Snapp is a self-hosted URL shortener. I'm using this over alternatives since it supports OIDC SSO (meaning I can use Authentik for SSO and user management) and is a targeted URL shortener (doesn't come with unnecessary features) with a nice UI. Kutt would be an interesting alternative once it supports ODIC.

See the project Github page for updated environment variables, features, instructions, etc. as the app continues to be developed.

Installation using Docker Compose is relatively straightforward.

First, create a directory on the host to hold the database (if using sqlite). Next, deploy to Docker Compuse using my compose file. Make sure you generate a value for TOKEN_SECRET (using the command openssl rand -base64 32) and specify it as an environment variable. You'll also need to specify a value for ADMIN_PASSWORD and to make sure the ORIGIN is set to the URL you will be using to reach your link shortener.

Next, we need to make sure the DB is set up. I'm just using SQLite so I just need to make sure the db file is mapped to a file on the host with a line such as this in the volumes section: /home/zbrewer/snapp/db/prisma/db.sqlite:/app/dbschema/sqlite/prisma/db.sqlite. Replace the path before the : with the path on the host. The part after the : specifies the path in the container and should remain as written.

Finally, start the container and make sure it can be reached. The /dashboard path will show you the dashboard or prompt you to login/sign up if you haven't already. If you'd like to make other users admins you can do that by first creating those users and then logging in as the admin set up in the Docker Compose file to change their role.

In order to set up OpenID Connect (ODIC) SSO with Authentik, first open the Authentik admin interface and create a new application with a provider. The Name and Slug can be whatever you'd like (such as snapp) but the provider should be OAuth2/OpenID Provider. Copy the Client ID and Client Secret into the environment variables specified in the Docker Compose file for Snapp and either specify the Redirect URI as https://<snapp.origin.url>/auth/<auth_provider_name_from_compose_file>/callback or leave it unspecified to match the one that is found the first time you use the provider. Configure the bindings necessary to allow the appropriate users to access Snapp and then submit.

In addition to specifying the Client ID and Client Secret in the Docker Compose file, you'll also need to configure the ISSUER. This is usually in the form https://<authentik.url>/application/o/<snapp_slug>/. Restart the Spapp container and you should see an Authentik login option on the login page. Click that and complete signin using Authentik.

Finally, we'll want to disable username/password login and the insecure admin account. First, login as the admin and change the role of one or more of your SSO accounts to "Admin". This can be done by going to the Users page, clicking on the user you want to modify, and then clicking on the Role button in the upper right-hand corner. With that done, set DISABLED_EMAIL_AND_PASSWORD: true in the environment section in your Docker Compose and restart the container.

"Go" links are a type of short link that canonically let you type something like go/keyword in the URL bar and get redirected to a different URL that keyword was predefined to point to. This is done using a URL shortener so that snapp.brew.foo/keyword redirects to where you want it to go. You then need to set up a short link for Snapp (this could be go, s, or anything else) using the instructions on the Caddy page. Make sure that the URI is also included in the Caddy redirect (otherwise the keyword part will get dropped).