diff --git a/internal/config/struct.go b/internal/config/struct.go index 0964d7583c..80f6fb69ea 100644 --- a/internal/config/struct.go +++ b/internal/config/struct.go @@ -50,12 +50,12 @@ type StorageConfig struct { } type StorageMediaConfig struct { - Backend string `yaml:"backend" env:"AUTHENTIK_STORAGE_MEDIA_BACKEND"` + Backend string `yaml:"backend" env:"AUTHENTIK_STORAGE__MEDIA__BACKEND"` File StorageFileConfig `yaml:"file"` } type StorageFileConfig struct { - Path string `yaml:"path" env:"AUTHENTIK_STORAGE_MEDIA_FILE_PATH"` + Path string `yaml:"path" env:"AUTHENTIK_STORAGE__MEDIA__FILE__PATH"` } type ErrorReportingConfig struct { diff --git a/website/docs/installation/configuration.mdx b/website/docs/installation/configuration.mdx index e994837c08..d062b70771 100644 --- a/website/docs/installation/configuration.mdx +++ b/website/docs/installation/configuration.mdx @@ -134,17 +134,17 @@ To check if your config has been applied correctly, you can run the following co These settings affect where media files are stored. Those files include applications and sources icons. By default, they are stored on disk in the `/media` directory of the authentik container. S3 storage is also supported. -- `AUTHENTIK_STORAGE_MEDIA_BACKEND`: Where to store files. Valid values are `file` and `s3`. For `file` storage, files are stored in a `/media` directory in the container. For `s3`, see below. -- `AUTHENTIK_STORAGE_MEDIA_S3_REGION`: S3 region where the bucket has been created. May be omitted depending on which S3 provider you use. No default. -- `AUTHENTIK_STORAGE_MEDIA_S3_USE__SSL`: Whether to use HTTPS when talking to the S3 storage providers. Defaults to `true`. -- `AUTHENTIK_STORAGE_MEDIA_S3_ENDPOINT`: Endpoint to use to talk to the S3 storage provider. Override the previous region and use_ssl settings. Must be a valid URL in the form of `https://s3.provider`. No default. -- `AUTHENTIK_STORAGE_MEDIA_S3_SESSION__PROFILE`: Profile to use when using AWS SDK authentication. No default. Supports hot-reloading. -- `AUTHENTIK_STORAGE_MEDIA_S3_ACCESS__KEY`: Access key to authenticate to S3. May be omitted if using AWS SDK authentication. Supports hot-reloading. -- `AUTHENTIK_STORAGE_MEDIA_S3_SECRET__KEY`: Secret key to authenticate to S3. May be omitted if using AWS SDK authentication. Supports hot-reloading. -- `AUTHENTIK_STORAGE_MEDIA_S3_SECURITY__TOKEN`: Security token to authenticate to S3. May be omitted. Supports hot-reloading. -- `AUTHENTIK_STORAGE_MEDIA_S3_BUCKET__NAME`: Name of the bucket to use to store files. -- `AUTHENTIK_STORAGE_MEDIA_S3_CUSTOM__DOMAIN`: Domain to use to create URLs for users. Mainly useful for non-AWS providers. May include a port. Must include the bucket. Example: `s3.company:8080/authentik-media`. -- `AUTHENTIK_STORAGE_MEDIA_S3_SECURE__URLS`: Whether URLS created for users use `http` or `https`. Defaults to `true`. +- `AUTHENTIK_STORAGE__MEDIA__BACKEND`: Where to store files. Valid values are `file` and `s3`. For `file` storage, files are stored in a `/media` directory in the container. For `s3`, see below. +- `AUTHENTIK_STORAGE__MEDIA__S3__REGION`: S3 region where the bucket has been created. May be omitted depending on which S3 provider you use. No default. +- `AUTHENTIK_STORAGE__MEDIA__S3__USE_SSL`: Whether to use HTTPS when talking to the S3 storage providers. Defaults to `true`. +- `AUTHENTIK_STORAGE__MEDIA__S3__ENDPOINT`: Endpoint to use to talk to the S3 storage provider. Override the previous region and use_ssl settings. Must be a valid URL in the form of `https://s3.provider`. No default. +- `AUTHENTIK_STORAGE__MEDIA__S3__SESSION_PROFILE`: Profile to use when using AWS SDK authentication. No default. Supports hot-reloading. +- `AUTHENTIK_STORAGE__MEDIA__S3__ACCESS_KEY`: Access key to authenticate to S3. May be omitted if using AWS SDK authentication. Supports hot-reloading. +- `AUTHENTIK_STORAGE__MEDIA__S3__SECRET_KEY`: Secret key to authenticate to S3. May be omitted if using AWS SDK authentication. Supports hot-reloading. +- `AUTHENTIK_STORAGE__MEDIA__S3__SECURITY_TOKEN`: Security token to authenticate to S3. May be omitted. Supports hot-reloading. +- `AUTHENTIK_STORAGE__MEDIA__S3__BUCKET_NAME`: Name of the bucket to use to store files. +- `AUTHENTIK_STORAGE__MEDIA__S3__CUSTOM_DOMAIN`: Domain to use to create URLs for users. Mainly useful for non-AWS providers. May include a port. Must include the bucket. Example: `s3.company:8080/authentik-media`. +- `AUTHENTIK_STORAGE__MEDIA__S3__SECURE_URLS`: Whether URLS created for users use `http` or `https`. Defaults to `true`. ## authentik Settings diff --git a/website/docs/installation/storage-s3.md b/website/docs/installation/storage-s3.md index bbe536369f..4ef616a4d6 100644 --- a/website/docs/installation/storage-s3.md +++ b/website/docs/installation/storage-s3.md @@ -60,28 +60,28 @@ AWS_ACCESS_KEY_ID=access_key AWS_SECRET_ACCESS_KEY=secret_key aws s3api --endpoi Add the following to your `.env` file: ```env -AUTHENTIK_STORAGE_MEDIA_BACKEND=s3 -AUTHENTIK_STORAGE_MEDIA_S3_ACCESS__KEY=access_key -AUTHENTIK_STORAGE_MEDIA_S3_SECRET__KEY=secret_key -AUTHENTIK_STORAGE_MEDIA_S3_BUCKET__NAME=authentik-media +AUTHENTIK_STORAGE__MEDIA__BACKEND=s3 +AUTHENTIK_STORAGE__MEDIA__S3__ACCESS_KEY=access_key +AUTHENTIK_STORAGE__MEDIA__S3__SECRET_KEY=secret_key +AUTHENTIK_STORAGE__MEDIA__S3__BUCKET_NAME=authentik-media ``` If you're using AWS S3 as your S3 provider, add the following: ```env -AUTHENTIK_STORAGE_MEDIA_S3_REGION=us-east-1 # Use the region of the bucket +AUTHENTIK_STORAGE__MEDIA__S3__REGION=us-east-1 # Use the region of the bucket ``` If you're not using AWS S3 as your S3 provider, add the following: ```env -AUTHENTIK_STORAGE_MEDIA_S3_ENDPOINT=https://s3.provider -AUTHENTIK_STORAGE_MEDIA_S3_CUSTOM__DOMAIN=s3.provider/authentik-media +AUTHENTIK_STORAGE__MEDIA__S3__ENDPOINT=https://s3.provider +AUTHENTIK_STORAGE__MEDIA__S3__CUSTOM_DOMAIN=s3.provider/authentik-media ``` The `ENDPOINT` setting specifies how authentik talks to the S3 provider. -The `CUSTOM__DOMAIN` setting specifies how URLs are constructed to be shown on the web interface. For example, an object stored at `application-icons/application.png` with a `CUSTOM__DOMAIN` setting of `s3.provider/authentik-media` will result in a URL of `https://s3.provider/authentik-media/application-icons/application.png`. You can also use subdomains for your buckets depending on what your S3 provider offers: `authentik-media.s3.provider`. Whether HTTPS is used is controlled by the `AUTHENTIK_STORAGE_MEDIA_S3_SECURE__URLS` which defaults to true. +The `CUSTOM_DOMAIN` setting specifies how URLs are constructed to be shown on the web interface. For example, an object stored at `application-icons/application.png` with a `CUSTOM__DOMAIN` setting of `s3.provider/authentik-media` will result in a URL of `https://s3.provider/authentik-media/application-icons/application.png`. You can also use subdomains for your buckets depending on what your S3 provider offers: `authentik-media.s3.provider`. Whether HTTPS is used is controlled by the `AUTHENTIK_STORAGE__MEDIA__S3__SECURE_URLS` which defaults to true. For more control over settings, refer to the [configuration reference](./configuration.mdx#media-storage-settings)