Add documentation (#110)

docs/administration/fail2ban-setup.md

@@ -0,0 +1,29 @@
+# Fail2ban setup
+
+Fail2ban can be used to ban IPs that try to bruteforce the login page.
+Log level must be set at least to `warn`.
+
+Add this filter in `etc/fail2ban/filter.d/opengist.conf` :
+```ini
+[Definition]
+failregex =  Invalid .* authentication attempt from <HOST>
+ignoreregex =
+```
+
+Add this jail in `etc/fail2ban/jail.d/opengist.conf` :
+```ini
+[opengist]
+enabled = true
+filter = opengist
+logpath = /home/*/.opengist/log/opengist.log
+maxretry = 10
+findtime = 3600
+bantime = 600
+banaction = iptables-allports
+port = anyport
+```
+
+Then run
+```shell
+service fail2ban restart
+```

docs/administration/nginx-reverse-proxy.md

@@ -0,0 +1,22 @@
+# Use Nginx as a reverse proxy
+
+Configure Nginx to proxy requests to Opengist. Here is an example configuration file :
+```
+server {
+    listen 80;
+    server_name opengist.example.com;
+
+    location / {
+        proxy_pass http://127.0.0.1:6157;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+}
+```
+
+Then run :
+```shell
+service nginx restart
+```

docs/administration/oauth-providers.md

@@ -0,0 +1,39 @@
+# Use OAuth providers
+
+Opengist can be configured to use OAuth to authenticate users, with GitHub, Gitea, or OpenID Connect.
+
+## Github
+
+* Add a new OAuth app in your [Github account settings](https://github.com/settings/applications/new)
+* Set 'Authorization callback URL' to `http://opengist.domain/oauth/github/callback`
+* Copy the 'Client ID' and 'Client Secret' and add them to the [configuration](/docs/configuration/cheat-sheet.md) :
+  ```yaml
+  github.client-key: <key>
+  github.secret: <secret>
+  ```
+
+
+## Gitea
+
+* Add a new OAuth app in Application settings from the [Gitea instance](https://gitea.com/user/settings/applications)
+* Set 'Redirect URI' to `http://opengist.domain/oauth/gitea/callback`
+* Copy the 'Client ID' and 'Client Secret' and add them to the [configuration](/docs/configuration/cheat-sheet.md) :
+  ```yaml
+  gitea.client-key: <key>
+  gitea.secret: <secret>
+  # URL of the Gitea instance. Default: https://gitea.com/
+  gitea.url: http://localhost:3000
+  ```
+
+
+## OpenID Connect
+
+* Add a new OAuth app in Application settings of your OIDC provider
+* Set 'Redirect URI' to `http://opengist.domain/oauth/openid-connect/callback`
+* Copy the 'Client ID', 'Client Secret', and the discovery endpoint, and add them to the [configuration](/docs/configuration/cheat-sheet.md) :
+  ```yaml
+  oidc.client-key: <key>
+  oidc.secret: <secret>
+  # Discovery endpoint of the OpenID provider. Generally something like http://auth.example.com/.well-known/openid-configuration
+  oidc.discovery-url: http://auth.example.com/.well-known/openid-configuration
+  ```