I’ve given up on path_url as it doesn’t look like Outline is compatible anyway
I’ve found a potentially big problem on Outline licence, that would prevent the app from being added to the official app catalog (see here)
The app is now ready to test, for those who would be interested. Again, please don’t install it yet on a prod server
After my current branch will be merged (PR) I’ll focus on something a little bit harder, which will be to add a passport.js strategy to make Outline compatible with Yunohost’s LDAP… Stay tuned
92272 INFO [####................] > Configuring system user...
92754 INFO [####................] > Creating a PostgreSQL database...
96718 INFO [####+...............] > Setting up source files...
98494 INFO [#####...............] > Setting up MinIO bucket for Outline...
98676 INFO [#####...............] > Configuring NGINX web server...
101744 INFO [#####++++...........] > Fetching Yarn dev dependencies... This can be very long, be patient !
vda1: write failed, user block limit reached.
vda1: write failed, user block limit reached.
vda1: write failed, user block limit reached.
vda1: write failed, user block limit reached.
240985 ERROR Unable to install outline: An error occurred inside the app installation script
Do you confirm that this is a CI server issue, and not something that has to do with my app ?
Thanks !
Hi @tituspijean I’m now working on making Outline compatible with Yunohost’s LDAP SSO, as per your advice. I have found the passport-ldapauth plugin and have tried to do the following :
Added the plugin to the project with yarn add passport-ldapauth command
I can compile without any problem, but when I run Outline I get a very strange error :
root@tests:/opt/yunohost/outline# yarn start
**yarn run v1.22.17**
$ node ./build/server/index.js
info: **[lifecycle]** Starting collaboration service
info: **[lifecycle]** Starting websockets service
info: **[lifecycle]** Starting worker service
info: **[lifecycle]** Starting web service
(node:16668) UnhandledPromiseRejectionWarning: Error: Cannot find module 'koa-webpack-dev-middleware'
Require stack:
- /opt/yunohost/outline/build/server/services/web.js
- /opt/yunohost/outline/build/server/services/index.js
- /opt/yunohost/outline/build/server/index.js
at Function.Module._resolveFilename (internal/modules/cjs/loader.js:902:15)
at Function.Module._load (internal/modules/cjs/loader.js:746:27)
at Module.require (internal/modules/cjs/loader.js:974:19)
at require (internal/modules/cjs/helpers.js:101:18)
at init (/opt/yunohost/outline/build/server/services/web.js:65:27)
at start (/opt/yunohost/outline/build/server/index.js:101:11)
at processTicksAndRejections (internal/process/task_queues.js:95:5)
at async throng (/opt/yunohost/outline/node_modules/throng/lib/throng.js:24:12)
(Use `node --trace-warnings ...` to show where the warning was created)
(node:16668) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). To terminate the node process on unhandled promise rejection, use the CLI flag `--unhandled-rejections=strict` (see https://nodejs.org/api/cli.html#cli_unhandled_rejections_mode). (rejection id: 1)
(node:16668) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.
Do you have any idea on where I should look for mistakes ?
I would be very glad to get rid of Slack and have Outline directly using Yunohost SSO.
Thanks in advance for your help !
Slack was mandatory up until recently. Outline devs have opened it up, but we need to implement our own authentication method (LDAP plugin is for paid Outline licence, for example…). So, wait and see, or test it out by creating à dummy Slack account.
We will have look, thanks!
Try npm install koa-webpack-dev-middleware before running the build.
Disclaimer: I am no Node dev, so I am like you trying to code by mimicking others.
Hi @jln, thanks for testing and very sorry that you have experienced an issue with the app.
From your logs it seems that you have used the testing branch, which is not up to date at the moment.
Could you please try using the latest tag v0.61.1-alpha ?
OK, so after a lot of trying and testing, I have found the reason for that error.
I was even able to write my first passport strategy for Outline : I did a “visitor” button that allows login for a dummy account, without any link with Yunohost LDAP system.
By doing so, I understood that there is a problem with the passport-ldap strategy : that strategy is meant to receive a user and password from the app, and to check them against the local LDAP server. Unfortunately, on its side, Outline was not designed to have fields to enter username or password on its login buttons. Indeed, these login buttons have been designed to use an Oauth 2.0 mechanism, which means going to a webpage and then have a callback webpage using the token given by Google, Slack or Azure !
So it looks like if I want Outline to use the passport-ldap strategy, I have to patch the app so that it will have a dedicated form where the user could enter its username and password… Quite difficult (I hope my explanation is clear?)
But then I was wondering : can SSOwat use http-auth ? Seems like yes, but I’m not sure and would be willing to have some guidance. If yes, then I could probably use the passport-http strategy, which would be easier and more in line with how the Outline app was designed.
“Alpha” package has been updated to the latest Outline version (v0.62.0)
You can go to that url and follow the Readme
Current progress of the packaging MinIO is installed automatically if needed Safety checks on MinIO domain Outline downloads mc MinIO client to create and set up automatically a dedicated MinIO bucket Patch to remove branding on shared pages Patch to have mailer working with Yunohost’s internal system Install, Remove, Upgrade, Backup, Restore all working correctly Not yet working on AMD platforms Not yet validating CI for complex reasons related with MinIO Not yet working with Yunohost SSO
Please don’t install this on a production server !
Don’t hesitate to fill in issues on Github or make some feedback here, I’ll be very interested.
Any help from you guys would be very welcomed !
I have found an app called “Canaille” Yaal / Canaille · GitLab (Canaille — canaille 0.0.6 documentation)
It may be a good solution for my usecase, as it creates an OpenID Connect provider based on Yunohost’s LDAP server. I wouldn’t like to be dependant on a third app (Outline requires MinIO + Canaille ?) but I’m not very sure that http-auth header is doable.
@tituspijean could you please describe a little bit more what steps I should do ?
If I understood well, I need to load yunohost.domain/yunohost/sso with “Authorization” header
But if I do so, what will the SSO return to me ? Can I get a user ID, user name and/or email ?
I’m having a look to install Canaille on Yunohost.
It seems to be a “wsgi” app. What would be the cleanest Yunohot app based on that system so that I could have a look ?
Thanks !
I have been able to run dex identity provider on my test server.
I managed to have dex binding to Yunohost’s LDAP server. This will now make standard OpenID Connect authentification flows possible for Yunohost apps, including of course Outline.
Outline configured to use Dex app as OIDC provider (here named “Yunohost”)
It works perfectly until the end where a new user will be created and logged in Outline.
I’m pretty happy with that result which looks rather clean. I could even brand the Dex app with Yunohost logo for the sake of nice details.
I will now need to package Dex properly for Yunohost and should be able to produce soon an updated version of my Outline package fully compatible with Yunohost SSO, getting completely rid of that Slack app creation requirement.
Automated installation and setup of Dex app for authentification against LDAP user base. Dex app is now part of Yunohost catalog and Level 7.
Updated installation and setup of MinIO app to follow major changes made to that app, now part of Yunohost catalog and Level 7.
You can now install a fully working version of Outline wiki and login with your Yunohost users.
Main disclaimer
This is still a beta package. Please don’t install it yet on a production server !
For technical reasons I’m still trying to understand, related to Dex app, Outine can’t be installed yet using the Web UI. Please use the command line instead sudo yunohost app install https://github.com/Yunohost-Apps/outline_ynh
Special thanks to @tituspijean@ericg@yalh76 and @Aleks who have all helped me to solve the very various difficulties I had to face during the packaging process.
Outline app is now reaching level 7 in the CI and both above mentionned issues have been solved.
Version v0.63.0 is packaged and should be running well in your server. You can install it directly from the Yunohost apps catalog within the admin web UI. Please use with caution as it hasn’t been extensively tested yet.
I still need to tackle a few things like ARM version, MinIO URL change hook, what happens if MinIO or Dex are removed before Outline, creating a hook to delete Outline user if it’s deleted in Yunohost… But the main goal is reached : the Outline app, quite famous for being very difficult to self-host, is now nothing more than a “one click” effort for Yunohost users !
and follow the Readme
MinIO is installed automatically if needed
Not yet working on AMD platforms
It has been a long journey