kenpat/claude-memory
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

2026-06-15: resume Uptime Kuma Authentik SSO setup

Browse source
This commit is contained in:
kenpat 2026-06-15 09:19:32 -05:00
parent 8c25852428
commit fe7dccfcc0
1 changed files with 31 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

33
project-kitestacks-migration.md
View file

@ -378,8 +378,37 @@ above. Prometheus + Uptime Kuma: DEFERRED - neither has native OAuth, need a
forward-auth proxy (oauth2-proxy or Authentik embedded outpost) - deferred per forward-auth proxy (oauth2-proxy or Authentik embedded outpost) - deferred per
user's "ok lets do smaller app level" (hold new infra until Oracle VPS decided). user's "ok lets do smaller app level" (hold new infra until Oracle VPS decided).
Cloudflare itself: no SSO concept applicable (it's Cloudflare's own dashboard Cloudflare itself: no SSO concept applicable (it's Cloudflare's own dashboard
login) - was always about the portal's Cloudflare card placement, see "Portal UI managed outside the lab login) - was always about the portal's Cloudflare card
changes" note above. placement, see "Portal UI changes" note above.
### Uptime Kuma + Authentik SSO resumed on monk (2026-06-15)
User confirmed the next task is setting up Uptime Kuma with Authentik SSO in
the main KiteStacks lab, and explicitly requested saving progress to
`~/claude-memory` and pushing to the Forgejo `kenpat/claude-memory` repo as we
go.
Verified current live state on monk before making changes:
- `uptime-kuma` container is running and healthy, published on host port
`3001`, image `louislam/uptime-kuma:latest`.
- Installed Uptime Kuma version inside the container is `1.23.17`.
- Uptime Kuma compose file is
`~/kitestacks-live/docker/uptime-kuma/docker-compose.yml`, using external
Docker volume `uptime-kuma:/app/data` and networks `default` + external
`kitestacks`.
- Uptime Kuma SQLite DB path inside container is `/app/data/kuma.db`; tables
include `user`, `setting`, `monitor`, `heartbeat`, `status_page`,
`notification`, `api_key`, and related monitor/status tables. No obvious
native OAuth/OIDC tables were present in the initial schema list.
- Grafana is already configured for Authentik generic OAuth in
`~/kitestacks-live/docker/grafana/docker-compose.yml` with Authentik public
authorize URL and internal token/userinfo URLs.
- `authentik` is healthy; `authentik-worker` currently shows unhealthy in
`docker ps` even though it has been running for ~35h. Check logs/health
before relying on new Authentik-side automation.
Important security hygiene: local git remote for `~/claude-memory` contains an
HTTP token in the URL; do not print it in summaries. Prefer redacted URLs in
handoffs.
### Oracle VPS migration - PLANNED, upcoming (stated 2026-06-11) ### Oracle VPS migration - PLANNED, upcoming (stated 2026-06-11)
User confirmed on 2026-06-11: "we are going to switch things soon from hetzner User confirmed on 2026-06-11: "we are going to switch things soon from hetzner