Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
# Usage
After all the applications are installed, the first thing to do is log into
https://admin.oas.example.org. Here you can find the "user panel", a place where
you can create, edit and delete users. You can log in with the user "admin". The
password can be found in
`clusters/my-cluster/secrets/userbackend_admin_password`. After logging in, you
will see an overview of all the applications your user has access to. For more
information on how to create users and give them access to applications, take a
look at the [user panel
documentation](https://docs.openappstack.net/projects/user-panel/en/latest/).
> **NOTE:** at the moment none of the applications are available at
> `oas.example.org`, we only provide applications in subdomains. In the future
> this might change.
## Applications
These applications are available after the installation is completed
successfully:
### OAS User panel
The [OAS user panel](https://open.greenhost.net/openappstack/user-panel/)
can be used to create and edit users. These users can be used to log into the
applications listed below.
The user panel is available at https://admin.oas.example.org. You can login
as `admin` using the `userbackend_admin_password` password from your secrets
folder.
After logging in to the user panel, please create a new user:
* Click on `Users` in the upper left corner
* Click on `Add user`
* Enter username and click `Submit`
* Provide the password and email address. The email address is important
because some applications need a valid email address for notification mails.
Single sign-on with Grafana will fail for users lacking an email address.
* Click on `Add app` and enter the name of the app the new user should get
access to, and click on `Add`. Repeat for all other apps.
* Click on `Save` to finsish.
You can now use the new user to login to all apps which were granted access to
in the last step using single sign-on.
### Nextcloud
[Nextcloud](https://nextcloud.com/) is a file sharing and communication
platform and is available at https://files.oas.example.org.
#### Single sign-on
Nextcloud needs to be configured to properly send out emails.
You can do so by logging in as `admin` using signle sign-on and then going to
`Settings -> Basic settings -> Email server` and entering your SMTP email
config and credentials.
Please complete this configuration before you login as non-admin user using
single sign-on, otherwise the [first login will not succeed](https://open.greenhost.net/openappstack/openappstack/issues/508).
### Onlyoffice
[Onlyoffice](https://www.onlyoffice.com/connectors-nextcloud.aspx) is an online
document editing suite. Your documents saved in Nextcloud will be opened in
Onlyoffice.
### Rocketchat
[Rocketchat](https://rocket.chat/) is a team chat application and available at
https://chat.oas.example.org.
In order to activate single sign-on you need to follow these steps once:
- Log in as `admin` using the `rocketchat_admin_password` from your secrets
folder.
- On the top left side click on the `Options` button (three dots) and then click
on `Administration`
- In the left menu scroll down and click on `OAuth` (not `oauth apps`)
- Click on `add custom oauth` and enter `Openappstack`
- Click on the newly added `Custom OAuth: Openappstack` provider
- Change the following settings (leave all others like they are):
- Enable: `True`
- URL: `https://sso.oas.example.org`
- Token Path: `/oauth2/token`
- Identity Path: `/userinfo`
- Authorize Path: `/oauth2/auth`
- Scope: `openid profile openappstack_roles email`
- Id: `rocketchat`
- Secret: Paste the `rocketchat_oauth_client_secret` from your secrets folder
- Login Style: `Redirect`
- Button Text: `Login with OpenAppStack`
- Username field: `preferred_username`
- Name files: `name`
- Roles/Groups field name: `openappstack_roles`
- Merge roles from SSO: `True`
- Merge users: `True`
- Click `Save changes`, log out and you are done.
Next time you login to Rocketchat you will be able to use single sign-on using
the `Login` button.
#### Single sign-on
- [Rocketchat isn't configured yet to send out email notifications](https://open.greenhost.net/openappstack/openappstack/issues/510)
### Wordpress
[Wordpress](https://wordpress.com) is a website content management system and
available at https://www.oas.example.org.
Click the `Log in` button and then click `Login with OpenID Connect` to use
single sign-on.
#### Single sign-on
- If you [log in as `admin` using single sign-on, you will not have
admin rights within Wordpress](https://open.greenhost.net/openappstack/single-sign-on/issues/33).
In order to use admin rights you need to login without signgle sign-on using the
`wordpress_admin_password` password in the `secrets` folder.
### Grafana
[Grafana](https://grafana.com) that shows you information about the status of
your cluster.
Read more about Grafana in the [monitoring chapter below](#monitoring)
#### Single sign-on
- If you [log in as `admin` using single sign-on, you will not have
admin rights within Grafana](https://open.greenhost.net/openappstack/single-sign-on/issues/32).
In order to use admin rights you need to login without signgle sign-on using the
`grafana_admin_password` password in the `secrets` folder.
### Known issues
- Single sign-on is still in an experimental phase. We are still working on
transferring "roles" from users in the central database to applications, so
your SSO's admin user gets admin permissions in some of the applications.
Please see the application specific notes about single sign-on in the `Usage`
documentation for details.
### Monitoring
You should be able to access the visual interface to the monitoring system,
Prometheus, at `https://grafana.oas.example.org/`. Admin users can log into
Grafana. You can create and add admin users through the User panel.
### Other applications installed into the cluster
Besides these applications, some other auxiliary components are installed:
* [OAS local-storage](https://open.greenhost.net/openappstack/local-storage) provides an easy way for the cluster to use a directory on
the node (by default `/var/lib/OpenAppStack/local-storage`) for storage;
* [NGINX](https://www.nginx.com) is a webserver that functions as a so-called ingress controller,
routing web traffic that enters the cluster to the various applications;
* [cert-manager](https://cert-manager.io) acquires and stores [Let's
Encrypt](https://letsencrypt.org/) certificates, enabling encrypted web
traffic to all applications running in the cluster;
* [Flux](https://fluxcd.io) checks for application updates approved by the
OpenAppStack team and installs them automatically.