### Install Frontend Dependencies and Build Source: https://docs.discopanel.app/getting-started/build-from-source Navigate to the web directory, install Node.js dependencies, and build the frontend assets. ```bash cd web/discopanel && npm install && npm run build && cd ../.. ``` -------------------------------- ### Full DiscoPanel Configuration File Example Source: https://docs.discopanel.app/configuration A comprehensive example of a `config.yaml` file, illustrating all available configuration options for DiscoPanel, including server, database, Docker, storage, authentication, upload, module, and proxy settings. ```yaml # DiscoPanel Configuration File # This file contains all configuration options for DiscoPanel # # These can all be set via env, like we do in our docker compose example(s). For example: # # server: # port: "8080" # # - is the same as - # # DISCOPANEL_SERVER_PORT="8080" # Server configuration for the DiscoPanel application itself server: port: "8080" host: "0.0.0.0" read_timeout: 15 write_timeout: 15 idle_timeout: 60 user_agent: "DiscoPanel/1.0 (github.com/nickheyer/discopanel)" # Database configuration database: path: "./data/discopanel.db" max_connections: 25 max_idle_conns: 5 conn_max_lifetime: 300 # Docker configuration docker: host: "unix:///var/run/docker.sock" version: "" network_name: "discopanel-network" registry_url: "" sync_interval: 5 # Seconds between docker state sync # Storage configuration storage: data_dir: "./data" backup_dir: "./backups" temp_dir: "./tmp" max_upload_size: 524288000 # 500MB in bytes # Authentication configuration auth: session_timeout: 86400 # default: 24 hours anonymous_access: false # Allow unauthenticated access jwt_secret: "" # Leave empty to auto-generate # Local authentication (login via discopanel web ui) local: enabled: true # Enable local allow_registration: false # Allow new users to register themselves via login # OIDC authentication (login via OIDC-compliant provider, ie: keycloak, authelia, authentik, etc.) oidc: enabled: false issuer_uri: "" # OIDC Provider url (ie: http://authelia.local:9091, http://localhost:8180/realms/discopanel, etc.) client_id: "" # Client ID registered with your OIDC (like "discopanel") client_secret: "" # Client secret registered with your OIDC redirect_url: "" # Where OIDC sends users after login (ie: "http://localhost:8080/api/v1/auth/oidc/callback") scopes: ["openid", "profile", "email"] role_claim: "groups" # The token claim that contains the user's groups (usually "groups") role_mapping: {} # Mapping to groups if they arent the same name as discopanels (ie: {"my-admins": "admin", "my-users": "user"}) skip_tls_verify: false # Skip TLS certificate verification (for self-signed certs) # Upload configuration upload: session_ttl: 240 # Upload session time-to-live in minutes (default: 4 hours) default_chunk_size: 5242880 # 5MB default chunk size (client can override) max_chunk_size: 10485760 # 10MB max chunk size (server enforced) max_upload_size: 0 # Max total upload size in bytes (0 = unlimited) # Module configuration module: enabled: true port_range_min: 8100 port_range_max: 8199 # Proxy configuration - ENABLE THIS FOR MINECRAFT ROUTING proxy: enabled: true base_url: "mc.example.com" # Your domain for Minecraft servers listen_port: 25565 # Primary port to listen on (can also use 443) listen_ports: [25565] # Multiple ports to listen on (listen_port will be added if not present) port_range_min: 25565 port_range_max: 25665 # Example usage: # With proxy enabled and base_url set to "mc.example.com": # - Server named "survival" → Connect via: survival.mc.example.com:25565 # - Server named "creative" → Connect via: creative.mc.example.com:25565 # - Server named "modded" → Connect via: modded.mc.example.com:25565 # # All servers use the same port (25565) and are routed based on hostname! # # DNS Setup Required: # Add a wildcard DNS record: *.mc.example.com → Your server's IP # Or add individual A records for each server subdomain ``` -------------------------------- ### Start DiscoPanel and Authelia Docker Compose Stack Source: https://docs.discopanel.app/guides/oidc/authelia Navigate to the Authelia OIDC directory and start the Docker Compose stack to launch DiscoPanel with Authelia authentication. ```bash cd oidc/authelia docker compose up -d ``` -------------------------------- ### Start Keycloak Stack Source: https://docs.discopanel.app/guides/oidc/keycloak Commands to navigate to the OIDC directory and initialize the Docker Compose services. ```bash cd oidc/keycloak docker compose up -d ``` -------------------------------- ### Environment Variable Configuration Example Source: https://docs.discopanel.app/configuration Demonstrates how to set the server port using an environment variable. This format is equivalent to nested keys in the YAML config file. ```yaml DISCOPANEL_SERVER_PORT="8080" ``` -------------------------------- ### Start DiscoPanel with Discord OIDC Source: https://docs.discopanel.app/guides/oidc/discord Commands to navigate to the Discord OIDC directory and launch the stack using Docker Compose. ```bash cd oidc/discord docker compose up -d ``` -------------------------------- ### Install DiscoPanel on Proxmox VE Source: https://docs.discopanel.app/getting-started/proxmox Executes the helper script from the Proxmox host shell to create a Debian 13 LXC container with all dependencies pre-installed. ```bash bash -c "$(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/ct/discopanel.sh)" ``` -------------------------------- ### Navigate to Google OIDC Directory Source: https://docs.discopanel.app/guides/oidc/google Change directory to the Google OIDC configuration folder before starting the Docker Compose stack. ```bash cd oidc/google docker compose up -d ``` -------------------------------- ### Configure Data Directory in YAML Source: https://docs.discopanel.app/getting-started/build-from-source Example of how to set the data directory for DiscoPanel storage within its YAML configuration file. ```yaml storage: data_dir: /your/path # Default: ./data (relative to working directory) ``` -------------------------------- ### Spin up DiscoPanel Service Source: https://docs.discopanel.app/getting-started/docker-compose Command to start the DiscoPanel service in detached mode using Docker Compose. ```bash docker compose up -d ``` -------------------------------- ### Define Authelia Users Source: https://docs.discopanel.app/guides/oidc/authelia Example configuration for the Authelia user database, including the default admin user. ```yaml --- # DiscoPanel - Authelia Users # # Do NOT use default admin in production. # Default login is "admin" / "admin" # # To generate a new password hash: # # docker run --rm authelia/authelia:latest \ # authelia crypto hash generate argon2 \ # --password 'your-password-here' users: admin: # username disabled: false displayname: 'Discopanel Admin' password: '$argon2id$v=19$m=65536,t=3,p=4$9X6yDiM/+/Wi1dBCzPGftw$7hqUauLP/Hh9Z5KlLQn/2IVNdX+/vbWLFgz/i+TtchI' # password (hash of "admin") email: 'admin@discopanel.local' groups: - 'admin' ``` -------------------------------- ### Discopanel Realm Configuration JSON Source: https://docs.discopanel.app/guides/oidc/keycloak This JSON defines the Keycloak realm configuration for Discopanel. It includes client setup, role and group definitions, protocol mappers for token claims, and a default admin user. This configuration is automatically imported on first start via `--import-realm`. ```json { "realm": "discopanel", "enabled": true, "registrationAllowed": false, "resetPasswordAllowed": true, "loginWithEmailAllowed": true, "duplicateEmailsAllowed": false, "sslRequired": "none", "roles": { "realm": [ { "name": "admin", "description": "DiscoPanel administrator" }, { "name": "user", "description": "DiscoPanel user" } ] }, "groups": [ { "name": "admin", "realmRoles": ["admin"] }, { "name": "user", "realmRoles": ["user"] } ], "defaultGroups": ["user"], "clients": [ { "clientId": "discopanel", "enabled": true, "protocol": "openid-connect", "publicClient": false, "secret": "discopanel-dev-secret", "standardFlowEnabled": true, "directAccessGrantsEnabled": false, "serviceAccountsEnabled": false, "redirectUris": [ "http://localhost:8080/*", "http://localhost:5173/*" ], "webOrigins": [ "http://localhost:8080", "http://localhost:5173" ], "defaultClientScopes": [ "openid", "profile", "email", "roles" ], "protocolMappers": [ { "name": "groups", "protocol": "openid-connect", "protocolMapper": "oidc-group-membership-mapper", "config": { "full.path": "false", "introspection.token.claim": "true", "userinfo.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "groups", "jsonType.label": "String" } }, { "name": "realm-roles", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-realm-role-mapper", "config": { "introspection.token.claim": "true", "userinfo.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "roles", "jsonType.label": "String", "multivalued": "true" } } ] } ], "users": [ { "username": "admin", "enabled": true, "email": "admin@discopanel.local", "emailVerified": true, "firstName": "Disco", "lastName": "Admin", "credentials": [ { "type": "password", "value": "admin", "temporary": false } ], "groups": ["admin", "user"] } ] } ``` -------------------------------- ### Configure Role Mapping with Hosted Domain Source: https://docs.discopanel.app/guides/oidc/google Set DISCOPANEL_AUTH_OIDC_ROLE_CLAIM to 'hd' to use the hosted domain claim for role assignment. This example maps the 'yourdomain.com' domain to the 'admin' role. ```bash - DISCOPANEL_AUTH_OIDC_ROLE_CLAIM=hd - DISCOPANEL_AUTH_OIDC_ROLE_MAPPING={"yourdomain.com":"admin"} ``` -------------------------------- ### DiscoPanel Docker Compose Configuration Source: https://docs.discopanel.app/getting-started/docker-compose This is the recommended Docker Compose file for running DiscoPanel. It includes service definitions, network modes, volume mounts for data persistence, and environment variables for configuration. Ensure volume paths match your host system's setup. ```yaml services: discopanel: image: nickheyer/discopanel:latest container_name: discopanel restart: unless-stopped # Option 1 (RECOMENDED FOR SIMPLICITY): Use host network mode network_mode: host # Option 2 (MORE COMPLICATED, ONLY USE IF YOU NEEDED): Use bridge mode with port mapping (default) # # NOTE: Only specify minecraft server ports (25565 ... etc) for proxied minecraft servers using a hostname. # Discopanel will automatically expose ports needed on the managed minecraft server instances. In other # words, only the discopanel web port is needed + proxy port(s). # ports: # - "8080:8080" # DiscoPanel web interface # - "25565:25565" # Minecraft port/proxy-port # - "25565-25665:25565-25665/tcp" # Additional ports/proxy-ports if needed # - "25565-25665:25565-25665/udp" # Also map UDP for some Minecraft features volumes: # Docker socket for managing containers # NOTE FOR FEDORA/RHEL/CENTOS/ETC.: SE Linux requires :z to be added as a suffix to volume mounts. EX: - /var/run/docker.sock:/var/run/docker.sock:z - /var/run/docker.sock:/var/run/docker.sock # IMPORTANT: This is where your server(s) data will be stored on the host. # You can set this to any path you'd like, but the path must exist AND you must use the same # absolute paths below for the below env vars (in the environment section at the bottom). Example: # DISCOPANEL_DATA_DIR=/app/data # DISCOPANEL_HOST_DATA_PATH=/opt/discopanel/data # (See environment) - /opt/discopanel/data:/app/data - /opt/discopanel/backups:/app/backups - /tmp/discopanel:/app/tmp # Configuration file, uncomment if you are using a config file (optional, see config.example.yaml for all available options). #- ./config.yaml:/app/config.yaml:ro environment: - DISCOPANEL_DATA_DIR=/app/data # IMPORTANT: THIS MUST BE SET TO THE SAME PATH AS THE SERVER DATA PATH IN "volumes" above - DISCOPANEL_HOST_DATA_PATH=/opt/discopanel/data - TZ=UTC # ── Authentication ────────────────────────── # Local auth (username/password) is on by default. # You create your first admin account on first login. # # Want to let new users sign up on their own? # - DISCOPANEL_AUTH_LOCAL_ALLOW_REGISTRATION=true # # Want single sign-on (OIDC) with Keycloak, Authelia, etc? # See the oidc/ folder for examples. # DONT FORGET THIS extra_hosts: - "host.docker.internal:host-gateway" ``` -------------------------------- ### Change Password using Curl Source: https://docs.discopanel.app/api Example of how to change a user's password using a curl command. Ensure to replace placeholders with actual values. ```shell curl -X POST \ 'https://your-discopanel-domain.com/discopanel.v1.AuthService/ChangePassword' \ -H 'Authorization: Bearer YOUR_SESSION_TOKEN_OR_API_TOKEN' \ -H 'Content-Type: application/json' \ -d '{ "oldPassword": "your_old_password", "newPassword": "your_new_password" }' ``` -------------------------------- ### SELinux Volume Mount Suffix Source: https://docs.discopanel.app/getting-started/docker-compose On systems like Fedora, RHEL, or CentOS, SELinux may require a ':z' suffix for volume mounts to ensure proper access. This example shows how to apply it to the Docker socket volume. ```bash - /var/run/docker.sock:/var/run/docker.sock:z ``` -------------------------------- ### Run DiscoPanel with Default Configuration Source: https://docs.discopanel.app/getting-started/prebuilt-binaries Execute the DiscoPanel binary using its default configuration file, which is ./config.yaml if it exists. ```bash ./discopanel ``` -------------------------------- ### Build Go Binary with Embedded Frontend Source: https://docs.discopanel.app/getting-started/build-from-source Compile the Go application, embedding the built frontend assets directly into the binary. ```bash go build -o discopanel cmd/discopanel/main.go ``` -------------------------------- ### Run DiscoPanel with a Specific Configuration File Source: https://docs.discopanel.app/getting-started/prebuilt-binaries Execute the DiscoPanel binary and specify a custom configuration file path using the -config flag. ```bash ./discopanel -config /path/to/config.yaml ``` -------------------------------- ### Clone Repo and Generate Protobuf Code Source: https://docs.discopanel.app/getting-started/build-from-source Clone the DiscoPanel repository and generate Go and TypeScript protobuf code using Make and Docker's buf. ```bash git clone https://github.com/nickheyer/discopanel.git cd discopanel # Generate protobuf code (Go + TypeScript) via Docker buf make gen ``` -------------------------------- ### Docker Compose Configuration Source: https://docs.discopanel.app/guides/oidc/keycloak Complete docker-compose.yml file defining the DiscoPanel, Keycloak, and PostgreSQL services with OIDC authentication enabled. ```yaml # DiscoPanel + Keycloak (OIDC) # # This is a complete docker-compose with OIDC authentication pre-configured using Keycloak. # # Keycloak takes ~30-60 seconds to start. DiscoPanel waits for it. # # Keycloak Admin UI (See KC_BOOTSTRAP_ADMIN_USERNAME/KC_BOOTSTRAP_ADMIN_PASSWORD below): http://localhost:8180/admin services: discopanel: build: context: ../../ dockerfile: docker/Dockerfile.discopanel #image: nickheyer/discopanel:dev container_name: discopanel restart: unless-stopped network_mode: host volumes: - /var/run/docker.sock:/var/run/docker.sock - /tmp/discopanel:/app/data environment: - DISCOPANEL_DATA_DIR=/app/data - DISCOPANEL_HOST_DATA_PATH=/tmp/discopanel - TZ=UTC # ------------------------------------ AUTH CONFIG STARTS HERE FOR DISCOPANEL + KEYCLOAK ------------------------------------ - DISCOPANEL_AUTH_LOCAL_ENABLED=true - DISCOPANEL_AUTH_OIDC_ENABLED=true # ONLY CHANGE THIS IF YOU ARE HOSTING OIDC ON ANOTHER MACHINE OR WITH A DIFFERENT "realm" NAME - DISCOPANEL_AUTH_OIDC_ISSUER_URI=http://localhost:8180/realms/discopanel # ONLY CHANGE THIS IF YOUR CLIENT NAME IS DIFFERENT - DISCOPANEL_AUTH_OIDC_CLIENT_ID=discopanel # YOU SHOULD CHANGE THIS HERE AS WELL AS IN oidc/keycloak/config/realm.json (inside the clients object) - DISCOPANEL_AUTH_OIDC_CLIENT_SECRET=discopanel-dev-secret # YOU SHOULD CHANGE "localhost:8080" TO WHATEVER YOUR PUBLIC DOMAIN IS FOR DISCOPANEL (ie: https://mypanel.com/api/v1/auth/oidc/callback) - DISCOPANEL_AUTH_OIDC_REDIRECT_URL=http://localhost:8080/api/v1/auth/oidc/callback - DISCOPANEL_AUTH_OIDC_ROLE_CLAIM=groups depends_on: keycloak: condition: service_healthy keycloak: image: quay.io/keycloak/keycloak:26.1 container_name: keycloak command: start-dev --import-realm volumes: # THIS IS AN EXAMPLE REALM CONFIG, MODIFY AS NEEDED (WHICH MAY REQUIRE MODIFYING DISCOPANEL CONFIG TO MATCH, SEE ABOVE) - ./config/realm.json:/opt/keycloak/data/import/realm.json:ro environment: # KEYCLOAK ADMIN LOGIN CREDENTIALS - CHANGE THESE!!!!! - KC_BOOTSTRAP_ADMIN_USERNAME=admin - KC_BOOTSTRAP_ADMIN_PASSWORD=admin # KEYCLOAK DATABASE CONFIG, DONT CHANGE THESE UNLESS YOU KNOW WHAT YOU ARE DOING OR USING EXISTING DATABASE - KC_DB=postgres - KC_DB_URL_HOST=keycloak-db - KC_DB_URL_DATABASE=keycloak - KC_DB_USERNAME=keycloak - KC_DB_PASSWORD=keycloak # MISC KEYCLOAK CONFIGS - KC_HOSTNAME_STRICT=false - KC_HTTP_ENABLED=true - KC_HEALTH_ENABLED=true - KC_PROXY_HEADERS=xforwarded ports: - "8180:8080" healthcheck: test: ["CMD-SHELL", "exec 3<>/dev/tcp/127.0.0.1/9000; echo -e 'GET /health/ready HTTP/1.1\r\nHost: localhost\r\nConnection: close\r\n\r\n' >&3; timeout 2 cat <&3 | grep -q '200 OK'"] interval: 20s timeout: 5s retries: 12 start_period: 30s depends_on: keycloak-db: condition: service_healthy keycloak-db: image: postgres:17-alpine container_name: keycloak-db environment: - POSTGRES_DB=keycloak - POSTGRES_USER=keycloak - POSTGRES_PASSWORD=keycloak volumes: - keycloak-db-data:/var/lib/postgresql/data healthcheck: test: ["CMD-SHELL", "pg_isready -U keycloak"] interval: 10s timeout: 3s retries: 5 volumes: keycloak-db-data: ``` -------------------------------- ### AuthService - CreateInvite Source: https://docs.discopanel.app/api Creates an invitation for a new user. ```APIDOC ## POST /discopanel.v1.AuthService/CreateInvite ### Description Creates an invitation for a new user. ### Method POST ### Endpoint /discopanel.v1.AuthService/CreateInvite ### Request Body - **email** (string) - Required - The email address of the invited user. - **role** (string) - Optional - The role to assign to the invited user. ### Request Example ```json { "email": "user@example.com", "role": "admin" } ``` ### Response #### Success Response (200) - **inviteId** (string) - The ID of the created invitation. #### Response Example ```json { "inviteId": "invite_abc123" } ``` ``` -------------------------------- ### DiscoPanel and Authelia Docker Compose Configuration Source: https://docs.discopanel.app/guides/oidc/authelia This Docker Compose file sets up DiscoPanel with Authelia for OIDC authentication. It includes environment variables for DiscoPanel to connect to Authelia and specifies volume mounts for configuration files. Note that default users and secrets should be changed for production environments. ```yaml # DiscoPanel + Authelia (OIDC) # # This is a complete docker-compose with OIDC authentication pre-configured using Authelia. # # NOTE #1: Default users should be changed (SEE oidc/authelia/config/users_database.yml). # Passwords are stored as hash, see instructions. Use same hash cmd for secret below (when setting in oidc/authelia/config/configuration.yaml) if needed. # # NOTE #2: Authelia is generally intended to be used with a proxy like traefik. Plenty of guides online for that. # Feel free to throw away the example configuration.yml and users_database.yml !!!! Just make sure groups are included in claims. services: discopanel: image: nickheyer/discopanel:dev container_name: discopanel restart: unless-stopped network_mode: host volumes: - /var/run/docker.sock:/var/run/docker.sock - /tmp/discopanel:/app/data environment: - DISCOPANEL_DATA_DIR=/app/data - DISCOPANEL_HOST_DATA_PATH=/tmp/discopanel - TZ=UTC # ------------------------------------ AUTH CONFIG STARTS HERE FOR DISCOPANEL + AUTHELIA ------------------------------------ - DISCOPANEL_AUTH_LOCAL_ENABLED=true - DISCOPANEL_AUTH_OIDC_ENABLED=true # MUST MATCH oidc/authelia/config/configuration.yaml - DISCOPANEL_AUTH_OIDC_ISSUER_URI=https://authelia.traefik.me:9091 # ONLY CHANGE THIS IF YOUR CLIENT NAME IS DIFFERENT - DISCOPANEL_AUTH_OIDC_CLIENT_ID=discopanel # YOU SHOULD CHANGE THIS HERE AS WELL AS THE HASHED ONE IN oidc/authelia/config/configuration.yaml (inside the identity_providers.client) - DISCOPANEL_AUTH_OIDC_CLIENT_SECRET=discopanel-dev-secret # YOU SHOULD CHANGE "localhost:8080" TO WHATEVER YOUR PUBLIC DOMAIN IS FOR DISCOPANEL (ie: https://mypanel.com/api/v1/auth/oidc/callback) - DISCOPANEL_AUTH_OIDC_REDIRECT_URL=http://localhost:8080/api/v1/auth/oidc/callback - DISCOPANEL_AUTH_OIDC_ROLE_CLAIM=groups # SKIPPING TLS VERIFY HERE BECAUSE TLS CERTS ARE SELF SIGNED. IF USING YOUR OWN CERTS (in authelia mounts), REMOVE THIS. - DISCOPANEL_AUTH_OIDC_SKIP_TLS_VERIFY=true depends_on: authelia: condition: service_healthy authelia: image: authelia/authelia:latest container_name: authelia volumes: - ./config/configuration.yml:/config/configuration.yml:ro - ./config/users_database.yml:/config/users_database.yml:ro - ./config/tls.crt:/config/tls.crt:ro # THE INCLUDED CERT IS SELF SIGNED - ./config/tls.key:/config/tls.key:ro ports: - "9091:9091" healthcheck: test: ["CMD", "wget", "--no-check-certificate", "--spider", "https://localhost:9091/api/health"] interval: 5s timeout: 3s retries: 10 start_period: 10s environment: - TZ=UTC ``` -------------------------------- ### Configure DiscoPanel with Google OIDC Source: https://docs.discopanel.app/guides/oidc/google This Docker Compose configuration sets up DiscoPanel to use Google as an OIDC provider. Ensure you replace placeholder values with your actual Google OAuth Client ID and Client Secret. The redirect URL must match your Google Cloud Console configuration. ```yaml # DiscoPanel + Google (OIDC) # # This is a complete docker-compose with OIDC authentication pre-configured using Google as the identity provider. # # Unlike Keycloak/Authelia examples, Google is an external provider - no IdP container needed. # # PREREQUISITES: # 1. Go to https://console.cloud.google.com/apis/credentials # 2. Create or select a project # 3. Click "Create Credentials" > "OAuth client ID" # 4. Application type: "Web application" # 5. Authorized redirect URIs: add "http://localhost:8080/api/v1/auth/oidc/callback" # 6. Copy the Client ID and Client Secret into the environment variables below # # NOTE ON ROLES: # Google does not include a "groups" claim in its ID token by default. # Users will be assigned DiscoPanel's default roles on first login. # To promote a user to admin, use the DiscoPanel UI after they log in. # # If you use Google Workspace and want automatic role mapping, you can: # - Use "hd" (hosted domain) as DISCOPANEL_AUTH_OIDC_ROLE_CLAIM with a role mapping # - Or use Google Workspace Admin SDK to populate a custom claim via middleware # - See: https://developers.google.com/identity/openid-connect/openid-connect services: discopanel: build: context: ../../ dockerfile: docker/Dockerfile.discopanel #image: nickheyer/discopanel:dev container_name: discopanel restart: unless-stopped network_mode: host volumes: - /var/run/docker.sock:/var/run/docker.sock - /tmp/discopanel:/app/data environment: - DISCOPANEL_DATA_DIR=/app/data - DISCOPANEL_HOST_DATA_PATH=/tmp/discopanel - TZ=UTC # ------------------------------------ AUTH CONFIG STARTS HERE FOR DISCOPANEL + GOOGLE ------------------------------------ - DISCOPANEL_AUTH_LOCAL_ENABLED=true - DISCOPANEL_AUTH_OIDC_ENABLED=true # GOOGLE OIDC ISSUER - DO NOT CHANGE - DISCOPANEL_AUTH_OIDC_ISSUER_URI=https://accounts.google.com # PASTE YOUR GOOGLE OAUTH CLIENT ID HERE (from Google Cloud Console) - DISCOPANEL_AUTH_OIDC_CLIENT_ID=REPLACE_ME.apps.googleusercontent.com # PASTE YOUR GOOGLE OAUTH CLIENT SECRET HERE (from Google Cloud Console) - DISCOPANEL_AUTH_OIDC_CLIENT_SECRET=GOCSPX-REPLACE_ME # FOR LOCAL DEV: Google allows http://localhost redirects without HTTPS. # FOR PRODUCTION: Google requires HTTPS - change to your public domain (ie: https://mypanel.com/api/v1/auth/oidc/callback) # THIS MUST MATCH EXACTLY WHAT YOU ENTERED IN GOOGLE CLOUD CONSOLE UNDER "Authorized redirect URIs" - DISCOPANEL_AUTH_OIDC_REDIRECT_URL=http://localhost:8080/api/v1/auth/oidc/callback # Google does not provide a "groups" claim by default. # Leave empty to skip automatic role mapping - users get default roles and can be promoted manually. # If using Google Workspace, you can set this to "hd" and add a role mapping (see below). - DISCOPANEL_AUTH_OIDC_ROLE_CLAIM= # OPTIONAL: Map Google Workspace domain to a DiscoPanel role. # Uncomment and modify if using "hd" as ROLE_CLAIM above: # - DISCOPANEL_AUTH_OIDC_ROLE_MAPPING={"yourdomain.com":"admin"} ``` -------------------------------- ### AuthService - Register Source: https://docs.discopanel.app/api Registers a new user. ```APIDOC ## POST /discopanel.v1.AuthService/Register ### Description Registers a new user. ### Method POST ### Endpoint /discopanel.v1.AuthService/Register ### Request Body - **username** (string) - Required - The desired username. - **email** (string) - Required - The user's email address. - **password** (string) - Required - The user's password. ### Request Example ```json { "username": "newuser", "email": "newuser@example.com", "password": "securepassword" } ``` ### Response #### Success Response (200) - **userId** (string) - The ID of the newly registered user. #### Response Example ```json { "userId": "user_456" } ``` ``` -------------------------------- ### Configure DiscoPanel Storage Data Directory Source: https://docs.discopanel.app/getting-started/prebuilt-binaries Set the DiscoPanel storage data directory using a configuration file. The default is ./data relative to the working directory. ```yaml storage: data_dir: /your/path ``` -------------------------------- ### AuthService - CreateAPIToken Source: https://docs.discopanel.app/api Creates a new API token for the authenticated user. ```APIDOC ## POST /discopanel.v1.AuthService/CreateAPIToken ### Description Creates a new API token. ### Method POST ### Endpoint /discopanel.v1.AuthService/CreateAPIToken ### Request Body - **name** (string) - Required - The name of the API token. - **permissions** (array) - Optional - A list of permissions for the API token. ### Request Example ```json { "name": "MyAPIToken", "permissions": ["read", "write"] } ``` ### Response #### Success Response (200) - **token** (string) - The newly created API token. #### Response Example ```json { "token": "dp_abcdef1234567890" } ``` ``` -------------------------------- ### DiscoPanel OIDC Configuration - Basic Source: https://docs.discopanel.app/guides/oidc/discord Enables OIDC authentication with Discord. Requires client ID, secret, and a redirect URL matching the Discord Developer Portal. ```env DISCOPANEL_AUTH_LOCAL_ENABLED=true DISCOPANEL_AUTH_OIDC_ENABLED=true DISCOPANEL_AUTH_OIDC_ISSUER_URI=https://discord.com DISCOPANEL_AUTH_OIDC_CLIENT_ID=REPLACE_ME DISCOPANEL_AUTH_OIDC_CLIENT_SECRET=REPLACE_ME DISCOPANEL_AUTH_OIDC_SCOPES=openid,identify,email DISCOPANEL_AUTH_OIDC_REDIRECT_URL=http://localhost:8080/api/v1/auth/oidc/callback ``` -------------------------------- ### AuthService - ListInvites Source: https://docs.discopanel.app/api Lists all pending invitations. ```APIDOC ## POST /discopanel.v1.AuthService/ListInvites ### Description Lists all invitations. ### Method POST ### Endpoint /discopanel.v1.AuthService/ListInvites ### Response #### Success Response (200) - **invites** (array) - A list of invitations. - **id** (string) - The invitation ID. - **email** (string) - The invited user's email. - **status** (string) - The status of the invitation. #### Response Example ```json { "invites": [ { "id": "invite_abc123", "email": "user@example.com", "status": "pending" } ] } ``` ``` -------------------------------- ### Map Discord roles to DiscoPanel roles Source: https://docs.discopanel.app/guides/oidc/discord Configure environment variables to map specific Discord role IDs to internal DiscoPanel roles, optionally rejecting unmapped users. ```bash - DISCOPANEL_AUTH_OIDC_SCOPES=openid,identify,email,guilds.members.read - DISCOPANEL_AUTH_OIDC_EXTRA_CLAIMS_URL=https://discord.com/api/users/@me/guilds/YOUR_GUILD_ID/member - DISCOPANEL_AUTH_OIDC_EXTRA_CLAIMS_KEY=roles - DISCOPANEL_AUTH_OIDC_EXTRA_CLAIMS_NAME=discord_roles - DISCOPANEL_AUTH_OIDC_ROLE_CLAIM=discord_roles - DISCOPANEL_AUTH_OIDC_ROLE_MAPPING={"DISCORD_ROLE_ID":"admin","OTHER_ROLE_ID":"moderator"} - DISCOPANEL_AUTH_OIDC_REJECT_UNMAPPED=true ``` -------------------------------- ### Authelia Configuration for DiscoPanel Source: https://docs.discopanel.app/guides/oidc/authelia This is the Authelia configuration file used for development and testing with DiscoPanel. It sets up the server address, TLS certificates, logging level, TOTP issuer, and identity validation secrets. For production, all secrets should be changed, and new keys generated. ```yaml --- # DiscoPanel - Authelia Configuration # # This config is ready to use for development/testing. # For production, change ALL secrets and generate new keys. server: address: 'tcp://:9091' tls: certificate: '/config/tls.crt' key: '/config/tls.key' log: level: 'info' totp: issuer: 'discopanel' identity_validation: reset_password: jwt_secret: 'discopanel-dev-jwt-reset-secret-change-me-in-production' ``` -------------------------------- ### AuthService - Login Source: https://docs.discopanel.app/api Logs in a user using their credentials. ```APIDOC ## POST /discopanel.v1.AuthService/Login ### Description Logs in a user. ### Method POST ### Endpoint /discopanel.v1.AuthService/Login ### Request Body - **username** (string) - Required - The user's username. - **password** (string) - Required - The user's password. ### Request Example ```json { "username": "testuser", "password": "password123" } ``` ### Response #### Success Response (200) - **sessionToken** (string) - The session token for the authenticated user. #### Response Example ```json { "sessionToken": "session_abcdef123456" } ``` ``` -------------------------------- ### Configure Server Port in YAML Source: https://docs.discopanel.app/faq YAML configuration snippet to change the server port in config.yaml. ```yaml server: port: "8080" ``` -------------------------------- ### AuthService - GetAuthConfig Source: https://docs.discopanel.app/api Retrieves the current authentication configuration. ```APIDOC ## POST /discopanel.v1.AuthService/GetAuthConfig ### Description Retrieves the authentication configuration. ### Method POST ### Endpoint /discopanel.v1.AuthService/GetAuthConfig ### Response #### Success Response (200) - **config** (object) - The authentication configuration details. - **localAuthEnabled** (boolean) - Whether local authentication is enabled. - **oidcEnabled** (boolean) - Whether OIDC authentication is enabled. #### Response Example ```json { "config": { "localAuthEnabled": true, "oidcEnabled": false } } ``` ``` -------------------------------- ### Configure OIDC Client for DiscoPanel Source: https://docs.discopanel.app/guides/oidc/authelia Defines the OIDC client settings within the Authelia configuration, including redirect URIs, scopes, and grant types. ```yaml allowed_origins_from_client_redirect_uris: true clients: - client_id: 'discopanel' client_name: 'DiscoPanel' # Plaintext secret: discopanel-dev-secret client_secret: '$pbkdf2-sha512$310000$rjIc/fKRSBnSAe/FKJa.aQ$KIJjfQsCOexmk52nLb73HmJrcMkiDl3GRuWWpmdJN.talWSB.p7cq7zbiiVj4P0xV3YMeJtdlMfzWSVU2XSblw' public: false authorization_policy: 'one_factor' claims_policy: 'discopanel' redirect_uris: - 'http://localhost:8080/api/v1/auth/oidc/callback' - 'http://localhost:5173/api/v1/auth/oidc/callback' scopes: - 'openid' - 'profile' - 'email' - 'groups' - 'offline_access' grant_types: - 'authorization_code' - 'refresh_token' response_types: - 'code' response_modes: - 'query' - 'form_post' token_endpoint_auth_method: 'client_secret_basic' ``` -------------------------------- ### AuthService - ListAPITokens Source: https://docs.discopanel.app/api Lists all API tokens associated with the current user. ```APIDOC ## POST /discopanel.v1.AuthService/ListAPITokens ### Description Lists all API tokens. ### Method POST ### Endpoint /discopanel.v1.AuthService/ListAPITokens ### Response #### Success Response (200) - **tokens** (array) - A list of API tokens. - **id** (string) - The token ID. - **name** (string) - The token name. - **createdAt** (string) - The timestamp when the token was created. #### Response Example ```json { "tokens": [ { "id": "token_xyz789", "name": "MyAPIToken", "createdAt": "2023-10-27T10:00:00Z" } ] } ``` ``` -------------------------------- ### DiscoPanel OIDC Configuration - Role Mapping Source: https://docs.discopanel.app/guides/oidc/discord Maps Discord server roles to DiscoPanel roles and restricts access to guild members. Requires 'guilds.members.read' scope and specific role claim configurations. ```env DISCOPANEL_AUTH_OIDC_SCOPES=openid,identify,email,guilds.members.read DISCOPANEL_AUTH_OIDC_EXTRA_CLAIMS_URL=https://discord.com/api/users/@me/guilds/YOUR_GUILD_ID/member DISCOPANEL_AUTH_OIDC_EXTRA_CLAIMS_KEY=roles DISCOPANEL_AUTH_OIDC_EXTRA_CLAIMS_NAME=discord_roles DISCOPANEL_AUTH_OIDC_ROLE_CLAIM=discord_roles DISCOPANEL_AUTH_OIDC_ROLE_MAPPING={"DISCORD_ROLE_ID":"admin","OTHER_ROLE_ID":"moderator"} DISCOPANEL_AUTH_OIDC_REJECT_UNMAPPED=true ``` -------------------------------- ### Update Discopanel via Docker Compose Source: https://docs.discopanel.app/faq Commands to update the Discopanel container using Docker Compose. ```bash docker compose down docker pull nickheyer/discopanel docker compose up -d ``` -------------------------------- ### AuthService - GetInvite Source: https://docs.discopanel.app/api Retrieves details of a specific invitation. ```APIDOC ## POST /discopanel.v1.AuthService/GetInvite ### Description Retrieves details of an invitation. ### Method POST ### Endpoint /discopanel.v1.AuthService/GetInvite ### Request Body - **inviteId** (string) - Required - The ID of the invitation to retrieve. ### Request Example ```json { "inviteId": "invite_abc123" } ``` ### Response #### Success Response (200) - **invite** (object) - The invitation details. - **id** (string) - The invitation ID. - **email** (string) - The invited user's email. - **status** (string) - The status of the invitation (e.g., 'pending', 'accepted'). #### Response Example ```json { "invite": { "id": "invite_abc123", "email": "user@example.com", "status": "pending" } } ``` ``` -------------------------------- ### Restrict DiscoPanel access to a specific Discord server Source: https://docs.discopanel.app/guides/oidc/discord Configure environment variables to gate login based on membership in a specific Discord guild ID. ```bash - DISCOPANEL_AUTH_OIDC_SCOPES=openid,identify,email,guilds - DISCOPANEL_AUTH_OIDC_EXTRA_CLAIMS_URL=https://discord.com/api/users/@me/guilds - DISCOPANEL_AUTH_OIDC_EXTRA_CLAIMS_KEY=#.id - DISCOPANEL_AUTH_OIDC_EXTRA_CLAIMS_NAME=guilds - DISCOPANEL_AUTH_OIDC_REQUIRED_CLAIM=guilds - DISCOPANEL_AUTH_OIDC_REQUIRED_VALUES=YOUR_GUILD_ID ``` -------------------------------- ### AuthService - UpdateAuthSettings Source: https://docs.discopanel.app/api Updates authentication settings. ```APIDOC ## POST /discopanel.v1.AuthService/UpdateAuthSettings ### Description Updates authentication settings. ### Method POST ### Endpoint /discopanel.v1.AuthService/UpdateAuthSettings ### Request Body - **localAuthEnabled** (boolean) - Optional - Whether to enable or disable local authentication. - **oidcEnabled** (boolean) - Optional - Whether to enable or disable OIDC authentication. ### Request Example ```json { "localAuthEnabled": false } ``` ### Response #### Success Response (200) - **message** (string) - A confirmation message. #### Response Example ```json { "message": "Authentication settings updated successfully." } ``` ``` -------------------------------- ### Discord OIDC Docker Compose Configuration Source: https://docs.discopanel.app/guides/oidc/discord Template for the docker-compose file configured for Discord OIDC authentication. ```yaml # DiscoPanel + Discord (OIDC) # # This is a complete docker-compose with OIDC authentication pre-configured using Discord as the identity provider. # # Unlike Keycloak/Authelia examples, Discord is an external provider - no IdP container needed. # # PREREQUISITES: # 1. Go to https://discord.com/developers/applications # 2. Create or select an application # 3. Go to "OAuth2" in the left sidebar # 4. Copy the Client ID and Client Secret into the environment variables below # 5. Under "Redirects", add: http://localhost:8080/api/v1/auth/oidc/callback # # RESTRICTING ACCESS: # By default, anyone with a Discord account can log in. # To restrict login to members of a specific Discord server, see the ``` -------------------------------- ### AuthService - UseRecoveryKey Source: https://docs.discopanel.app/api Uses a recovery key to reset a password or regain access. ```APIDOC ## POST /discopanel.v1.AuthService/UseRecoveryKey ### Description Uses a recovery key to reset a password or regain access. ### Method POST ### Endpoint /discopanel.v1.AuthService/UseRecoveryKey ### Request Body - **recoveryKey** (string) - Required - The recovery key. - **newPassword** (string) - Required - The new password. ### Request Example ```json { "recoveryKey": "recovery_key_123", "newPassword": "newsecurepassword" } ``` ### Response #### Success Response (200) - **message** (string) - A confirmation message. #### Response Example ```json { "message": "Password reset successfully." } ``` ``` -------------------------------- ### Generate Argon2id Password Hash Source: https://docs.discopanel.app/guides/oidc/authelia Command to generate a secure Argon2id password hash for use in the Authelia configuration. ```bash docker run --rm authelia/authelia:latest \ authelia crypto hash generate argon2 \ --password 'your-password-here' ``` -------------------------------- ### Disable Local Authentication Source: https://docs.discopanel.app/guides/oidc/google Set DISCOPANEL_AUTH_LOCAL_ENABLED to 'false' to enforce OIDC-only login and disable local authentication methods. ```bash DISCOPANEL_AUTH_LOCAL_ENABLED=false ``` -------------------------------- ### AuthService - GetAuthStatus Source: https://docs.discopanel.app/api Retrieves the current authentication status. ```APIDOC ## POST /discopanel.v1.AuthService/GetAuthStatus ### Description Retrieves the authentication status. ### Method POST ### Endpoint /discopanel.v1.AuthService/GetAuthStatus ### Response #### Success Response (200) - **status** (string) - The current authentication status (e.g., 'authenticated', 'unauthenticated'). #### Response Example ```json { "status": "authenticated" } ``` ``` -------------------------------- ### DiscoPanel OIDC Configuration - Guild Restriction Source: https://docs.discopanel.app/guides/oidc/discord Restricts access to members of a specific Discord server. Requires 'guilds' scope and server ID configuration. ```env DISCOPANEL_AUTH_OIDC_SCOPES=openid,identify,email,guilds DISCOPANEL_AUTH_OIDC_EXTRA_CLAIMS_URL=https://discord.com/api/users/@me/guilds DISCOPANEL_AUTH_OIDC_EXTRA_CLAIMS_KEY=#.id DISCOPANEL_AUTH_OIDC_EXTRA_CLAIMS_NAME=guilds DISCOPANEL_AUTH_OIDC_REQUIRED_CLAIM=guilds DISCOPANEL_AUTH_OIDC_REQUIRED_VALUES=YOUR_GUILD_ID ``` -------------------------------- ### AuthService - GetOIDCLoginURL Source: https://docs.discopanel.app/api Retrieves the URL for OIDC login. ```APIDOC ## POST /discopanel.v1.AuthService/GetOIDCLoginURL ### Description Retrieves the URL for OpenID Connect (OIDC) login. ### Method POST ### Endpoint /discopanel.v1.AuthService/GetOIDCLoginURL ### Response #### Success Response (200) - **url** (string) - The OIDC login URL. #### Response Example ```json { "url": "https://oidc.example.com/auth?client_id=..." } ``` ```