Merge pull request #22 from Nounoursdestavernes/main

feat: update docs
plankanban · Aug 31, 2024 · abb6e55 · abb6e55
2 parents dbc6323 + 0e18f37
commit abb6e55
Show file tree

Hide file tree

Showing 5 changed files with 43 additions and 2 deletions.
diff --git a/docs/Configuration/Logging.md b/docs/Configuration/Logging.md
@@ -1,13 +1,18 @@
+---
+sidebar_position: 2
+---
 # Logging
 
-Planka currently allows you to expose the application's logfile directory to the host machine via a shared volume. This feature is not enabled by default.
+Planka currently allows you to expose the application's logfile directory to the host machine via a shared volume. This feature is **NOT** enabled by default.
 
 To expose the logfile director to the host machine, add the item `./logs/:/app/logs/` under `services.planka.volumes`.
 
 Note that the directory to the left of the semicolon is regarding the host machine while the directory to the right of the semicolon is regarding the Docker container.
 
 For example, in the above step, `./logs/:/app/logs/` will create the folder `logs` in the same directory where the `docker-compose.yml` file lives.
 
+If your logs are not being written to the logfile directory, you may need to adjust the permissions. See the information at the end of the [Docker Compose](/docs/installation/docker/production_version) guide for more information.
+
 ### Rotating Logs
 
 Logrotate is designed to ease administration of systems that generate large numbers of log files. It allows automatic rotation, compression, removal, and mailing of log files. Each log file may be handled daily, weekly, monthly, or when it grows too large.

diff --git a/docs/Configuration/Fail2Ban.md → docs/Configuration/security/Fail2Ban.md b/docs/Configuration/Fail2Ban.md → docs/Configuration/security/Fail2Ban.md
@@ -1,3 +1,6 @@
+---
+sidebar_position: 0
+---
 # Fail2ban
 
 Fail2ban is a service that uses iptables to automatically drop connections for a pre-defined amount of time from IPs that continuously failed to authenticate to the configured services.
@@ -28,7 +31,7 @@ maxretry = 5
 bantime = 900
 ```
 
-Ensure to replace `logpath`'s value with your installation’s `/logs/planka.log` location. If you are using ports other than 80 and 443 for your Web server you should replace those too. The bantime and findtime are defined in seconds.
+Ensure to replace `logpath`'s value with your installation’s `/logs/planka.log` location (Do not forget to enable [logs](/docs/Configuration/Logging)). If you are using ports other than 80 and 443 for your Web server you should replace those too. The bantime and findtime are defined in seconds.
 
 Restart the fail2ban service. You can check the status of your Planka jail by running:
 

diff --git a/docs/Configuration/security/_category_.json b/docs/Configuration/security/_category_.json
@@ -0,0 +1,9 @@
+{
+    "label": "Security",
+    "position": 3,
+    "link": {
+      "type": "generated-index",
+      "description": " All the configuration related to security."
+    }
+  }
+
diff --git a/docs/Configuration/security/detailed_authentication_errors.md b/docs/Configuration/security/detailed_authentication_errors.md
@@ -0,0 +1,20 @@
+# Detailed Authentication Errors
+
+By default, the authentication error messages are kept simple to avoid leaking sensitive information.
+
+However, in some cases, you may want to provide more detailed error messages to help users. In this case, you can enable detailed authentication errors.
+
+:::danger
+Enabling detailed authentication errors without a rate limiter or a similar mechanism may expose your application to security risks. (e.g. brute force attacks)
+Use [fail2ban](/docs/Configuration/security/Fail2Ban) or similar tools to protect your application.
+
+Good source for more information about this topic: [OWASP - Cheatsheet](https://cheatsheetseries.owasp.org/cheatsheets/Authentication_Cheat_Sheet.html#authentication-and-error-messages)
+:::
+
+To enable detailed authentication errors, set the `SHOW_DETAILED_AUTH_ERRORS` environment variable to `true`.
+
+```bash
+SHOW_DETAILED_AUTH_ERRORS=true
+```
+
+After setting this environment variable, the authentication error messages will include more detailed information about the error : "Invalid email or username" and "Invalid password".
diff --git a/docs/intro.md b/docs/intro.md
@@ -20,6 +20,10 @@ We have a few installation options you can choose from
 * [Traefik](/docs/Configuration/proxy/traefik)
 * [Caddy](/docs/Configuration/proxy/caddy)
 
+#### Security
+* [Fail2Ban](/docs/Configuration/security/fail2ban)
+* [Detailed authentication errors](/docs/Configuration/security/detailed_authentication_errors)
+
 
 ### Development version
 Based on latest commit