forked from coop-cloud/outline
make oidc_client_secret config optional
This commit is contained in:
parent
39c98d7d53
commit
8bac424b47
19
.env.sample
19
.env.sample
|
@ -16,7 +16,6 @@ SECRET_DB_PASSWORD_VERSION=v1
|
|||
SECRET_SECRET_KEY_VERSION=v1 # length=64
|
||||
SECRET_UTILS_SECRET_VERSION=v1 # length=64
|
||||
SECRET_AWS_SECRET_KEY_VERSION=v1
|
||||
SECRET_OIDC_CLIENT_SECRET_VERSION=v1
|
||||
|
||||
AWS_ACCESS_KEY_ID=
|
||||
AWS_REGION=
|
||||
|
@ -26,14 +25,6 @@ AWS_S3_UPLOAD_MAX_SIZE=26214400
|
|||
AWS_S3_FORCE_PATH_STYLE=true
|
||||
AWS_S3_ACL=private
|
||||
|
||||
OIDC_CLIENT_ID=
|
||||
OIDC_AUTH_URI=
|
||||
OIDC_TOKEN_URI=
|
||||
OIDC_USERINFO_URI=
|
||||
OIDC_USERNAME_CLAIM=preferred_username
|
||||
OIDC_DISPLAY_NAME="My Cool OpenId Connect Provider"
|
||||
OIDC_SCOPES="openid profile email"
|
||||
|
||||
# –––––––––––––––– OPTIONAL ––––––––––––––––
|
||||
|
||||
TEAM_LOGO=
|
||||
|
@ -76,3 +67,13 @@ ALLOWED_DOMAINS=
|
|||
#SMTP_REPLY_EMAIL=
|
||||
#SMTP_TLS_CIPHERS=
|
||||
#SMTP_SECURE=true
|
||||
|
||||
#OIDC_ENABLED=1
|
||||
#OIDC_CLIENT_ID=
|
||||
#OIDC_AUTH_URI=
|
||||
#OIDC_TOKEN_URI=
|
||||
#OIDC_USERINFO_URI=
|
||||
#OIDC_USERNAME_CLAIM=preferred_username
|
||||
#OIDC_DISPLAY_NAME="My Cool OpenId Connect Provider"
|
||||
#OIDC_SCOPES="openid profile email"
|
||||
#SECRET_OIDC_CLIENT_SECRET_VERSION=v1
|
||||
|
|
|
@ -0,0 +1,22 @@
|
|||
---
|
||||
version: "3.8"
|
||||
|
||||
services:
|
||||
app:
|
||||
secrets:
|
||||
- oidc_client_secret
|
||||
environment:
|
||||
- OIDC_ENABLED
|
||||
- OIDC_AUTH_URI
|
||||
- OIDC_CLIENT_ID
|
||||
- OIDC_CLIENT_SECRET_FILE=/run/secrets/oidc_client_secret
|
||||
- OIDC_DISPLAY_NAME
|
||||
- OIDC_SCOPES
|
||||
- OIDC_TOKEN_URI
|
||||
- OIDC_USERINFO_URI
|
||||
- OIDC_USERNAME_CLAIM
|
||||
|
||||
secrets:
|
||||
oidc_client_secret:
|
||||
name: ${STACK_NAME}_oidc_client_secret_${SECRET_OIDC_CLIENT_SECRET_VERSION}
|
||||
external: true
|
14
compose.yml
14
compose.yml
|
@ -10,7 +10,6 @@ services:
|
|||
secrets:
|
||||
- aws_secret_key
|
||||
- db_password
|
||||
- oidc_client_secret
|
||||
- secret_key
|
||||
- utils_secret
|
||||
configs:
|
||||
|
@ -29,15 +28,7 @@ services:
|
|||
- AWS_SECRET_KEY_FILE=/run/secrets/aws_secret_key
|
||||
- DATABASE_PASSWORD_FILE=/run/secrets/db_password
|
||||
- FORCE_HTTPS=true
|
||||
- OIDC_AUTH_URI
|
||||
- OIDC_CLIENT_ID
|
||||
- OIDC_CLIENT_SECRET_FILE=/run/secrets/oidc_client_secret
|
||||
- OIDC_DISPLAY_NAME
|
||||
- OIDC_SCOPES
|
||||
- OIDC_TOKEN_URI
|
||||
- OIDC_USERINFO_URI
|
||||
- OIDC_USERNAME_CLAIM
|
||||
- PGSSLMODE=disable
|
||||
- PGSSLMODE=disable
|
||||
- REDIS_URL=redis://${STACK_NAME}_redis:6379
|
||||
- SECRET_KEY_FILE=/run/secrets/secret_key
|
||||
- STACK_NAME
|
||||
|
@ -86,9 +77,6 @@ secrets:
|
|||
aws_secret_key:
|
||||
name: ${STACK_NAME}_aws_secret_key_${SECRET_AWS_SECRET_KEY_VERSION}
|
||||
external: true
|
||||
oidc_client_secret:
|
||||
name: ${STACK_NAME}_oidc_client_secret_${SECRET_OIDC_CLIENT_SECRET_VERSION}
|
||||
external: true
|
||||
db_password:
|
||||
name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION}
|
||||
external: true
|
||||
|
|
|
@ -1,7 +1,10 @@
|
|||
#!/bin/sh
|
||||
|
||||
export AWS_SECRET_ACCESS_KEY=$(cat /run/secrets/aws_secret_key)
|
||||
{{ if eq (env "OIDC_ENABLED") "1" }}
|
||||
export OIDC_CLIENT_SECRET=$(cat /run/secrets/oidc_client_secret)
|
||||
{{ end }}
|
||||
|
||||
export UTILS_SECRET=$(cat /run/secrets/utils_secret)
|
||||
export SECRET_KEY=$(cat /run/secrets/secret_key)
|
||||
export DATABASE_PASSWORD=$(cat /run/secrets/db_password)
|
||||
|
|
Loading…
Reference in New Issue