User Tools

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
services:grist [2025/01/22 14:51] – created willyservices:grist [2025/03/13 14:59] (current) – [Reverse Proxy] willy
Line 1: Line 1:
 ====== Grist ====== ====== Grist ======
  
-[[https://github.com/gristlabs/grist-core|Grist]] ...+[[https://github.com/gristlabs/grist-core|Grist]] Grist is a modern relational spreadsheetIt combines the flexibility of a spreadsheet with the robustness of a database.
  
 ==== Installation ==== ==== Installation ====
Line 23: Line 23:
       - GRIST_SESSION_SECRET=here_write_a_secret_passcode       - GRIST_SESSION_SECRET=here_write_a_secret_passcode
       - GRIST_DEFAULT_EMAIL=me@mydomain.com       - GRIST_DEFAULT_EMAIL=me@mydomain.com
-      - APP_HOME_URL=https://grist.mydomain.com/+      - GRIST_FORWARD_AUTH_HEADER=Remote-Email 
 +      - GRIST_PROXY_AUTH_HEADER=Remote-Email 
 +      - APP_HOME_URL=https://grist.mydomain.com 
 +      - APP_DOC_URL=https://grist.mydomain.com 
 +      - GRIST_IGNORE_SESSION=true    
     stdin_open: true     stdin_open: true
     tty: true     tty: true
Line 34: Line 38:
 </file> </file>
  
-Remember to set an available port (8484)!+Remember to set an available port (8484)! I have not been able to make grist run as user //grist// inside the container, it will run as user 1001. This is not an issue, just a cosmetic annoyance.
  
 Now pull it: Now pull it:
Line 44: Line 48:
 ==== Single Sign On ==== ==== Single Sign On ====
  
-...+Grist will happily inherit your SSO authentication from the reverse proxy, the key point are the following settings in your docker compose: 
 +<code> 
 +      - GRIST_FORWARD_AUTH_HEADER=Remote-Email 
 +      - GRIST_PROXY_AUTH_HEADER=Remote-Email 
 +      - GRIST_IGNORE_SESSION=true     
 +</code>
  
 +If you need //multiple// users, each one with it's own Grist user you will need to remove the GRIST_IGNORE_SESSION setting.
  
 ==== Reverse Proxy ==== ==== Reverse Proxy ====
Line 64: Line 74:
         error_log /var/log/nginx/grist.mydomain.com_error_log info;         error_log /var/log/nginx/grist.mydomain.com_error_log info;
  
-        location / { +        include "com.mydomain/authelia_location.conf"; 
-                proxy_pass http://127.0.0.1:8484/+ 
-        }+         location / { 
 +                include "com.mydomain/authelia_proxy.conf"; 
 +                include "com.mydomain/authelia_authrequest.conf"; 
 + 
 +                proxy_pass http://127.0.0.1:8484; 
 +                proxy_set_header Host $host; 
 +                proxy_set_header X-Real-IP $remote_addr; 
 +                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
 +                proxy_set_header X-Forwarded-Proto $scheme; 
 +                proxy_set_header Upgrade $http_upgrade; 
 +                proxy_set_header Connection "upgrade"; 
 +    }
 } }
 </file> </file>
 +
 +This will enable Authelia SSO (see [[selfhost:sso|here]] for your Grist installation as well.
  
  
Line 89: Line 112:
 rc-service user-containers.grist start rc-service user-containers.grist start
 </code> </code>
- 
- 
-==== Reset password ==== 
- 
-Actual budget relies on a single password for authentication. If you need to replace it, these are the commands. 
- 
-You can find your container ID with: 
-<code bash> 
-podman ps 
-</code> 
- 
-<code> 
-su - actualbuget 
-podman exec -it <<container-id>> /bin/sh 
-</code> 
- 
-Then type: 
-<code> 
-node /app/src/scripts/reset-password.js 
-</code> 
- 
  

This website uses technical cookies only. No information is shared with anybody or used in any way but provide the website in your browser.

More information