** or **JSON**.
You can use the it-tools to convert this TOML file to your preferred format:
- YAML: https://it-tools.tech/toml-to-yaml
- JSON: https://it-tools.tech/toml-to-json
:::info
Configuration can still be passed in environment variables, and will take precedent over what is passed in the file.
:::
Quick download to `./komodo/core.config.toml`:
```bash
wget -P komodo https://raw.githubusercontent.com/moghtech/komodo/main/config/core.config.toml
```
```mdx-code-block
import RemoteCodeFile from "@site/src/components/RemoteCodeFile";
<RemoteCodeFile
title="https://github.com/moghtech/komodo/blob/main/config/core.config.toml"
url="https://raw.githubusercontent.com/moghtech/komodo/main/config/core.config.toml"
language="toml"
/>
```
View Git Blame Copy Permalink