[Outline] An open, extensible, wiki for your team

Hi @jln I have just made available a “visitor” version of Outline package here :

This will install Outline without the need of any slack account and should help you wait until I find some way to use SSOwat with Outline.

1 Like

Thanks a lot! I’ll try that when I’m less busy :slight_smile:

1 Like

I have found an app called “Canaille”
Yaal / Canaille · GitLab (Canaille — canaille 0.0.6 documentation)
It may be a good solution for my usecase, as it creates an OpenID Connect provider based on Yunohost’s LDAP server. I wouldn’t like to be dependant on a third app (Outline requires MinIO + Canaille ?) but I’m not very sure that http-auth header is doable.

@tituspijean could you please describe a little bit more what steps I should do ?
If I understood well, I need to load yunohost.domain/yunohost/sso with “Authorization” header
But if I do so, what will the SSO return to me ? Can I get a user ID, user name and/or email ?

I’m having a look to install Canaille on Yunohost.
It seems to be a “wsgi” app. What would be the cleanest Yunohot app based on that system so that I could have a look ?
Thanks !

Hi, I have a very good piece of news today !

I have been able to run dex identity provider on my test server.
I managed to have dex binding to Yunohost’s LDAP server. This will now make standard OpenID Connect authentification flows possible for Yunohost apps, including of course Outline.

Outline configured to use Dex app as OIDC provider (here named “Yunohost”)

Click brings you to Dex LDAP connect module, where you can input your credentials

Login brings you to the “Grant Access” page (Outline only requires a name and an email)

It works perfectly until the end where a new user will be created and logged in Outline.
I’m pretty happy with that result which looks rather clean. I could even brand the Dex app with Yunohost logo for the sake of nice details.

I will now need to package Dex properly for Yunohost and should be able to produce soon an updated version of my Outline package fully compatible with Yunohost SSO, getting completely rid of that Slack app creation requirement.

3 Likes

Hi there !

New release for Outline app is here !

A lot of changes have been made under the hood :

  • Automated installation and setup of Dex app for authentification against LDAP user base. Dex app is now part of Yunohost catalog and Level 7.
  • Updated installation and setup of MinIO app to follow major changes made to that app, now part of Yunohost catalog and Level 7.

You can now install a fully working version of Outline wiki and login with your Yunohost users.

Main disclaimer

  1. This is still a beta package. Please don’t install it yet on a production server !
  2. For technical reasons I’m still trying to understand, related to Dex app, Outine can’t be installed yet using the Web UI. Please use the command line instead sudo yunohost app install https://github.com/Yunohost-Apps/outline_ynh
  3. The licence of that app is not totally free, although very close to. You can refer to that conversation or to the app readme.

Next major steps will be to :

  1. Have Outline integrated into Yunohost catalog (should be done within a few days)
  2. Have Outline successfully running the CI tests and reach Level 7 integration
2 Likes

Hi there,

I’m getting closer and closer from reaching Level 7 for Outline !

To reach Level 7, I’ll need to solve two issues :

  1. How to solve my Missing $GOPATH problem (which makes the Outline installation using the web UI fail - that’s a big deal !)
  2. How to get rid of the linter error linked to my custom helper using openssl rand -hex 32 to generate a hex password required by Outline
1 Like

First stable release ! :rocket: It has been a long journey :sweat_smile:

Special thanks to @tituspijean @ericg @yalh76 and @Aleks who have all helped me to solve the very various difficulties I had to face during the packaging process.

Outline app is now reaching level 7 in the CI and both above mentionned issues have been solved.
Version v0.63.0 is packaged and should be running well in your server. You can install it directly from the Yunohost apps catalog within the admin web UI.
Please use with caution as it hasn’t been extensively tested yet.

I still need to tackle a few things like ARM version, MinIO URL change hook, what happens if MinIO or Dex are removed before Outline, creating a hook to delete Outline user if it’s deleted in Yunohost… But the main goal is reached : the Outline app, quite famous for being very difficult to self-host, is now nothing more than a “one click” effort for Yunohost users !

5 Likes

Congrats! And thanks again for the great app(s)!

Right now nothing could prevent that unfortunately. We could implement a hook, unfortunately there do not seem to be a pre_app_remove hook. My idea would have been to have Outline create such a hook for Minio and Dex, that would force their removal to ynh_die --message="$app is required by Outline".

That may be something we could cook up for YunoHost 11, but also in the packaging v2 as a “app dependency” in addition to “apt dependency”.

What do you think @Aleks?

zblerg yeah i don’t know what to think about this because we’re talking about essentially creating the whole set of logic about app dependencies and there’s probably much more than just this situation that arises… c.f. also the recent discussions about the new helper that allows to install an app, developed with the context of prosody/jitsi/peertube in mind if i remember correctly

Adding a pre/post_app_remove hook is probably easy, but I’m not sure that this would answer the issue being discussed here ? If I understand correctly, what you’d want is logic to prevent app A from being removed if it’s a dependency for app B as long as app B is installed. Currently, hooks are only designed to perform custom stuff before/after an action (e.g. app install) is performed, but not to prevent the action from being run, afaik.

Hi @Aleks and many thanks for your answer.

Your understanding is correct. And you are right, going too far would basically mean re-developping a full in-house “package manger” with dependancies management which would probably be too complex.

I have a kind of “middle-ground” idea, which would be semi-manual, only assistance to the admin.

  1. Apps could have a standard key, for instance requiredBy, which would have as a value a list of apps.
  2. During the install process, the dependant app (in my case, Outline) would append its name to the requiredBy value of all the apps it depends on (in my case, Dex and MinIO).
  3. We could then have Yunohost checking for that requiredBy key when the admin tries to remove the app : if it’s not set, then the app is just removed as usual. If it contains something, the admin would receive a warning box (just like the one we have when installing an app on the root of a domain) saying like “Outline app is dependant on MinIO. Are you sure you want to uninstall MinIO ? This may break Outline”
  4. Reversely, we could have a hook such that when the admin removes an app, it would scan all other installed apps for requiredBy key. The admin could then receive a warning box saying something like “MinIO was required by Outline that you have just uninstalled. Do you still need it ?”

Anyway it works correctly for now, and I’m happy with the result !
I will migrate to the new helper once it will be official.

With pleasure. I don’t have much merit as I was working for myself as an Outline user :slight_smile:
Waiting for the inline comments now… But for this I don’t have the competence to help… Very heavy typescript / react / node app, way above my simple bash / python knowledge :sweat_smile:

We discussed the matter during last night’s meeting.

The ynh_install_app helper is now merged, and will be available in YunoHost 11. It already adds a apps_dependencies setting to the main app, a comma-separared list of sub apps IDs.

We can now alter the behavior of the app removal routine in YunoHost core to more or less add the checks you were describing above, mainly preventing apps removal when they are needed. This wil be done at a later point.

1 Like

Good to know !
Unfortunately my time zone prevents me to attend these meetings.
I will start having a look at the new helper. Does it mean that if I use it in my install script outline won’t be installable without Bullseye ?

It would be more appropriate to have requires key instead of requiredby. In case the app that is considered as dependency let’s call it app A and we have two apps B and C that depend on A. If one day we add an app D that is also dependent on A, it would be easier to just add the key requires app A to the script of D, instead of going to the app A and append D to the list requiredby B and C.
I hope you understood me.
This will lead to change how yunohost will act when installing and uninstalling an app. It will need to check all apps ids before that.

I guess you can add it in the _common.sh file in the meantime. :slight_smile:


@jarod5001 yes indeed it’s better to list the dependencies in the “mother” app settings. And yeah the future function that will check these will always need to list all apps settings and compute them. But they are already generated in YAML so it would be straightforward.

1 Like

Thanks a lot for your work.
I have been trying to deploy it since weeks and I found out your solution and it finally works!

However, I am not sure how do I configure the https://raw.githubusercontent.com/outline/outline/develop/.env.sample file

I want to enable Google Auth and disable yunohost auth) and allow only a specific domain name.
Also, I would like to setup the SMTP configuration.

Thanks a lot for your time.

Hi @luker and welcome to the Yunohost forum.

Did you discover Yunohost through Outline’s github discussions ?

To enable Google Auth and disable Yunohost auth

  1. 1st of all you have to know that Outline can’t have two different auth methods activated in self-hosted mode at the moment. It should be quickly added as a feature, but meanwhile if you have already added a first user through Yunohost auth then even if you change the .env file, the Google auth won’t appear. You’ll have to install again Outline from scratch and then follow the steps below
  2. Once you have Outline installed on Yunohost, do NOT login yet and go to /var/www/outline to change the .env file and add your google env parameters (and remove Yunohost / Dex parameters which are under the OIDC setup). FYI a standard Google account won’t work. You need a professional account for it to work.
  3. Once the .env file is changed (make sure the ownership of the .env remains outline:www-data) you can either run the command sudo yunohost service restart outline or do it using the web ui
  4. Normally in the future you’ll be able to update your Outline instance through the standard Yunohost process without having to redo the above steps

To setup SMTP server

  • Do you mean an external SMPT server that is not Yunohost one ?
  • To do so I guess you just need to put the right config parameters in /var/www/outline and then restart Outline just like above

Hope this helps.
Don’t hesitate to try other apps to add to your Yunohost !

Thanks a lot!
It is working well now.
Yes, I meant the external SMTP service.
I modified from .env for the same and it working well now.

Thanks man. You helped a lot :slight_smile:

Regarding from where I found about it, then yes, I found you via github outline issue.

great !

With pleasure

Nice if that could help someone self-hosting Outline !

Hello!

I tried installing this but I can’t seem to login, I grand access in Dex and then it redirects to the login screen, it’s stuck in a loop.

What URL’s did you test this with?

I’m using wiki.domain.tld for outline
domain.tld/wikiauth for dex
minio.domain.tld for minIO