Prepare v0.32.6 (#1234)

* rebuild docs

* rebuild ui

* update readme + changelog

* compress static UI

Author: sebadob

CHANGELOG.md

@@ -6,9 +6,9 @@
 
 - In `hiqlite` as an external dependency, it was possible to get into a situation where the WAL cleanup of not anymore
   needed logs / files was not working as expected. This could lead to an endlessly filling up volume. This version
-  bumps `hiqlite` to the latest, fixed version. With the next snapshot creation (by default every 10k logs), all old
-  WAL files will be cleaned up.
-  []()
+  bumps `hiqlite` to the latest, fixed version. With the next snapshot creation for existing instances (every 10k Raft
+  logs), all old WAL files will be cleaned up.
+  [#1233](https://github.com/sebadob/rauthy/pull/1233)
 
 ## v0.32.5
 

README.md

@@ -206,7 +206,7 @@ the application yourself with docker on your localhost. Rauthy comes with a sett
 testing and taking a first look. By setting `LOCAL_TEST=true`, a demo config is being loaded at startup.
 
 ```
-docker run -it --rm -e LOCAL_TEST=true -p 8443:8443 ghcr.io/sebadob/rauthy:0.32.5
+docker run -it --rm -e LOCAL_TEST=true -p 8443:8443 ghcr.io/sebadob/rauthy:0.32.6
 ```
 
 > [!CAUTION]

assets/static_html/static_v1.tar.gz

@@ -7,7 +7,7 @@ The image contains a basic default config which is sufficient for local testing
 contains hardcoded secrets).
 
 ```
-docker run -it --rm -e LOCAL_TEST=true -p 8443:8443 ghcr.io/sebadob/rauthy:0.32.5
+docker run -it --rm -e LOCAL_TEST=true -p 8443:8443 ghcr.io/sebadob/rauthy:0.32.6
 ```
 
 To proceed, go to **[First Start](first_start.md)**, or do the production setup below to have persistence.
@@ -36,7 +36,7 @@ services:
       
   rauthy:
     container_name: rauthy-test
-    image: ghcr.io/sebadob/rauthy:0.32.5
+    image: ghcr.io/sebadob/rauthy:0.32.6
     environment:
       - LOCAL_TEST=true
       - SMTP_URL=mailcrab
@@ -150,7 +150,7 @@ docker run -d \
     -v $(pwd)/rauthy/data:/app/data \
     -p 8443:8443 \
     --name rauthy \
-    ghcr.io/sebadob/rauthy:0.32.5
+    ghcr.io/sebadob/rauthy:0.32.6
 ```
 
 - `-v $(pwd)/rauthy/config.toml:/app/config.toml` mounts the config in the correct place

assets/static_html/templates_html.tar.gz

@@ -200,7 +200,7 @@ spec:
         fsGroup: 10001
       containers:
         - name: rauthy
-          image: ghcr.io/sebadob/rauthy:0.32.5
+          image: ghcr.io/sebadob/rauthy:0.32.6
           securityContext:
             # User ID 10001 is actually built into the container 
             # at the creation for better security

book/src/getting_started/docker.md

@@ -286,7 +286,7 @@ <h1 id="reference-config"><a class="header" href="#reference-config">Reference C
 #session_validate_ip = true
 
 # By default, Rauthy will log a warning into the logs, if an active
-# password reset form is being access multiple times from different
+# password reset form is being accessed multiple times from different
 # hosts. You can set this to `true` to actually block any following
 # request after the initial one. This hardens the security of the
 # password reset form a bit more, but will create problems with
@@ -380,7 +380,7 @@ <h1 id="reference-config"><a class="header" href="#reference-config">Reference C
 #
 # default: false
 # overwritten by: AUTH_HEADERS_ENABLE
-#enable = true
+#enable = false
 
 # Configure the header names being used for the different values. You
 # can change them to your needs, if you cannot easily change your
@@ -566,7 +566,7 @@ <h1 id="reference-config"><a class="header" href="#reference-config">Reference C
 nodes = ["1 localhost:8100 localhost:8200"]
 
 # You can set the listen addresses for both the API and Raft servers.
-# These need to somewaht match the definition for the `nodes` above,
+# These need to somewhat match the definition for the `nodes` above,
 # with the difference, that a `node` address can be resolved via DNS,
 # while the listen addresses must be IP addresses.
 #
@@ -1026,7 +1026,7 @@ <h1 id="reference-config"><a class="header" href="#reference-config">Reference C
 #
 # default: false
 # overwritten by: ENABLE_DYN_CLIENT_REG
-#enable = true
+#enable = false
 
 # If specified, this secret token will be expected during
 # dynamic client registrations to be given as a
@@ -1910,7 +1910,7 @@ <h1 id="reference-config"><a class="header" href="#reference-config">Reference C
 #
 # default: text
 # overwritten by: LOG_FMT
-#log_fmt = 'json'
+#log_fmt = 'text'
 
 [mfa]
 # If 'true', MFA for an account must be enabled to access the
@@ -2014,7 +2014,7 @@ <h1 id="reference-config"><a class="header" href="#reference-config">Reference C
 #
 # default: http_https
 # overwritten by: LISTEN_SCHEME
-scheme = 'http'
+scheme = 'http_https'
 
 # The Public URL of the whole deployment
 # The LISTEN_SCHEME + PUB_URL must match the HTTP ORIGIN HEADER
@@ -2389,7 +2389,7 @@ <h1 id="reference-config"><a class="header" href="#reference-config">Reference C
 #
 # default: false
 # overwritten by: WEBAUTHN_FORCE_UV
-#force_uv = true
+#force_uv = false
 
 # Can be set to 'true' to disable password expiry for users that
 # have at least one active passkey. When set to 'false', the same

book/src/getting_started/k8s.md

@@ -172,7 +172,7 @@ <h2 id="testing--local-evaluation"><a class="header" href="#testing--local-evalu
 <p>For getting a first look at Rauthy, you can start it with docker (or any other container runtime) on your localhost.
 The image contains a basic default config which is sufficient for local testing (don't use it in production, it
 contains hardcoded secrets).</p>
-<pre><code>docker run -it --rm -e LOCAL_TEST=true -p 8443:8443 ghcr.io/sebadob/rauthy:0.32.5
+<pre><code>docker run -it --rm -e LOCAL_TEST=true -p 8443:8443 ghcr.io/sebadob/rauthy:0.32.6
 </code></pre>
 <p>To proceed, go to <strong><a href="first_start.html">First Start</a></strong>, or do the production setup below to have persistence.</p>
 <h2 id="testing--evaluation-with-e-mail"><a class="header" href="#testing--evaluation-with-e-mail">Testing / Evaluation with E-Mail</a></h2>
@@ -195,7 +195,7 @@ <h2 id="testing--evaluation-with-e-mail"><a class="header" href="#testing--evalu
 
   rauthy:
     container_name: rauthy-test
-    image: ghcr.io/sebadob/rauthy:0.32.5
+    image: ghcr.io/sebadob/rauthy:0.32.6
     environment:
       - LOCAL_TEST=true
       - SMTP_URL=mailcrab
@@ -290,7 +290,7 @@ <h2 id="production-setup"><a class="header" href="#production-setup">Production
     -v $(pwd)/rauthy/data:/app/data \
     -p 8443:8443 \
     --name rauthy \
-    ghcr.io/sebadob/rauthy:0.32.5
+    ghcr.io/sebadob/rauthy:0.32.6
 </code></pre>
 <ul>
 <li><code>-v $(pwd)/rauthy/config.toml:/app/config.toml</code> mounts the config in the correct place</li>

docs/config/config.html

@@ -348,7 +348,7 @@ <h3 id="create-and-apply-the-stateful-set"><a class="header" href="#create-and-a
         fsGroup: 10001
       containers:
         - name: rauthy
-          image: ghcr.io/sebadob/rauthy:0.32.5
+          image: ghcr.io/sebadob/rauthy:0.32.6
           securityContext:
             # User ID 10001 is actually built into the container 
             # at the creation for better security

docs/getting_started/docker.html

@@ -404,7 +404,7 @@ <h2 id="testing--local-evaluation"><a class="header" href="#testing--local-evalu
 <p>For getting a first look at Rauthy, you can start it with docker (or any other container runtime) on your localhost.
 The image contains a basic default config which is sufficient for local testing (don't use it in production, it
 contains hardcoded secrets).</p>
-<pre><code>docker run -it --rm -e LOCAL_TEST=true -p 8443:8443 ghcr.io/sebadob/rauthy:0.32.5
+<pre><code>docker run -it --rm -e LOCAL_TEST=true -p 8443:8443 ghcr.io/sebadob/rauthy:0.32.6
 </code></pre>
 <p>To proceed, go to <strong><a href="getting_started/first_start.html">First Start</a></strong>, or do the production setup below to have persistence.</p>
 <h2 id="testing--evaluation-with-e-mail"><a class="header" href="#testing--evaluation-with-e-mail">Testing / Evaluation with E-Mail</a></h2>
@@ -427,7 +427,7 @@ <h2 id="testing--evaluation-with-e-mail"><a class="header" href="#testing--evalu
 
   rauthy:
     container_name: rauthy-test
-    image: ghcr.io/sebadob/rauthy:0.32.5
+    image: ghcr.io/sebadob/rauthy:0.32.6
     environment:
       - LOCAL_TEST=true
       - SMTP_URL=mailcrab
@@ -522,7 +522,7 @@ <h2 id="production-setup"><a class="header" href="#production-setup">Production
     -v $(pwd)/rauthy/data:/app/data \
     -p 8443:8443 \
     --name rauthy \
-    ghcr.io/sebadob/rauthy:0.32.5
+    ghcr.io/sebadob/rauthy:0.32.6
 </code></pre>
 <ul>
 <li><code>-v $(pwd)/rauthy/config.toml:/app/config.toml</code> mounts the config in the correct place</li>
@@ -713,7 +713,7 @@ <h3 id="create-and-apply-the-stateful-set"><a class="header" href="#create-and-a
         fsGroup: 10001
       containers:
         - name: rauthy
-          image: ghcr.io/sebadob/rauthy:0.32.5
+          image: ghcr.io/sebadob/rauthy:0.32.6
           securityContext:
             # User ID 10001 is actually built into the container 
             # at the creation for better security
@@ -5101,7 +5101,7 @@ <h2 id="apparmor"><a class="header" href="#apparmor">AppArmor</a></h2>
 #session_validate_ip = true
 
 # By default, Rauthy will log a warning into the logs, if an active
-# password reset form is being access multiple times from different
+# password reset form is being accessed multiple times from different
 # hosts. You can set this to `true` to actually block any following
 # request after the initial one. This hardens the security of the
 # password reset form a bit more, but will create problems with
@@ -5195,7 +5195,7 @@ <h2 id="apparmor"><a class="header" href="#apparmor">AppArmor</a></h2>
 #
 # default: false
 # overwritten by: AUTH_HEADERS_ENABLE
-#enable = true
+#enable = false
 
 # Configure the header names being used for the different values. You
 # can change them to your needs, if you cannot easily change your
@@ -5381,7 +5381,7 @@ <h2 id="apparmor"><a class="header" href="#apparmor">AppArmor</a></h2>
 nodes = ["1 localhost:8100 localhost:8200"]
 
 # You can set the listen addresses for both the API and Raft servers.
-# These need to somewaht match the definition for the `nodes` above,
+# These need to somewhat match the definition for the `nodes` above,
 # with the difference, that a `node` address can be resolved via DNS,
 # while the listen addresses must be IP addresses.
 #
@@ -5841,7 +5841,7 @@ <h2 id="apparmor"><a class="header" href="#apparmor">AppArmor</a></h2>
 #
 # default: false
 # overwritten by: ENABLE_DYN_CLIENT_REG
-#enable = true
+#enable = false
 
 # If specified, this secret token will be expected during
 # dynamic client registrations to be given as a
@@ -6725,7 +6725,7 @@ <h2 id="apparmor"><a class="header" href="#apparmor">AppArmor</a></h2>
 #
 # default: text
 # overwritten by: LOG_FMT
-#log_fmt = 'json'
+#log_fmt = 'text'
 
 [mfa]
 # If 'true', MFA for an account must be enabled to access the
@@ -6829,7 +6829,7 @@ <h2 id="apparmor"><a class="header" href="#apparmor">AppArmor</a></h2>
 #
 # default: http_https
 # overwritten by: LISTEN_SCHEME
-scheme = 'http'
+scheme = 'http_https'
 
 # The Public URL of the whole deployment
 # The LISTEN_SCHEME + PUB_URL must match the HTTP ORIGIN HEADER
@@ -7204,7 +7204,7 @@ <h2 id="apparmor"><a class="header" href="#apparmor">AppArmor</a></h2>
 #
 # default: false
 # overwritten by: WEBAUTHN_FORCE_UV
-#force_uv = true
+#force_uv = false
 
 # Can be set to 'true' to disable password expiry for users that
 # have at least one active passkey. When set to 'false', the same