forked from coop-cloud/outline
make oidc_client_secret config optional
This commit is contained in:
parent
39c98d7d53
commit
8bac424b47
19
.env.sample
19
.env.sample
|
@ -16,7 +16,6 @@ SECRET_DB_PASSWORD_VERSION=v1
|
||||||
SECRET_SECRET_KEY_VERSION=v1 # length=64
|
SECRET_SECRET_KEY_VERSION=v1 # length=64
|
||||||
SECRET_UTILS_SECRET_VERSION=v1 # length=64
|
SECRET_UTILS_SECRET_VERSION=v1 # length=64
|
||||||
SECRET_AWS_SECRET_KEY_VERSION=v1
|
SECRET_AWS_SECRET_KEY_VERSION=v1
|
||||||
SECRET_OIDC_CLIENT_SECRET_VERSION=v1
|
|
||||||
|
|
||||||
AWS_ACCESS_KEY_ID=
|
AWS_ACCESS_KEY_ID=
|
||||||
AWS_REGION=
|
AWS_REGION=
|
||||||
|
@ -26,14 +25,6 @@ AWS_S3_UPLOAD_MAX_SIZE=26214400
|
||||||
AWS_S3_FORCE_PATH_STYLE=true
|
AWS_S3_FORCE_PATH_STYLE=true
|
||||||
AWS_S3_ACL=private
|
AWS_S3_ACL=private
|
||||||
|
|
||||||
OIDC_CLIENT_ID=
|
|
||||||
OIDC_AUTH_URI=
|
|
||||||
OIDC_TOKEN_URI=
|
|
||||||
OIDC_USERINFO_URI=
|
|
||||||
OIDC_USERNAME_CLAIM=preferred_username
|
|
||||||
OIDC_DISPLAY_NAME="My Cool OpenId Connect Provider"
|
|
||||||
OIDC_SCOPES="openid profile email"
|
|
||||||
|
|
||||||
# –––––––––––––––– OPTIONAL ––––––––––––––––
|
# –––––––––––––––– OPTIONAL ––––––––––––––––
|
||||||
|
|
||||||
TEAM_LOGO=
|
TEAM_LOGO=
|
||||||
|
@ -76,3 +67,13 @@ ALLOWED_DOMAINS=
|
||||||
#SMTP_REPLY_EMAIL=
|
#SMTP_REPLY_EMAIL=
|
||||||
#SMTP_TLS_CIPHERS=
|
#SMTP_TLS_CIPHERS=
|
||||||
#SMTP_SECURE=true
|
#SMTP_SECURE=true
|
||||||
|
|
||||||
|
#OIDC_ENABLED=1
|
||||||
|
#OIDC_CLIENT_ID=
|
||||||
|
#OIDC_AUTH_URI=
|
||||||
|
#OIDC_TOKEN_URI=
|
||||||
|
#OIDC_USERINFO_URI=
|
||||||
|
#OIDC_USERNAME_CLAIM=preferred_username
|
||||||
|
#OIDC_DISPLAY_NAME="My Cool OpenId Connect Provider"
|
||||||
|
#OIDC_SCOPES="openid profile email"
|
||||||
|
#SECRET_OIDC_CLIENT_SECRET_VERSION=v1
|
||||||
|
|
|
@ -0,0 +1,22 @@
|
||||||
|
---
|
||||||
|
version: "3.8"
|
||||||
|
|
||||||
|
services:
|
||||||
|
app:
|
||||||
|
secrets:
|
||||||
|
- oidc_client_secret
|
||||||
|
environment:
|
||||||
|
- OIDC_ENABLED
|
||||||
|
- OIDC_AUTH_URI
|
||||||
|
- OIDC_CLIENT_ID
|
||||||
|
- OIDC_CLIENT_SECRET_FILE=/run/secrets/oidc_client_secret
|
||||||
|
- OIDC_DISPLAY_NAME
|
||||||
|
- OIDC_SCOPES
|
||||||
|
- OIDC_TOKEN_URI
|
||||||
|
- OIDC_USERINFO_URI
|
||||||
|
- OIDC_USERNAME_CLAIM
|
||||||
|
|
||||||
|
secrets:
|
||||||
|
oidc_client_secret:
|
||||||
|
name: ${STACK_NAME}_oidc_client_secret_${SECRET_OIDC_CLIENT_SECRET_VERSION}
|
||||||
|
external: true
|
14
compose.yml
14
compose.yml
|
@ -10,7 +10,6 @@ services:
|
||||||
secrets:
|
secrets:
|
||||||
- aws_secret_key
|
- aws_secret_key
|
||||||
- db_password
|
- db_password
|
||||||
- oidc_client_secret
|
|
||||||
- secret_key
|
- secret_key
|
||||||
- utils_secret
|
- utils_secret
|
||||||
configs:
|
configs:
|
||||||
|
@ -29,15 +28,7 @@ services:
|
||||||
- AWS_SECRET_KEY_FILE=/run/secrets/aws_secret_key
|
- AWS_SECRET_KEY_FILE=/run/secrets/aws_secret_key
|
||||||
- DATABASE_PASSWORD_FILE=/run/secrets/db_password
|
- DATABASE_PASSWORD_FILE=/run/secrets/db_password
|
||||||
- FORCE_HTTPS=true
|
- FORCE_HTTPS=true
|
||||||
- OIDC_AUTH_URI
|
- PGSSLMODE=disable
|
||||||
- OIDC_CLIENT_ID
|
|
||||||
- OIDC_CLIENT_SECRET_FILE=/run/secrets/oidc_client_secret
|
|
||||||
- OIDC_DISPLAY_NAME
|
|
||||||
- OIDC_SCOPES
|
|
||||||
- OIDC_TOKEN_URI
|
|
||||||
- OIDC_USERINFO_URI
|
|
||||||
- OIDC_USERNAME_CLAIM
|
|
||||||
- PGSSLMODE=disable
|
|
||||||
- REDIS_URL=redis://${STACK_NAME}_redis:6379
|
- REDIS_URL=redis://${STACK_NAME}_redis:6379
|
||||||
- SECRET_KEY_FILE=/run/secrets/secret_key
|
- SECRET_KEY_FILE=/run/secrets/secret_key
|
||||||
- STACK_NAME
|
- STACK_NAME
|
||||||
|
@ -86,9 +77,6 @@ secrets:
|
||||||
aws_secret_key:
|
aws_secret_key:
|
||||||
name: ${STACK_NAME}_aws_secret_key_${SECRET_AWS_SECRET_KEY_VERSION}
|
name: ${STACK_NAME}_aws_secret_key_${SECRET_AWS_SECRET_KEY_VERSION}
|
||||||
external: true
|
external: true
|
||||||
oidc_client_secret:
|
|
||||||
name: ${STACK_NAME}_oidc_client_secret_${SECRET_OIDC_CLIENT_SECRET_VERSION}
|
|
||||||
external: true
|
|
||||||
db_password:
|
db_password:
|
||||||
name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION}
|
name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION}
|
||||||
external: true
|
external: true
|
||||||
|
|
|
@ -1,7 +1,10 @@
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
|
||||||
export AWS_SECRET_ACCESS_KEY=$(cat /run/secrets/aws_secret_key)
|
export AWS_SECRET_ACCESS_KEY=$(cat /run/secrets/aws_secret_key)
|
||||||
|
{{ if eq (env "OIDC_ENABLED") "1" }}
|
||||||
export OIDC_CLIENT_SECRET=$(cat /run/secrets/oidc_client_secret)
|
export OIDC_CLIENT_SECRET=$(cat /run/secrets/oidc_client_secret)
|
||||||
|
{{ end }}
|
||||||
|
|
||||||
export UTILS_SECRET=$(cat /run/secrets/utils_secret)
|
export UTILS_SECRET=$(cat /run/secrets/utils_secret)
|
||||||
export SECRET_KEY=$(cat /run/secrets/secret_key)
|
export SECRET_KEY=$(cat /run/secrets/secret_key)
|
||||||
export DATABASE_PASSWORD=$(cat /run/secrets/db_password)
|
export DATABASE_PASSWORD=$(cat /run/secrets/db_password)
|
||||||
|
|
Loading…
Reference in New Issue