Conversation
|
Closes #3001 |
|
There were some changes in |
|
Still not in Alpine 3.18 unfortunately #5383 |
|
What is the plan during the installation process? Is the expectation that the admin picks "HTTP Auth"? |
|
All good @aaronschif ? |
Only enable the Apache auth_openidc module when actually used Fix FreshRSS#5460 Follow-up of FreshRSS#5351
* Add OIDC * Update documentation. * Update apache conf adding IfModule * Use IfDefine for OIDC in apache conf * Fix non-oidc support * Fix typing * Use IfDefine to enable OIDC * Add OIDC support to all dockerfiles * Re add apache Require option * Fixes and documentation * A few more fixes * A bit more doc * Change type of environment variable * Update readme * Correct apache config for OIDC support. * Fix README formatting * Update oidc control path * Fix oidc endpoint being cached * A bit more review * Simplify ExpiresActive * Add session refresh and improve caching * Allow more different setups * A bit more documentation * A bit more readme --------- Co-authored-by: Aaron Schif <aschif@netdevgroup.com> Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr> Co-authored-by: maTh <math-home@web.de>
Only enable the Apache auth_openidc module when actually used Fix FreshRSS#5460 Follow-up of FreshRSS#5351
|
OpenID doesn't seem to work with Docker. The problem: I couldn't find anyway to login using OpenID from FreshRSS login panel. The default username and password text-boxes only accept locally created users from the DB. Usually in apps that support OIDC, once enabling the feature, a link is shown in the login panel to "Login with OpenID". There was nothing of that sort in FreshRSS frontend. I didn't test with manually running an apache instance, but I ended up switching to Miniflux with the same Authentik provider setup that was intended for FreshRSS (Using the same environment variable values) and it worked flawlessly. I'll keep using Miniflux for now, just thought you might wanna know, since I haven't seen anyone testing it. Good luck. |
|
@Hani-K Did you use the |
|
@Alkarex I did try with the edge branch and it didn't work for me at all, I ran into a series of problems. After setting all environment variables as in the documentation, I keep getting the following error:
After a few seconds, the container loses network connection and keeps runing without an IP. I found this #5611, and I realized the issue must be triggered by using portainer, so I created the container manually. The log was still showing that the issue wasn't completely solved:
But at least the container stays connected to the network. Then I hit another error: Authentik wasn't accepting the callback/redirect link:
I was using https://<mydomain.tld>/i/oidc/ I tried re-running the whole thing with NginX conf to see if it was setup to only run that way. I started getting header request errors, which I did pass using Nginx. I did look into @Frenzie's suggestion: But that didn't seem to be the issue. At this point, I started looking for alternatives. P.S. In FreshRSS OIDC documentation, there is no mention of using the edge branch to get the feature, which I realized after a good while of testing. Maybe it should be mentioned there since the default installation is "latest". |
|
Additional discussion and troubleshooting: #5684 |
Fixed in #5733 |
* delete theme BlueLagoon * delete theme Screwdriver * phpstan level 7 for feedController.php (#5373) * phpstan level 7 for feedController.php * phpstan level 7 for feedController.php * phpstan level 7 for feedController.php * phpstan level 7 for feedController.php * A few fixes --------- Co-authored-by: Luc <sanchezluc+freshrss@gmail.com> Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr> * phpstan level 7 for updateController.php (#5376) * phpstan level 7 for updateController.php * phpstan level 7 for updateController.php * Minor array syntax --------- Co-authored-by: Luc <sanchezluc+freshrss@gmail.com> Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr> * docs: language table added (#5375) * docs: language table added * Update 05_Configuration.md * Update 05_Configuration.md * french docs * Unicode quote and a few fixes (Same search&replace aslo applied to a few other files) --------- Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr> * Share in anonymous mode (#5261) #fix #5248 Co-authored-by: maTh <math-home@web.de> * Minor development config fixes (#5379) * Add compatibility with MacOS for `paste` command * Addition to .editorconfig * Fix markAsReadUponGone (#5382) Fix regression from #5315 which indroduced a bug for cached feeds. We now update the `lastSeen` property of entries to account for the fact that they are unchanged but still existing. * phpstan level 7 for indexController.php (#5384) Co-authored-by: Luc <sanchezluc+freshrss@gmail.com> * Improved: "Mark an article as read…" text area. Added a link to the documentation (#5349) * i18n * Update sub.php * Update app/i18n/fr/sub.php Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr> * fix target="_blank" --------- Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr> * Update Docker image Alpine 3.18 (#5383) https://alpinelinux.org/posts/Alpine-3.18.0-released.html Minor updates with Apache 2.4.57 and PHP 8.1.19 * Docs: delete 04_Changing_source_code.md (#5391) * delete 04_Changing_source_code.md * make pot --------- Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr> * Typed view model classes (#5380) * Typed view model classes * Add ability to provide a typed view model class to a controller * Use `::class` instead of string for referring to classes * Examplified with `stats` and `javascript` controllers / views (more to do) * Also useful for extensions (my usecase today), which did not have the ability to define own view model attributes before. * Typo * A few additional PHPStan rules (#5388) A subset of https://github.com/phpstan/phpstan-strict-rules * Improved: Install process: give more infos (#5350) * comments added for each step * infos about FreshRSS added in first step * Remove reference to Kriss and Leed from install page I do not find that informative, and quite confusing. Moved to readme instead. --------- Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr> * PHPMailer 6.8.0 (#5389) * PHPMailer 6.8.0 https://github.com/PHPMailer/PHPMailer/releases/tag/v6.8.0 https://github.com/PHPMailer/PHPMailer/releases * Exclude unused DSNConfigurator * fix: docs: array syntax (#5392) * Link configuration to proper parameter (#5394) Before, the system configuration was linked to the user parameter while the user configuration was linked to the system parameter. This was an issue when trying to retrieve some kind of configuration value in an extension. Now, the configurations are properly linked to their parameters. * PHPStan Level 7 for Share userController logs_pagination (#5393) * fix: "for" attribute in config display (#5398) * move darkMode_auto from body to html root (#5397) * CSS: refactor of a.btn (#5401) * Fix logs pagination (#5403) * Fix logs pagination Regression from #5269 * Add better default * PHPStan Level 7 for Minz_Request, FreshRSS_Feed, Minz_Error (#5400) * PHPStan Level 7 for Minz_Request * PHPStan Level 7 for FreshRSS_Feed * PHPStan Level 7 for Minz_Error * Fix again updateLastSeenUnchanged (#5404) * Fix again updateLastSeenUnchanged #5382 was not good enough to fix markAsReadUponGone and introduced a regression in `entry.lastSeen`. New approach. Follow-up of #5315 * Minor change of mind * Fix handling of lastSeen entry.lastSeen was not always correctly initialised, and sometimes overriden * Remove debug line Forgotten from #5404 * Avoid falsy guid (#5412) Whitespace strings, empty strings, 0 are all problematic when working with GUIDs. so avoid them. * PHPStan Level 7 complete (#5406) * PHPStan Level 7 complete * Start PHPStan Level 8 * Forgot exclude .phtml * Fix favicon fetching while using proxies (#5421) * Fix favicon fetching while using proxies This ensures that if curl_options are defined in config.php, those settings are respected while fetching favicons. Fixes #4951 * Change options priority * Credits keep alphabticorder --------- Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr> * Fixed: i18n extensions: 'en' as fallback (#5426) * Update Translate.php * Small improvements --------- Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr> * Improve Dev Container (#5423) * Improve Dev Container PHPStan was failing in Dev Container * Update Docker to Alpine Linux 3.18 * New DATA_PATH environment variable * README * Update of Spanish translation (#5408) * Update admin.php Update Spanish * Update conf.php Spanish update * Fix --------- Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr> * Linkding share now passes title #5432 (#5433) * phpstan-8 typehinting (#5429) Co-authored-by: Luc <sanchezluc+freshrss@gmail.com> * Forgotten debug line #5404 * phpstan-9 for Share.php (#5431) * phpstan 9 for Search.php phpstan 9 for Share.php * phpstan-9 for Search.php * Better consistency for search results --------- Co-authored-by: Luc <sanchezluc+freshrss@gmail.com> Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr> * Pull request of spanish translation (#5436) * Update sub.php Update spanish translation * Update conf.php Update Spanish translation * Update gen.php Update spanish translation * Update index.php Update spanish translation * Update admin.php update spanish translation * Fix ignore --------- Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr> * improved background colors (#5437) * phpstan-8 for category class (#5434) * phpstan-8 for category class * Another approach to nullable #5434 (comment) --------- Co-authored-by: Luc <sanchezluc+freshrss@gmail.com> Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr> * Docker example of PostgreSQL tuning (#5446) Provide example of how to easily tune selected PostgreSQL settings https://wiki.postgresql.org/wiki/Tuning_Your_PostgreSQL_Server * Update SECURITY.md (#5448) Link to GitHub security advisory process + PGP key * fix: new article banner in Ansum/mapco theme (#5453) * fix * rtl * Update dark theme css to lower brightness to all icons (#5439) * Update dark.css to lower brightness to all icons * Update dark.rtl.css to lower brightness to all icons * re-add p.help .icon * re-add p.help .icon * Remove core extensions Google Groups and Tumblr (#5457) * Remove core extensions Google Groups and Tumblr * Google Groups seems to have remove support for RSS/ATOM #2838 (see e.g. https://www.theregister.com/2021/08/16/google_groups_rss/ ) * Tumblr seems to have fixed their RSS/ATOM post-GDPR #1924 So for both of thems, the extensions have become irrelevant. * Cleaning * Clarify that maximum number to keep is per feed (#5458) * Clarify that maximum number to keep is per feed Signed-off-by: Christian König <ckoenig@posteo.de> * Append //DIRTY Signed-off-by: Christian König <ckoenig@posteo.de> * make fix-all * Revert wrong whitespace * Amend Credits.md Signed-off-by: Christian König <ckoenig@posteo.de> --------- Signed-off-by: Christian König <ckoenig@posteo.de> Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr> * Add OpenID Connect (#5351) * Add OIDC * Update documentation. * Update apache conf adding IfModule * Use IfDefine for OIDC in apache conf * Fix non-oidc support * Fix typing * Use IfDefine to enable OIDC * Add OIDC support to all dockerfiles * Re add apache Require option * Fixes and documentation * A few more fixes * A bit more doc * Change type of environment variable * Update readme * Correct apache config for OIDC support. * Fix README formatting * Update oidc control path * Fix oidc endpoint being cached * A bit more review * Simplify ExpiresActive * Add session refresh and improve caching * Allow more different setups * A bit more documentation * A bit more readme --------- Co-authored-by: Aaron Schif <aschif@netdevgroup.com> Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr> Co-authored-by: maTh <math-home@web.de> * Fix OpenID Connect crash on ARM (#5463) Only enable the Apache auth_openidc module when actually used Fix #5460 Follow-up of #5351 * Readme minor typo * Fix: conf.php (German i18n) (#5468) * Improved: update page (#5420) * prependTitle() * do not need the "damn" in the alert * update page layout improved * release channel * i18n labels * add log messages while updating * Delete updatee.php * Update updateController.php * Update updateController.php * Update updateController.php * Update updateController.php * add getCurrentGitBranch() * Update updateController.php * state2 buttons * i18n * loading * Update feedback.php * Update feedback.php * Update feedback.php * Update extra.js * Apply suggestions from code review Co-authored-by: Luc SANCHEZ <4697568+ColonelMoutarde@users.noreply.github.com> * Update updateController.php * Update terminology * update button is now armed --------- Co-authored-by: Luc SANCHEZ <4697568+ColonelMoutarde@users.noreply.github.com> Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr> * Allow deep link to extension configuration (#5449) * Allow deep link to extension configuration Full screen * Support slider * Add aside_configure Fix #5449 (comment) * category title improved * Feed title: better HTML structure + have a correct semantic <a> * feed title: CSS * feed title special cases * improved feed mouseover titles * cog icon half transparent. Shining while hovering * i18n labels * improve hover of more menu * Update gen.php * fix * i18n: fr --------- Signed-off-by: Christian König <ckoenig@posteo.de> Co-authored-by: Luc SANCHEZ <4697568+ColonelMoutarde@users.noreply.github.com> Co-authored-by: Luc <sanchezluc+freshrss@gmail.com> Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr> Co-authored-by: Alexis Degrugillier <aledeg@users.noreply.github.com> Co-authored-by: vrachnis <vrachnis@users.noreply.github.com> Co-authored-by: LleanaRuv <133794633+LleanaRuv@users.noreply.github.com> Co-authored-by: acbgbca <60839662+acbgbca@users.noreply.github.com> Co-authored-by: Alwaysin <adrien@demma.fr> Co-authored-by: yubiuser <ckoenig@posteo.de> Co-authored-by: Aaron Schif <aaronschif@gmail.com> Co-authored-by: Aaron Schif <aschif@netdevgroup.com> Co-authored-by: math-gh <>
Hello, word of warning, this is maybe the first PHP I have written, so I hope that I haven't done anything too crazy.
I realize that env vars are not so common a configuration practice in PHP land, but it did seem a logical way of handling things in this case since all the config is actually in apache. I will add docs and more testing to make sure that this doesn't break anything. Tested with keycloak.
Changes proposed in this pull request:
Todo
How to test the feature manually:
Pull request checklist:
Additional information can be found in the documentation.