github-personal/firezone
1
0
Fork 0
mirror of https://github.com/outbackdingo/firezone.git synced 2026-01-27 10:18:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(website): Fix broken links (#4645)

Browse Source
This commit is contained in:
Jamil
2024-04-16 15:47:44 -07:00
committed by GitHub
parent d0c33681fe
commit 7d0c68b58e
15 changed files with 110 additions and 63 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
website/src/app/blog/apr-2024-update/readme.mdx
View File

@@ -15,7 +15,7 @@ import Image from "next/image";
- Firezone 1.0 signups are now open!
[Sign up here](https://app.firezone.dev/sign_up) or
[request a demo](/contact/sales).
- New [Team plan](https://app.firezone.dev/pricing) at $5 user/month.
- New [Team plan](https://www.firezone.dev/pricing) at $5 user/month.
- [iOS](https://apps.apple.com/us/app/firezone/id6443661826) and
[Android](https://play.google.com/store/apps/details?id=dev.firezone.android)
apps are now available.
@@ -42,8 +42,8 @@ It was easy to get up and running quickly with Firezone, but as the number of
users, devices, and networks to protect grew within an organization, so did the
complexity of managing it all.
So we went back to the whiteboard to reimagine how Firezone would look if
we rebuilt it from the ground up The Right Way™ -- with scalability and ease of
So we went back to the whiteboard to reimagine how Firezone would look if we
rebuilt it from the ground up The Right Way™ -- with scalability and ease of
use in mind.
<div class="grid grid-cols-1 sm:grid-cols-2 gap-4">
@@ -166,8 +166,9 @@ documentation.
#### High availability
The first major feature in 1.0 we should discuss is high availability.
Firezone achieves high availability by allowing you to deploy multiple Gateways within a given Site.
The first major feature in 1.0 we should discuss is high availability. Firezone
achieves high availability by allowing you to deploy multiple Gateways within a
given Site.
Each Firezone Gateway is a tiny, self-contained binary that needs
[only a single environment](/kb/deploy/gateways) variable to function. Throw it

2
website/src/app/blog/mar-2024-update/readme.mdx
View File

@@ -179,7 +179,7 @@ Like what you see and want to give Firezone a try?
[Sign up now](https://app.firezone.dev/sign_up) and get started with up to 6
users for free.
Want to see Firezone in action? [Request a demo](/product/demo) if you'd like a
Want to see Firezone in action? [Request a demo](/contact/sales) if you'd like a
first-hand look at how Firezone can help your organization.
That's all for this update!

2
website/src/app/blog/release-0-6-0/readme.mdx
View File

@@ -10,7 +10,7 @@ identity providers like Okta and OneLogin.
## Docker Support
Docker is now the preferred method for deploying Firezone. Our
[automatic install script](https://raw.githubusercontent.com/firezone/firezone/legacy/scripts/docker_install.sh)
[automatic install script](https://raw.githubusercontent.com/firezone/firezone/legacy/scripts/install.sh)
now uses Docker by default, and we even have a new
[Docker migration script ](https://raw.githubusercontent.com/firezone/firezone/legacy/scripts/docker_migrate.sh)
that will non-destructively migrate your Omnibus-based Firezone installation to

25
website/src/app/docs/authenticate/oidc/google/readme.mdx
View File

@@ -22,7 +22,8 @@ obtain the following config settings required for the integration:
which returns a JSON document used to construct subsequent requests to this
OIDC provider.
<Image className="mx-auto"
<Image
className="mx-auto"
alt="firezone google sso login"
src="/images/firezone-google-sso-login.gif"
width={960}
@@ -39,7 +40,8 @@ belonging to users in your Google Workspace Organization can create device
configs. DO NOT select `External` unless you want to enable anyone with a valid
Google Account to create device configs.
<Image className="mx-auto"
<Image
className="mx-auto"
alt="oauth consent internal"
src="/images/oauth-consent-internal.png"
width={960}
@@ -53,7 +55,8 @@ On the App information screen:
1. **Application home page**: the URL of your Firezone instance.
1. **Authorized domains**: the top level domain of your Firezone instance.
<Image className="mx-auto"
<Image
className="mx-auto"
alt="oauth consent app info"
src="/images/oauth-consent-app-info.png"
width={960}
@@ -62,7 +65,8 @@ On the App information screen:
On the next step add the following scopes:
<Image className="mx-auto"
<Image
className="mx-auto"
alt="oauth consent scopes"
src="/images/oauth-consent-scopes.png"
width={960}
@@ -78,7 +82,8 @@ Visit the Google Cloud Console
[Credentials page](https://console.cloud.google.com/apis/credentials) page,
click `+ Create Credentials` and select `OAuth client ID`.
<Image className="mx-auto"
<Image
className="mx-auto"
alt="create oauth client id"
src="/images/create-oauth-client-id.png"
width={960}
@@ -92,7 +97,8 @@ On the OAuth client ID creation screen:
`https://firezone.example.com/auth/oidc/google/callback/`) as an entry to
Authorized redirect URIs.
<Image className="mx-auto"
<Image
className="mx-auto"
alt="create oauth client id"
src="/images/create-oauth-client-id-2.png"
width={960}
@@ -102,13 +108,6 @@ On the OAuth client ID creation screen:
After creating the OAuth client ID, you will be given a Client ID and Client
Secret. These will be used together with the redirect URI in the next step.
<Image className="mx-auto"
alt="copy client id and secret"
src="/images/copy-client-id-and-secret.png"
width={960}
height={540}
/>
## Step 3: Integrate with Firezone
Navigate to the `/settings/security` page in the admin portal, click "Add OpenID

36
website/src/app/docs/authenticate/oidc/zitadel/readme.mdx
View File

@@ -22,29 +22,31 @@ settings required for the integration:
which returns a JSON document used to construct subsequent requests to this
OIDC provider.
<Image className="mx-auto"
<Image
className="mx-auto"
alt="firezone zitadel sso login"
src="/images/firezone-zitadel-sso-login.gif"
src="/images/firezone-sso-zitadel-login.gif"
width={960}
height={540}
/>
## Requirements
- Setup your own [Zitadel Cloud](https://zitadel.cloud) account.
- Set up your own [Zitadel Cloud](https://zitadel.com) account.
- Create your first Zitadel instance in the
[Zitadel Customer portal](https://zitadel.cloud/admin/instances)
- Login to your Zitadel instance and create a project (i.e. "Internal")
More information about these steps can be found in
[Zitadel's documentation](https://docs.zitadel.com/docs/guides/start/quickstart#try-out-zitadel-cloud).
[Zitadel's documentation](https://zitadel.com/docs/guides/start/quickstart).
## Create Zitadel Application
In the Instance Console, go to **Projects** and select the project you want,
then click **New**.
<Image className="mx-auto"
<Image
className="mx-auto"
alt="zitadel new application"
src="/images/zitadel-new-application.png"
width={960}
@@ -54,7 +56,8 @@ then click **New**.
Give the application a name (e.g. "Firezone") and select **WEB** for the
application type.
<Image className="mx-auto"
<Image
className="mx-auto"
alt="zitadel name application"
src="/images/zitadel-name-application.png"
width={960}
@@ -63,7 +66,8 @@ application type.
Select **CODE** for the authentication method.
<Image className="mx-auto"
<Image
className="mx-auto"
alt="zitadel auth method"
src="/images/zitadel-auth-method.png"
width={960}
@@ -76,7 +80,8 @@ Specify the redirect URI and post logout URI.
`https://vpn.example.com/auth/oidc/zitadel/callback/`)
1. **Post Logout URIs**: `EXTERNAL_URL` (e.g. `https://vpn.example.com`)
<Image className="mx-auto"
<Image
className="mx-auto"
alt="zitadel uri"
src="/images/zitadel-uri.png"
width={960}
@@ -85,7 +90,8 @@ Specify the redirect URI and post logout URI.
Double-check the configuration, then click **Create**.
<Image className="mx-auto"
<Image
className="mx-auto"
alt="zitadel configuration overview"
src="/images/zitadel-configuration-overview.png"
width={960}
@@ -95,7 +101,8 @@ Double-check the configuration, then click **Create**.
Copy the **ClientId** and **ClientSecret** as it will be used for the Firezone
configuration.
<Image className="mx-auto"
<Image
className="mx-auto"
alt="zitadel client creds"
src="/images/zitadel-client-creds.png"
width={960}
@@ -105,7 +112,8 @@ configuration.
In the application **Configuration** click **Refresh Token** and then on
**Save**. The refresh token is optional for some features of Firezone.
<Image className="mx-auto"
<Image
className="mx-auto"
alt="zitadel configuration"
src="/images/zitadel-configuration.png"
width={960}
@@ -115,7 +123,8 @@ In the application **Configuration** click **Refresh Token** and then on
In the application **Token Settings** select **User roles inside ID Token** and
**User Info inside ID Token**. Save it with a click on **Save**.
<Image className="mx-auto"
<Image
className="mx-auto"
alt="zitadel token settings"
src="/images/zitadel-token-settings.png"
width={960}
@@ -141,7 +150,8 @@ project where your created your application. In **General** you can find **Check
Authorization on Authentication** which allows only users with at least one role
to login to Firezone.
<Image className="mx-auto"
<Image
className="mx-auto"
alt="zitadel check authorization"
src="/images/zitadel-check-authorization.png"
width={960}

18
website/src/app/docs/reference/env-vars/readme.mdx
View File

@@ -36,15 +36,15 @@ default). Required fields in **bold**.
### WebServer
| Env Key | Description | Format | Default |
| -------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ----------------- | ------- |
| **EXTERNAL_URL** | The external URL the web UI will be accessible at.<br /> <br />Must be a valid and public FQDN for ACME SSL issuance to function.<br /> <br />You can add a path suffix if you want to serve firezone from a non-root path, eg: `https://firezone.mycorp.com/vpn/`. | string | |
| PHOENIX_SECURE_COOKIES | Enable or disable requiring secure cookies. Required for HTTPS. | boolean | true |
| PHOENIX_HTTP_PORT | Internal port to listen on for the Phoenix web server. | integer | 13000 |
| PHOENIX_HTTP_PROTOCOL_OPTIONS | Allows to override Cowboy HTTP server options.<br /> <br />Keep in mind though changing those limits can pose a security risk. Other times, browsers and proxies along the way may have equally strict limits, which means the request will still fail or the URL will be pruned.<br /> <br />You can see all supported options at https://ninenines.eu/docs/en/cowboy/2.5/manual/cowboy\_http/. | JSON-encoded map | `{}` |
| PHOENIX_EXTERNAL_TRUSTED_PROXIES | List of trusted reverse proxies.<br /> <br />This is used to determine the correct IP address of the client when the application is behind a reverse proxy by skipping a trusted proxy IP from a list of possible source IPs. | JSON-encoded list | `"[]"` |
| PHOENIX_PRIVATE_CLIENTS | List of trusted clients.<br /> <br />This is used to determine the correct IP address of the client when the application is behind a reverse proxy by picking a trusted client IP from a list of possible source IPs. | JSON-encoded list | `"[]"` |
| HTTP_CLIENT_SSL_OPTS | JSON-encoded ssl options to pass to Erlang's [`ssl` module](https://www.erlang.org/doc/man/ssl.html).<br />. Most users don't need to override many, if any, SSL opts. Most commonly this is to use custom cacert files and TLS versions for self-hosted OIDC providers. | JSON-encoded map | `{}` |
| Env Key | Description | Format | Default |
| -------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------- | ------- |
| **EXTERNAL_URL** | The external URL the web UI will be accessible at.<br /> <br />Must be a valid and public FQDN for ACME SSL issuance to function.<br /> <br />You can add a path suffix if you want to serve firezone from a non-root path, eg: `https://firezone.mycorp.com/vpn/`. | string | |
| PHOENIX_SECURE_COOKIES | Enable or disable requiring secure cookies. Required for HTTPS. | boolean | true |
| PHOENIX_HTTP_PORT | Internal port to listen on for the Phoenix web server. | integer | 13000 |
| PHOENIX_HTTP_PROTOCOL_OPTIONS | Allows to override Cowboy HTTP server options.<br /> <br />Keep in mind though changing those limits can pose a security risk. Other times, browsers and proxies along the way may have equally strict limits, which means the request will still fail or the URL will be pruned.<br /> <br />You can see all supported options at https://ninenines.eu/docs/en/cowboy/2.12/manual/cowboy_http2/. | JSON-encoded map | `{}` |
| PHOENIX_EXTERNAL_TRUSTED_PROXIES | List of trusted reverse proxies.<br /> <br />This is used to determine the correct IP address of the client when the application is behind a reverse proxy by skipping a trusted proxy IP from a list of possible source IPs. | JSON-encoded list | `"[]"` |
| PHOENIX_PRIVATE_CLIENTS | List of trusted clients.<br /> <br />This is used to determine the correct IP address of the client when the application is behind a reverse proxy by picking a trusted client IP from a list of possible source IPs. | JSON-encoded list | `"[]"` |
| HTTP_CLIENT_SSL_OPTS | JSON-encoded ssl options to pass to Erlang's [`ssl` module](https://www.erlang.org/doc/man/ssl.html).<br />. Most users don't need to override many, if any, SSL opts. Most commonly this is to use custom cacert files and TLS versions for self-hosted OIDC providers. | JSON-encoded map | `{}` |
### Database

17
website/src/app/kb/administer/page.tsx Normal file
View File

@@ -0,0 +1,17 @@
import Content from "./readme.mdx";
import { Metadata } from "next";
import LastUpdated from "@/components/LastUpdated";
export const metadata: Metadata = {
title: "Administer • Firezone Docs",
description: "Learn how to manage your Firezone deployment day-to-day.",
};
export default function Page() {
return (
<>
<Content />
<LastUpdated dirname={__dirname} />
</>
);
}

14
website/src/app/kb/administer/readme.mdx Normal file
View File

@@ -0,0 +1,14 @@
import SupportOptions from "@/components/SupportOptions";
# Administer
Helpful information for day-to-day administration of your Firezone deployment.
## Table of Contents
- [Upgrading Gateways](/kb/administer/upgrading-gateways)
- [Backup and restore](/kb/administer/backup-restore)
- [Viewing logs](/kb/administer/logs)
- [Troubleshooting](/kb/administer/troubleshooting)
<SupportOptions />

2
website/src/app/kb/architecture/core-components/readme.mdx
View File

@@ -174,7 +174,7 @@ functionality. For more information on deploying Gateways, see the
Gateways can be downloaded from the following locations:
- Binary: [GitHub releases](https://www.github.com/firezone/firezone/releases)
- Docker: [GitHub Container Registry](ghcr.io/firezone/gateway)
- Docker: `docker pull ghcr.io/firezone/gateway`
### Resources

28
website/src/app/kb/authenticate/directory-sync/readme.mdx
View File

@@ -1,5 +1,6 @@
import Alert from "@/components/DocsAlert";
import PlanBadge from "@/components/PlanBadge";
import SupportOptions from "@/components/SupportOptions";
<PlanBadge plans={["enterprise"]}>
@@ -17,15 +18,17 @@ identity provider every few minutes.
## How Firezone treats deleted entities
Firezone **never** deletes entities synced from your identity provider. This
helps to preserve audit trails and other logged activity within Firezone.
When you delete a user or group in your identity provider, Firezone soft-deletes
them upon the next sync. This prevents data duplication if a user or group is
only temporarily suspended, and helps preserve logged activity within Firezone
for auditing purposes.
### Deleting or suspending a user
When a user is deleted or suspended in your identity provider, Firezone will
disable the user and clear all active Client and admin portal web sessions for
that user upon the next sync. The user will be **signed out of all Clients** and
forced to reauthenticate.
delete the associated identity the user signs in with, clearing all active
Client and admin portal web sessions for that identity. The user will be
immediately **signed out of all Client and admin portal sessions**.
This ensures terminated employees will have all Firezone access revoked within a
few minutes of deleting or suspending them in your identity provider.
@@ -33,15 +36,16 @@ few minutes of deleting or suspending them in your identity provider.
### Deleting a group or organizational unit
When a group or organizational unit is deleted in your identity provider,
Firezone will hide the group and delete any associated Policies.
Firezone will delete the group and all associated Policies. Any access granted
by those Policies **will be immediately revoked**.
## Nested groups and organizational units
Firezone syncs transitive memberships from your identity provider. This means
user membership for a particular group is determined not only by its immediate
members, but any child groups as well. This allows you to create nested group
structures in your identity provider and have their memberships automatically
reflected in Firezone.
Firezone syncs nested (sometimes called "transitive") memberships from your
identity provider. This means user membership for a particular group is
determined not only by its immediate members, but any child groups as well. This
allows you to create nested group structures in your identity provider and have
their memberships automatically reflected in Firezone.
For example, if you had the following group structure in your identity provider:
@@ -75,3 +79,5 @@ Group:Support:
Group:DevOps:
- john@company.com
```
<SupportOptions />

2
website/src/app/kb/authenticate/oidc/readme.mdx
View File

@@ -43,7 +43,7 @@ documentation for convenience:
- [Onelogin](https://onelogin.service-now.com/support?id=kb_article&sys_id=2fd988e697b72150c90c3b0e6253af7f&kb_category=de885d2187372d10695f0f66cebb351f)
- [Keycloak](https://www.keycloak.org/docs/latest/securing_apps/index.html#_oidc)
- [Ory](https://www.ory.sh/docs/getting-started/ory-network-oauth2#authorization-code-grant)
- [Authentik](https://www.ory.sh/docs/oauth2-oidc/authorization-code-f)
- [Authentik](https://docs.goauthentik.io/docs/providers/oauth2/)
## Setting up the universal OIDC connector

2
website/src/app/kb/deploy/dns/readme.mdx
View File

@@ -77,7 +77,7 @@ network.
<Alert color="info">
Custom resolvers such as
[Cloudflare](https://developers.cloudflare.com/1.1.1.1/setup/#1111-for-families)
or [NextDNS](https://nextdns.io") can be used to block malware, ads, adult
or [NextDNS](https://nextdns.io) can be used to block malware, ads, adult
material and other content for all users in your Firezone account.
</Alert>

4
website/src/app/kb/quickstart/readme.mdx
View File

@@ -34,7 +34,7 @@ if you make a mistake or two.
## Prerequisites
- Firezone account. Don't have an account?
[Sign up](https://app.firezone.dev/signup).
[Sign up](https://app.firezone.dev/sign_up).
- Resource you want to give users secure access to (e.g. prod server, database
SaaS application, or subnet)
- Server or VM you're able to deploy a Docker container or Linux binary on that
@@ -43,7 +43,7 @@ if you make a mistake or two.
## Summary
1. **Sign in to your Firezone Admin Portal** (e.g.
https://app.firezone.dev/example_company)
`https://app.firezone.dev/example_company`)
1. **Create a Site** - Sites are where admins manage Resources, and Gateways
that enable access to those Resources (e.g. US-West, Chicago-office).
1. **Deploy a Gateway** - Gateways are Site-specific, and provide connectivity

4
website/src/app/kb/reference/faq/readme.mdx
View File

@@ -101,7 +101,7 @@ Firezone does not store or handle end-user credentials like passwords.
#### Where should I run my Gateway(s)?
Gateways are [released](https://github.com/firezonze/firezone/releases) as
Gateways are [released](https://github.com/firezone/firezone/releases) as
self-contained binaries for Linux that we package as a Docker image or systemd
unit, which you can run on any Linux-based server or VM (e.g. on AWS, GCP,
Azure, or on-premise). You only need a single Gateway in each Site to provide
@@ -130,7 +130,7 @@ traffic.
Scaling Firezone to support your rapidly growing organization is as simple as
deploying additional Gateway servers. See our
[Terraform Gateway deployment examples](https://www.github.com/firezone/firezone/blob/terraform/examples)
[Terraform Gateway deployment examples](https://github.com/firezone/firezone/tree/main/terraform/examples)
for an idea of how to automate this process.
#### What protocol does Firezone use to encrypt traffic?

6
website/src/app/kb/reference/glossary/readme.mdx
View File

@@ -3,12 +3,12 @@
**Account Slug**: A unique identifier for your Firezone account typically
generated automatically during sign up. This is used in the URL for your
Firezone admin portal, e.g.
https://app.firezone.dev/**international-widget-corporation**. You can change
your account slug by [contacting support](mailto:support@firezone.dev).
`https://app.firezone.dev/international-widget-corporation`. You can change your
account slug by [contacting support](mailto:support@firezone.dev).
**Admin Portal**: The web-based interface where you can manage your Firezone
account. You can access the admin portal at
https://app.firezone.dev/**your-account-slug**.
`https://app.firezone.dev/<your-account-slug>`.
**Actor**: An Actor is a [user](/kb/deploy/users) or
[service account](/kb/authenticate/service-accounts) that can authenticate to