Tools/Notes
1
0
Fork 0
mirror of https://github.com/TriliumNext/Notes.git synced 2025-07-27 10:02:59 +08:00
Code Issues Packages Projects Releases Wiki Activity

docs: ✏️ Add custom OAuth issuer docs

Browse Source
This commit is contained in:
Jin 2025-06-09 17:22:09 +02:00 committed by JYC333
parent 9c38398ae3
commit 988a2b8d29
13 changed files with 57 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
apps/server/src/assets/doc_notes/en/User Guide/User Guide/Installation & Setup/Server Installation.html generated vendored
View File

@ -46,7 +46,7 @@
variable to something larger than the integer <code>250</code> (e.g. <code>450</code> in
the following example):</p><pre><code class="language-text-x-trilium-auto">export MAX_ALLOWED_FILE_SIZE_MB=450</code></pre>
<h3>Disabling Authentication</h3>
<p>See&nbsp;<a class="reference-link" href="#root/pOsGYCXsbNQG/Otzi9La2YAUX/_help_0hzsNCP31IAB">Authentication</a>.</p>
<p>See&nbsp;<a class="reference-link" href="#root/_help_0hzsNCP31IAB">Authentication</a>.</p>
<h2>Reverse Proxy Setup</h2>
<p>To configure a reverse proxy for Trilium, you can use either <strong>nginx</strong> or <strong>Apache</strong>.
You can also check out the documentation stored in the Reverse proxy folder.</p>

16
apps/server/src/assets/doc_notes/en/User Guide/User Guide/Installation & Setup/Server Installation/2. Reverse proxy/Nginx.html generated vendored
View File

@ -10,7 +10,14 @@ vim default.conf</code></pre>
</li>
<li>
<p>Fill the file with the context shown below, part of the setting show be
changed. Then you can enjoy your web with HTTPS forced and proxy.</p><pre><code class="language-text-x-trilium-auto"># This part is for proxy and HTTPS configure
changed. Then you can enjoy your web with HTTPS forced and proxy.</p><pre><code class="language-text-x-trilium-auto"># This part configures, where your Trilium server is running
upstream trilium {
zone trilium 64k;
server 127.0.0.1:8080; # change it to a different hostname and port if non-default is used
keepalive 2;
}
# This part is for proxy and HTTPS configure
server {
listen 443 ssl;
server_name trilium.example.net; #change trilium.example.net to your domain without HTTPS or HTTP.
@ -29,9 +36,8 @@ server {
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://127.0.0.1:8080; # change it to a different port if non-default is used
proxy_pass http://trilium;
proxy_read_timeout 90;
proxy_redirect http://127.0.0.1:8080 https://trilium.example.net; # change them based on your IP, port and domain
}
}
@ -52,16 +58,16 @@ server {
<li>add the <code>proxy_cookie_path</code> directive with the same path: this
allows you to stay logged in at multiple instances at the same time.</li>
</ul><pre><code class="language-text-x-trilium-auto"> location /trilium/instance-one {
rewrite /trilium/instance-one/(.*) /$1 break;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://127.0.0.1:8080; # change it to a different port if non-default is used
proxy_pass http://trilium;
proxy_cookie_path / /trilium/instance-one
proxy_read_timeout 90;
proxy_redirect http://127.0.0.1:8080 https://trilium.example.net; # change them based on your IP, port and domain
}
</code></pre>
</li>

12
apps/server/src/assets/doc_notes/en/User Guide/User Guide/Installation & Setup/Server Installation/Authentication.html generated vendored
View File

@ -4,7 +4,7 @@
by adding the following to <code>config.ini</code>:</p><pre><code class="language-text-x-trilium-auto">[General]
noAuthentication=true</code></pre>
<p>Disabling authentication will bypass even the&nbsp;<a class="reference-link"
href="#root/pOsGYCXsbNQG/Otzi9La2YAUX/WOcw2SLH6tbX/_help_7DAiwaf8Z7Rz">Multi-Factor Authentication</a>&nbsp;since
href="#root/_help_7DAiwaf8Z7Rz">Multi-Factor Authentication</a>&nbsp;since
v0.94.1.</p>
<h2>Understanding how the session works</h2>
<p>Once logged into Trilium, the application will store this information
@ -22,14 +22,14 @@ cookieMaxAge=86400</code></pre>
the <em>last interaction with the application</em>.</p>
<h2>Viewing active sessions</h2>
<p>The login sessions are now stored in the same&nbsp;<a class="reference-link"
href="#root/pOsGYCXsbNQG/tC7s2alapj8V/_help_wX4HbRucYSDD">Database</a>&nbsp;as
the user data. In order to view which sessions are active, open the&nbsp;
<a
class="reference-link" href="#root/pOsGYCXsbNQG/tC7s2alapj8V/wX4HbRucYSDD/oyIAJ9PvvwHX/_help_YKWqdJhzi2VY">SQL Console</a>&nbsp;and run the following query:</p><pre><code class="language-text-x-sqlite-schema-trilium">SELECT * FROM sessions</code></pre>
href="#root/_help_wX4HbRucYSDD">Database</a>&nbsp;as the user data. In
order to view which sessions are active, open the&nbsp;<a class="reference-link"
href="#root/_help_YKWqdJhzi2VY">SQL Console</a>&nbsp;and run the following
query:</p><pre><code class="language-text-x-trilium-auto">SELECT * FROM sessions</code></pre>
<p>Expired sessions are periodically cleaned by the server, generally an
hourly interval.</p>
<h2>See also</h2>
<ul>
<li><a class="reference-link" href="#root/pOsGYCXsbNQG/Otzi9La2YAUX/WOcw2SLH6tbX/_help_7DAiwaf8Z7Rz">Multi-Factor Authentication</a>
<li><a class="reference-link" href="#root/_help_7DAiwaf8Z7Rz">Multi-Factor Authentication</a>
</li>
</ul>

12
apps/server/src/assets/doc_notes/en/User Guide/User Guide/Installation & Setup/Server Installation/Multi-Factor Authentication.html generated vendored
View File

@ -41,10 +41,6 @@ class="admonition warning">
the page).</li>
</ol>
<h3>OpenID</h3>
<aside class="admonition note">
<p>Currently only compatible with Google. Other services like Authentik and
Auth0 are planned on being added.</p>
</aside>
<p>In order to setup OpenID, you will need to setup a authentication provider.
This requires a bit of extra setup. Follow <a href="https://developers.google.com/identity/openid-connect/openid-connect">these instructions</a> to
setup an OpenID service through google.</p>
@ -62,3 +58,11 @@ class="admonition warning">
<li>Choose “OAuth/OpenID” under MFA Method</li>
<li>Refresh the page and login through OpenID provider</li>
</ol>
<aside class="admonition note">
<p>The default OAuth issuer is Google. To use other services such as Authentik
or Auth0, you can configure the settings via <code>oauthIssuerBaseUrl</code>, <code>oauthIssuerName</code>,
and <code>oauthIssuerIcon</code> in the <code>config.ini</code> file. Alternatively,
these values can be set using environment variables: <code>TRILIUM_OAUTH_ISSUER_BASE_URL</code>, <code>TRILIUM_OAUTH_ISSUER_NAME</code>,
and <code>TRILIUM_OAUTH_ISSUER_ICON</code>. <code>oauthIssuerName</code> and <code>oauthIssuerIcon</code> are
required for displaying correct issuer information at the Login page.</p>
</aside>

3
apps/server/src/assets/doc_notes/en/User Guide/User Guide/Theme development/Reference.html generated vendored
View File

@ -135,7 +135,8 @@ body.electron:not(.native-titlebar) {
<h2>Custom fonts</h2>
<p>Currently the only way to include a custom font is to use&nbsp;<a href="#root/_help_d3fAXQ2diepH">Custom resource providers</a>.
Basically import a font into Trilium and assign it <code>#customResourceProvider=fonts/myfont.ttf</code> and
then import the font in CSS via <code>/custom/fonts/myfont.ttf</code>.</p>
then import the font in CSS via <code>/custom/fonts/myfont.ttf</code>. Use <code>../../../custom/fonts/myfont.ttf</code> if
you run your Trilium server on a different path than <code>/</code>.</p>
<h2>Dark and light themes</h2>
<p>A light theme needs to have the following CSS:</p><pre><code class="language-text-css">:root {
--theme-style: light;

2
docs/Developer Guide/!!!meta.json vendored
View File

@ -1,6 +1,6 @@
{
"formatVersion": 2,
"appVersion": "0.94.0",
"appVersion": "0.94.1",
"files": [
{
"isClone": false,

2
docs/Release Notes/!!!meta.json vendored
View File

@ -1,6 +1,6 @@
{
"formatVersion": 2,
"appVersion": "0.94.0",
"appVersion": "0.94.1",
"files": [
{
"isClone": false,

2
docs/Release Notes/Release Notes/v0.94.1.md vendored
View File

@ -1,6 +1,6 @@
# v0.94.1
> [!NOTE]
> *TriliumNext Notes* will rebrand itself back to Trilium Notes since @zadam was kind enough to give us the original name. See [#2190](https://github.com/orgs/TriliumNext/discussions/2190) for more info. This will probably be the "last" version branded as *TriliumNext Notes*.
> _TriliumNext Notes_ will rebrand itself back to Trilium Notes since @zadam was kind enough to give us the original name. See [#2190](https://github.com/orgs/TriliumNext/discussions/2190) for more info. This will probably be the "last" version branded as _TriliumNext Notes_.
> [!IMPORTANT]
> If you enjoyed this release, consider showing a token of appreciation by:

36
docs/User Guide/!!!meta.json vendored
View File

@ -1,6 +1,6 @@
{
"formatVersion": 2,
"appVersion": "0.94.0",
"appVersion": "0.94.1",
"files": [
{
"isClone": false,
@ -189,23 +189,23 @@
{
"type": "relation",
"name": "internalLink",
"value": "fDLvzOx29Pfg",
"value": "0hzsNCP31IAB",
"isInheritable": false,
"position": 120
},
{
"type": "relation",
"name": "internalLink",
"value": "fDLvzOx29Pfg",
"isInheritable": false,
"position": 130
},
{
"type": "label",
"name": "shareAlias",
"value": "server-installation",
"isInheritable": false,
"position": 30
},
{
"type": "relation",
"name": "internalLink",
"value": "0hzsNCP31IAB",
"isInheritable": false,
"position": 130
}
],
"format": "markdown",
@ -674,32 +674,32 @@
"mime": "text/html",
"attributes": [
{
"type": "label",
"name": "iconClass",
"value": "bx bx-lock-alt",
"type": "relation",
"name": "internalLink",
"value": "wX4HbRucYSDD",
"isInheritable": false,
"position": 10
},
{
"type": "relation",
"name": "internalLink",
"value": "7DAiwaf8Z7Rz",
"value": "YKWqdJhzi2VY",
"isInheritable": false,
"position": 20
},
{
"type": "relation",
"name": "internalLink",
"value": "wX4HbRucYSDD",
"value": "7DAiwaf8Z7Rz",
"isInheritable": false,
"position": 30
},
{
"type": "relation",
"name": "internalLink",
"value": "YKWqdJhzi2VY",
"type": "label",
"name": "iconClass",
"value": "bx bx-lock-alt",
"isInheritable": false,
"position": 40
"position": 10
}
],
"format": "markdown",

2
docs/User Guide/User Guide/Installation & Setup/Server Installation/Authentication.md vendored
View File

@ -27,7 +27,7 @@ When “Remember me” is unchecked, the behavior is different. At client/browse
The login sessions are now stored in the same <a class="reference-link" href="../../Advanced%20Usage/Database.md">Database</a> as the user data. In order to view which sessions are active, open the <a class="reference-link" href="../../Advanced%20Usage/Database/Manually%20altering%20the%20database/SQL%20Console.md">SQL Console</a> and run the following query:
```trilium
```
SELECT * FROM sessions
```

6
docs/User Guide/User Guide/Installation & Setup/Server Installation/Multi-Factor Authentication.md vendored
View File

@ -34,9 +34,6 @@ MFA can only be set up on a server instance.
### OpenID
> [!NOTE]
> Currently only compatible with Google. Other services like Authentik and Auth0 are planned on being added.
In order to setup OpenID, you will need to setup a authentication provider. This requires a bit of extra setup. Follow [these instructions](https://developers.google.com/identity/openid-connect/openid-connect) to setup an OpenID service through google.
1. Set the `oauthBaseUrl`, `oauthClientId` and `oauthClientSecret` in the `config.ini` file (check <a class="reference-link" href="../../Advanced%20Usage/Configuration%20(config.ini%20or%20e.md">Configuration (config.ini or environment variables)</a> for more information).
@ -46,3 +43,6 @@ In order to setup OpenID, you will need to setup a authentication provider. This
4. Click the “Enable Multi-Factor Authentication” checkbox if not checked
5. Choose “OAuth/OpenID” under MFA Method
6. Refresh the page and login through OpenID provider
> [!NOTE]
> The default OAuth issuer is Google. To use other services such as Authentik or Auth0, you can configure the settings via `oauthIssuerBaseUrl`, `oauthIssuerName`, and `oauthIssuerIcon` in the `config.ini` file. Alternatively, these values can be set using environment variables: `TRILIUM_OAUTH_ISSUER_BASE_URL`, `TRILIUM_OAUTH_ISSUER_NAME`, and `TRILIUM_OAUTH_ISSUER_ICON`. `oauthIssuerName` and `oauthIssuerIcon` are required for displaying correct issuer information at the Login page.