github-personal/firezone
1
0
Fork 0
mirror of https://github.com/outbackdingo/firezone.git synced 2026-01-28 02:18:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix broken link regression (#1449)

Browse Source
This commit is contained in:
Jamil
2023-02-21 14:45:31 -08:00
committed by GitHub
parent a44e549818
commit 49878743b0
6 changed files with 225 additions and 223 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
apps/fz_http/lib/fz_http_web/controllers/json/user_controller.ex
View File

@@ -34,7 +34,7 @@ defmodule FzHttpWeb.JSON.UserController do
This endpoint is useful in two cases:
1. When [Local Authentication](/authenticate/local-auth/) is enabled (discouraged in
1. When [Local Authentication](/docs/authenticate/local-auth/) is enabled (discouraged in
production deployments), it allows an administrator to provision users with their passwords;
2. When `auto_create_users` in the associated OpenID or SAML configuration is disabled,
it allows an administrator to provision users with their emails beforehand, effectively

148
www/docs/reference/env-vars.mdx
View File

@@ -2,11 +2,12 @@
title: Environment Variables
sidebar_position: 1
---
Most day-to-day config of Firezone can be done via the Firezone Web UI,
but for zero-touch deployments we allow to override most of configuration options
using environment variables.
Read more about configuring Firezone in our [configure guide](/deploy/configure).
Read more about configuring Firezone in our [configure guide](/docs/deploy/configure).
## Errors
@@ -30,115 +31,116 @@ It means that if environment variable is set, it will be used, regardless of the
and UI to edit database value will be disabled.
## Environment Variable Listing
We recommend setting these in your Docker ENV file (`$HOME/.firezone/.env` by
default). Required fields in **bold**.
### WebServer
| Env Key | Description | Format | Default |
| ------ | --------------- | ------ | ------- |
| **EXTERNAL_URL** | The external URL the web UI will be accessible at.<br /> <br />Must be a valid and public FQDN for ACME SSL issuance to function.<br /> <br />You can add a path suffix if you want to serve firezone from a non-root path, eg: `https://firezone.mycorp.com/vpn`. | string | |
| PHOENIX_SECURE_COOKIES | Enable or disable requiring secure cookies. Required for HTTPS. | boolean | true |
| PHOENIX_HTTP_PORT | Internal port to listen on for the Phoenix web server. | integer | 13000 |
| PHOENIX_EXTERNAL_TRUSTED_PROXIES | List of trusted reverse proxies.<br /> <br />This is used to determine the correct IP address of the client when the application is behind a reverse proxy by skipping a trusted proxy IP from a list of possible source IPs. | JSON-encoded list | `"[]"` |
| PHOENIX_PRIVATE_CLIENTS | List of trusted clients.<br /> <br />This is used to determine the correct IP address of the client when the application is behind a reverse proxy by picking a trusted client IP from a list of possible source IPs. | JSON-encoded list | `"[]"` |
| Env Key | Description | Format | Default |
| -------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ----------------- | ------- |
| **EXTERNAL_URL** | The external URL the web UI will be accessible at.<br /> <br />Must be a valid and public FQDN for ACME SSL issuance to function.<br /> <br />You can add a path suffix if you want to serve firezone from a non-root path, eg: `https://firezone.mycorp.com/vpn`. | string | |
| PHOENIX_SECURE_COOKIES | Enable or disable requiring secure cookies. Required for HTTPS. | boolean | true |
| PHOENIX_HTTP_PORT | Internal port to listen on for the Phoenix web server. | integer | 13000 |
| PHOENIX_EXTERNAL_TRUSTED_PROXIES | List of trusted reverse proxies.<br /> <br />This is used to determine the correct IP address of the client when the application is behind a reverse proxy by skipping a trusted proxy IP from a list of possible source IPs. | JSON-encoded list | `"[]"` |
| PHOENIX_PRIVATE_CLIENTS | List of trusted clients.<br /> <br />This is used to determine the correct IP address of the client when the application is behind a reverse proxy by picking a trusted client IP from a list of possible source IPs. | JSON-encoded list | `"[]"` |
### Database
| Env Key | Description | Format | Default |
| ------ | --------------- | ------ | ------- |
| DATABASE_HOST | PostgreSQL host. | string | postgres |
| DATABASE_PORT | PostgreSQL port. | integer | 5432 |
| DATABASE_NAME | Name of the PostgreSQL database. | string | firezone |
| DATABASE_USER | User that will be used to access the PostgreSQL database. | string | postgres |
| DATABASE_PASSWORD | Password that will be used to access the PostgreSQL database. | string | |
| DATABASE_POOL_SIZE | Size of the connection pool to the PostgreSQL database. | integer | generated |
| DATABASE_SSL_ENABLED | Whether to connect to the database over SSL.<br /> <br />If this field is set to `true`, the `database_ssl_opts` config must be set too with at least `cacertfile` option present. | boolean | false |
| DATABASE_SSL_OPTS | SSL options for connecting to the PostgreSQL database.<br /> <br />Typically, to enabled SSL you want following options: <br /> - `cacertfile` - path to the CA certificate file;<br /> - `verify` - set to `verify_peer` to verify the server certificate;<br /> - `fail_if_no_peer_cert` - set to `true` to require the server to present a certificate;<br /> - `server_name_indication` - specify the hostname to be used in TLS Server Name Indication extension.<br /> <br />See [Ecto.Adapters.Postgres documentation](https://hexdocs.pm/ecto_sql/Ecto.Adapters.Postgres.html#module-connection-options). For list of all supported options, see the [`ssl`](http://erlang.org/doc/man/ssl.html#type-tls_client_option) module documentation. | JSON-encoded map | `{}` |
| Env Key | Description | Format | Default |
| -------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- | --------- |
| DATABASE_HOST | PostgreSQL host. | string | postgres |
| DATABASE_PORT | PostgreSQL port. | integer | 5432 |
| DATABASE_NAME | Name of the PostgreSQL database. | string | firezone |
| DATABASE_USER | User that will be used to access the PostgreSQL database. | string | postgres |
| DATABASE_PASSWORD | Password that will be used to access the PostgreSQL database. | string | |
| DATABASE_POOL_SIZE | Size of the connection pool to the PostgreSQL database. | integer | generated |
| DATABASE_SSL_ENABLED | Whether to connect to the database over SSL.<br /> <br />If this field is set to `true`, the `database_ssl_opts` config must be set too with at least `cacertfile` option present. | boolean | false |
| DATABASE_SSL_OPTS | SSL options for connecting to the PostgreSQL database.<br /> <br />Typically, to enabled SSL you want following options: <br /> - `cacertfile` - path to the CA certificate file;<br /> - `verify` - set to `verify_peer` to verify the server certificate;<br /> - `fail_if_no_peer_cert` - set to `true` to require the server to present a certificate;<br /> - `server_name_indication` - specify the hostname to be used in TLS Server Name Indication extension.<br /> <br />See [Ecto.Adapters.Postgres documentation](https://hexdocs.pm/ecto_sql/Ecto.Adapters.Postgres.html#module-connection-options). For list of all supported options, see the [`ssl`](http://erlang.org/doc/man/ssl.html#type-tls_client_option) module documentation. | JSON-encoded map | `{}` |
### Admin Setup
Options responsible for initial admin provisioning and resetting the admin password.
For more details see [troubleshooting guide](/administer/troubleshoot/#admin-login-isnt-working).
For more details see [troubleshooting guide](/docs/administer/troubleshoot/#admin-login-isnt-working).
| Env Key | Description | Format | Default |
| ------ | --------------- | ------ | ------- |
| RESET_ADMIN_ON_BOOT | Set this variable to `true` to create or reset the admin password every time Firezone starts. By default, the admin password is only set when Firezone is installed.<br /> <br />Note: This **will not** change the status of local authentication. | boolean | false |
| DEFAULT_ADMIN_EMAIL | Primary administrator email. | string | |
| DEFAULT_ADMIN_PASSWORD | Default password that will be used for creating or resetting the primary administrator account. | string | |
| Env Key | Description | Format | Default |
| ---------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- | ------- |
| RESET_ADMIN_ON_BOOT | Set this variable to `true` to create or reset the admin password every time Firezone starts. By default, the admin password is only set when Firezone is installed.<br /> <br />Note: This **will not** change the status of local authentication. | boolean | false |
| DEFAULT_ADMIN_EMAIL | Primary administrator email. | string | |
| DEFAULT_ADMIN_PASSWORD | Default password that will be used for creating or resetting the primary administrator account. | string | |
### Secrets and Encryption
Your secrets should be generated during installation automatically and persisted to `.env` file.
All secrets should be a **base64-encoded string**.
| Env Key | Description | Format | Default |
| ------ | --------------- | ------ | ------- |
| **GUARDIAN_SECRET_KEY** | Secret key used for signing JWTs. | string | |
| **DATABASE_ENCRYPTION_KEY** | Secret key used for encrypting sensitive data in the database. | string | |
| **SECRET_KEY_BASE** | Primary secret key base for the Phoenix application. | string | |
| **LIVE_VIEW_SIGNING_SALT** | Signing salt for Phoenix LiveView connection tokens. | string | |
| **COOKIE_SIGNING_SALT** | Encryption salt for cookies issued by the Phoenix web application. | string | |
| **COOKIE_ENCRYPTION_SALT** | Signing salt for cookies issued by the Phoenix web application. | string | |
| Env Key | Description | Format | Default |
| --------------------------- | ------------------------------------------------------------------ | ------ | ------- |
| **GUARDIAN_SECRET_KEY** | Secret key used for signing JWTs. | string | |
| **DATABASE_ENCRYPTION_KEY** | Secret key used for encrypting sensitive data in the database. | string | |
| **SECRET_KEY_BASE** | Primary secret key base for the Phoenix application. | string | |
| **LIVE_VIEW_SIGNING_SALT** | Signing salt for Phoenix LiveView connection tokens. | string | |
| **COOKIE_SIGNING_SALT** | Encryption salt for cookies issued by the Phoenix web application. | string | |
| **COOKIE_ENCRYPTION_SALT** | Signing salt for cookies issued by the Phoenix web application. | string | |
### Devices
| Env Key | Description | Format | Default |
| ------ | --------------- | ------ | ------- |
| ALLOW_UNPRIVILEGED_DEVICE_MANAGEMENT | Enable or disable management of devices on unprivileged accounts. | boolean | true |
| ALLOW_UNPRIVILEGED_DEVICE_CONFIGURATION | Enable or disable configuration of device network settings for unprivileged users. | boolean | true |
| VPN_SESSION_DURATION | Optionally require users to periodically authenticate to the Firezone web UI in order to keep their VPN sessions active. | integer | 0 |
| DEFAULT_CLIENT_PERSISTENT_KEEPALIVE | Interval for WireGuard [persistent keepalive](https://www.wireguard.com/quickstart/#nat-and-firewall-traversal-persistence).<br /> <br />If you experience NAT or firewall traversal problems, you can enable this to send a keepalive packet every 25 seconds. Otherwise, keep it disabled with a 0 default value. | integer | 25 |
| DEFAULT_CLIENT_MTU | WireGuard interface MTU for devices. 1280 is a safe bet for most networks. Leave this blank to omit this field from generated configs. | integer | 1280 |
| DEFAULT_CLIENT_ENDPOINT | IPv4, IPv6 address, or FQDN that devices will be configured to connect to. Defaults to this server's FQDN. | one of `IP with port`, `string` | generated |
| DEFAULT_CLIENT_DNS | Comma-separated list of DNS servers to use for devices.<br /> <br />It can be either an IP address or a FQDN if you intend to use a DNS-over-TLS server.<br /> <br />Leave this blank to omit the `DNS` section from generated configs. | {:array, ",", {:one_of, [FzHttp.Types.IP, :string]}, [validate_unique: true]} | `[]` |
| DEFAULT_CLIENT_ALLOWED_IPS | Configures the default AllowedIPs setting for devices.<br /> <br />AllowedIPs determines which destination IPs get routed through Firezone.<br /> <br />Specify a comma-separated list of IPs or CIDRs here to achieve split tunneling, or use `0.0.0.0/0, ::/0` to route all device traffic through this Firezone server. | {:array, ",", {:one_of, [FzHttp.Types.CIDR, FzHttp.Types.IP]}, [validate_unique: true]} | `0.0.0.0/0, ::/0` |
| Env Key | Description | Format | Default |
| --------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------- | ----------------- |
| ALLOW_UNPRIVILEGED_DEVICE_MANAGEMENT | Enable or disable management of devices on unprivileged accounts. | boolean | true |
| ALLOW_UNPRIVILEGED_DEVICE_CONFIGURATION | Enable or disable configuration of device network settings for unprivileged users. | boolean | true |
| VPN_SESSION_DURATION | Optionally require users to periodically authenticate to the Firezone web UI in order to keep their VPN sessions active. | integer | 0 |
| DEFAULT_CLIENT_PERSISTENT_KEEPALIVE | Interval for WireGuard [persistent keepalive](https://www.wireguard.com/quickstart/#nat-and-firewall-traversal-persistence).<br /> <br />If you experience NAT or firewall traversal problems, you can enable this to send a keepalive packet every 25 seconds. Otherwise, keep it disabled with a 0 default value. | integer | 25 |
| DEFAULT_CLIENT_MTU | WireGuard interface MTU for devices. 1280 is a safe bet for most networks. Leave this blank to omit this field from generated configs. | integer | 1280 |
| DEFAULT_CLIENT_ENDPOINT | IPv4, IPv6 address, or FQDN that devices will be configured to connect to. Defaults to this server's FQDN. | one of `IP with port`, `string` | generated |
| DEFAULT_CLIENT_DNS | Comma-separated list of DNS servers to use for devices.<br /> <br />It can be either an IP address or a FQDN if you intend to use a DNS-over-TLS server.<br /> <br />Leave this blank to omit the `DNS` section from generated configs. | {:array, ",", {:one_of, [FzHttp.Types.IP, :string]}, [validate_unique: true]} | `[]` |
| DEFAULT_CLIENT_ALLOWED_IPS | Configures the default AllowedIPs setting for devices.<br /> <br />AllowedIPs determines which destination IPs get routed through Firezone.<br /> <br />Specify a comma-separated list of IPs or CIDRs here to achieve split tunneling, or use `0.0.0.0/0, ::/0` to route all device traffic through this Firezone server. | {:array, ",", {:one_of, [FzHttp.Types.CIDR, FzHttp.Types.IP]}, [validate_unique: true]} | `0.0.0.0/0, ::/0` |
### Authorization
| Env Key | Description | Format | Default |
| ------ | --------------- | ------ | ------- |
| LOCAL_AUTH_ENABLED | Enable or disable the local authentication method for all users. | boolean | true |
| DISABLE_VPN_ON_OIDC_ERROR | Enable or disable auto disabling VPN connection on OIDC refresh error. | boolean | false |
| SAML_ENTITY_ID | Entity ID for SAML authentication. | string | urn:firezone.dev:firezone-app |
| SAML_KEYFILE_PATH | Path to the SAML keyfile inside the container. Should be either a PEM or DER-encoded private key, with file extension `.pem` or `.key`. | string | /var/firezone/saml.key |
| SAML_CERTFILE_PATH | Path to the SAML certificate file inside the container. Should be either a PEM or DER-encoded certificate, with file extension `.crt` or `.pem`. | string | /var/firezone/saml.crt |
| OPENID_CONNECT_PROVIDERS | List of OpenID Connect identity providers configurations.<br /> <br />For example:<br /> <br />``` [ { "auto_create_users": false, "id": "google", "label": "google", "client_id": "test-id", "client_secret": "test-secret", "discovery_document_uri": "https://accounts.google.com/.well-known/openid-configuration", "redirect_uri": "https://invalid", "response_type": "response-type", "scope": "oauth email profile" } ] ```<br /> <br />For more details see https://docs.firezone.dev/authenticate/oidc/. | JSON-encoded list | `"[]"` |
| SAML_IDENTITY_PROVIDERS | List of SAML identity providers configurations.<br /> <br />For example:<br /> <br />``` [ { "auto_create_users": false, "base_url": "https://saml", "id": "okta", "label": "okta", "metadata": "<?xml version="1.0"?>...", "sign_metadata": false, "sign_requests": false, "signed_assertion_in_resp": false, "signed_envelopes_in_resp": false } ] ```<br /> <br />For more details see https://docs.firezone.dev/authenticate/saml/. | JSON-encoded list | `"[]"` |
| Env Key | Description | Format | Default |
| ------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------- | ----------------------------- |
| LOCAL_AUTH_ENABLED | Enable or disable the local authentication method for all users. | boolean | true |
| DISABLE_VPN_ON_OIDC_ERROR | Enable or disable auto disabling VPN connection on OIDC refresh error. | boolean | false |
| SAML_ENTITY_ID | Entity ID for SAML authentication. | string | urn:firezone.dev:firezone-app |
| SAML_KEYFILE_PATH | Path to the SAML keyfile inside the container. Should be either a PEM or DER-encoded private key, with file extension `.pem` or `.key`. | string | /var/firezone/saml.key |
| SAML_CERTFILE_PATH | Path to the SAML certificate file inside the container. Should be either a PEM or DER-encoded certificate, with file extension `.crt` or `.pem`. | string | /var/firezone/saml.crt |
| OPENID_CONNECT_PROVIDERS | List of OpenID Connect identity providers configurations.<br /> <br />For example:<br /> <br />`[ { "auto_create_users": false, "id": "google", "label": "google", "client_id": "test-id", "client_secret": "test-secret", "discovery_document_uri": "https://accounts.google.com/.well-known/openid-configuration", "redirect_uri": "https://invalid", "response_type": "response-type", "scope": "oauth email profile" } ]`<br /> <br />For more details see https://docs.firezone.dev/authenticate/oidc/. | JSON-encoded list | `"[]"` |
| SAML_IDENTITY_PROVIDERS | List of SAML identity providers configurations.<br /> <br />For example:<br /> <br />`[ { "auto_create_users": false, "base_url": "https://saml", "id": "okta", "label": "okta", "metadata": "<?xml version="1.0"?>...", "sign_metadata": false, "sign_requests": false, "signed_assertion_in_resp": false, "signed_envelopes_in_resp": false } ]`<br /> <br />For more details see https://docs.firezone.dev/authenticate/saml/. | JSON-encoded list | `"[]"` |
### WireGuard
| Env Key | Description | Format | Default |
| ------ | --------------- | ------ | ------- |
| WIREGUARD_PORT | A port on which WireGuard will listen for incoming connections. | integer | 51820 |
| WIREGUARD_IPV4_ENABLED | Enable or disable IPv4 support for WireGuard. | boolean | true |
| WIREGUARD_IPV6_ENABLED | Enable or disable IPv6 support for WireGuard. | boolean | true |
| Env Key | Description | Format | Default |
| ---------------------- | --------------------------------------------------------------- | ------- | ------- |
| WIREGUARD_PORT | A port on which WireGuard will listen for incoming connections. | integer | 51820 |
| WIREGUARD_IPV4_ENABLED | Enable or disable IPv4 support for WireGuard. | boolean | true |
| WIREGUARD_IPV6_ENABLED | Enable or disable IPv6 support for WireGuard. | boolean | true |
### Outbound Emails
| Env Key | Description | Format | Default |
| ------ | --------------- | ------ | ------- |
| OUTBOUND_EMAIL_FROM | From address to use for sending outbound emails. If not set, sending email will be disabled (default). | string | generated |
| OUTBOUND_EMAIL_ADAPTER | Method to use for sending outbound email. | One of `Swoosh.Adapters.AmazonSES`, `Swoosh.Adapters.CustomerIO`, `Swoosh.Adapters.Dyn`, `Swoosh.Adapters.ExAwsAmazonSES`, `Swoosh.Adapters.Gmail`, `Swoosh.Adapters.MailPace`, `Swoosh.Adapters.Mailgun`, `Swoosh.Adapters.Mailjet`, `Swoosh.Adapters.Mandrill`, `Swoosh.Adapters.Postmark`, `Swoosh.Adapters.ProtonBridge`, `Swoosh.Adapters.SMTP`, `Swoosh.Adapters.SMTP2GO`, `Swoosh.Adapters.Sendgrid`, `Swoosh.Adapters.Sendinblue`, `Swoosh.Adapters.Sendmail`, `Swoosh.Adapters.SocketLabs`, `Swoosh.Adapters.SparkPost`, `FzHttpWeb.Mailer.NoopAdapter` | `FzHttpWeb.Mailer.NoopAdapter` |
| OUTBOUND_EMAIL_ADAPTER_OPTS | Adapter configuration, for list of options see [Swoosh Adapters](https://github.com/swoosh/swoosh#adapters). | JSON-encoded map | `{}` |
| Env Key | Description | Format | Default |
| --------------------------- | ------------------------------------------------------------------------------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------ |
| OUTBOUND_EMAIL_FROM | From address to use for sending outbound emails. If not set, sending email will be disabled (default). | string | generated |
| OUTBOUND_EMAIL_ADAPTER | Method to use for sending outbound email. | One of `Swoosh.Adapters.AmazonSES`, `Swoosh.Adapters.CustomerIO`, `Swoosh.Adapters.Dyn`, `Swoosh.Adapters.ExAwsAmazonSES`, `Swoosh.Adapters.Gmail`, `Swoosh.Adapters.MailPace`, `Swoosh.Adapters.Mailgun`, `Swoosh.Adapters.Mailjet`, `Swoosh.Adapters.Mandrill`, `Swoosh.Adapters.Postmark`, `Swoosh.Adapters.ProtonBridge`, `Swoosh.Adapters.SMTP`, `Swoosh.Adapters.SMTP2GO`, `Swoosh.Adapters.Sendgrid`, `Swoosh.Adapters.Sendinblue`, `Swoosh.Adapters.Sendmail`, `Swoosh.Adapters.SocketLabs`, `Swoosh.Adapters.SparkPost`, `FzHttpWeb.Mailer.NoopAdapter` | `FzHttpWeb.Mailer.NoopAdapter` |
| OUTBOUND_EMAIL_ADAPTER_OPTS | Adapter configuration, for list of options see [Swoosh Adapters](https://github.com/swoosh/swoosh#adapters). | JSON-encoded map | `{}` |
### Connectivity Checks
| Env Key | Description | Format | Default |
| ------ | --------------- | ------ | ------- |
| CONNECTIVITY_CHECKS_ENABLED | Enable / disable periodic checking for egress connectivity. Determines the instance's public IP to populate `Endpoint` fields. | boolean | true |
| CONNECTIVITY_CHECKS_INTERVAL | Periodicity in seconds to check for egress connectivity. | integer | 43200 |
| Env Key | Description | Format | Default |
| ---------------------------- | ------------------------------------------------------------------------------------------------------------------------------ | ------- | ------- |
| CONNECTIVITY_CHECKS_ENABLED | Enable / disable periodic checking for egress connectivity. Determines the instance's public IP to populate `Endpoint` fields. | boolean | true |
| CONNECTIVITY_CHECKS_INTERVAL | Periodicity in seconds to check for egress connectivity. | integer | 43200 |
### Telemetry
| Env Key | Description | Format | Default |
| ------ | --------------- | ------ | ------- |
| TELEMETRY_ENABLED | Enable or disable the Firezone telemetry collection.<br /> <br />For more details see https://docs.firezone.dev/reference/telemetry/. | boolean | true |
| Env Key | Description | Format | Default |
| ----------------- | ------------------------------------------------------------------------------------------------------------------------------------- | ------- | ------- |
| TELEMETRY_ENABLED | Enable or disable the Firezone telemetry collection.<br /> <br />For more details see https://docs.firezone.dev/reference/telemetry/. | boolean | true |
### Other
| Env Key | Description | Format | Default |
| ------ | --------------- | ------ | ------- |
| LOGO | The path to a logo image file to replace default Firezone logo. | {:embed, FzHttp.Config.Logo} | `` |
| Env Key | Description | Format | Default |
| ------- | --------------------------------------------------------------- | ---------------------------- | ------- |
| LOGO | The path to a logo image file to replace default Firezone logo. | {:embed, FzHttp.Config.Logo} | `` |

12
www/docs/reference/rest-api/configurations.mdx
View File

@@ -39,13 +39,13 @@ Content-Type: application/json; charset=utf-8
"default_client_mtu": 1280,
"default_client_persistent_keepalive": 25,
"disable_vpn_on_oidc_error": false,
"id": "1c5b3594-1309-4779-b01d-cd21bee561b8",
"inserted_at": "2023-02-16T17:31:21.614660Z",
"id": "9fe70a6b-8af7-46e3-88d2-050804edca94",
"inserted_at": "2023-02-21T19:41:56.505552Z",
"local_auth_enabled": true,
"logo": {},
"openid_connect_providers": [],
"saml_identity_providers": [],
"updated_at": "2023-02-16T17:31:21.614660Z",
"updated_at": "2023-02-21T19:41:56.505552Z",
"vpn_session_duration": 0
}
}
@@ -126,8 +126,8 @@ Content-Type: application/json; charset=utf-8
"default_client_mtu": 1100,
"default_client_persistent_keepalive": 1,
"disable_vpn_on_oidc_error": true,
"id": "1c5b3594-1309-4779-b01d-cd21bee561b8",
"inserted_at": "2023-02-16T17:31:21.614660Z",
"id": "9fe70a6b-8af7-46e3-88d2-050804edca94",
"inserted_at": "2023-02-21T19:41:56.505552Z",
"local_auth_enabled": false,
"logo": {},
"openid_connect_providers": [
@@ -156,7 +156,7 @@ Content-Type: application/json; charset=utf-8
"signed_envelopes_in_resp": false
}
],
"updated_at": "2023-02-18T18:55:51.972476Z",
"updated_at": "2023-02-21T19:42:17.438639Z",
"vpn_session_duration": 100
}
}

134
www/docs/reference/rest-api/devices.mdx
View File

@@ -34,27 +34,27 @@ Content-Type: application/json; charset=utf-8
"1.0.0.1"
],
"endpoint": "localhost:51820",
"id": "3e768884-c957-482c-8467-08e457f4acea",
"inserted_at": "2023-02-18T18:55:51.295135Z",
"ipv4": "100.104.159.238",
"ipv6": "fd00::d:a98a",
"id": "2b6c28a8-ca1b-4ecc-8133-b3d6619d47af",
"inserted_at": "2023-02-21T19:42:16.612776Z",
"ipv4": "100.93.194.179",
"ipv6": "fd00::22:71ab",
"latest_handshake": null,
"mtu": 1280,
"name": "factory 3555",
"name": "factory 4135",
"persistent_keepalive": 25,
"preshared_key": "Ev+p0ASEswYRzLVtZX+cAhadlOPmAhH1/coj/i4Mrug=",
"public_key": "IwJeJ05UPKacEUKoQazEfzVMySiUa0prvRxZYCSteQs=",
"preshared_key": "r8nGfWLQWzp2AyCKMfVfrU9AzNtCbcExQt/Xv15UnPA=",
"public_key": "qNBDIg99AQV5Zr3I3gOtCjBpf+8y5g1wft8r55ZPCSg=",
"remote_ip": null,
"rx_bytes": null,
"server_public_key": "is+0ov0/SZ9I+qyDD+adVoH9LreWHa85QQgpt6RUtA4=",
"tx_bytes": null,
"updated_at": "2023-02-18T18:55:51.295135Z",
"updated_at": "2023-02-21T19:42:16.612776Z",
"use_default_allowed_ips": true,
"use_default_dns": true,
"use_default_endpoint": true,
"use_default_mtu": true,
"use_default_persistent_keepalive": true,
"user_id": "e555125b-9831-470e-adbd-b4bffcdcfa8e"
"user_id": "7c69c4a8-e335-40e0-b946-088a793873a9"
},
{
"allowed_ips": [
@@ -67,27 +67,27 @@ Content-Type: application/json; charset=utf-8
"1.0.0.1"
],
"endpoint": "localhost:51820",
"id": "c49e49ad-0a23-4857-9a70-c2b47d399f8c",
"inserted_at": "2023-02-18T18:55:51.272421Z",
"ipv4": "100.97.251.99",
"ipv6": "fd00::10:70ff",
"id": "c570ecf3-bf90-449e-9396-e11f3f5e1c3c",
"inserted_at": "2023-02-21T19:42:16.619638Z",
"ipv4": "100.66.157.239",
"ipv6": "fd00::1a:8b94",
"latest_handshake": null,
"mtu": 1280,
"name": "factory 3395",
"name": "factory 3428",
"persistent_keepalive": 25,
"preshared_key": "IwAp9NXPyuVbWhqT2YnMydKKxzZM/azEQlcn8uNC9UA=",
"public_key": "wyiIyos+4gsK1FovaHji5tDsNZHz9eqPuP+aXQvaKKc=",
"preshared_key": "iPVrNTAmZIaptYD9kqgDSy3etX02PrKP2xDEwaU0CTk=",
"public_key": "5XHK3GYXPD5/rqND52mgYL9VjY64M1O/0xtl3w21p+E=",
"remote_ip": null,
"rx_bytes": null,
"server_public_key": "is+0ov0/SZ9I+qyDD+adVoH9LreWHa85QQgpt6RUtA4=",
"tx_bytes": null,
"updated_at": "2023-02-18T18:55:51.272421Z",
"updated_at": "2023-02-21T19:42:16.619638Z",
"use_default_allowed_ips": true,
"use_default_dns": true,
"use_default_endpoint": true,
"use_default_mtu": true,
"use_default_persistent_keepalive": true,
"user_id": "84ae42a2-00b6-4518-a02e-636846a2b517"
"user_id": "3c5c32d8-913c-44ca-9211-9c401dffc0ee"
},
{
"allowed_ips": [
@@ -100,27 +100,27 @@ Content-Type: application/json; charset=utf-8
"1.0.0.1"
],
"endpoint": "localhost:51820",
"id": "2803d77b-5f34-4277-ab15-afc452792d53",
"inserted_at": "2023-02-18T18:55:51.280811Z",
"ipv4": "100.124.65.64",
"ipv6": "fd00::10:c793",
"id": "d07e42e0-205c-495b-bee7-bbd29a7cb22c",
"inserted_at": "2023-02-21T19:42:16.625365Z",
"ipv4": "100.98.252.135",
"ipv6": "fd00::33:7a15",
"latest_handshake": null,
"mtu": 1280,
"name": "factory 3301",
"name": "factory 5186",
"persistent_keepalive": 25,
"preshared_key": "p1xB8mSPSYqWeQ88zuomTe3/qP/dGNHIWMuhZV35aNw=",
"public_key": "kjnSbt1PzVNxy2Zk0WU61+euwB47PhkYGVjPH3Qu3ws=",
"preshared_key": "PwcToalzmZ+aDXT7HDDOC+YsK+HzSdw8pX/e9FtdUQ4=",
"public_key": "LrWe6VAmNrI4lU2GtlS8W//U3lEu5LmnpXzEAPgu2K0=",
"remote_ip": null,
"rx_bytes": null,
"server_public_key": "is+0ov0/SZ9I+qyDD+adVoH9LreWHa85QQgpt6RUtA4=",
"tx_bytes": null,
"updated_at": "2023-02-18T18:55:51.280811Z",
"updated_at": "2023-02-21T19:42:16.625365Z",
"use_default_allowed_ips": true,
"use_default_dns": true,
"use_default_endpoint": true,
"use_default_mtu": true,
"use_default_persistent_keepalive": true,
"user_id": "8b93ed2e-0413-4aa4-8141-d47ab9a44489"
"user_id": "0e67b63f-0c4d-499f-9c82-aeb8e15d46c1"
},
{
"allowed_ips": [
@@ -133,27 +133,27 @@ Content-Type: application/json; charset=utf-8
"1.0.0.1"
],
"endpoint": "localhost:51820",
"id": "e40913be-777b-4c8c-b046-729691d3ab3d",
"inserted_at": "2023-02-18T18:55:51.288043Z",
"ipv4": "100.110.155.13",
"ipv6": "fd00::36:ad92",
"id": "73e897da-7e96-4839-a1b3-3c22b517cd87",
"inserted_at": "2023-02-21T19:42:16.630393Z",
"ipv4": "100.127.77.200",
"ipv6": "fd00::13:a5da",
"latest_handshake": null,
"mtu": 1280,
"name": "factory 3461",
"name": "factory 5250",
"persistent_keepalive": 25,
"preshared_key": "81ZGYaMfpDMGJ1NSAA6X2m82WcHrj/JYSSUxHcEGtNc=",
"public_key": "e9zG3QTAFUx+3TixOgtTc1K3xLqmz+2ePIjQC6yvfiw=",
"preshared_key": "p0ZePh6jGs2cnxhampSudq/qyWDTqZUvAmuDuQzIhg8=",
"public_key": "Xi4k6cp5bWF3it3sHKlu7/Pc4PQ/0CNhFDC/4e1QJ8c=",
"remote_ip": null,
"rx_bytes": null,
"server_public_key": "is+0ov0/SZ9I+qyDD+adVoH9LreWHa85QQgpt6RUtA4=",
"tx_bytes": null,
"updated_at": "2023-02-18T18:55:51.288043Z",
"updated_at": "2023-02-21T19:42:16.630393Z",
"use_default_allowed_ips": true,
"use_default_dns": true,
"use_default_endpoint": true,
"use_default_mtu": true,
"use_default_persistent_keepalive": true,
"user_id": "dc94df4e-a0f6-4982-9964-c266eb2b9760"
"user_id": "219cc61b-a9fc-40f6-960c-9dc49b6a9285"
},
{
"allowed_ips": [
@@ -166,27 +166,27 @@ Content-Type: application/json; charset=utf-8
"1.0.0.1"
],
"endpoint": "localhost:51820",
"id": "ac9b4b14-2931-462b-8f69-0eaab1e09c79",
"inserted_at": "2023-02-18T18:55:51.306250Z",
"ipv4": "100.127.98.215",
"ipv6": "fd00::3:ba30",
"id": "0264a1e7-d856-427a-bdab-56b27dad953e",
"inserted_at": "2023-02-21T19:42:16.635042Z",
"ipv4": "100.82.95.202",
"ipv6": "fd00::8:ee28",
"latest_handshake": null,
"mtu": 1280,
"name": "factory 3651",
"name": "factory 3493",
"persistent_keepalive": 25,
"preshared_key": "zVx8+DzRh8k3RcdadCmN+Rv7tMYBeB6NssRZKXiDPJU=",
"public_key": "itqdVYUfCY48iWiSfNR6+fidTKK2WXeWLwJybMiv3Mc=",
"preshared_key": "LG/iIPIUfoGcXSCSYuw+DGJVYJkdwjNtqZCzvIgGsWw=",
"public_key": "Ypxx0s+69Zrcrm9V+EpXDSOnZ2vhYfeVaKL6ayZ+xWA=",
"remote_ip": null,
"rx_bytes": null,
"server_public_key": "is+0ov0/SZ9I+qyDD+adVoH9LreWHa85QQgpt6RUtA4=",
"tx_bytes": null,
"updated_at": "2023-02-18T18:55:51.306250Z",
"updated_at": "2023-02-21T19:42:16.635042Z",
"use_default_allowed_ips": true,
"use_default_dns": true,
"use_default_endpoint": true,
"use_default_mtu": true,
"use_default_persistent_keepalive": true,
"user_id": "49e2e587-f979-4aae-bad5-a513872526b5"
"user_id": "f60df8f7-9274-49a4-a5d3-9c772b7e81bb"
}
]
}
@@ -226,14 +226,14 @@ $ curl -i \
"use_default_endpoint": false,
"use_default_mtu": false,
"use_default_persistent_keepalive": false,
"user_id": "6b657ede-8018-4b00-b8a0-28c6de4337dc"
"user_id": "037f7617-93f1-4f7b-b8d5-db0512a7de10"
}
}'
EOF
HTTP/1.1 201
Content-Type: application/json; charset=utf-8
Location: /v0/devices/9341237e-8d5c-4b88-8a04-90f622d79b88
Location: /v0/devices/fe5e53fd-faac-4436-9e6e-76c00d2e7f47
{
"data": {
@@ -247,8 +247,8 @@ Location: /v0/devices/9341237e-8d5c-4b88-8a04-90f622d79b88
"9.9.9.8"
],
"endpoint": "9.9.9.9",
"id": "9341237e-8d5c-4b88-8a04-90f622d79b88",
"inserted_at": "2023-02-18T18:55:51.232890Z",
"id": "fe5e53fd-faac-4436-9e6e-76c00d2e7f47",
"inserted_at": "2023-02-21T19:42:16.821122Z",
"ipv4": "100.64.0.2",
"ipv6": "fd00::2",
"latest_handshake": null,
@@ -261,13 +261,13 @@ Location: /v0/devices/9341237e-8d5c-4b88-8a04-90f622d79b88
"rx_bytes": null,
"server_public_key": "is+0ov0/SZ9I+qyDD+adVoH9LreWHa85QQgpt6RUtA4=",
"tx_bytes": null,
"updated_at": "2023-02-18T18:55:51.232890Z",
"updated_at": "2023-02-21T19:42:16.821122Z",
"use_default_allowed_ips": false,
"use_default_dns": false,
"use_default_endpoint": false,
"use_default_mtu": false,
"use_default_persistent_keepalive": false,
"user_id": "6b657ede-8018-4b00-b8a0-28c6de4337dc"
"user_id": "037f7617-93f1-4f7b-b8d5-db0512a7de10"
}
}
```
@@ -278,7 +278,7 @@ Location: /v0/devices/9341237e-8d5c-4b88-8a04-90f622d79b88
#### Example
**URI Parameters:**
- `id`: `996f3a7e-8314-4caa-88ca-67b0a798810b`
- `id`: `a8ede14d-7ffd-42b1-a0c4-28d4aa5d0749`
```bash
$ curl -i \
-X GET "https://{firezone_host}/v0/devices/{id}" \
@@ -300,27 +300,27 @@ Content-Type: application/json; charset=utf-8
"1.0.0.1"
],
"endpoint": "localhost:51820",
"id": "996f3a7e-8314-4caa-88ca-67b0a798810b",
"inserted_at": "2023-02-18T18:55:49.480530Z",
"ipv4": "100.115.46.241",
"ipv6": "fd00::13:a505",
"id": "a8ede14d-7ffd-42b1-a0c4-28d4aa5d0749",
"inserted_at": "2023-02-21T19:42:16.861814Z",
"ipv4": "100.67.104.45",
"ipv6": "fd00::30:dad3",
"latest_handshake": null,
"mtu": 1280,
"name": "factory 2050",
"name": "factory 4581",
"persistent_keepalive": 25,
"preshared_key": "zwYGMjuBBLZk4YkBlDx5LZHOf6gf35b6/2SoFZIc8a0=",
"public_key": "CZz2mwmaCyNrjAcANfOCPpozFrIOkDvCaaoeb6O3hvw=",
"preshared_key": "G1UmGBirIP2XiBOVb0OcKnLjvhNQrUXq5WcwpYozzsc=",
"public_key": "dDRr56ECg6sLBKT4+wDVkkL6JhzcmI+jOfgbp1NBydY=",
"remote_ip": null,
"rx_bytes": null,
"server_public_key": "is+0ov0/SZ9I+qyDD+adVoH9LreWHa85QQgpt6RUtA4=",
"tx_bytes": null,
"updated_at": "2023-02-18T18:55:49.480530Z",
"updated_at": "2023-02-21T19:42:16.861814Z",
"use_default_allowed_ips": true,
"use_default_dns": true,
"use_default_endpoint": true,
"use_default_mtu": true,
"use_default_persistent_keepalive": true,
"user_id": "1e4c2c8b-914a-4cd7-b3f0-fd2b2c401e17"
"user_id": "a7182e3d-be17-4833-9669-c0efe861541a"
}
}
```
@@ -331,7 +331,7 @@ Content-Type: application/json; charset=utf-8
#### Example
**URI Parameters:**
- `id`: `f8dccb0b-2b2a-463c-a5f0-630df7c2ea53`
- `id`: `d87aae90-e4b2-4e2b-92c2-728f02053745`
```bash
$ curl -i \
-X PUT "https://{firezone_host}/v0/devices/{id}" \
@@ -381,8 +381,8 @@ Content-Type: application/json; charset=utf-8
"9.9.9.8"
],
"endpoint": "9.9.9.9",
"id": "f8dccb0b-2b2a-463c-a5f0-630df7c2ea53",
"inserted_at": "2023-02-18T18:55:51.243689Z",
"id": "d87aae90-e4b2-4e2b-92c2-728f02053745",
"inserted_at": "2023-02-21T19:42:16.734558Z",
"ipv4": "100.64.0.2",
"ipv6": "fd00::2",
"latest_handshake": null,
@@ -395,13 +395,13 @@ Content-Type: application/json; charset=utf-8
"rx_bytes": null,
"server_public_key": "is+0ov0/SZ9I+qyDD+adVoH9LreWHa85QQgpt6RUtA4=",
"tx_bytes": null,
"updated_at": "2023-02-18T18:55:51.255811Z",
"updated_at": "2023-02-21T19:42:16.744067Z",
"use_default_allowed_ips": false,
"use_default_dns": false,
"use_default_endpoint": false,
"use_default_mtu": false,
"use_default_persistent_keepalive": false,
"user_id": "1233e2d4-c9ba-4d2a-bb8b-ac23050eba78"
"user_id": "e3199f2c-8bf1-4371-8217-b7277bfedae6"
}
}
```
@@ -412,7 +412,7 @@ Content-Type: application/json; charset=utf-8
#### Example
**URI Parameters:**
- `id`: `1385934c-17f4-4129-9e66-cbba1e4c1734`
- `id`: `8a7e0c57-7e12-433c-8a6c-151359c5b3e3`
```bash
$ curl -i \
-X DELETE "https://{firezone_host}/v0/devices/{id}" \

60
www/docs/reference/rest-api/rules.mdx
View File

@@ -26,51 +26,51 @@ Content-Type: application/json; charset=utf-8
{
"action": "drop",
"destination": "10.3.2.1",
"id": "f0f6bd4e-f68b-4347-ada6-4d024787aae9",
"inserted_at": "2023-02-18T18:55:51.352217Z",
"id": "db5a18ef-a033-48fb-a318-af054c8d3ace",
"inserted_at": "2023-02-21T19:42:16.822620Z",
"port_range": null,
"port_type": null,
"updated_at": "2023-02-18T18:55:51.352217Z",
"updated_at": "2023-02-21T19:42:16.822620Z",
"user_id": null
},
{
"action": "drop",
"destination": "10.3.2.2",
"id": "0d2b5c4d-92e0-4271-adf3-9ad852d2bda7",
"inserted_at": "2023-02-18T18:55:51.353801Z",
"id": "2b02c33b-4589-4912-bf38-44bc3853a611",
"inserted_at": "2023-02-21T19:42:16.824085Z",
"port_range": null,
"port_type": null,
"updated_at": "2023-02-18T18:55:51.353801Z",
"updated_at": "2023-02-21T19:42:16.824085Z",
"user_id": null
},
{
"action": "drop",
"destination": "10.3.2.3",
"id": "1b9e57f4-0510-46c5-8440-ce1fec30af66",
"inserted_at": "2023-02-18T18:55:51.354824Z",
"id": "2b93d655-f870-4c2e-942d-529234f58289",
"inserted_at": "2023-02-21T19:42:16.825104Z",
"port_range": null,
"port_type": null,
"updated_at": "2023-02-18T18:55:51.354824Z",
"updated_at": "2023-02-21T19:42:16.825104Z",
"user_id": null
},
{
"action": "drop",
"destination": "10.3.2.4",
"id": "99d86823-1b87-49f5-8522-c1c2ba7d42b3",
"inserted_at": "2023-02-18T18:55:51.355740Z",
"id": "fb74d75b-6ce3-420b-9d15-532832110c58",
"inserted_at": "2023-02-21T19:42:16.826185Z",
"port_range": null,
"port_type": null,
"updated_at": "2023-02-18T18:55:51.355740Z",
"updated_at": "2023-02-21T19:42:16.826185Z",
"user_id": null
},
{
"action": "drop",
"destination": "10.3.2.5",
"id": "57e0237f-1dc2-4f6c-849c-5c24e47efd23",
"inserted_at": "2023-02-18T18:55:51.356725Z",
"id": "392cee84-07ef-4ecd-9c9f-b916e2aff155",
"inserted_at": "2023-02-21T19:42:16.827016Z",
"port_range": null,
"port_type": null,
"updated_at": "2023-02-18T18:55:51.356725Z",
"updated_at": "2023-02-21T19:42:16.827016Z",
"user_id": null
}
]
@@ -93,25 +93,25 @@ $ curl -i \
"destination": "1.1.1.1/24",
"port_range": "1 - 2",
"port_type": "udp",
"user_id": "d6e0fef3-8b87-496a-aa63-34178d559b71"
"user_id": "a80e866c-bee5-4dfd-adc0-3847b67b9d56"
}
}'
EOF
HTTP/1.1 201
Content-Type: application/json; charset=utf-8
Location: /v0/rules/cac89e93-00d3-4d98-ad50-b75a60b0a464
Location: /v0/rules/c9a8a01e-d852-49c0-bcdb-5ea5f70ad932
{
"data": {
"action": "accept",
"destination": "1.1.1.1/24",
"id": "cac89e93-00d3-4d98-ad50-b75a60b0a464",
"inserted_at": "2023-02-18T18:55:51.290304Z",
"id": "c9a8a01e-d852-49c0-bcdb-5ea5f70ad932",
"inserted_at": "2023-02-21T19:42:16.853089Z",
"port_range": "1 - 2",
"port_type": "udp",
"updated_at": "2023-02-18T18:55:51.290304Z",
"user_id": "d6e0fef3-8b87-496a-aa63-34178d559b71"
"updated_at": "2023-02-21T19:42:16.853089Z",
"user_id": "a80e866c-bee5-4dfd-adc0-3847b67b9d56"
}
}
```
@@ -122,7 +122,7 @@ Location: /v0/rules/cac89e93-00d3-4d98-ad50-b75a60b0a464
#### Example
**URI Parameters:**
- `id`: `7b91d771-8c4a-45aa-8b6f-0cb5b7e486fc`
- `id`: `cf77ba9e-604d-408d-a444-4fcee57662d3`
```bash
$ curl -i \
-X GET "https://{firezone_host}/v0/rules/{id}" \
@@ -136,11 +136,11 @@ Content-Type: application/json; charset=utf-8
"data": {
"action": "drop",
"destination": "10.10.10.0/24",
"id": "7b91d771-8c4a-45aa-8b6f-0cb5b7e486fc",
"inserted_at": "2023-02-18T18:55:51.211234Z",
"id": "cf77ba9e-604d-408d-a444-4fcee57662d3",
"inserted_at": "2023-02-21T19:42:16.881405Z",
"port_range": null,
"port_type": null,
"updated_at": "2023-02-18T18:55:51.211234Z",
"updated_at": "2023-02-21T19:42:16.881405Z",
"user_id": null
}
}
@@ -152,7 +152,7 @@ Content-Type: application/json; charset=utf-8
#### Example
**URI Parameters:**
- `id`: `ca67b973-2ee6-4bc5-942c-848990eaae49`
- `id`: `21275ade-d14e-4421-8cdf-49bca4d84d63`
```bash
$ curl -i \
-X PUT "https://{firezone_host}/v0/rules/{id}" \
@@ -176,11 +176,11 @@ Content-Type: application/json; charset=utf-8
"data": {
"action": "accept",
"destination": "1.1.1.1/24",
"id": "ca67b973-2ee6-4bc5-942c-848990eaae49",
"inserted_at": "2023-02-18T18:55:51.294125Z",
"id": "21275ade-d14e-4421-8cdf-49bca4d84d63",
"inserted_at": "2023-02-21T19:42:16.786969Z",
"port_range": "1 - 2",
"port_type": "udp",
"updated_at": "2023-02-18T18:55:51.313846Z",
"updated_at": "2023-02-21T19:42:16.795630Z",
"user_id": null
}
}
@@ -192,7 +192,7 @@ Content-Type: application/json; charset=utf-8
#### Example
**URI Parameters:**
- `id`: `7e8a2c10-3a34-4e94-bc10-70c1ba265f99`
- `id`: `526b66e7-6433-4607-af87-9046a3c801e9`
```bash
$ curl -i \
-X DELETE "https://{firezone_host}/v0/rules/{id}" \

92
www/docs/reference/rest-api/users.mdx
View File

@@ -40,43 +40,43 @@ Content-Type: application/json; charset=utf-8
"data": [
{
"disabled_at": null,
"email": "test-4578@test",
"id": "61598ea6-acaa-4308-b12f-2da95b312387",
"inserted_at": "2023-02-18T18:55:50.972304Z",
"email": "test-8357@test",
"id": "97b501a3-3d19-4755-9355-e69e8343e3fe",
"inserted_at": "2023-02-21T19:42:17.788005Z",
"last_signed_in_at": null,
"last_signed_in_method": null,
"role": "admin",
"updated_at": "2023-02-18T18:55:50.972304Z"
"updated_at": "2023-02-21T19:42:17.788005Z"
},
{
"disabled_at": null,
"email": "test-2280@test",
"id": "9cde3f7f-db18-49b7-84de-b88675c6ab73",
"inserted_at": "2023-02-18T18:55:50.973729Z",
"email": "test-8389@test",
"id": "95de026c-85cb-437f-9f65-7598eecd2500",
"inserted_at": "2023-02-21T19:42:17.789353Z",
"last_signed_in_at": null,
"last_signed_in_method": null,
"role": "admin",
"updated_at": "2023-02-18T18:55:50.973729Z"
"updated_at": "2023-02-21T19:42:17.789353Z"
},
{
"disabled_at": null,
"email": "test-2312@test",
"id": "820eb7eb-354e-4f6f-8fdc-acbab6e35e7b",
"inserted_at": "2023-02-18T18:55:50.975468Z",
"email": "test-8421@test",
"id": "7318786c-00ef-4cb1-afde-5a36698abc5a",
"inserted_at": "2023-02-21T19:42:17.791365Z",
"last_signed_in_at": null,
"last_signed_in_method": null,
"role": "admin",
"updated_at": "2023-02-18T18:55:50.975468Z"
"updated_at": "2023-02-21T19:42:17.791365Z"
},
{
"disabled_at": null,
"email": "test-2344@test",
"id": "a2b12d92-9498-4b88-b2fc-215b612714c4",
"inserted_at": "2023-02-18T18:55:50.976834Z",
"email": "test-8453@test",
"id": "c930b715-b9f6-40af-970a-cf02da7d7f89",
"inserted_at": "2023-02-21T19:42:17.792835Z",
"last_signed_in_at": null,
"last_signed_in_method": null,
"role": "admin",
"updated_at": "2023-02-18T18:55:50.976834Z"
"updated_at": "2023-02-21T19:42:17.792835Z"
}
]
}
@@ -88,7 +88,7 @@ Create a new User.
This endpoint is useful in two cases:
1. When [Local Authentication](/authenticate/local-auth/) is enabled (discouraged in
1. When [Local Authentication](/docs/authenticate/local-auth/) is enabled (discouraged in
production deployments), it allows an administrator to provision users with their passwords;
2. When `auto_create_users` in the associated OpenID or SAML configuration is disabled,
it allows an administrator to provision users with their emails beforehand, effectively
@@ -126,18 +126,18 @@ EOF
HTTP/1.1 201
Content-Type: application/json; charset=utf-8
Location: /v0/users/1c4476d8-b3ed-4e2a-a327-43d8a8145902
Location: /v0/users/98a7f35a-b517-44fb-8381-9ca84d9adebb
{
"data": {
"disabled_at": null,
"email": "new-user@test",
"id": "1c4476d8-b3ed-4e2a-a327-43d8a8145902",
"inserted_at": "2023-02-18T18:55:51.312737Z",
"id": "98a7f35a-b517-44fb-8381-9ca84d9adebb",
"inserted_at": "2023-02-21T19:42:17.682511Z",
"last_signed_in_at": null,
"last_signed_in_method": null,
"role": "unprivileged",
"updated_at": "2023-02-18T18:55:51.312737Z"
"updated_at": "2023-02-21T19:42:17.682511Z"
}
}
```
@@ -158,18 +158,18 @@ EOF
HTTP/1.1 201
Content-Type: application/json; charset=utf-8
Location: /v0/users/b0c662db-fe4b-4be6-8cba-b96e6de85d3c
Location: /v0/users/ccd53707-1edf-4a4f-b4e8-26aa6ef9adec
{
"data": {
"disabled_at": null,
"email": "new-user@test",
"id": "b0c662db-fe4b-4be6-8cba-b96e6de85d3c",
"inserted_at": "2023-02-18T18:55:51.143811Z",
"id": "ccd53707-1edf-4a4f-b4e8-26aa6ef9adec",
"inserted_at": "2023-02-21T19:42:17.704086Z",
"last_signed_in_at": null,
"last_signed_in_method": null,
"role": "unprivileged",
"updated_at": "2023-02-18T18:55:51.143811Z"
"updated_at": "2023-02-21T19:42:17.704086Z"
}
}
```
@@ -190,18 +190,18 @@ EOF
HTTP/1.1 201
Content-Type: application/json; charset=utf-8
Location: /v0/users/859b1c5f-d25e-4e15-bdba-1cb90de3b4f1
Location: /v0/users/16ea7401-4eb8-4b48-a711-172ae117ac05
{
"data": {
"disabled_at": null,
"email": "new-user@test",
"id": "859b1c5f-d25e-4e15-bdba-1cb90de3b4f1",
"inserted_at": "2023-02-18T18:55:51.071112Z",
"id": "16ea7401-4eb8-4b48-a711-172ae117ac05",
"inserted_at": "2023-02-21T19:42:17.745811Z",
"last_signed_in_at": null,
"last_signed_in_method": null,
"role": "admin",
"updated_at": "2023-02-18T18:55:51.071112Z"
"updated_at": "2023-02-21T19:42:17.745811Z"
}
}
```
@@ -241,7 +241,7 @@ Content-Type: application/json; charset=utf-8
#### An email can be used instead of ID.
**URI Parameters:**
- `id`: `test-2757@test`
- `id`: `test-6725@test`
```bash
$ curl -i \
-X GET "https://{firezone_host}/v0/users/{id}" \
@@ -254,13 +254,13 @@ Content-Type: application/json; charset=utf-8
{
"data": {
"disabled_at": null,
"email": "test-2757@test",
"id": "a6150251-3d5d-4eef-b918-feefbb18e986",
"inserted_at": "2023-02-18T18:55:51.102821Z",
"email": "test-6725@test",
"id": "da45a8d6-581c-4e63-96ee-61de158829e4",
"inserted_at": "2023-02-21T19:42:17.575002Z",
"last_signed_in_at": null,
"last_signed_in_method": null,
"role": "admin",
"updated_at": "2023-02-18T18:55:51.102821Z"
"updated_at": "2023-02-21T19:42:17.575002Z"
}
}
```
@@ -272,7 +272,7 @@ For details please see [Create a User](#create-a-user-post-v0users) section.
#### Update by email
**URI Parameters:**
- `id`: `test-4452@test`
- `id`: `test-5315@test`
```bash
$ curl -i \
-X PUT "https://{firezone_host}/v0/users/{id}" \
@@ -290,20 +290,20 @@ Content-Type: application/json; charset=utf-8
{
"data": {
"disabled_at": null,
"email": "test-4452@test",
"id": "18fcbb10-af71-45fd-841e-8419f5d48a76",
"inserted_at": "2023-02-18T18:55:51.316849Z",
"email": "test-5315@test",
"id": "784d4612-c3d0-4072-bb90-036b51db5df5",
"inserted_at": "2023-02-21T19:42:17.585416Z",
"last_signed_in_at": null,
"last_signed_in_method": null,
"role": "unprivileged",
"updated_at": "2023-02-18T18:55:51.316849Z"
"updated_at": "2023-02-21T19:42:17.585416Z"
}
}
```
#### Update by ID
**URI Parameters:**
- `id`: `43838f3c-47e6-4368-851b-4004d389d0e2`
- `id`: `966311e8-c718-47e2-9b20-7c87bda1ed83`
```bash
$ curl -i \
-X PUT "https://{firezone_host}/v0/users/{id}" \
@@ -321,13 +321,13 @@ Content-Type: application/json; charset=utf-8
{
"data": {
"disabled_at": null,
"email": "test-5026@test",
"id": "43838f3c-47e6-4368-851b-4004d389d0e2",
"inserted_at": "2023-02-18T18:55:51.074271Z",
"email": "test-4262@test",
"id": "966311e8-c718-47e2-9b20-7c87bda1ed83",
"inserted_at": "2023-02-21T19:42:17.487017Z",
"last_signed_in_at": null,
"last_signed_in_method": null,
"role": "unprivileged",
"updated_at": "2023-02-18T18:55:51.074271Z"
"updated_at": "2023-02-21T19:42:17.487017Z"
}
}
```
@@ -338,7 +338,7 @@ Content-Type: application/json; charset=utf-8
#### Example
**URI Parameters:**
- `id`: `65871243-ac8a-4c46-97b7-01e710d6e05e`
- `id`: `a1a32c77-d55a-47a5-94ba-6ea065efdc18`
```bash
$ curl -i \
-X DELETE "https://{firezone_host}/v0/users/{id}" \
@@ -351,7 +351,7 @@ Content-Type: application/json; charset=utf-8
#### An email can be used instead of ID.
**URI Parameters:**
- `id`: `test-4866@test`
- `id`: `test-7109@test`
```bash
$ curl -i \
-X DELETE "https://{firezone_host}/v0/users/{id}" \