Tools/Notes
1
0
Fork 0
mirror of https://github.com/TriliumNext/Notes.git synced 2025-07-27 18:12:29 +08:00
Code Issues Packages Projects Releases Wiki Activity

docs: ✏️ Add custom OAuth issuer docs

Browse Source
This commit is contained in:
Jin 2025-06-09 17:22:09 +02:00 committed by JYC333
parent 9c38398ae3
commit 988a2b8d29
13 changed files with 57 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
apps/server/src/assets/doc_notes/en/User Guide/User Guide/Installation & Setup/Server Installation.html generated vendored
View File

@ -46,7 +46,7 @@
variable to something larger than the integer <code>250</code> (e.g. <code>450</code> in variable to something larger than the integer <code>250</code> (e.g. <code>450</code> in
the following example):</p><pre><code class="language-text-x-trilium-auto">export MAX_ALLOWED_FILE_SIZE_MB=450</code></pre> the following example):</p><pre><code class="language-text-x-trilium-auto">export MAX_ALLOWED_FILE_SIZE_MB=450</code></pre>
<h3>Disabling Authentication</h3> <h3>Disabling Authentication</h3>
<p>See&nbsp;<a class="reference-link" href="#root/pOsGYCXsbNQG/Otzi9La2YAUX/_help_0hzsNCP31IAB">Authentication</a>.</p> <p>See&nbsp;<a class="reference-link" href="#root/_help_0hzsNCP31IAB">Authentication</a>.</p>
<h2>Reverse Proxy Setup</h2> <h2>Reverse Proxy Setup</h2>
<p>To configure a reverse proxy for Trilium, you can use either <strong>nginx</strong> or <strong>Apache</strong>. <p>To configure a reverse proxy for Trilium, you can use either <strong>nginx</strong> or <strong>Apache</strong>.
You can also check out the documentation stored in the Reverse proxy folder.</p> You can also check out the documentation stored in the Reverse proxy folder.</p>

16
apps/server/src/assets/doc_notes/en/User Guide/User Guide/Installation & Setup/Server Installation/2. Reverse proxy/Nginx.html generated vendored
View File

@ -10,7 +10,14 @@ vim default.conf</code></pre>
</li> </li>
<li> <li>
<p>Fill the file with the context shown below, part of the setting show be <p>Fill the file with the context shown below, part of the setting show be
changed. Then you can enjoy your web with HTTPS forced and proxy.</p><pre><code class="language-text-x-trilium-auto"># This part is for proxy and HTTPS configure changed. Then you can enjoy your web with HTTPS forced and proxy.</p><pre><code class="language-text-x-trilium-auto"># This part configures, where your Trilium server is running
upstream trilium {
zone trilium 64k;
server 127.0.0.1:8080; # change it to a different hostname and port if non-default is used
keepalive 2;
}
# This part is for proxy and HTTPS configure
server { server {
listen 443 ssl; listen 443 ssl;
server_name trilium.example.net; #change trilium.example.net to your domain without HTTPS or HTTP. server_name trilium.example.net; #change trilium.example.net to your domain without HTTPS or HTTP.
@ -29,9 +36,8 @@ server {
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade; proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade"; proxy_set_header Connection "upgrade";
proxy_pass http://127.0.0.1:8080; # change it to a different port if non-default is used proxy_pass http://trilium;
proxy_read_timeout 90; proxy_read_timeout 90;
proxy_redirect http://127.0.0.1:8080 https://trilium.example.net; # change them based on your IP, port and domain
} }
} }
@ -52,16 +58,16 @@ server {
<li>add the <code>proxy_cookie_path</code> directive with the same path: this <li>add the <code>proxy_cookie_path</code> directive with the same path: this
allows you to stay logged in at multiple instances at the same time.</li> allows you to stay logged in at multiple instances at the same time.</li>
</ul><pre><code class="language-text-x-trilium-auto"> location /trilium/instance-one { </ul><pre><code class="language-text-x-trilium-auto"> location /trilium/instance-one {
rewrite /trilium/instance-one/(.*) /$1 break;
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade; proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade"; proxy_set_header Connection "upgrade";
proxy_pass http://127.0.0.1:8080; # change it to a different port if non-default is used proxy_pass http://trilium;
proxy_cookie_path / /trilium/instance-one proxy_cookie_path / /trilium/instance-one
proxy_read_timeout 90; proxy_read_timeout 90;
proxy_redirect http://127.0.0.1:8080 https://trilium.example.net; # change them based on your IP, port and domain
} }
</code></pre> </code></pre>
</li> </li>

12
apps/server/src/assets/doc_notes/en/User Guide/User Guide/Installation & Setup/Server Installation/Authentication.html generated vendored
View File

@ -4,7 +4,7 @@
by adding the following to <code>config.ini</code>:</p><pre><code class="language-text-x-trilium-auto">[General] by adding the following to <code>config.ini</code>:</p><pre><code class="language-text-x-trilium-auto">[General]
noAuthentication=true</code></pre> noAuthentication=true</code></pre>
<p>Disabling authentication will bypass even the&nbsp;<a class="reference-link" <p>Disabling authentication will bypass even the&nbsp;<a class="reference-link"
href="#root/pOsGYCXsbNQG/Otzi9La2YAUX/WOcw2SLH6tbX/_help_7DAiwaf8Z7Rz">Multi-Factor Authentication</a>&nbsp;since href="#root/_help_7DAiwaf8Z7Rz">Multi-Factor Authentication</a>&nbsp;since
v0.94.1.</p> v0.94.1.</p>
<h2>Understanding how the session works</h2> <h2>Understanding how the session works</h2>
<p>Once logged into Trilium, the application will store this information <p>Once logged into Trilium, the application will store this information
@ -22,14 +22,14 @@ cookieMaxAge=86400</code></pre>
the <em>last interaction with the application</em>.</p> the <em>last interaction with the application</em>.</p>
<h2>Viewing active sessions</h2> <h2>Viewing active sessions</h2>
<p>The login sessions are now stored in the same&nbsp;<a class="reference-link" <p>The login sessions are now stored in the same&nbsp;<a class="reference-link"
href="#root/pOsGYCXsbNQG/tC7s2alapj8V/_help_wX4HbRucYSDD">Database</a>&nbsp;as href="#root/_help_wX4HbRucYSDD">Database</a>&nbsp;as the user data. In
the user data. In order to view which sessions are active, open the&nbsp; order to view which sessions are active, open the&nbsp;<a class="reference-link"
<a href="#root/_help_YKWqdJhzi2VY">SQL Console</a>&nbsp;and run the following
class="reference-link" href="#root/pOsGYCXsbNQG/tC7s2alapj8V/wX4HbRucYSDD/oyIAJ9PvvwHX/_help_YKWqdJhzi2VY">SQL Console</a>&nbsp;and run the following query:</p><pre><code class="language-text-x-sqlite-schema-trilium">SELECT * FROM sessions</code></pre> query:</p><pre><code class="language-text-x-trilium-auto">SELECT * FROM sessions</code></pre>
<p>Expired sessions are periodically cleaned by the server, generally an <p>Expired sessions are periodically cleaned by the server, generally an
hourly interval.</p> hourly interval.</p>
<h2>See also</h2> <h2>See also</h2>
<ul> <ul>
<li><a class="reference-link" href="#root/pOsGYCXsbNQG/Otzi9La2YAUX/WOcw2SLH6tbX/_help_7DAiwaf8Z7Rz">Multi-Factor Authentication</a> <li><a class="reference-link" href="#root/_help_7DAiwaf8Z7Rz">Multi-Factor Authentication</a>
</li> </li>
</ul> </ul>

12
apps/server/src/assets/doc_notes/en/User Guide/User Guide/Installation & Setup/Server Installation/Multi-Factor Authentication.html generated vendored
View File

@ -41,10 +41,6 @@ class="admonition warning">
the page).</li> the page).</li>
</ol> </ol>
<h3>OpenID</h3> <h3>OpenID</h3>
<aside class="admonition note">
<p>Currently only compatible with Google. Other services like Authentik and
Auth0 are planned on being added.</p>
</aside>
<p>In order to setup OpenID, you will need to setup a authentication provider. <p>In order to setup OpenID, you will need to setup a authentication provider.
This requires a bit of extra setup. Follow <a href="https://developers.google.com/identity/openid-connect/openid-connect">these instructions</a> to This requires a bit of extra setup. Follow <a href="https://developers.google.com/identity/openid-connect/openid-connect">these instructions</a> to
setup an OpenID service through google.</p> setup an OpenID service through google.</p>
@ -62,3 +58,11 @@ class="admonition warning">
<li>Choose “OAuth/OpenID” under MFA Method</li> <li>Choose “OAuth/OpenID” under MFA Method</li>
<li>Refresh the page and login through OpenID provider</li> <li>Refresh the page and login through OpenID provider</li>
</ol> </ol>
<aside class="admonition note">
<p>The default OAuth issuer is Google. To use other services such as Authentik
or Auth0, you can configure the settings via <code>oauthIssuerBaseUrl</code>, <code>oauthIssuerName</code>,
and <code>oauthIssuerIcon</code> in the <code>config.ini</code> file. Alternatively,
these values can be set using environment variables: <code>TRILIUM_OAUTH_ISSUER_BASE_URL</code>, <code>TRILIUM_OAUTH_ISSUER_NAME</code>,
and <code>TRILIUM_OAUTH_ISSUER_ICON</code>. <code>oauthIssuerName</code> and <code>oauthIssuerIcon</code> are
required for displaying correct issuer information at the Login page.</p>
</aside>

3
apps/server/src/assets/doc_notes/en/User Guide/User Guide/Theme development/Reference.html generated vendored
View File

@ -135,7 +135,8 @@ body.electron:not(.native-titlebar) {
<h2>Custom fonts</h2> <h2>Custom fonts</h2>
<p>Currently the only way to include a custom font is to use&nbsp;<a href="#root/_help_d3fAXQ2diepH">Custom resource providers</a>. <p>Currently the only way to include a custom font is to use&nbsp;<a href="#root/_help_d3fAXQ2diepH">Custom resource providers</a>.
Basically import a font into Trilium and assign it <code>#customResourceProvider=fonts/myfont.ttf</code> and Basically import a font into Trilium and assign it <code>#customResourceProvider=fonts/myfont.ttf</code> and
then import the font in CSS via <code>/custom/fonts/myfont.ttf</code>.</p> then import the font in CSS via <code>/custom/fonts/myfont.ttf</code>. Use <code>../../../custom/fonts/myfont.ttf</code> if
you run your Trilium server on a different path than <code>/</code>.</p>
<h2>Dark and light themes</h2> <h2>Dark and light themes</h2>
<p>A light theme needs to have the following CSS:</p><pre><code class="language-text-css">:root { <p>A light theme needs to have the following CSS:</p><pre><code class="language-text-css">:root {
--theme-style: light; --theme-style: light;

2
docs/Developer Guide/!!!meta.json vendored
View File

@ -1,6 +1,6 @@
{ {
"formatVersion": 2, "formatVersion": 2,
"appVersion": "0.94.0", "appVersion": "0.94.1",
"files": [ "files": [
{ {
"isClone": false, "isClone": false,

2
docs/Release Notes/!!!meta.json vendored
View File

@ -1,6 +1,6 @@
{ {
"formatVersion": 2, "formatVersion": 2,
"appVersion": "0.94.0", "appVersion": "0.94.1",
"files": [ "files": [
{ {
"isClone": false, "isClone": false,

2
docs/Release Notes/Release Notes/v0.94.1.md vendored
View File

@ -1,6 +1,6 @@
# v0.94.1 # v0.94.1
> [!NOTE] > [!NOTE]
> *TriliumNext Notes* will rebrand itself back to Trilium Notes since @zadam was kind enough to give us the original name. See [#2190](https://github.com/orgs/TriliumNext/discussions/2190) for more info. This will probably be the "last" version branded as *TriliumNext Notes*. > _TriliumNext Notes_ will rebrand itself back to Trilium Notes since @zadam was kind enough to give us the original name. See [#2190](https://github.com/orgs/TriliumNext/discussions/2190) for more info. This will probably be the "last" version branded as _TriliumNext Notes_.
> [!IMPORTANT] > [!IMPORTANT]
> If you enjoyed this release, consider showing a token of appreciation by: > If you enjoyed this release, consider showing a token of appreciation by:

36
docs/User Guide/!!!meta.json vendored
View File

@ -1,6 +1,6 @@
{ {
"formatVersion": 2, "formatVersion": 2,
"appVersion": "0.94.0", "appVersion": "0.94.1",
"files": [ "files": [
{ {
"isClone": false, "isClone": false,
@ -189,23 +189,23 @@
{ {
"type": "relation", "type": "relation",
"name": "internalLink", "name": "internalLink",
"value": "fDLvzOx29Pfg", "value": "0hzsNCP31IAB",
"isInheritable": false, "isInheritable": false,
"position": 120 "position": 120
}, },
{
"type": "relation",
"name": "internalLink",
"value": "fDLvzOx29Pfg",
"isInheritable": false,
"position": 130
},
{ {
"type": "label", "type": "label",
"name": "shareAlias", "name": "shareAlias",
"value": "server-installation", "value": "server-installation",
"isInheritable": false, "isInheritable": false,
"position": 30 "position": 30
},
{
"type": "relation",
"name": "internalLink",
"value": "0hzsNCP31IAB",
"isInheritable": false,
"position": 130
} }
], ],
"format": "markdown", "format": "markdown",
@ -674,32 +674,32 @@
"mime": "text/html", "mime": "text/html",
"attributes": [ "attributes": [
{ {
"type": "label", "type": "relation",
"name": "iconClass", "name": "internalLink",
"value": "bx bx-lock-alt", "value": "wX4HbRucYSDD",
"isInheritable": false, "isInheritable": false,
"position": 10 "position": 10
}, },
{ {
"type": "relation", "type": "relation",
"name": "internalLink", "name": "internalLink",
"value": "7DAiwaf8Z7Rz", "value": "YKWqdJhzi2VY",
"isInheritable": false, "isInheritable": false,
"position": 20 "position": 20
}, },
{ {
"type": "relation", "type": "relation",
"name": "internalLink", "name": "internalLink",
"value": "wX4HbRucYSDD", "value": "7DAiwaf8Z7Rz",
"isInheritable": false, "isInheritable": false,
"position": 30 "position": 30
}, },
{ {
"type": "relation", "type": "label",
"name": "internalLink", "name": "iconClass",
"value": "YKWqdJhzi2VY", "value": "bx bx-lock-alt",
"isInheritable": false, "isInheritable": false,
"position": 40 "position": 10
} }
], ],
"format": "markdown", "format": "markdown",

2
docs/User Guide/User Guide/Installation & Setup/Server Installation/Authentication.md vendored
View File

@ -27,7 +27,7 @@ When “Remember me” is unchecked, the behavior is different. At client/browse
The login sessions are now stored in the same <a class="reference-link" href="../../Advanced%20Usage/Database.md">Database</a> as the user data. In order to view which sessions are active, open the <a class="reference-link" href="../../Advanced%20Usage/Database/Manually%20altering%20the%20database/SQL%20Console.md">SQL Console</a> and run the following query: The login sessions are now stored in the same <a class="reference-link" href="../../Advanced%20Usage/Database.md">Database</a> as the user data. In order to view which sessions are active, open the <a class="reference-link" href="../../Advanced%20Usage/Database/Manually%20altering%20the%20database/SQL%20Console.md">SQL Console</a> and run the following query:
```trilium ```
SELECT * FROM sessions SELECT * FROM sessions
``` ```

6
docs/User Guide/User Guide/Installation & Setup/Server Installation/Multi-Factor Authentication.md vendored
View File

@ -34,9 +34,6 @@ MFA can only be set up on a server instance.
### OpenID ### OpenID
> [!NOTE]
> Currently only compatible with Google. Other services like Authentik and Auth0 are planned on being added.
In order to setup OpenID, you will need to setup a authentication provider. This requires a bit of extra setup. Follow [these instructions](https://developers.google.com/identity/openid-connect/openid-connect) to setup an OpenID service through google. In order to setup OpenID, you will need to setup a authentication provider. This requires a bit of extra setup. Follow [these instructions](https://developers.google.com/identity/openid-connect/openid-connect) to setup an OpenID service through google.
1. Set the `oauthBaseUrl`, `oauthClientId` and `oauthClientSecret` in the `config.ini` file (check <a class="reference-link" href="../../Advanced%20Usage/Configuration%20(config.ini%20or%20e.md">Configuration (config.ini or environment variables)</a> for more information). 1. Set the `oauthBaseUrl`, `oauthClientId` and `oauthClientSecret` in the `config.ini` file (check <a class="reference-link" href="../../Advanced%20Usage/Configuration%20(config.ini%20or%20e.md">Configuration (config.ini or environment variables)</a> for more information).
@ -46,3 +43,6 @@ In order to setup OpenID, you will need to setup a authentication provider. This
4. Click the “Enable Multi-Factor Authentication” checkbox if not checked 4. Click the “Enable Multi-Factor Authentication” checkbox if not checked
5. Choose “OAuth/OpenID” under MFA Method 5. Choose “OAuth/OpenID” under MFA Method
6. Refresh the page and login through OpenID provider 6. Refresh the page and login through OpenID provider
> [!NOTE]
> The default OAuth issuer is Google. To use other services such as Authentik or Auth0, you can configure the settings via `oauthIssuerBaseUrl`, `oauthIssuerName`, and `oauthIssuerIcon` in the `config.ini` file. Alternatively, these values can be set using environment variables: `TRILIUM_OAUTH_ISSUER_BASE_URL`, `TRILIUM_OAUTH_ISSUER_NAME`, and `TRILIUM_OAUTH_ISSUER_ICON`. `oauthIssuerName` and `oauthIssuerIcon` are required for displaying correct issuer information at the Login page.