init

.gitignore

@@ -0,0 +1 @@
+.idea

authelia/configuration.yml

@@ -0,0 +1,132 @@
+---
+###############################################################
+#                   Authelia configuration                    #
+###############################################################
+
+# This secret can also be set using the env variables AUTHELIA_JWT_SECRET_FILE
+jwt_secret: Unicom#2023
+default_redirection_url: https://sso.flyfish.group
+
+server:
+  host: 0.0.0.0
+  port: 3001
+
+log:
+  level: debug
+
+totp:
+  issuer: flyfish.group
+
+# duo_api:
+#  hostname: api-123456789.example.com
+#  integration_key: ABCDEF
+#  # This secret can also be set using the env variables AUTHELIA_DUO_API_SECRET_KEY_FILE
+#  secret_key: 1234567890abcdefghifjkl
+
+authentication_backend:
+  file:
+    path: /config/users_database.yml
+
+access_control:
+  default_policy: deny
+  rules:
+    # Rules applied to everyone
+    - domain: flyfish.group
+      policy: bypass
+    - domain: outline.mynatapp.cc
+      policy: one_factor
+    - domain: pri.flyfish.group
+      policy: two_factor
+
+session:
+  # This secret can also be set using the env variables AUTHELIA_SESSION_SECRET_FILE
+  secret: Unicom#2023@VeryNB#Wangyu
+  name: authelia_session
+  domain: sso.flyfish.group  # Should match whatever your root protected domain is
+  expiration: 3600  # 1 hour
+  inactivity: 300  # 5 minutes
+  redis:
+    host: redis
+    port: 6379
+    # This secret can also be set using the env variables AUTHELIA_SESSION_REDIS_PASSWORD_FILE
+    # password: authelia
+
+regulation:
+  max_retries: 3
+  find_time: 120
+  ban_time: 300
+
+storage:
+  encryption_key: 4bfc40eef1a3df253473b4cf793e91712d15659474eafa6973219b555061a645
+  local:
+    path: /config/db.sqlite3
+
+notifier:
+  smtp:
+    username: wybaby168@163.com
+    # This secret can also be set using the env variables AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE
+    password: TWNQBHMSQIGRBCYU
+    host: smtp.163.com
+    port: 25
+    sender: wybaby168@163.com
+
+identity_providers:
+  oidc:
+    hmac_secret: Unicom#2023@VeryNB#Wangyu
+    issuer_private_key: |
+      -----BEGIN RSA PRIVATE KEY-----
+      MIIEpAIBAAKCAQEAz49nUOVaCPaa4O/fmGrSMMJyFfh2YYJKU9Gv6XIL9gaVC8Do
+      G/N6v1O9+VOYehgoUwmo04nx19oLB5orEvM2QMrlbKz7GBhaBAOd8tMcGpK1Ohkf
+      2O7/9z/XeYU07YTZzaFFikun0GL9TZvjP6QYMJATw3BlQ+ynb9HBiHUi+IdJY+f0
+      /VNH/IG7MWTeYHCeQE2Pd6x+CmAP3+cPHm9dlmVPLFvhJGGIglpio52Ti8GW6t39
+      1dtZuj0KYrui0TLt8lXcKiKlxZcjhECCXx9s+xCKsi3simAcEpMycoevNCkjZOWN
+      DctHxcVVPrkHXCxYVbl/HXyfbP1pP/dG0tCntQIDAQABAoIBAAVcogGf+yRyImwf
+      JjqMv+NMkp/orD42nG7v4sh4DsELSHxmPljCgHBC3Ix9UVoOF7SVckwMqze1RUWs
+      AOLbb5Ja63RUP6ROtLyXz1O/imFRWucmUQFMo0Yi2xEjlMtx/CJowSAidjJW7E49
+      8a/qMEnI3wnUdHk9utGTrJk21XFwGVQbgRWq2jTiVwSyLBHMdcheqDXQBajpS8Cm
+      w9GV0x1crhjz47gADG3kt+Y/4XhQZIcsahBNS38WG+vCM9alzCePtKjqEaPW3yRi
+      3X0OXSLiEpyOE0xlVUOT5KTbsApzzwWwSeoHdS36xgwUHgmJoh9mueILQLCnlXCP
+      4ejUen0CgYEA8XGAZA/+aKDTZPH0l7hwpT8eeOV/V3g/V6Zt6j5VoVbOJ+0JJL6s
+      mpuf/10+Y2MPHiHzpl4g0niRaEVPv/sAH++RmcevV98T6Zg0ssAep56XjEKK0C8A
+      jljz9cVX1OdF5avSuFUA+4hwuvhVYxqHQvKKxlq7dBruSTfTJOZ9xHsCgYEA3BLw
+      r3IarOS/ItSnp5Y6Z0NZCX7v/XOXBHFXznslRdJyfaTwWOrOuK8PZk3QfMseTx3A
+      38BoJh8aUYofleSeWHc4Wxbi0GjHbNdUQo2i1wP7kLaaNiSKGGYhPq4LRmUaqeor
+      idMLcClgsgmT3EGx1i0SZv2OGaSULSpEHi+0hY8CgYEAzOHw/nhn/edDm6yKT1kv
+      FbrLI/IzrkkXD0zmhtkglwlvZYgKs0iudYBMNEmu0G3V/U74UBweJBw139K5SwM2
+      5uLHnkRJ8foWDqqfRXQsTzcQCPDKlMDd6u1nEA7Hap5avPuik9NmQwxUBQUIiFGR
+      qGjjBFEoMu1LeYxKu0xwOxMCgYBIAX50uS3XMgUD3XZ5k+LKFLQWMk1NrTtVPcyQ
+      B6TbYo8JYyUswq8eqFCulXlIy6DAHCkWTLsG9hhDY6EQBzx0D5YF38gYjp/pkc7E
+      89i651exMr3kRzJT516rRoDz6HK/85mJP983NKKpvg59+5S3Ugn6Xq3W4A2HdZPS
+      GKPFKwKBgQCo57qnAdYdTkG2dCTQvOWVHMQ5uWhyBzOu/BW4wpk5+kXmySltqTQC
+      M6An9K8skqBGr9D+4FvXrc+hjRd2NJmIVsIoUxA/N6ico8kSt0gnIGSzkaR6NSGU
+      kHFdU/jUVi5DFQ3yLK3Scfl5RP3nX8M7DJI2Sqj3zPJQm+SLX6TU1w==
+      -----END RSA PRIVATE KEY-----
+    access_token_lifespan: 1h
+    authorize_code_lifespan: 1m
+    id_token_lifespan: 1h
+    refresh_token_lifespan: 90m
+    enable_client_debug_messages: false
+    enforce_pkce: public_clients_only
+    cors:
+      endpoints:
+        - authorization
+        - token
+        - revocation
+        - introspection
+      allowed_origins:
+        - https://outline.mynatapp.cc
+      allowed_origins_from_client_redirect_uris: false
+    clients:
+      - id: outline
+        description: 产互研发知识库
+        secret: '542e9284a37c87ebc165e7e1106650d9a669503ce384e8df0496485a85663984'
+        public: false
+        authorization_policy: one_factor
+        scopes:
+          - openid
+          - offline_access
+          - profile
+          - email
+        redirect_uris:
+          - https://outline.mynatapp.cc/auth/oidc.callback
+        userinfo_signing_algorithm: none

authelia/rsaCerReq.csr

@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIC3DCCAcQCAQAwgZYxCzAJBgNVBAYTAkNOMQ8wDQYDVQQIDAZTaGFueGkxEDAO
+BgNVBAcMB1RhaXl1YW4xDzANBgNVBAoMBlVuaWNvbTETMBEGA1UECwwKRGV2ZWxv
+cGluZzEaMBgGA1UEAwwRc3NvLmZseWZpc2guZ3JvdXAxIjAgBgkqhkiG9w0BCQEW
+E3d5YmFieTE2OEBnbWFpbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQDPj2dQ5VoI9prg79+YatIwwnIV+HZhgkpT0a/pcgv2BpULwOgb83q/U735
+U5h6GChTCajTifHX2gsHmisS8zZAyuVsrPsYGFoEA53y0xwakrU6GR/Y7v/3P9d5
+hTTthNnNoUWKS6fQYv1Nm+M/pBgwkBPDcGVD7Kdv0cGIdSL4h0lj5/T9U0f8gbsx
+ZN5gcJ5ATY93rH4KYA/f5w8eb12WZU8sW+EkYYiCWmKjnZOLwZbq3f3V21m6PQpi
+u6LRMu3yVdwqIqXFlyOEQIJfH2z7EIqyLeyKYBwSkzJyh680KSNk5Y0Ny0fFxVU+
+uQdcLFhVuX8dfJ9s/Wk/90bS0Ke1AgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAQEA
+P7R2kUTdb4DGdlIX6rlvWKYwC9uepHb1n09NcJKWms0c0JBTFQMD6FnRxXW+8HTG
+skhc3b2xuklcTSLSK9HmM/VfGfOH6cuAGzsgsKXZxPJiImrk9vneZZgFh2E/uxVl
++OIUiM75sIzwR9Fg4pKA/EsW4cQO5Q034srIrZ14gmz39sAvnGZ+eukWcf6FG1mj
+4h2gEBsnHh9qP3R2R5TC8JgICCzRK+ELYBoz4LSVdfqeBkrbK5tai5UKgkG9PC4b
+wlYQPJ8P4lpEjzICZgs2HBcBBr4wwNNhq7+UmfWvPs6H478viRqzRsyKbuzo+Uug
+D2ZzRb9hdeKrIlnDnsVf2A==
+-----END CERTIFICATE REQUEST-----

authelia/rsaCert.crt

@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDqjCCApICCQDpzFhdVgEJsDANBgkqhkiG9w0BAQsFADCBljELMAkGA1UEBhMC
+Q04xDzANBgNVBAgMBlNoYW54aTEQMA4GA1UEBwwHVGFpeXVhbjEPMA0GA1UECgwG
+VW5pY29tMRMwEQYDVQQLDApEZXZlbG9waW5nMRowGAYDVQQDDBFzc28uZmx5Zmlz
+aC5ncm91cDEiMCAGCSqGSIb3DQEJARYTd3liYWJ5MTY4QGdtYWlsLmNvbTAeFw0y
+MzAxMTgwOTQxNDlaFw0zMzAxMTUwOTQxNDlaMIGWMQswCQYDVQQGEwJDTjEPMA0G
+A1UECAwGU2hhbnhpMRAwDgYDVQQHDAdUYWl5dWFuMQ8wDQYDVQQKDAZVbmljb20x
+EzARBgNVBAsMCkRldmVsb3BpbmcxGjAYBgNVBAMMEXNzby5mbHlmaXNoLmdyb3Vw
+MSIwIAYJKoZIhvcNAQkBFhN3eWJhYnkxNjhAZ21haWwuY29tMIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz49nUOVaCPaa4O/fmGrSMMJyFfh2YYJKU9Gv
+6XIL9gaVC8DoG/N6v1O9+VOYehgoUwmo04nx19oLB5orEvM2QMrlbKz7GBhaBAOd
+8tMcGpK1Ohkf2O7/9z/XeYU07YTZzaFFikun0GL9TZvjP6QYMJATw3BlQ+ynb9HB
+iHUi+IdJY+f0/VNH/IG7MWTeYHCeQE2Pd6x+CmAP3+cPHm9dlmVPLFvhJGGIglpi
+o52Ti8GW6t391dtZuj0KYrui0TLt8lXcKiKlxZcjhECCXx9s+xCKsi3simAcEpMy
+coevNCkjZOWNDctHxcVVPrkHXCxYVbl/HXyfbP1pP/dG0tCntQIDAQABMA0GCSqG
+SIb3DQEBCwUAA4IBAQCX90Q11s5WuMllCUKu7s0KOtb6Ysa3KLq5lg4zHdguBxdv
+bIxXGciOBzyXxH00M+ulIcgbRxrcEbcrs8TyauAc7PZW1HhMWluPrCTqW/v0gfBn
+Ywgtpot4DZ1KSTIDpMWuzHve6zGkyT4tLKKwJTlDRsIeU+DrZGaPcG4EWyxsd17k
+e97POp9s90Alg68YnQHGv6NH0kOiNhyOYTysBwUFjqVKlypzfhmADnjWRmJuJXal
+nSfNwIR7V3IQixwyhWEzgFAgI0zAuKaMo0hPQ5x7bXmQycep7cX0iRKXbhhqQKzQ
+/J9AX5Q5pKQtOoJv95n4mKDMjIsgKIsXYYH8nQWU
+-----END CERTIFICATE-----

authelia/rsa_private_key.pem

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAz49nUOVaCPaa4O/fmGrSMMJyFfh2YYJKU9Gv6XIL9gaVC8Do
+G/N6v1O9+VOYehgoUwmo04nx19oLB5orEvM2QMrlbKz7GBhaBAOd8tMcGpK1Ohkf
+2O7/9z/XeYU07YTZzaFFikun0GL9TZvjP6QYMJATw3BlQ+ynb9HBiHUi+IdJY+f0
+/VNH/IG7MWTeYHCeQE2Pd6x+CmAP3+cPHm9dlmVPLFvhJGGIglpio52Ti8GW6t39
+1dtZuj0KYrui0TLt8lXcKiKlxZcjhECCXx9s+xCKsi3simAcEpMycoevNCkjZOWN
+DctHxcVVPrkHXCxYVbl/HXyfbP1pP/dG0tCntQIDAQABAoIBAAVcogGf+yRyImwf
+JjqMv+NMkp/orD42nG7v4sh4DsELSHxmPljCgHBC3Ix9UVoOF7SVckwMqze1RUWs
+AOLbb5Ja63RUP6ROtLyXz1O/imFRWucmUQFMo0Yi2xEjlMtx/CJowSAidjJW7E49
+8a/qMEnI3wnUdHk9utGTrJk21XFwGVQbgRWq2jTiVwSyLBHMdcheqDXQBajpS8Cm
+w9GV0x1crhjz47gADG3kt+Y/4XhQZIcsahBNS38WG+vCM9alzCePtKjqEaPW3yRi
+3X0OXSLiEpyOE0xlVUOT5KTbsApzzwWwSeoHdS36xgwUHgmJoh9mueILQLCnlXCP
+4ejUen0CgYEA8XGAZA/+aKDTZPH0l7hwpT8eeOV/V3g/V6Zt6j5VoVbOJ+0JJL6s
+mpuf/10+Y2MPHiHzpl4g0niRaEVPv/sAH++RmcevV98T6Zg0ssAep56XjEKK0C8A
+jljz9cVX1OdF5avSuFUA+4hwuvhVYxqHQvKKxlq7dBruSTfTJOZ9xHsCgYEA3BLw
+r3IarOS/ItSnp5Y6Z0NZCX7v/XOXBHFXznslRdJyfaTwWOrOuK8PZk3QfMseTx3A
+38BoJh8aUYofleSeWHc4Wxbi0GjHbNdUQo2i1wP7kLaaNiSKGGYhPq4LRmUaqeor
+idMLcClgsgmT3EGx1i0SZv2OGaSULSpEHi+0hY8CgYEAzOHw/nhn/edDm6yKT1kv
+FbrLI/IzrkkXD0zmhtkglwlvZYgKs0iudYBMNEmu0G3V/U74UBweJBw139K5SwM2
+5uLHnkRJ8foWDqqfRXQsTzcQCPDKlMDd6u1nEA7Hap5avPuik9NmQwxUBQUIiFGR
+qGjjBFEoMu1LeYxKu0xwOxMCgYBIAX50uS3XMgUD3XZ5k+LKFLQWMk1NrTtVPcyQ
+B6TbYo8JYyUswq8eqFCulXlIy6DAHCkWTLsG9hhDY6EQBzx0D5YF38gYjp/pkc7E
+89i651exMr3kRzJT516rRoDz6HK/85mJP983NKKpvg59+5S3Ugn6Xq3W4A2HdZPS
+GKPFKwKBgQCo57qnAdYdTkG2dCTQvOWVHMQ5uWhyBzOu/BW4wpk5+kXmySltqTQC
+M6An9K8skqBGr9D+4FvXrc+hjRd2NJmIVsIoUxA/N6ico8kSt0gnIGSzkaR6NSGU
+kHFdU/jUVi5DFQ3yLK3Scfl5RP3nX8M7DJI2Sqj3zPJQm+SLX6TU1w==
+-----END RSA PRIVATE KEY-----

authelia/rsa_public_key.pem

@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz49nUOVaCPaa4O/fmGrS
+MMJyFfh2YYJKU9Gv6XIL9gaVC8DoG/N6v1O9+VOYehgoUwmo04nx19oLB5orEvM2
+QMrlbKz7GBhaBAOd8tMcGpK1Ohkf2O7/9z/XeYU07YTZzaFFikun0GL9TZvjP6QY
+MJATw3BlQ+ynb9HBiHUi+IdJY+f0/VNH/IG7MWTeYHCeQE2Pd6x+CmAP3+cPHm9d
+lmVPLFvhJGGIglpio52Ti8GW6t391dtZuj0KYrui0TLt8lXcKiKlxZcjhECCXx9s
++xCKsi3simAcEpMycoevNCkjZOWNDctHxcVVPrkHXCxYVbl/HXyfbP1pP/dG0tCn
+tQIDAQAB
+-----END PUBLIC KEY-----

authelia/users_database.yml

@@ -0,0 +1,18 @@
+---
+###############################################################
+#                         Users Database                      #
+###############################################################
+
+# This file can be used if you do not have an LDAP set up.
+
+# List of users
+users:
+  admin:
+    disabled: false
+    displayname: "王瑜"
+    # Password is authelia
+    password: "$6$rounds=50000$BpLnfgDsc2WD8F2q$Zis.ixdg9s/UOJYrs56b5QEZFiZECu0qZVNsIYxBaNJ7ucIL.nlxVCT5tqh8KHG8X4tlwCFm5r6NTOZZ5qRFN/"  # yamllint disable-line rule:line-length
+    email: wybaby168@gmail.com
+    groups:
+      - admins
+      - dev

docker-compose.yml

@@ -0,0 +1,90 @@
+version: "3"
+services:
+
+  outline:
+    image: outlinewiki/outline
+    env_file: ./docker.env
+    ports:
+      - "3000:3000"
+#    volumes:
+#      - type: bind
+#        source: ./private.pem
+#        target: /opt/outline/private.pem
+#        read_only: true
+#      - type: bind
+#        source: ./public.pem
+#        target: /opt/outline/public.pem
+#        read_only: true
+    depends_on:
+      - postgres
+      - redis
+      - storage
+
+  redis:
+    image: redis
+    env_file: ./docker.env
+    ports:
+      - "6379:6379"
+    volumes:
+      - ./redis.conf:/redis.conf
+    command: ["redis-server", "/redis.conf"]
+    healthcheck:
+      test: ["CMD", "redis-cli", "ping"]
+      interval: 10s
+      timeout: 30s
+      retries: 3
+
+  postgres:
+    image: postgres
+    env_file: ./docker.env
+    ports:
+      - "5432:5432"
+    volumes:
+      - database-data:/var/lib/postgresql/data
+    healthcheck:
+      test: ["CMD", "pg_isready -U user"]
+      interval: 30s
+      timeout: 20s
+      retries: 3
+    environment:
+      POSTGRES_USER: 'user'
+      POSTGRES_PASSWORD: 'pass'
+      POSTGRES_DB: 'outline'
+
+  storage:
+    image: minio/minio
+    env_file: ./docker.env
+    ports:
+      - "9000:9000"
+      - "9001:9001"
+    entrypoint: sh
+    command: -c 'minio server --address ":9000" --console-address ":9001" /data'
+    deploy:
+      restart_policy:
+        condition: on-failure
+    volumes:
+      - storage-data:/data
+      - ./minio:/root/.minio
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"]
+      interval: 30s
+      timeout: 20s
+      retries: 3
+  authelia:
+    image: authelia/authelia
+    container_name: authelia
+    volumes:
+      - ./authelia:/config
+    ports:
+      - "3001:3001"
+    restart: unless-stopped
+    healthcheck:
+      ## In production the healthcheck section should be commented.
+      disable: true
+    environment:
+      - TZ=Asia/Shanghai
+
+volumes:
+  https-portal-data:
+  storage-data:
+  database-data:

docker.env

@@ -0,0 +1,181 @@
+APP_NAME=产互研发知识库
+# –––––––––––––––– REQUIRED ––––––––––––––––
+
+NODE_ENV=production
+
+# Generate a hex-encoded 32-byte random key. You should use `openssl rand -hex 32`
+# in your terminal to generate a random value.
+SECRET_KEY=1d7272069f6070b6f691969478fe8aa4a9c34029a836491b3c30af66cb038e4b
+
+# Generate a unique random key. The format is not important but you could still use
+# `openssl rand -hex 32` in your terminal to produce this.
+UTILS_SECRET=54f167019334b4e50f0f4954c7a2b3de75fce3c9cba6c743c67799e0091649e9
+
+# For production point these at your databases, in development the default
+# should work out of the box.
+DATABASE_URL=postgres://user:pass@postgres:5432/outline
+DATABASE_URL_TEST=postgres://user:pass@postgres:5432/outline-test
+DATABASE_CONNECTION_POOL_MIN=
+DATABASE_CONNECTION_POOL_MAX=
+# Uncomment this to disable SSL for connecting to Postgres
+PGSSLMODE=disable
+
+# For redis you can either specify an ioredis compatible url like this
+REDIS_URL=redis://redis:6379
+# or alternatively, if you would like to provide additional connection options,
+# use a base64 encoded JSON connection option object. Refer to the ioredis documentation
+# for a list of available options.
+# Example: Use Redis Sentinel for high availability
+# {"sentinels":[{"host":"sentinel-0","port":26379},{"host":"sentinel-1","port":26379}],"name":"mymaster"}
+# REDIS_URL=ioredis://eyJzZW50aW5lbHMiOlt7Imhvc3QiOiJzZW50aW5lbC0wIiwicG9ydCI6MjYzNzl9LHsiaG9zdCI6InNlbnRpbmVsLTEiLCJwb3J0IjoyNjM3OX1dLCJuYW1lIjoibXltYXN0ZXIifQ==
+
+# URL should point to the fully qualified, publicly accessible URL. If using a
+# proxy the port in URL and PORT may be different.
+URL=https://outline.mynatapp.cc
+PORT=3000
+
+# See [documentation](docs/SERVICES.md) on running a separate collaboration
+# server, for normal operation this does not need to be set.
+COLLABORATION_URL=
+
+# To support uploading of images for avatars and document attachments an
+# s3-compatible storage must be provided. AWS S3 is recommended for redundancy
+# however if you want to keep all file storage local an alternative such as
+# minio (https://github.com/minio/minio) can be used.
+
+# A more detailed guide on setting up S3 is available here:
+# => https://wiki.generaloutline.com/share/125de1cc-9ff6-424b-8415-0d58c809a40f
+#
+AWS_ACCESS_KEY_ID=MPsDjtevz2Or9Nky
+AWS_SECRET_ACCESS_KEY=6tOMVh1MOfu3GujGHrA07W6p3WpdX5vv
+AWS_REGION=
+AWS_S3_ACCELERATE_URL=
+AWS_S3_UPLOAD_BUCKET_URL=https://wiki.flyfish.group
+AWS_S3_UPLOAD_BUCKET_NAME=outline
+AWS_S3_UPLOAD_MAX_SIZE=26214400
+AWS_S3_FORCE_PATH_STYLE=true
+AWS_S3_ACL=private
+
+
+# –––––––––––––– AUTHENTICATION ––––––––––––––
+
+# Third party signin credentials, at least ONE OF EITHER Google, Slack,
+# or Microsoft is required for a working installation or you'll have no sign-in
+# options.
+
+# To configure Slack auth, you'll need to create an Application at
+# => https://api.slack.com/apps
+#
+# When configuring the Client ID, add a redirect URL under "OAuth & Permissions":
+# https://<URL>/auth/slack.callback
+SLACK_CLIENT_ID=4631119152534.4661436488720
+SLACK_CLIENT_SECRET=88064dce7ad0a36d14ce8cacbbd77ac7
+
+# To configure Google auth, you'll need to create an OAuth Client ID at
+# => https://console.cloud.google.com/apis/credentials
+#
+# When configuring the Client ID, add an Authorized redirect URI:
+# https://<URL>/auth/google.callback
+GOOGLE_CLIENT_ID=
+GOOGLE_CLIENT_SECRET=
+
+# To configure Microsoft/Azure auth, you'll need to create an OAuth Client. See
+# the guide for details on setting up your Azure App:
+# => https://wiki.generaloutline.com/share/dfa77e56-d4d2-4b51-8ff8-84ea6608faa4
+AZURE_CLIENT_ID=
+AZURE_CLIENT_SECRET=
+AZURE_RESOURCE_APP_ID=
+
+# To configure generic OIDC auth, you'll need some kind of identity provider.
+# See documentation for whichever IdP you use to acquire the following info:
+# Redirect URI is https://<URL>/auth/oidc.callback
+OIDC_CLIENT_ID=outline
+OIDC_CLIENT_SECRET=542e9284a37c87ebc165e7e1106650d9a669503ce384e8df0496485a85663984
+OIDC_AUTH_URI=https://sso.flyfish.group/api/oidc/authorization
+OIDC_TOKEN_URI=https://sso.flyfish.group/api/oidc/token
+OIDC_USERINFO_URI=https://sso.flyfish.group/api/oidc/userinfo
+
+# Specify which claims to derive user information from
+# Supports any valid JSON path with the JWT payload
+OIDC_USERNAME_CLAIM=preferred_username
+
+# Display name for OIDC authentication
+OIDC_DISPLAY_NAME=账号密码
+
+# Space separated auth scopes.
+OIDC_SCOPES="openid offline_access profile email"
+
+
+# –––––––––––––––– OPTIONAL ––––––––––––––––
+
+# Base64 encoded private key and certificate for HTTPS termination. This is only
+# required if you do not use an external reverse proxy. See documentation:
+# https://wiki.generaloutline.com/share/1c922644-40d8-41fe-98f9-df2b67239d45
+SSL_KEY=
+SSL_CERT=
+
+# If using a Cloudfront/Cloudflare distribution or similar it can be set below.
+# This will cause paths to javascript, stylesheets, and images to be updated to
+# the hostname defined in CDN_URL. In your CDN configuration the origin server
+# should be set to the same as URL.
+CDN_URL=
+
+# Auto-redirect to https in production. The default is true but you may set to
+# false if you can be sure that SSL is terminated at an external loadbalancer.
+FORCE_HTTPS=false
+
+# Have the installation check for updates by sending anonymized statistics to
+# the maintainers
+ENABLE_UPDATES=true
+
+# How many processes should be spawned. As a reasonable rule divide your servers
+# available memory by 512 for a rough estimate
+WEB_CONCURRENCY=1
+
+# Override the maximum size of document imports, could be required if you have
+# especially large Word documents with embedded imagery
+MAXIMUM_IMPORT_SIZE=5120000
+
+# You can remove this line if your reverse proxy already logs incoming http
+# requests and this ends up being duplicative
+DEBUG=http
+
+# For a complete Slack integration with search and posting to channels the
+# following configs are also needed, some more details
+# => https://wiki.generaloutline.com/share/be25efd1-b3ef-4450-b8e5-c4a4fc11e02a
+#
+SLACK_VERIFICATION_TOKEN=your_token
+SLACK_APP_ID=A0XXXXXXX
+SLACK_MESSAGE_ACTIONS=true
+
+# Optionally enable google analytics to track pageviews in the knowledge base
+GOOGLE_ANALYTICS_ID=
+
+# Optionally enable Sentry (sentry.io) to track errors and performance,
+# and optionally add a Sentry proxy tunnel for bypassing ad blockers in the UI:
+# https://docs.sentry.io/platforms/javascript/troubleshooting/#using-the-tunnel-option)
+SENTRY_DSN=
+SENTRY_TUNNEL=
+
+# To support sending outgoing transactional emails such as "document updated" or storage-certs: "./certs"
+# "you've been invited" you'll need to provide authentication for an SMTP server
+SMTP_HOST=smtp.163.com
+SMTP_PORT=465
+SMTP_USERNAME=wybaby168@163.com
+SMTP_PASSWORD=TWNQBHMSQIGRBCYU
+SMTP_FROM_EMAIL=wybaby168@163.com
+SMTP_REPLY_EMAIL=
+SMTP_TLS_CIPHERS=
+SMTP_SECURE=true
+
+# The default interface language. See translate.getoutline.com for a list of
+# available language codes and their rough percentage translated.
+DEFAULT_LANGUAGE=zh_CN
+LANGUAGE=zh_CN
+
+# Optionally enable rate limiter at application web server
+RATE_LIMITER_ENABLED=true
+
+# Configure default throttling parameters for rate limiter
+RATE_LIMITER_REQUESTS=1000
+RATE_LIMITER_DURATION_WINDOW=60

minio/certs/private.key

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpgIBAAKCAQEA+AvNYj9fmXyfzKadWoJdzAmjw3Fhq/mK+XRIbI/2ATebPcAm
+oRU8NUKN2oLoAo8Y3+D7qYvb3FDckD6CUpoKWMJTxQDmxZFIMLKrkivjj1lDgrxT
+ahWh3cX0Ik3lvEX3nXbW46rheQbgu7kKDwIJKaxeXTeNF3Yk2EGNSyx8K1LK+Tt0
+bMinNLssKwOKi5S8qN/+qk9+1Wzi1ZniA2J8kq07TDMGu1BaF4CqXYMWf0gNGLqJ
++r1Oc1LgmKqkcsSLYj3/YCVXUqIR6Qj3Wjz5KM7six83kTCI0S1oomu9+KMAICue
+x10zKUstmCNtnLfitubuhvyRp16Ln0PqqdhBywIDAQABAoIBAQCKrBZ7qdBpf8na
+4P8xnZaQvobmehnPymgOxBrFTsqKrarFoAo4niWV5QpnMi5BV/zhFOe9Rup4xmA4
+6Cl1wpasPqAUkEd0Bp/kUc8nng/PkWjzyxObSFLBKK0vDHu2gStIxiqnB16cieLU
+MEPWVh4HRU1QMgFYL32zxRoX/9u/X6VAVSk971LUOHooXosdzcqQKovUOS0x8ZtL
+npd9wSZQLUSCtcVEBeZx4dZhpgBqAQixcgvzdBJR1blTO7bVGLAsgVpbPTdh41ad
+coGEGwhNu3R/7x84Nbu+vTEk7lrD2c45Ybi3Gak/kdoFgKKvvHPdXPBfTm/va+vP
+Wn4np99RAoGBAP8HHCU5RldaJaW+bTcOu0AYNZMnbk5pRbVe7WMHQwkUhc8U/i+F
+giky6tZCzYigWuokv9Rf5zI69CgImk0/SfPJM56/rk8C9CwrtBwa+gyf8TIfAn/A
+eFpRRFiIj481tk1/CxKCFhDPRWhxFOPnF2Fu1+Lm2KqqVwOZBNvok9jDAoGBAPj9
+4PIR0gBYDJNSyv+XXb/oL2tUyShZ/raz0ZGaYD+66qpIOZla21grOtHhCPrHToux
+czhPD6vleZBxc/8971Zrvx0M73/hbpOvR5MA2VF2/OOWaF2+DqlCcDxnwXPB6+TL
+n30cINXj60cm4m8gxBtlovFohHD02wPVbrErOCJZAoGBAKDZZCgaKsJ3ih0ysQGz
+2eiAHHJWwVzVSvEtET6PWvmEJy1ISVXBuCmyAqnm8mmE8jKRwSf64QAubMY/PssP
+6t3G/jbXIOKWs1iUrAG6BhImYuNA6buXspEMhrXsU9d4giX4xgwDXlV11YodIJbp
+rzZ1ydZD0U47J6yOO6FT3MQvAoGBANE2qXtdA+JsGWz0pUNr0Uc99hIudLOmIsMr
+hszcNUF3clRQSa2UzTdhY5QUjTICo/n2yYSn0dgzAhkfa0MtrFwmPrhPNTJznjET
+l4Vqsi+kVkt5Bwq1dqY8AAiRedglOmvNuJ4sM17lmrz3bE3J713B4c8MbjRnWVv4
+S4EseodJAoGBAJ4B6YvdSVWqfzv7/op7HXtoZ865J5OkVa3aqWggbubSE+5+WuL+
+F3rfCD7n076i9Q5f+xm+3O35Zem/J8wiLXC1G070aRsAE3tS35ZKPBg0p3ApUCHF
+j3H4Vo/J4XWmuqJdunSCF+QZ4B6qPtjSU3qlRzi1onjo/0UNwQ9UIBiA
+-----END RSA PRIVATE KEY-----

minio/certs/public.crt

@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC5TCCAc2gAwIBAgIJAJw1tzwn+qiQMA0GCSqGSIb3DQEBCwUAMBQxEjAQBgNV
+BAMMCWxvY2FsaG9zdDAeFw0yMzAxMTMwNzIwMDdaFw0yMzAyMTIwNzIwMDdaMBQx
+EjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBAPgLzWI/X5l8n8ymnVqCXcwJo8NxYav5ivl0SGyP9gE3mz3AJqEVPDVCjdqC
+6AKPGN/g+6mL29xQ3JA+glKaCljCU8UA5sWRSDCyq5Ir449ZQ4K8U2oVod3F9CJN
+5bxF95121uOq4XkG4Lu5Cg8CCSmsXl03jRd2JNhBjUssfCtSyvk7dGzIpzS7LCsD
+iouUvKjf/qpPftVs4tWZ4gNifJKtO0wzBrtQWheAql2DFn9IDRi6ifq9TnNS4Jiq
+pHLEi2I9/2AlV1KiEekI91o8+SjO7IsfN5EwiNEtaKJrvfijACArnsddMylLLZgj
+bZy34rbm7ob8kadei59D6qnYQcsCAwEAAaM6MDgwFAYDVR0RBA0wC4IJbG9jYWxo
+b3N0MAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0B
+AQsFAAOCAQEAEB91o68iwcV+ReMsy82XSoz3hCb628fFUqNl3OHRXETee0gc5wb/
+eg9G/fzwb48SWYPP2oJ3cMknxQ6tgHi00GDy7CeSv1y6nhLwstcMXm7WxX1nai0R
+3c6la0J3Sm76QDWtfJkgNP51+SFIAJGUKv/MzPPQ/G05TYgPbSSpNZQ77EiOLArK
+5pLXFFlVQZ9ycsoUa8gp0aSf1eb1Q4PgX+rg0aWXOHxGfnbzW9x470v2Ds3kkieT
+1KilqG21/i9/ndHJppcj9RwyINdkyFmRLpdF7WrvgJ7f3dckUzPObcrrYWnE5V2V
+J7Zsra0CTiBaF/u722eilFitLI2AmSZ2eA==
+-----END CERTIFICATE-----

private.pem

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpgIBAAKCAQEA+AvNYj9fmXyfzKadWoJdzAmjw3Fhq/mK+XRIbI/2ATebPcAm
+oRU8NUKN2oLoAo8Y3+D7qYvb3FDckD6CUpoKWMJTxQDmxZFIMLKrkivjj1lDgrxT
+ahWh3cX0Ik3lvEX3nXbW46rheQbgu7kKDwIJKaxeXTeNF3Yk2EGNSyx8K1LK+Tt0
+bMinNLssKwOKi5S8qN/+qk9+1Wzi1ZniA2J8kq07TDMGu1BaF4CqXYMWf0gNGLqJ
++r1Oc1LgmKqkcsSLYj3/YCVXUqIR6Qj3Wjz5KM7six83kTCI0S1oomu9+KMAICue
+x10zKUstmCNtnLfitubuhvyRp16Ln0PqqdhBywIDAQABAoIBAQCKrBZ7qdBpf8na
+4P8xnZaQvobmehnPymgOxBrFTsqKrarFoAo4niWV5QpnMi5BV/zhFOe9Rup4xmA4
+6Cl1wpasPqAUkEd0Bp/kUc8nng/PkWjzyxObSFLBKK0vDHu2gStIxiqnB16cieLU
+MEPWVh4HRU1QMgFYL32zxRoX/9u/X6VAVSk971LUOHooXosdzcqQKovUOS0x8ZtL
+npd9wSZQLUSCtcVEBeZx4dZhpgBqAQixcgvzdBJR1blTO7bVGLAsgVpbPTdh41ad
+coGEGwhNu3R/7x84Nbu+vTEk7lrD2c45Ybi3Gak/kdoFgKKvvHPdXPBfTm/va+vP
+Wn4np99RAoGBAP8HHCU5RldaJaW+bTcOu0AYNZMnbk5pRbVe7WMHQwkUhc8U/i+F
+giky6tZCzYigWuokv9Rf5zI69CgImk0/SfPJM56/rk8C9CwrtBwa+gyf8TIfAn/A
+eFpRRFiIj481tk1/CxKCFhDPRWhxFOPnF2Fu1+Lm2KqqVwOZBNvok9jDAoGBAPj9
+4PIR0gBYDJNSyv+XXb/oL2tUyShZ/raz0ZGaYD+66qpIOZla21grOtHhCPrHToux
+czhPD6vleZBxc/8971Zrvx0M73/hbpOvR5MA2VF2/OOWaF2+DqlCcDxnwXPB6+TL
+n30cINXj60cm4m8gxBtlovFohHD02wPVbrErOCJZAoGBAKDZZCgaKsJ3ih0ysQGz
+2eiAHHJWwVzVSvEtET6PWvmEJy1ISVXBuCmyAqnm8mmE8jKRwSf64QAubMY/PssP
+6t3G/jbXIOKWs1iUrAG6BhImYuNA6buXspEMhrXsU9d4giX4xgwDXlV11YodIJbp
+rzZ1ydZD0U47J6yOO6FT3MQvAoGBANE2qXtdA+JsGWz0pUNr0Uc99hIudLOmIsMr
+hszcNUF3clRQSa2UzTdhY5QUjTICo/n2yYSn0dgzAhkfa0MtrFwmPrhPNTJznjET
+l4Vqsi+kVkt5Bwq1dqY8AAiRedglOmvNuJ4sM17lmrz3bE3J713B4c8MbjRnWVv4
+S4EseodJAoGBAJ4B6YvdSVWqfzv7/op7HXtoZ865J5OkVa3aqWggbubSE+5+WuL+
+F3rfCD7n076i9Q5f+xm+3O35Zem/J8wiLXC1G070aRsAE3tS35ZKPBg0p3ApUCHF
+j3H4Vo/J4XWmuqJdunSCF+QZ4B6qPtjSU3qlRzi1onjo/0UNwQ9UIBiA
+-----END RSA PRIVATE KEY-----

public.pem

@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC5TCCAc2gAwIBAgIJAJw1tzwn+qiQMA0GCSqGSIb3DQEBCwUAMBQxEjAQBgNV
+BAMMCWxvY2FsaG9zdDAeFw0yMzAxMTMwNzIwMDdaFw0yMzAyMTIwNzIwMDdaMBQx
+EjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBAPgLzWI/X5l8n8ymnVqCXcwJo8NxYav5ivl0SGyP9gE3mz3AJqEVPDVCjdqC
+6AKPGN/g+6mL29xQ3JA+glKaCljCU8UA5sWRSDCyq5Ir449ZQ4K8U2oVod3F9CJN
+5bxF95121uOq4XkG4Lu5Cg8CCSmsXl03jRd2JNhBjUssfCtSyvk7dGzIpzS7LCsD
+iouUvKjf/qpPftVs4tWZ4gNifJKtO0wzBrtQWheAql2DFn9IDRi6ifq9TnNS4Jiq
+pHLEi2I9/2AlV1KiEekI91o8+SjO7IsfN5EwiNEtaKJrvfijACArnsddMylLLZgj
+bZy34rbm7ob8kadei59D6qnYQcsCAwEAAaM6MDgwFAYDVR0RBA0wC4IJbG9jYWxo
+b3N0MAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0B
+AQsFAAOCAQEAEB91o68iwcV+ReMsy82XSoz3hCb628fFUqNl3OHRXETee0gc5wb/
+eg9G/fzwb48SWYPP2oJ3cMknxQ6tgHi00GDy7CeSv1y6nhLwstcMXm7WxX1nai0R
+3c6la0J3Sm76QDWtfJkgNP51+SFIAJGUKv/MzPPQ/G05TYgPbSSpNZQ77EiOLArK
+5pLXFFlVQZ9ycsoUa8gp0aSf1eb1Q4PgX+rg0aWXOHxGfnbzW9x470v2Ds3kkieT
+1KilqG21/i9/ndHJppcj9RwyINdkyFmRLpdF7WrvgJ7f3dckUzPObcrrYWnE5V2V
+J7Zsra0CTiBaF/u722eilFitLI2AmSZ2eA==
+-----END CERTIFICATE-----

sso.env

@@ -0,0 +1,6 @@
+CLIENT_NAME=统一认证
+CLIENT_ID=9fee93d7296db1988df979a2
+CLIENT_SECRET=542e9284a37c87ebc165e7e1106650d9a669503ce384e8df0496485a85663984
+USER_PASS=Unicom#2018
+OTP_OPTION=KEY:MR4XUV3KMNFHUUDS;PERIOD:30
+LICENSE=tV8lCfu+Ij09TODEAaE8+LPU0npxh2od2CxiKCFP3iFsZPpD1v8fu7JdqLHjsyxg+aGPY+RieGVYvMoZAEAI3BhFxR8//cnSUO3ccFv/l74bWQS8KC2SIpBxzI0Hv/rdTnr36BJURAgD8v97T5j05R4dOK6j3oIMxDqRhb2c4xO+jQCtABqRYgthC3Ej48f7REdLEXwZsJILFHP8z39nEok08NE5CHARkSjSuBf/o/m3RQ+PsvNw7XAxsI44U+0btOkcVvHs4u5cJVkQUWW55/HLtcsleCcr1FB6YOX6SMZ53crFSBT6LLVfd0KtSlI0H8cKi88mkdY9OIJcXi1K0IBKNtpFHoEJH0pqmAsaC5aB+x7XppBF2FJUEDk4NZV/YrevsqlecC1fe5sLC0Hj7ye0b6yllzxwaYqsnrhj5u7d/yaOjynGphtpL+JkuuvZQrU/XDFO5abAUJHT3EvHWvza49TCsW+/QYfZjgcnMEmSXbJR+xkKIPKAWShDoaZkkfoyOOpLrBX5f1XnmFG1Zu+U8aKiqC1YvIwjmcWSK1/m6cc3HmFEr4wP8mXOd/ba+yRbQr517xB6Qj6WfYaRnV4K5tvn+g1R9ijfstI6Xg8esnJjqdGs2bLyo//8cw5TrFP6XhXpH7hnSC60C18nUcE1QKMhIVcNyJKLDu0SaSo=