Documentation for self-hosting with docker compose #855
Conversation
unteem
force-pushed
the
documentation-docker
branch
3 times, most recently
from
ae27df7 to
3531bf4
Compare
|
This commit will make docs more accessible to a huge number of teams. Eagerly waiting to see it committed! |
unteem
force-pushed
the
documentation-docker
branch
2 times, most recently
from
94046a7 to
99bd17d
Compare
|
Thanks for the reviews, should be good now. @lunika I removed the commits that change |
unteem
force-pushed
the
documentation-docker
branch
from
99bd17d to
b5cd3e7
Compare
Head branch was pushed to by a user without write access
unteem
force-pushed
the
documentation-docker
branch
7 times, most recently
from
072463a to
b178c35
Compare
|
@unteem can you make the last test pass so we can merge this please ? |
|
@unteem |
| OIDC_RP_SIGN_ALGO=RS256 | ||
| OIDC_RP_SCOPES="openid email" | ||
| #USER_OIDC_FIELD_TO_SHORTNAME | ||
| #USER_OIDC_FIELDS_TO_FULLNAME |
There was a problem hiding this comment.
These two variables seem to have been renamed? https://github.com/suitenumerique/docs/blob/d952815/src/backend/core/authentication/backends.py#L17-L28
|
|
||
| ### Additional notes: | ||
|
|
||
| For increased security you should create a dedicated user with `readwrite` access to the Bucket. In the following example we will use MinIO root user. |
There was a problem hiding this comment.
This should be clarified imo, it took me a while until I made the connection of currently root user & password credentials being the ones for
AWS_S3_ACCESS_KEY_ID=<s3 access key>
AWS_S3_SECRET_ACCESS_KEY=<s3 secret key>Also maybe at least link to outside docs that explain how to set up a user? I imagine most (including me) are not familiar with how one usually sets up minio.
I'm currently trying to set that up, from my understanding I need to create a new user, https://min.io/docs/minio/linux/administration/identity-access-management/minio-user-management.html#id1 and then it sounds like I shouldn't use the user credentials directly but create an accesskey to put into the config? https://min.io/docs/minio/linux/reference/minio-mc-admin/mc-admin-accesskey-create.html#command-mc.admin.accesskey.create
There was a problem hiding this comment.
Initially I added an example but I eventually dropped it. The intention here is more to provide a quick start example than a thorough process to go to production. I don't know if we want to go that deep in details, like creating a user with the correct permissions.
Docs requires some "complex" parts like an IDP and Object Storage, I think its important for those who want to self host those parts to read the upstream doc and understand by themselves all the implications.
In this context I think skipping user and policy creation and using the minio root user is good enough as an example.
In this case to create the user it would look like this:
- Create policy for the bucket
cat > readwritedocs.json << EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:*"
],
"Resource": [
"arn:aws:s3:::<your-bucket-name>/*"
]
}
]
}
EOF
mc admin policy create myminio readwritedocs readwritedocs.json
- Create user
mc admin user add myminio <username> <password>
- Assign policy to user
mc admin policy attach myminio getonly --user=<your-user>
There was a problem hiding this comment.
curious to have your thoughts on this @virgile-dev
should I add this part in the example ?
Head branch was pushed to by a user without write access
unteem
force-pushed
the
documentation-docker
branch
from
e01a802 to
3ebf76b
Compare
Signed-off-by: unteem <[email protected]>
unteem
force-pushed
the
documentation-docker
branch
from
3ebf76b to
2735a56
Compare
Purpose
Make self hosting of Docs easier with an example of a deployment procedure with docker compose and document how to configure Docs.
While #583 propose an easy way to deploy Docs with docker and Make, here we describe more in details the various steps and requirements to deploy Docs.
Proposal
Improvements
Fixes #561
Supersedes #583
A one liner quick start could be a nice addition: