github-starred/komodo
2
0
Fork 1
mirror of https://github.com/moghtech/komodo.git synced 2026-05-21 07:11:29 -05:00
Code Issues 5.5k Packages Projects Releases 104 Wiki Activity
Files
gh-pages-docs
komodo/docs/setup/advanced.html
mbecker20 13ac82daa1 Deploy website - based on 5c301020c1
2026-05-11 18:45:07 -07:00

78 lines
34 KiB
HTML
Raw Permalink Blame History

This file contains invisible Unicode characters
This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
<!doctype html>
<html lang="en" dir="ltr" class="docs-wrapper plugin-docs plugin-id-default docs-version-current docs-doc-page docs-doc-id-setup/advanced" data-has-hydrated="false">
<head>
<meta charset="UTF-8">
<meta name="generator" content="Docusaurus v3.9.2">
<title data-rh="true">Advanced Setup | Komodo</title><meta data-rh="true" name="viewport" content="width=device-width,initial-scale=1"><meta data-rh="true" name="twitter:card" content="summary_large_image"><meta data-rh="true" property="og:image" content="https://komo.do/img/monitor-lizard.png"><meta data-rh="true" name="twitter:image" content="https://komo.do/img/monitor-lizard.png"><meta data-rh="true" property="og:url" content="https://komo.do/docs/setup/advanced"><meta data-rh="true" property="og:locale" content="en"><meta data-rh="true" name="docusaurus_locale" content="en"><meta data-rh="true" name="docsearch:language" content="en"><meta data-rh="true" name="docusaurus_version" content="current"><meta data-rh="true" name="docusaurus_tag" content="docs-default-current"><meta data-rh="true" name="docsearch:version" content="current"><meta data-rh="true" name="docsearch:docusaurus_tag" content="docs-default-current"><meta data-rh="true" property="og:title" content="Advanced Setup | Komodo"><meta data-rh="true" name="description" content="Additional configuration options for Komodo Core and Periphery, including custom certificate authorities, OAuth/OIDC providers, and mounted config files."><meta data-rh="true" property="og:description" content="Additional configuration options for Komodo Core and Periphery, including custom certificate authorities, OAuth/OIDC providers, and mounted config files."><link data-rh="true" rel="icon" href="/img/favicon.ico"><link data-rh="true" rel="canonical" href="https://komo.do/docs/setup/advanced"><link data-rh="true" rel="alternate" href="https://komo.do/docs/setup/advanced" hreflang="en"><link data-rh="true" rel="alternate" href="https://komo.do/docs/setup/advanced" hreflang="x-default"><script data-rh="true" type="application/ld+json">{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Setup","item":"https://komo.do/docs/setup/"},{"@type":"ListItem","position":2,"name":"Advanced Setup","item":"https://komo.do/docs/setup/advanced"}]}</script><link rel="stylesheet" href="/assets/css/styles.1906ceb0.css">
<script src="/assets/js/runtime~main.e25d46da.js" defer="defer"></script>
<script src="/assets/js/main.0eb432bc.js" defer="defer"></script>
</head>
<body class="navigation-with-keyboard">
<svg style="display: none;"><defs>
<symbol id="theme-svg-external-link" viewBox="0 0 24 24"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"/></symbol>
</defs></svg>
<script>!function(){var t=function(){try{return new URLSearchParams(window.location.search).get("docusaurus-theme")}catch(t){}}()||function(){try{return window.localStorage.getItem("theme")}catch(t){}}();document.documentElement.setAttribute("data-theme",t||"light"),document.documentElement.setAttribute("data-theme-choice",t||"light")}(),function(){try{const c=new URLSearchParams(window.location.search).entries();for(var[t,e]of c)if(t.startsWith("docusaurus-data-")){var a=t.replace("docusaurus-data-","data-");document.documentElement.setAttribute(a,e)}}catch(t){}}()</script><div id="__docusaurus"><link rel="preload" as="image" href="/img/komodo-512x512.png"><div role="region" aria-label="Skip to main content"><a class="skipToContent_fXgn" href="#__docusaurus_skipToContent_fallback">Skip to main content</a></div><nav aria-label="Main" class="theme-layout-navbar navbar navbar--fixed-top navbarHideable_m1mJ"><div class="navbar__inner"><div class="theme-layout-navbar-left navbar__items"><button aria-label="Toggle navigation bar" aria-expanded="false" class="navbar__toggle clean-btn" type="button"><svg width="30" height="30" viewBox="0 0 30 30" aria-hidden="true"><path stroke="currentColor" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2" d="M4 7h22M4 15h22M4 23h22"></path></svg></button><a class="navbar__brand" href="/"><div class="navbar__logo"><img src="/img/komodo-512x512.png" alt="monitor lizard" class="themedComponent_mlkZ themedComponent--light_NVdE" width="32px"><img src="/img/komodo-512x512.png" alt="monitor lizard" class="themedComponent_mlkZ themedComponent--dark_xIcU" width="32px"></div><b class="navbar__title text--truncate">KOMODO</b></a><a aria-current="page" class="navbar__item navbar__link navbar__link--active" href="/docs/intro">Docs</a></div><div class="theme-layout-navbar-right navbar__items navbar__items--right"><a href="https://opencollective.com/komodo" target="_blank" rel="noopener noreferrer" class="navbar__item navbar__link">Donate<svg width="13.5" height="13.5" aria-label="(opens in new tab)" class="iconExternalLink_nPIU"><use href="#theme-svg-external-link"></use></svg></a><a href="https://docs.rs/komodo_client/latest/komodo_client" target="_blank" rel="noopener noreferrer" class="navbar__item navbar__link">Docs.rs<svg width="13.5" height="13.5" aria-label="(opens in new tab)" class="iconExternalLink_nPIU"><use href="#theme-svg-external-link"></use></svg></a><a href="https://github.com/moghtech/komodo" target="_blank" rel="noopener noreferrer" class="navbar__item navbar__link">GitHub<svg width="13.5" height="13.5" aria-label="(opens in new tab)" class="iconExternalLink_nPIU"><use href="#theme-svg-external-link"></use></svg></a><div class="toggle_vylO colorModeToggle_DEke"><button class="clean-btn toggleButton_gllP toggleButtonDisabled_aARS" type="button" disabled="" title="system mode" aria-label="Switch between dark and light mode (currently system mode)"><svg viewBox="0 0 24 24" width="24" height="24" aria-hidden="true" class="toggleIcon_g3eP lightToggleIcon_pyhR"><path fill="currentColor" d="M12,9c1.65,0,3,1.35,3,3s-1.35,3-3,3s-3-1.35-3-3S10.35,9,12,9 M12,7c-2.76,0-5,2.24-5,5s2.24,5,5,5s5-2.24,5-5 S14.76,7,12,7L12,7z M2,13l2,0c0.55,0,1-0.45,1-1s-0.45-1-1-1l-2,0c-0.55,0-1,0.45-1,1S1.45,13,2,13z M20,13l2,0c0.55,0,1-0.45,1-1 s-0.45-1-1-1l-2,0c-0.55,0-1,0.45-1,1S19.45,13,20,13z M11,2v2c0,0.55,0.45,1,1,1s1-0.45,1-1V2c0-0.55-0.45-1-1-1S11,1.45,11,2z M11,20v2c0,0.55,0.45,1,1,1s1-0.45,1-1v-2c0-0.55-0.45-1-1-1C11.45,19,11,19.45,11,20z M5.99,4.58c-0.39-0.39-1.03-0.39-1.41,0 c-0.39,0.39-0.39,1.03,0,1.41l1.06,1.06c0.39,0.39,1.03,0.39,1.41,0s0.39-1.03,0-1.41L5.99,4.58z M18.36,16.95 c-0.39-0.39-1.03-0.39-1.41,0c-0.39,0.39-0.39,1.03,0,1.41l1.06,1.06c0.39,0.39,1.03,0.39,1.41,0c0.39-0.39,0.39-1.03,0-1.41 L18.36,16.95z M19.42,5.99c0.39-0.39,0.39-1.03,0-1.41c-0.39-0.39-1.03-0.39-1.41,0l-1.06,1.06c-0.39,0.39-0.39,1.03,0,1.41 s1.03,0.39,1.41,0L19.42,5.99z M7.05,18.36c0.39-0.39,0.39-1.03,0-1.41c-0.39-0.39-1.03-0.39-1.41,0l-1.06,1.06 c-0.39,0.39-0.39,1.03,0,1.41s1.03,0.39,1.41,0L7.05,18.36z"></path></svg><svg viewBox="0 0 24 24" width="24" height="24" aria-hidden="true" class="toggleIcon_g3eP darkToggleIcon_wfgR"><path fill="currentColor" d="M9.37,5.51C9.19,6.15,9.1,6.82,9.1,7.5c0,4.08,3.32,7.4,7.4,7.4c0.68,0,1.35-0.09,1.99-0.27C17.45,17.19,14.93,19,12,19 c-3.86,0-7-3.14-7-7C5,9.07,6.81,6.55,9.37,5.51z M12,3c-4.97,0-9,4.03-9,9s4.03,9,9,9s9-4.03,9-9c0-0.46-0.04-0.92-0.1-1.36 c-0.98,1.37-2.58,2.26-4.4,2.26c-2.98,0-5.4-2.42-5.4-5.4c0-1.81,0.89-3.42,2.26-4.4C12.92,3.04,12.46,3,12,3L12,3z"></path></svg><svg viewBox="0 0 24 24" width="24" height="24" aria-hidden="true" class="toggleIcon_g3eP systemToggleIcon_QzmC"><path fill="currentColor" d="m12 21c4.971 0 9-4.029 9-9s-4.029-9-9-9-9 4.029-9 9 4.029 9 9 9zm4.95-13.95c1.313 1.313 2.05 3.093 2.05 4.95s-0.738 3.637-2.05 4.95c-1.313 1.313-3.093 2.05-4.95 2.05v-14c1.857 0 3.637 0.737 4.95 2.05z"></path></svg></button></div><div class="navbarSearchContainer_Bca1"><div class="navbar__search searchBarContainer_NW3z" dir="ltr"><input placeholder="Search" aria-label="Search" class="navbar__search-input searchInput_YFbd" value=""><div class="loadingRing_RJI3 searchBarLoadingRing_YnHq"><div></div><div></div><div></div><div></div></div></div></div></div></div><div role="presentation" class="navbar-sidebar__backdrop"></div></nav><div id="__docusaurus_skipToContent_fallback" class="theme-layout-main main-wrapper mainWrapper_z2l0"><div class="docsWrapper_hBAB"><button aria-label="Scroll back to top" class="clean-btn theme-back-to-top-button backToTopButton_sjWU" type="button"></button><div class="docRoot_UBD9"><aside class="theme-doc-sidebar-container docSidebarContainer_YfHR"><div class="sidebarViewport_aRkj"><div class="sidebar_njMd sidebarWithHideableNavbar_wUlq"><a tabindex="-1" class="sidebarLogo_isFc" href="/"><img src="/img/komodo-512x512.png" alt="monitor lizard" class="themedComponent_mlkZ themedComponent--light_NVdE" width="32px"><img src="/img/komodo-512x512.png" alt="monitor lizard" class="themedComponent_mlkZ themedComponent--dark_xIcU" width="32px"><b>KOMODO</b></a><nav aria-label="Docs sidebar" class="menu thin-scrollbar menu_SIkG"><ul class="theme-doc-sidebar-menu menu__list"><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-1 menu__list-item"><a class="menu__link" href="/docs/intro"><span title="What is Komodo?" class="linkLabel_WmDU">What is Komodo?</span></a></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item"><div class="menu__list-item-collapsible"><a class="categoryLink_byQd menu__link menu__link--sublist menu__link--active" href="/docs/setup"><span title="Setup" class="categoryLinkLabel_W154">Setup</span></a><button aria-label="Collapse sidebar category &#x27;Setup&#x27;" aria-expanded="true" type="button" class="clean-btn menu__caret"></button></div><ul class="menu__list"><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/setup/mongo"><span title="MongoDB" class="linkLabel_WmDU">MongoDB</span></a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/setup/ferretdb"><span title="FerretDB" class="linkLabel_WmDU">FerretDB</span></a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link menu__link--active" aria-current="page" tabindex="0" href="/docs/setup/advanced"><span title="Advanced Setup" class="linkLabel_WmDU">Advanced Setup</span></a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/setup/connect-servers"><span title="Connect More Servers" class="linkLabel_WmDU">Connect More Servers</span></a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/setup/backup"><span title="Backup and Restore" class="linkLabel_WmDU">Backup and Restore</span></a></li></ul></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-1 menu__list-item"><a class="menu__link" href="/docs/resources"><span title="Resources" class="linkLabel_WmDU">Resources</span></a></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="categoryLink_byQd menu__link menu__link--sublist menu__link--sublist-caret" role="button" aria-expanded="false" href="/docs/deploy/compose"><span title="Deploy" class="categoryLinkLabel_W154">Deploy</span></a></div></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-1 menu__list-item"><a class="menu__link" href="/docs/swarm"><span title="Swarm" class="linkLabel_WmDU">Swarm</span></a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-1 menu__list-item"><a class="menu__link" href="/docs/terminals"><span title="Terminals" class="linkLabel_WmDU">Terminals</span></a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-1 menu__list-item"><a class="menu__link" href="/docs/build"><span title="Build" class="linkLabel_WmDU">Build</span></a></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="categoryLink_byQd menu__link menu__link--sublist menu__link--sublist-caret" role="button" aria-expanded="false" href="/docs/automate/procedures"><span title="Automate" class="categoryLinkLabel_W154">Automate</span></a></div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="categoryLink_byQd menu__link menu__link--sublist menu__link--sublist-caret" role="button" aria-expanded="false" href="/docs/configuration/providers"><span title="Configuration" class="categoryLinkLabel_W154">Configuration</span></a></div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="categoryLink_byQd menu__link menu__link--sublist" href="/docs/ecosystem"><span title="Ecosystem" class="categoryLinkLabel_W154">Ecosystem</span></a><button aria-label="Expand sidebar category &#x27;Ecosystem&#x27;" aria-expanded="false" type="button" class="clean-btn menu__caret"></button></div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="categoryLink_byQd menu__link menu__link--sublist menu__link--sublist-caret" role="button" aria-expanded="false" href="/docs/releases/v2.0.0"><span title="Releases" class="categoryLinkLabel_W154">Releases</span></a></div></li></ul></nav></div></div></aside><main class="docMainContainer_TBSr"><div class="container padding-top--md padding-bottom--lg"><div class="row"><div class="col docItemCol_VOVn"><div class="docItemContainer_Djhp"><article><nav class="theme-doc-breadcrumbs breadcrumbsContainer_Z_bl" aria-label="Breadcrumbs"><ul class="breadcrumbs"><li class="breadcrumbs__item"><a aria-label="Home page" class="breadcrumbs__link" href="/"><svg viewBox="0 0 24 24" class="breadcrumbHomeIcon_YNFT"><path d="M10 19v-5h4v5c0 .55.45 1 1 1h3c.55 0 1-.45 1-1v-7h1.7c.46 0 .68-.57.33-.87L12.67 3.6c-.38-.34-.96-.34-1.34 0l-8.36 7.53c-.34.3-.13.87.33.87H5v7c0 .55.45 1 1 1h3c.55 0 1-.45 1-1z" fill="currentColor"></path></svg></a></li><li class="breadcrumbs__item"><a class="breadcrumbs__link" href="/docs/setup"><span>Setup</span></a></li><li class="breadcrumbs__item breadcrumbs__item--active"><span class="breadcrumbs__link">Advanced Setup</span></li></ul></nav><div class="tocCollapsible_ETCw theme-doc-toc-mobile tocMobile_ITEo"><button type="button" class="clean-btn tocCollapsibleButton_TO0P">On this page</button></div><div class="theme-doc-markdown markdown"><header><h1>Advanced Setup</h1></header>
<p>Additional configuration options for Komodo Core and Periphery, including custom certificate authorities, OAuth/OIDC providers, and mounted config files.</p>
<h2 class="anchor anchorTargetHideOnScrollNavbar_vjPI" id="custom-certificate-authorities">Custom Certificate Authorities<a href="#custom-certificate-authorities" class="hash-link" aria-label="Direct link to Custom Certificate Authorities" title="Direct link to Custom Certificate Authorities" translate="no"></a></h2>
<p>In order to communicate with companion services on private networks,
such as OIDC and git providers,
<strong>Komodo Core and Periphery may both need to trust one or more custom CAs</strong>.</p>
<p><strong>Starting in V2</strong>, Both the Komodo Core and Periphery images will automatically <code>update-ca-certificates</code> on startup,
just mount any required root certificates inside <code>/usr/local/share/ca-certificates</code>:</p>
<div class="language-yaml codeBlockContainer_Ckt0 theme-code-block" style="--prism-background-color:hsl(230, 1%, 98%);--prism-color:hsl(230, 8%, 24%)"><div class="codeBlockContent_QJqH"><pre tabindex="0" class="prism-code language-yaml codeBlock_bY9V thin-scrollbar" style="background-color:hsl(230, 1%, 98%);color:hsl(230, 8%, 24%)"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:hsl(230, 8%, 24%)"><span class="token plain"> </span><span class="token key atrule" style="color:hsl(35, 99%, 36%)">volumes</span><span class="token punctuation" style="color:hsl(119, 34%, 47%)">:</span><span class="token plain"></span><br></span><span class="token-line" style="color:hsl(230, 8%, 24%)"><span class="token plain"> </span><span class="token comment" style="color:hsl(230, 4%, 64%)">## ... (unchanged)</span><span class="token plain"></span><br></span><span class="token-line" style="color:hsl(230, 8%, 24%)"><span class="token plain"> </span><span class="token comment" style="color:hsl(230, 4%, 64%)">## Mount custom root CA certificates to trust individually</span><span class="token plain"></span><br></span><span class="token-line" style="color:hsl(230, 8%, 24%)"><span class="token plain"> </span><span class="token punctuation" style="color:hsl(119, 34%, 47%)">-</span><span class="token plain"> /path/to/root_ca1.crt</span><span class="token punctuation" style="color:hsl(119, 34%, 47%)">:</span><span class="token plain">/usr/local/share/ca</span><span class="token punctuation" style="color:hsl(119, 34%, 47%)">-</span><span class="token plain">certificates/root_ca1.crt</span><br></span><span class="token-line" style="color:hsl(230, 8%, 24%)"><span class="token plain"> </span><span class="token punctuation" style="color:hsl(119, 34%, 47%)">-</span><span class="token plain"> /path/to/root_ca2.crt</span><span class="token punctuation" style="color:hsl(119, 34%, 47%)">:</span><span class="token plain">/usr/local/share/ca</span><span class="token punctuation" style="color:hsl(119, 34%, 47%)">-</span><span class="token plain">certificates/root_ca2.crt</span><br></span><span class="token-line" style="color:hsl(230, 8%, 24%)"><span class="token plain"> </span><span class="token comment" style="color:hsl(230, 4%, 64%)">## OR the whole folder is fine too.</span><span class="token plain"></span><br></span><span class="token-line" style="color:hsl(230, 8%, 24%)"><span class="token plain"> </span><span class="token punctuation" style="color:hsl(119, 34%, 47%)">-</span><span class="token plain"> /path/to/custom</span><span class="token punctuation" style="color:hsl(119, 34%, 47%)">-</span><span class="token plain">certs</span><span class="token punctuation" style="color:hsl(119, 34%, 47%)">:</span><span class="token plain">/usr/local/share/ca</span><span class="token punctuation" style="color:hsl(119, 34%, 47%)">-</span><span class="token plain">certificates</span><br></span></code></pre></div></div>
<h2 class="anchor anchorTargetHideOnScrollNavbar_vjPI" id="oidc--oauth2">OIDC / OAuth2<a href="#oidc--oauth2" class="hash-link" aria-label="Direct link to OIDC / OAuth2" title="Direct link to OIDC / OAuth2" translate="no"></a></h2>
<p>To enable OAuth2 login, you must create a client on the respective OAuth provider,
for example <a href="https://docs.github.com/en/apps/oauth-apps/building-oauth-apps/creating-an-oauth-app" target="_blank" rel="noopener noreferrer" class="">GitHub</a>
or <a href="https://developers.google.com/identity/protocols/oauth2" target="_blank" rel="noopener noreferrer" class="">Google</a>.</p>
<p>Komodo also supports self hosted OAuth2 providers like <a href="https://docs.goauthentik.io/docs/providers/oauth2/" target="_blank" rel="noopener noreferrer" class="">Authentik</a>, <a href="https://docs.gitea.com/development/oauth2-provider" target="_blank" rel="noopener noreferrer" class="">Gitea</a> and <a href="https://www.keycloak.org" target="_blank" rel="noopener noreferrer" class="">Keycloak</a>.</p>
<ul>
<li class="">Komodo uses the <code>web application</code> login flow.</li>
<li class="">The redirect uri is:<!-- -->
<ul>
<li class=""><code>&lt;KOMODO_HOST&gt;/auth/github/callback</code> for GitHub.</li>
<li class=""><code>&lt;KOMODO_HOST&gt;/auth/google/callback</code> for Google.</li>
<li class=""><code>&lt;KOMODO_HOST&gt;/auth/oidc/callback</code> for OIDC.</li>
</ul>
</li>
</ul>
<h3 class="anchor anchorTargetHideOnScrollNavbar_vjPI" id="authentik">Authentik<a href="#authentik" class="hash-link" aria-label="Direct link to Authentik" title="Direct link to Authentik" translate="no"></a></h3>
<p>Check out the <a href="https://integrations.goauthentik.io/infrastructure/komodo/" target="_blank" rel="noopener noreferrer" class="">Authentik integration docs</a>.</p>
<h3 class="anchor anchorTargetHideOnScrollNavbar_vjPI" id="keycloak">Keycloak<a href="#keycloak" class="hash-link" aria-label="Direct link to Keycloak" title="Direct link to Keycloak" translate="no"></a></h3>
<ul>
<li class="">Create an <a href="https://www.keycloak.org/docs/latest/server_admin/index.html#proc-creating-oidc-client_server_administration_guide" target="_blank" rel="noopener noreferrer" class="">OIDC client</a> in Keycloak.<!-- -->
<ul>
<li class="">Note down the <code>Client ID</code> that you enter (e.g.: &quot;komodo&quot;), you will need it for Komodo configuration</li>
<li class=""><code>Valid Redirect URIs</code>: use <code>&lt;KOMODO_HOST&gt;/auth/oidc/callback</code> and substitute <code>&lt;KOMODO_HOST&gt;</code> with your Komodo url.</li>
<li class="">Turn <code>Client authentication</code> to <code>On</code>.</li>
<li class="">After you finished creating the client, open it and go to <code>Credentials</code> tab and copy the <code>Client Secret</code></li>
</ul>
</li>
<li class="">Edit your environment variables for komodo core docker container and set the following:<!-- -->
<ul>
<li class=""><code>KOMODO_OIDC_ENABLED=true</code></li>
<li class=""><code>KOMODO_OIDC_PROVIDER=https://&lt;your Keycloak url&gt;/realms/master</code> or replace <code>master</code> with another realm if you don&#x27;t want to use the default one</li>
<li class=""><code>KOMODO_OIDC_CLIENT_ID=...</code> what you specified as <code>Client ID</code></li>
<li class=""><code>KOMODO_OIDC_CLIENT_SECRET=...</code> that you copied from Keycloak</li>
</ul>
</li>
</ul>
<h2 class="anchor anchorTargetHideOnScrollNavbar_vjPI" id="limit-periphery-ips">Limit Periphery IPs<a href="#limit-periphery-ips" class="hash-link" aria-label="Direct link to Limit Periphery IPs" title="Direct link to Limit Periphery IPs" translate="no"></a></h2>
<p>If using a reverse proxy with Komodo Core, you can limit the IPs which can connect to the Periphery endpoint. For example with Caddy:</p>
<div class="language-nginx codeBlockContainer_Ckt0 theme-code-block" style="--prism-background-color:hsl(230, 1%, 98%);--prism-color:hsl(230, 8%, 24%)"><div class="codeBlockContent_QJqH"><pre tabindex="0" class="prism-code language-nginx codeBlock_bY9V thin-scrollbar" style="background-color:hsl(230, 1%, 98%);color:hsl(230, 8%, 24%)"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:hsl(230, 8%, 24%)"><span class="token plain">(reject-ips) </span><span class="token punctuation" style="color:hsl(119, 34%, 47%)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:hsl(230, 8%, 24%)"><span class="token plain"> @externalIp not remote_ip 192.168.0.0/16 12.34.56.78/32</span><br></span><span class="token-line" style="color:hsl(230, 8%, 24%)"><span class="token plain"> respond @externalIp 403</span><br></span><span class="token-line" style="color:hsl(230, 8%, 24%)"><span class="token plain"></span><span class="token punctuation" style="color:hsl(119, 34%, 47%)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:hsl(230, 8%, 24%)"><span class="token plain" style="display:inline-block"></span><br></span><span class="token-line" style="color:hsl(230, 8%, 24%)"><span class="token plain"></span><span class="token directive keyword" style="color:hsl(301, 63%, 40%)">komodo.example.com</span><span class="token plain"> </span><span class="token punctuation" style="color:hsl(119, 34%, 47%)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:hsl(230, 8%, 24%)"><span class="token plain"> </span><span class="token directive keyword" style="color:hsl(301, 63%, 40%)">handle</span><span class="token directive"> /ws/periphery</span><span class="token plain"> </span><span class="token punctuation" style="color:hsl(119, 34%, 47%)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:hsl(230, 8%, 24%)"><span class="token plain"> import reject-ips</span><br></span><span class="token-line" style="color:hsl(230, 8%, 24%)"><span class="token plain"> reverse_proxy komodo-core:9120</span><br></span><span class="token-line" style="color:hsl(230, 8%, 24%)"><span class="token plain"> </span><span class="token punctuation" style="color:hsl(119, 34%, 47%)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:hsl(230, 8%, 24%)"><span class="token plain"> </span><span class="token directive keyword" style="color:hsl(301, 63%, 40%)">handle</span><span class="token plain"> </span><span class="token punctuation" style="color:hsl(119, 34%, 47%)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:hsl(230, 8%, 24%)"><span class="token plain"> reverse_proxy komodo-core:9120</span><br></span><span class="token-line" style="color:hsl(230, 8%, 24%)"><span class="token plain"> </span><span class="token punctuation" style="color:hsl(119, 34%, 47%)">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:hsl(230, 8%, 24%)"><span class="token plain"></span><span class="token punctuation" style="color:hsl(119, 34%, 47%)">}</span><br></span></code></pre></div></div>
<div class="theme-admonition theme-admonition-note admonition_xJq3 alert alert--secondary"><div class="admonitionHeading_Gvgb"><span class="admonitionIcon_Rf37"><svg viewBox="0 0 14 16"><path fill-rule="evenodd" d="M6.3 5.69a.942.942 0 0 1-.28-.7c0-.28.09-.52.28-.7.19-.18.42-.28.7-.28.28 0 .52.09.7.28.18.19.28.42.28.7 0 .28-.09.52-.28.7a1 1 0 0 1-.7.3c-.28 0-.52-.11-.7-.3zM8 7.99c-.02-.25-.11-.48-.31-.69-.2-.19-.42-.3-.69-.31H6c-.27.02-.48.13-.69.31-.2.2-.3.44-.31.69h1v3c.02.27.11.5.31.69.2.2.42.31.69.31h1c.27 0 .48-.11.69-.31.2-.19.3-.42.31-.69H8V7.98v.01zM7 2.3c-3.14 0-5.7 2.54-5.7 5.68 0 3.14 2.56 5.7 5.7 5.7s5.7-2.55 5.7-5.7c0-3.15-2.56-5.69-5.7-5.69v.01zM7 .98c3.86 0 7 3.14 7 7s-3.14 7-7 7-7-3.12-7-7 3.14-7 7-7z"></path></svg></span>note</div><div class="admonitionContent_BuS1"><p>Your reverse proxy should set <code>X-FORWARDED-HOST</code> header to your Komodo Core domain, which caddy does by default.</p></div></div>
<h2 class="anchor anchorTargetHideOnScrollNavbar_vjPI" id="mount-a-config-file">Mount a Config File<a href="#mount-a-config-file" class="hash-link" aria-label="Direct link to Mount a Config File" title="Direct link to Mount a Config File" translate="no"></a></h2>
<p>If you prefer to keep sensitive information out of environment variables, you can optionally
write a config file on your host, and mount it to <code>/config/config.toml</code> in the Komodo core container.</p>
<p>The configuration can also be passed as <strong>YAML</strong> or <strong>JSON</strong>.
You can use it-tools to convert this TOML file to your preferred format:</p>
<ul>
<li class="">YAML: <a href="https://it-tools.tech/toml-to-yaml" target="_blank" rel="noopener noreferrer" class="">https://it-tools.tech/toml-to-yaml</a></li>
<li class="">JSON: <a href="https://it-tools.tech/toml-to-json" target="_blank" rel="noopener noreferrer" class="">https://it-tools.tech/toml-to-json</a></li>
</ul>
<div class="theme-admonition theme-admonition-info admonition_xJq3 alert alert--info"><div class="admonitionHeading_Gvgb"><span class="admonitionIcon_Rf37"><svg viewBox="0 0 14 16"><path fill-rule="evenodd" d="M7 2.3c3.14 0 5.7 2.56 5.7 5.7s-2.56 5.7-5.7 5.7A5.71 5.71 0 0 1 1.3 8c0-3.14 2.56-5.7 5.7-5.7zM7 1C3.14 1 0 4.14 0 8s3.14 7 7 7 7-3.14 7-7-3.14-7-7-7zm1 3H6v5h2V4zm0 6H6v2h2v-2z"></path></svg></span>info</div><div class="admonitionContent_BuS1"><p>Configuration can still be passed in environment variables, and will take precedent over what is passed in the file.</p></div></div>
<p>Quick download to <code>./komodo/core.config.toml</code>:</p>
<div class="language-bash codeBlockContainer_Ckt0 theme-code-block" style="--prism-background-color:hsl(230, 1%, 98%);--prism-color:hsl(230, 8%, 24%)"><div class="codeBlockContent_QJqH"><pre tabindex="0" class="prism-code language-bash codeBlock_bY9V thin-scrollbar" style="background-color:hsl(230, 1%, 98%);color:hsl(230, 8%, 24%)"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:hsl(230, 8%, 24%)"><span class="token function" style="color:hsl(221, 87%, 60%)">wget</span><span class="token plain"> </span><span class="token parameter variable" style="color:hsl(221, 87%, 60%)">-P</span><span class="token plain"> komodo https://raw.githubusercontent.com/moghtech/komodo/main/config/core.config.toml</span><br></span></code></pre></div></div>
<!-- -->
<div class="language-toml codeBlockContainer_Ckt0 theme-code-block" style="--prism-background-color:hsl(230, 1%, 98%);--prism-color:hsl(230, 8%, 24%)"><div class="codeBlockTitle_OeMC">https://github.com/moghtech/komodo/blob/main/config/core.config.toml</div><div class="codeBlockContent_QJqH"><pre tabindex="0" class="prism-code language-toml codeBlock_bY9V thin-scrollbar" style="background-color:hsl(230, 1%, 98%);color:hsl(230, 8%, 24%)"><code class="codeBlockLines_e6Vv codeBlockLinesWithNumbering_o6Pm" style="counter-reset:line-count 0"><span class="token-line codeLine_lJS_" style="color:hsl(230, 8%, 24%)"><span class="codeLineNumber_Tfdd"></span><span class="codeLineContent_feaV"><span class="token plain" style="display:inline-block"></span></span><br></span></code></pre></div></div></div><footer class="theme-doc-footer docusaurus-mt-lg"><div class="row margin-top--sm theme-doc-footer-edit-meta-row"><div class="col noPrint_WFHX"><a href="https://github.com/moghtech/komodo/tree/main/docsite/docs/setup/advanced.mdx" target="_blank" rel="noopener noreferrer" class="theme-edit-this-page"><svg fill="currentColor" height="20" width="20" viewBox="0 0 40 40" class="iconEdit_Z9Sw" aria-hidden="true"><g><path d="m34.5 11.7l-3 3.1-6.3-6.3 3.1-3q0.5-0.5 1.2-0.5t1.1 0.5l3.9 3.9q0.5 0.4 0.5 1.1t-0.5 1.2z m-29.5 17.1l18.4-18.5 6.3 6.3-18.4 18.4h-6.3v-6.2z"></path></g></svg>Edit this page</a></div><div class="col lastUpdated_JAkA"></div></div></footer></article><nav class="docusaurus-mt-lg pagination-nav" aria-label="Docs pages"><a class="pagination-nav__link pagination-nav__link--prev" href="/docs/setup/ferretdb"><div class="pagination-nav__sublabel">Previous</div><div class="pagination-nav__label">FerretDB</div></a><a class="pagination-nav__link pagination-nav__link--next" href="/docs/setup/connect-servers"><div class="pagination-nav__sublabel">Next</div><div class="pagination-nav__label">Connect More Servers</div></a></nav></div></div><div class="col col--3"><div class="tableOfContents_bqdL thin-scrollbar theme-doc-toc-desktop"><ul class="table-of-contents table-of-contents__left-border"><li><a href="#custom-certificate-authorities" class="table-of-contents__link toc-highlight">Custom Certificate Authorities</a></li><li><a href="#oidc--oauth2" class="table-of-contents__link toc-highlight">OIDC / OAuth2</a><ul><li><a href="#authentik" class="table-of-contents__link toc-highlight">Authentik</a></li><li><a href="#keycloak" class="table-of-contents__link toc-highlight">Keycloak</a></li></ul></li><li><a href="#limit-periphery-ips" class="table-of-contents__link toc-highlight">Limit Periphery IPs</a></li><li><a href="#mount-a-config-file" class="table-of-contents__link toc-highlight">Mount a Config File</a></li></ul></div></div></div></div></main></div></div></div><footer class="theme-layout-footer footer footer--dark"><div class="container container-fluid"><div class="row footer__links"><div class="theme-layout-footer-column col footer__col"><div class="footer__title">Docs</div><ul class="footer__items clean-list"><li class="footer__item"><a class="footer__link-item" href="/docs/intro">Getting Started</a></li><li class="footer__item"><a class="footer__link-item" href="/docs/setup">Setup</a></li><li class="footer__item"><a class="footer__link-item" href="/docs/resources">Resources</a></li></ul></div><div class="theme-layout-footer-column col footer__col"><div class="footer__title">Ecosystem</div><ul class="footer__items clean-list"><li class="footer__item"><a class="footer__link-item" href="/docs/ecosystem/cli">CLI</a></li><li class="footer__item"><a class="footer__link-item" href="/docs/ecosystem/api">API</a></li><li class="footer__item"><a class="footer__link-item" href="/docs/ecosystem/community">Community</a></li></ul></div><div class="theme-layout-footer-column col footer__col"><div class="footer__title">Project</div><ul class="footer__items clean-list"><li class="footer__item"><a href="https://github.com/moghtech/komodo" target="_blank" rel="noopener noreferrer" class="footer__link-item">GitHub<svg width="13.5" height="13.5" aria-label="(opens in new tab)" class="iconExternalLink_nPIU"><use href="#theme-svg-external-link"></use></svg></a></li><li class="footer__item"><a href="https://opencollective.com/komodo" target="_blank" rel="noopener noreferrer" class="footer__link-item">Donate<svg width="13.5" height="13.5" aria-label="(opens in new tab)" class="iconExternalLink_nPIU"><use href="#theme-svg-external-link"></use></svg></a></li><li class="footer__item"><a href="https://demo.komo.do" target="_blank" rel="noopener noreferrer" class="footer__link-item">Demo<svg width="13.5" height="13.5" aria-label="(opens in new tab)" class="iconExternalLink_nPIU"><use href="#theme-svg-external-link"></use></svg></a></li></ul></div></div><div class="footer__bottom text--center"><div class="footer__copyright">© 2026 Mogh Technologies Inc. Licensed under GPL-3.0</div></div></div></footer></div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink