Changed docs

docs/Configuration.md

@@ -9,13 +9,13 @@ Linux package, use the file `/etc/sysconfig/openvpn-auth-oauth2` to configure op
 Usage of openvpn-auth-oauth2:
       --config string                        path to one .yaml config files. (env: CONFIG_CONFIG)
       --http.baseurl string                  listen addr for client listener. (env: CONFIG_HTTP_BASEURL) (default "http://localhost:9000")
-      --http.callback-template-path string   Path to a HTML file which is displayed at the end of the screen. (env: CONFIG_HTTP_CALLBACK_TEMPLATE_PATH)
+      --http.template string   Path to a HTML file which is displayed at the end of the screen. (env: CONFIG_HTTP_TEMPLATE)
       --http.cert string                     Path to tls server certificate. (env: CONFIG_HTTP_CERT)
       --http.check.ipaddr                    Check if client IP in http and VPN is equal. (env: CONFIG_HTTP_CHECK_IPADDR)
       --http.enable-proxy-headers            Use X-Forward-For http header for client ips. (env: CONFIG_HTTP_ENABLE_PROXY_HEADERS)
       --http.key string                      Path to tls server key. (env: CONFIG_HTTP_KEY)
       --http.listen string                   listen addr for client listener. (env: CONFIG_HTTP_LISTEN) (default ":9000")
-      --http.secret string                   Cookie secret. (env: CONFIG_HTTP_SECRET)
+      --http.secret string                   Cookie secret. (16 or 24 symbols) (env: CONFIG_HTTP_SECRET)
       --http.tls                             enable TLS listener. (env: CONFIG_HTTP_TLS)
       --log.format string                    log format. json or console (env: CONFIG_LOG_FORMAT) (default "json")
       --log.level string                     log level. (env: CONFIG_LOG_LEVEL) (default "info")
@@ -40,35 +40,60 @@ Usage of openvpn-auth-oauth2:
       --version                              shows versions
 ```
 
-## Setup HTTP listener
-
+## Configuration openvpn-auth-oauth2
 openvpn-auth-oauth2 starts a http listener which needs to be accessible from OpenVPN client before the VPN connection is established.
 By default, the http listener runs on :9000.
 
 It's highly recommend to put openvpn-auth-oauth2 behind a reverse proxy which terminates the TLS connections. It's important to configure
 `CONFIG_HTTP_BASE_URL` because openvpn-auth-oauth2 need to know the redirect url.
 
-### Configuration
-
-- `CONFIG_HTTP_LISTEN=:9000`
-- `CONFIG_HTTP_BASE_URL=https://login.example.com`
-
-## Setup OIDC Provider
-
-See [Providers](Providers) for more information
+Example:
+```conf
+# openvpn-auth-oauth2 config file
+CONFIG_HTTP_LISTEN=:9000
+CONFIG_HTTP_BASE_URL=https://login.example.com
+```
 
 ## Setup OpenVPN server
+To connect openvpn-auth-oauth2 with openvpn server add lines below:
 
-### server.conf
-
-```
+```conf
+# openvpn server.conf
+...
 # /etc/openvpn/password.txt is a password file where the password must be on first line
 management /run/openvpn/server.sock unix /etc/openvpn/password.txt
 management-hold
 management-client-auth
 ```
 
-### Configuration
+```conf
+# openvpn-auth-oauth2 config file
+CONFIG_OPENVPN_ADDR=unix:///run/openvpn/server.sock
+CONFIG_OPENVPN_PASSWORD=<password>
+```
+
+## Setup OIDC Provider
+
+See [Providers](Providers) for more information
+
+## Full configuration example
+Configuration openvpn-auth-oauth2 for zitadel
 
-- `CONFIG_OPENVPN_ADDR=unix:///run/openvpn/server.sock`
-- `CONFIG_OPENVPN_PASSWORD=<password>`
+```conf
+# Define the public http endpoint here.
+CONFIG_HTTP_BASEURL=http://<vpn>:9000/
+CONFIG_HTTP_LISTEN=:9000
+# Define a random value with 16 or 24 characters
+CONFIG_HTTP_SECRET=1jd93h5b6s82lf03jh5b2hf9
+CONFIG_OPENVPN_ADDR=unix:///run/openvpn/server.sock
+CONFIG_OPENVPN_PASSWORD=<password from /etc/openvpn/password.txt>
+CONFIG_OAUTH2_ISSUER=https://company.zitadel.cloud
+CONFIG_OAUTH2_ENDPOINT_AUTH=https://company.zitadel.cloud/oauth/v2/authorize
+CONFIG_OAUTH2_ENDPOINT_TOKEN=https://company.zitadel.cloud/oauth/v2/token
+CONFIG_OAUTH2_ENDPOINT_DISCOVERY=https://company.zitadel.cloud/.well-known/openid-configuration
+CONFIG_HTTP_TEMPLATE=/etc/sysconfig/auth.html
+CONFIG_OAUTH2_SCOPES=openid profile email offline_access
+CONFIG_LOG_LEVEL=debug
+CONFIG_OAUTH2_CLIENT_ID=34372461928374612@any
+CONFIG_OAUTH2_CLIENT_SECRET=ASDhjgadjhAUYSDGjkhasgdIATWDGJHASDtiwGDJAHSGDutwqdygASJKD12hfva
+```

docs/Home.md

@@ -1,3 +1,7 @@
 # Home
 
 Welcome to the openvpn-auth-oauth2 wiki!
+
+1. [Installation](Installation.md)
+2. [Configuration](Configuration.md)
+3. [Providers](Providers.md)

docs/Installation.md

@@ -4,6 +4,28 @@
 
 DEB/RPM packages are available at https://github.com/jkroepke/openvpn-auth-oauth2/releases/latest
 
+1. Download package
+2. Install it with command below:
+
+For Ubuntu:
+```bash 
+sudo dpkg -i <package_file>.deb
+```
+For Centos:
+```bash
+sudo yum localinstall <package_file>.rpm
+```
+
+
+
 ## Manual
 
 Go to https://github.com/jkroepke/openvpn-auth-oauth2/releases/latest and download the binary to the openvpn server.
+
+
+To build project you need Golang and Make installed.
+
+`make build`
+
+
+Move `openvpn-auth-oauth2` binary to `/usr/bin/`.

docs/Providers.md

@@ -3,7 +3,6 @@
 This pages documents the setup at the OIDC provider.
 
 ## Azure AD
-
 ### Register an app with AAD
 
 1. Login as admin into tenant
@@ -33,7 +32,6 @@ References:
 - https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-optional-claims
 
 ## GitHub
-
 ### Caveats
 A user must explicitly [request](https://help.github.com/articles/requesting-organization-approval-for-oauth-apps/) an
 [organization](https://developer.github.com/v3/orgs/) give openvpn-auth-oauth2
@@ -58,3 +56,31 @@ After registering the app, you will receive an OAuth2 client ID and secret. Thes
 - `CONFIG_OAUTH2_SCOPES=user:email read:org`
 - `CONFIG_OAUTH2_VALIDATE_GROUPS=org`
 - `CONFIG_OAUTH2_VALIDATE_ROLES=org:team`
+
+
+## Zitadel
+### Register an application in zitadel
+1. Create project in Zitadel
+2. Create new application in project
+3. Enter name and choose web type
+4. Authentication method - POST
+5. Redirect url - http://<vpn>:9000/oauth2/callback
+6. Save Client ID and Client Secret to use below
+
+After created application, on page URLs you can find all links which you need.
+
+### Configuration
+- `CONFIG_HTTP_BASEURL=http://<vpn>:9000/`
+- `CONFIG_HTTP_LISTEN=:9000`
+- `CONFIG_HTTP_SECRET=1jd93h5b6s82lf03jh5b2hf9`
+- `CONFIG_OPENVPN_ADDR=unix:///run/openvpn/server.sock`
+- `CONFIG_OPENVPN_PASSWORD=<password from /etc/openvpn/password.txt>`
+- `CONFIG_OAUTH2_ISSUER=https://company.zitadel.cloud`
+- `CONFIG_OAUTH2_ENDPOINT_AUTH=https://company.zitadel.cloud/oauth/v2/authorize`
+- `CONFIG_OAUTH2_ENDPOINT_TOKEN=https://company.zitadel.cloud/oauth/v2/token`
+- `CONFIG_OAUTH2_ENDPOINT_DISCOVERY=https://company.zitadel.cloud/.well-known/openid-configuration`
+- `CONFIG_HTTP_TEMPLATE=/etc/sysconfig/auth.html`
+- `CONFIG_OAUTH2_SCOPES=openid profile email offline_access`
+- `CONFIG_LOG_LEVEL=debug`
+- `CONFIG_OAUTH2_CLIENT_ID=<client_id>`
+- `CONFIG_OAUTH2_CLIENT_SECRET=<client_secret>`