f4990bb5da
* bundle geoip Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * correctly pass secrets Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add geoip docs and release notes Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
106 lines
2.7 KiB
Plaintext
106 lines
2.7 KiB
Plaintext
# GeoIP
|
|
|
|
authentik supports GeoIP to add additional information to login/authorization/enrollment requests, and make policy decisions based on the lookup result.
|
|
|
|
### Configuration
|
|
|
|
:::info
|
|
Starting with authentik 2022.12, GeoIP is bundled and does not require any additional setup.
|
|
:::
|
|
|
|
By default, the GeoIP database is loaded from `/geoip/GeoLite2-City.mmdb`. If more frequent database updates are desired, a volume can be mounted to `/geoip` to update this file externally. authentik will automatically re-load the file when it changes.
|
|
|
|
### Deactivating GeoIP
|
|
|
|
If you want to disable GeoIP, you can set the path to a non-existent path and authentik will skip the GeoIP.
|
|
|
|
import Tabs from "@theme/Tabs";
|
|
import TabItem from "@theme/TabItem";
|
|
|
|
<Tabs
|
|
defaultValue="docker-compose"
|
|
values={[
|
|
{label: 'docker-compose', value: 'docker-compose'},
|
|
{label: 'Kubernetes', value: 'kubernetes'},
|
|
]}>
|
|
<TabItem value="docker-compose">
|
|
Add the following block to your `.env` file:
|
|
|
|
```shell
|
|
AUTHENTIK_GEOIP=/tmp/non-existent-file
|
|
```
|
|
|
|
Afterwards, run the upgrade commands from the latest release notes.
|
|
|
|
</TabItem>
|
|
<TabItem value="kubernetes">
|
|
Add the following block to your `values.yml` file:
|
|
|
|
```yaml
|
|
authentik:
|
|
geoip: /tmp/non-existent-file
|
|
```
|
|
|
|
Afterwards, run the upgrade commands from the latest release notes.
|
|
|
|
</TabItem>
|
|
</Tabs>
|
|
|
|
### External updates
|
|
|
|
Sign up for a free MaxMind account [here](https://www.maxmind.com/en/geolite2/signup).
|
|
|
|
<Tabs
|
|
defaultValue="docker-compose"
|
|
values={[
|
|
{label: 'docker-compose', value: 'docker-compose'},
|
|
{label: 'Kubernetes', value: 'kubernetes'},
|
|
]}>
|
|
<TabItem value="docker-compose">
|
|
Add the following block to a `docker-compose.override.yml` file in the same folder as the authentik docker-compose file:
|
|
|
|
```yaml
|
|
version: "3.2"
|
|
|
|
services:
|
|
server:
|
|
volumes:
|
|
- geoip:/geoip
|
|
worker:
|
|
volumes:
|
|
- geoip:/geoip
|
|
geoipupdate:
|
|
image: "maxmindinc/geoipupdate:latest"
|
|
volumes:
|
|
- "geoip:/usr/share/GeoIP"
|
|
environment:
|
|
GEOIPUPDATE_EDITION_IDS: "GeoLite2-City"
|
|
GEOIPUPDATE_FREQUENCY: "8"
|
|
GEOIPUPDATE_ACCOUNT_ID: "*your account ID*"
|
|
GEOIPUPDATE_LICENSE_KEY: "*your license key*"
|
|
volumes:
|
|
geoip:
|
|
driver: local
|
|
```
|
|
|
|
Afterwards, run the upgrade commands from the latest release notes.
|
|
|
|
</TabItem>
|
|
<TabItem value="kubernetes">
|
|
Add the following block to your `values.yml` file:
|
|
|
|
```yaml
|
|
geoip:
|
|
enabled: true
|
|
accountId: "*your account ID*"
|
|
licenseKey: "*your license key*"
|
|
editionIds: "GeoLite2-City"
|
|
image: maxmindinc/geoipupdate:v4.8
|
|
updateInterval: 8
|
|
```
|
|
|
|
Afterwards, run the upgrade commands from the latest release notes.
|
|
|
|
</TabItem>
|
|
</Tabs>
|