docs: restructure docs (#14421)

Closes #13434 Supersedes #14182 --------- Co-authored-by: Ethan <39577870+ethanndickson@users.noreply.github.com> Co-authored-by: Ethan Dickson <ethan@coder.com> Co-authored-by: Ben Potter <ben@coder.com> Co-authored-by: Stephen Kirby <58410745+stirby@users.noreply.github.com> Co-authored-by: Stephen Kirby <me@skirby.dev> Co-authored-by: EdwardAngert <17991901+EdwardAngert@users.noreply.github.com> Co-authored-by: Edward Angert <EdwardAngert@users.noreply.github.com>
2025-07-12 00:14:10 +00:00 · 2024-10-05 08:52:04 -07:00
parent 288df75686
commit 419eba5fb6
298 changed files with 5009 additions and 3889 deletions
--- a/docs/admin/users/github-auth.md
+++ b/docs/admin/users/github-auth.md
@ -0,0 +1,84 @@
+## GitHub
+
+### Step 1: Configure the OAuth application in GitHub
+
+First,
+[register a GitHub OAuth app](https://developer.github.com/apps/building-oauth-apps/creating-an-oauth-app/).
+GitHub will ask you for the following Coder parameters:
+
+- **Homepage URL**: Set to your Coder deployments
+  [`CODER_ACCESS_URL`](../../reference/cli/server.md#--access-url) (e.g.
+  `https://coder.domain.com`)
+- **User Authorization Callback URL**: Set to `https://coder.domain.com`
+
+> Note: If you want to allow multiple coder deployments hosted on subdomains
+> e.g. coder1.domain.com, coder2.domain.com, to be able to authenticate with the
+> same GitHub OAuth app, then you can set **User Authorization Callback URL** to
+> the `https://domain.com`
+
+Note the Client ID and Client Secret generated by GitHub. You will use these
+values in the next step.
+
+Coder will need permission to access user email addresses. Find the "Account
+Permissions" settings for your app and select "read-only" for "Email addresses".
+
+### Step 2: Configure Coder with the OAuth credentials
+
+Navigate to your Coder host and run the following command to start up the Coder
+server:
+
+```shell
+coder server --oauth2-github-allow-signups=true --oauth2-github-allowed-orgs="your-org" --oauth2-github-client-id="8d1...e05" --oauth2-github-client-secret="57ebc9...02c24c"
+```
+
+> For GitHub Enterprise support, specify the
+> `--oauth2-github-enterprise-base-url` flag.
+
+Alternatively, if you are running Coder as a system service, you can achieve the
+same result as the command above by adding the following environment variables
+to the `/etc/coder.d/coder.env` file:
+
+```env
+CODER_OAUTH2_GITHUB_ALLOW_SIGNUPS=true
+CODER_OAUTH2_GITHUB_ALLOWED_ORGS="your-org"
+CODER_OAUTH2_GITHUB_CLIENT_ID="8d1...e05"
+CODER_OAUTH2_GITHUB_CLIENT_SECRET="57ebc9...02c24c"
+```
+
+**Note:** To allow everyone to signup using GitHub, set:
+
+```env
+CODER_OAUTH2_GITHUB_ALLOW_EVERYONE=true
+```
+
+Once complete, run `sudo service coder restart` to reboot Coder.
+
+If deploying Coder via Helm, you can set the above environment variables in the
+`values.yaml` file as such:
+
+```yaml
+coder:
+  env:
+    - name: CODER_OAUTH2_GITHUB_ALLOW_SIGNUPS
+      value: "true"
+    - name: CODER_OAUTH2_GITHUB_CLIENT_ID
+      value: "533...des"
+    - name: CODER_OAUTH2_GITHUB_CLIENT_SECRET
+      value: "G0CSP...7qSM"
+    # If setting allowed orgs, comment out CODER_OAUTH2_GITHUB_ALLOW_EVERYONE and its value
+    - name: CODER_OAUTH2_GITHUB_ALLOWED_ORGS
+      value: "your-org"
+    # If allowing everyone, comment out CODER_OAUTH2_GITHUB_ALLOWED_ORGS and it's value
+    #- name: CODER_OAUTH2_GITHUB_ALLOW_EVERYONE
+    #  value: "true"
+```
+
+To upgrade Coder, run:
+
+```shell
+helm upgrade <release-name> coder-v2/coder -n <namespace> -f values.yaml
+```
+
+> We recommend requiring and auditing MFA usage for all users in your GitHub
+> organizations. This can be enforced from the organization settings page in the
+> "Authentication security" sidebar tab.