Compare commits
7 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| b4d1ac9a2d | |||
| e475f066d2 | |||
| 126bec5ef7 | |||
| 0d7f132f22 | |||
| c5e33cf8bf | |||
| 3c818aaf6d | |||
| 5b1366eb7b |
33
.env.sample
33
.env.sample
@ -1,7 +1,6 @@
|
|||||||
SECRET_DB_PASSWORD_VERSION=v1
|
SECRET_DB_PASSWORD_VERSION=v1
|
||||||
SECRET_ADMIN_PASSWORD_VERSION=v1
|
SECRET_ADMIN_PASSWORD_VERSION=v1
|
||||||
SECRET_SIGNING_SECRET_VERSION=v1
|
SECRET_SIGNING_SECRET_VERSION=v1
|
||||||
SECRET_SMTP_PASSWORD_VERSION=v1
|
|
||||||
|
|
||||||
TYPE=directus
|
TYPE=directus
|
||||||
|
|
||||||
@ -14,14 +13,40 @@ DOMAIN=directus.example.com
|
|||||||
|
|
||||||
LETS_ENCRYPT_ENV=production
|
LETS_ENCRYPT_ENV=production
|
||||||
|
|
||||||
|
COMPOSE_FILE="compose.yml"
|
||||||
|
|
||||||
ENABLE_BACKUPS=true
|
ENABLE_BACKUPS=true
|
||||||
|
|
||||||
ADMIN_EMAIL=mail@example.com
|
ADMIN_EMAIL=mail@example.com
|
||||||
|
|
||||||
# if you don't use smtp, sendmail is used
|
# if you don't use smtp, sendmail is used
|
||||||
# EMAIL_TRANSPORT=smtp
|
# COMPOSE_FILE="$COMPOSE_FILE:compose.smtp.yml"
|
||||||
#EMAIL_FROM=noreply@example.com
|
# SECRET_SMTP_PASSWORD_VERSION=v1
|
||||||
|
# EMAIL_FROM=noreply@example.com
|
||||||
# EMAIL_SMTP_USER=
|
# EMAIL_SMTP_USER=
|
||||||
# EMAIL_SMTP_HOST=mailhost.com
|
# EMAIL_SMTP_HOST=mailhost.com
|
||||||
# EMAIL_SMTP_PORT=465
|
# EMAIL_SMTP_PORT=465
|
||||||
# EMAIL_SMTP_SECURE=true
|
# EMAIL_SMTP_SECURE=true
|
||||||
|
|
||||||
|
|
||||||
|
## SSO (via OpenId)
|
||||||
|
|
||||||
|
# Details about env-vars, the once below are necessary, others can be used as well:
|
||||||
|
# https://directus.io/docs/configuration/auth-sso#openid-connect
|
||||||
|
|
||||||
|
#COMPOSE_FILE="$COMPOSE_FILE:compose.oidc.yml"
|
||||||
|
#SECRET_OIDC_SECRET_VERSION=v1
|
||||||
|
|
||||||
|
#AUTH_DISABLE_DEFAULT="false"
|
||||||
|
#AUTH_SSO_LABEL="Single-Sign On"
|
||||||
|
#AUTH_SSO_CLIENT_ID="<your-client-id>"
|
||||||
|
#AUTH_SSO_ISSUER_URL="<your-.wellknown-issuer-url"
|
||||||
|
#AUTH_SSO_ALLOW_PUBLIC_REGISTRATION="true"
|
||||||
|
#AUTH_SSO_DEFAULT_ROLE_ID="<UUID-of-a-user-role>"
|
||||||
|
#AUTH_SSO_SYNC_USER_INFO="true"
|
||||||
|
#AUTH_SSO_SCOPE="openid profile email"
|
||||||
|
#AUTH_SSO_ROLE_MAPPING='json:{"sso_role1": "directus-role-uuid","sso_role2": "directus-role-uuid"}'
|
||||||
|
|
||||||
|
# https://directus.io/docs/configuration/auth-sso
|
||||||
|
# if you need more/other provider(s), consult docs on how to override compose.yml:
|
||||||
|
# https://docs.coopcloud.tech/operators/handbook/#how-can-i-modifyoverride-the-composeyml-file
|
||||||
|
|||||||
2
abra.sh
2
abra.sh
@ -1,6 +1,6 @@
|
|||||||
# Set any config versions here
|
# Set any config versions here
|
||||||
# Docs: https://docs.coopcloud.tech/maintainers/handbook/#manage-configs
|
# Docs: https://docs.coopcloud.tech/maintainers/handbook/#manage-configs
|
||||||
export DIRECTUS_ENTRYPOINT_VERSION=v3
|
export DIRECTUS_ENTRYPOINT_VERSION=v4
|
||||||
export PG_BACKUP_VERSION=v1
|
export PG_BACKUP_VERSION=v1
|
||||||
|
|
||||||
# essentially a wrapper for directus-template-cli apply:
|
# essentially a wrapper for directus-template-cli apply:
|
||||||
|
|||||||
31
compose.oidc.yml
Normal file
31
compose.oidc.yml
Normal file
@ -0,0 +1,31 @@
|
|||||||
|
---
|
||||||
|
services:
|
||||||
|
app:
|
||||||
|
environment:
|
||||||
|
AUTH_PROVIDERS: "sso"
|
||||||
|
AUTH_DISABLE_DEFAULT: "${AUTH_DISABLE_DEFAULT:-false}"
|
||||||
|
AUTH_SSO_DRIVER: "openid"
|
||||||
|
AUTH_SSO_CLIENT_ID: ${AUTH_SSO_CLIENT_ID}
|
||||||
|
AUTH_SSO_CLIENT_SECRET_FILE: /run/secrets/oidc_secret
|
||||||
|
AUTH_SSO_ISSUER_URL: ${AUTH_SSO_ISSUER_URL}
|
||||||
|
AUTH_SSO_SCOPE: ${AUTH_SSO_SCOPE:-"openid profile email"}
|
||||||
|
AUTH_SSO_IDENTIFIER_KEY: ${AUTH_SSO_IDENTIFIER_KEY}
|
||||||
|
AUTH_SSO_ALLOW_PUBLIC_REGISTRATION: ${AUTH_SSO_ALLOW_PUBLIC_REGISTRATION:-false}
|
||||||
|
AUTH_SSO_REQUIRE_VERIFIED_EMAIL: ${AUTH_SSO_REQUIRE_VERIFIED_EMAIL:-false}
|
||||||
|
AUTH_SSO_DEFAULT_ROLE_ID: ${AUTH_SSO_DEFAULT_ROLE_ID}
|
||||||
|
AUTH_SSO_SYNC_USER_INFO: ${AUTH_SSO_SYNC_USER_INFO:-true}
|
||||||
|
AUTH_SSO_ROLE_MAPPING: ${AUTH_SSO_ROLE_MAPPING}
|
||||||
|
AUTH_SSO_GROUP_CLAIM_NAME: ${AUTH_SSO_GROUP_CLAIM_NAME:-groups}
|
||||||
|
AUTH_SSO_ICON: ${AUTH_SSO_ICON:-account_circle}
|
||||||
|
AUTH_SSO_LABEL: ${AUTH_SSO_LABEL:-"Single Sign On"}
|
||||||
|
AUTH_SSO_PARAMS: ${AUTH_SSO_PARAMS:-{}}
|
||||||
|
AUTH_SSO_REDIRECT_ALLOW_LIST: ${AUTH_SSO_REDIRECT_ALLOW_LIST}
|
||||||
|
|
||||||
|
secrets:
|
||||||
|
- oidc_secret
|
||||||
|
|
||||||
|
secrets:
|
||||||
|
oidc_secret:
|
||||||
|
name: ${STACK_NAME}_oidc_secret_${SECRET_OIDC_SECRET_VERSION}
|
||||||
|
external: true
|
||||||
|
|
||||||
20
compose.smtp.yml
Normal file
20
compose.smtp.yml
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
---
|
||||||
|
services:
|
||||||
|
app:
|
||||||
|
environment:
|
||||||
|
EMAIL_TRANSPORT: "smtp"
|
||||||
|
EMAIL_FROM: ${EMAIL_FROM}
|
||||||
|
EMAIL_SMTP_USER: ${EMAIL_SMTP_USER}
|
||||||
|
EMAIL_SMTP_HOST: ${EMAIL_SMTP_HOST}
|
||||||
|
EMAIL_SMTP_PORT: ${EMAIL_SMTP_PORT:-465}
|
||||||
|
EMAIL_SMTP_SECURE: ${EMAIL_SMTP_SECURE:-true}
|
||||||
|
EMAIL_SMTP_PASSWORD_FILE: /run/secrets/smtp_password
|
||||||
|
|
||||||
|
secrets:
|
||||||
|
- smtp_password
|
||||||
|
|
||||||
|
secrets:
|
||||||
|
smtp_password:
|
||||||
|
name: ${STACK_NAME}_smtp_password_${SECRET_SMTP_PASSWORD_VERSION}
|
||||||
|
external: true
|
||||||
|
|
||||||
13
compose.yml
13
compose.yml
@ -24,13 +24,6 @@ services:
|
|||||||
|
|
||||||
PUBLIC_URL: https://${DOMAIN}
|
PUBLIC_URL: https://${DOMAIN}
|
||||||
|
|
||||||
EMAIL_TRANSPORT: ${EMAIL_TRANSPORT}
|
|
||||||
EMAIL_FROM: ${EMAIL_FROM}
|
|
||||||
EMAIL_SMTP_USER: ${EMAIL_SMTP_USER}
|
|
||||||
EMAIL_SMTP_HOST: ${EMAIL_SMTP_HOST}
|
|
||||||
EMAIL_SMTP_PORT: ${EMAIL_SMTP_PORT}
|
|
||||||
EMAIL_SMTP_SECURE: ${EMAIL_SMTP_SECURE}
|
|
||||||
|
|
||||||
networks:
|
networks:
|
||||||
- proxy
|
- proxy
|
||||||
- internal
|
- internal
|
||||||
@ -54,7 +47,6 @@ services:
|
|||||||
- db_password
|
- db_password
|
||||||
- admin_password
|
- admin_password
|
||||||
- signing_secret
|
- signing_secret
|
||||||
- smtp_password
|
|
||||||
|
|
||||||
deploy:
|
deploy:
|
||||||
restart_policy:
|
restart_policy:
|
||||||
@ -70,7 +62,7 @@ services:
|
|||||||
## Redirect HTTP to HTTPS
|
## Redirect HTTP to HTTPS
|
||||||
- "traefik.http.middlewares.${STACK_NAME}-redirect.redirectscheme.scheme=https"
|
- "traefik.http.middlewares.${STACK_NAME}-redirect.redirectscheme.scheme=https"
|
||||||
- "traefik.http.middlewares.${STACK_NAME}-redirect.redirectscheme.permanent=true"
|
- "traefik.http.middlewares.${STACK_NAME}-redirect.redirectscheme.permanent=true"
|
||||||
- "coop-cloud.${STACK_NAME}.version=0.2.0+11"
|
- "coop-cloud.${STACK_NAME}.version=0.4.1+11"
|
||||||
|
|
||||||
healthcheck:
|
healthcheck:
|
||||||
test: ["CMD-SHELL", "wget -qO- http://0.0.0.0:8055/server/health | grep -q '\"status\":\"ok\"'"]
|
test: ["CMD-SHELL", "wget -qO- http://0.0.0.0:8055/server/health | grep -q '\"status\":\"ok\"'"]
|
||||||
@ -143,9 +135,6 @@ secrets:
|
|||||||
signing_secret:
|
signing_secret:
|
||||||
name: ${STACK_NAME}_signing_secret_${SECRET_SIGNING_SECRET_VERSION}
|
name: ${STACK_NAME}_signing_secret_${SECRET_SIGNING_SECRET_VERSION}
|
||||||
external: true
|
external: true
|
||||||
smtp_password:
|
|
||||||
name: ${STACK_NAME}_smtp_password_${SECRET_SMTP_PASSWORD_VERSION}
|
|
||||||
external: true
|
|
||||||
|
|
||||||
configs:
|
configs:
|
||||||
directus_entrypoint:
|
directus_entrypoint:
|
||||||
|
|||||||
@ -14,8 +14,7 @@ load_secret() {
|
|||||||
fi
|
fi
|
||||||
export "$env_var"="$value"
|
export "$env_var"="$value"
|
||||||
else
|
else
|
||||||
echo >&2 "error: $secret_file does not exist"
|
echo >&2 "info: $secret_file does not exist, if you don't use the secret it shouldn't be a problem"
|
||||||
exit 1
|
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -23,6 +22,7 @@ load_secret "DB_PASSWORD" "/run/secrets/db_password"
|
|||||||
load_secret "ADMIN_PASSWORD" "/run/secrets/admin_password"
|
load_secret "ADMIN_PASSWORD" "/run/secrets/admin_password"
|
||||||
load_secret "SIGNING_SECRET" "/run/secrets/signing_secret"
|
load_secret "SIGNING_SECRET" "/run/secrets/signing_secret"
|
||||||
load_secret "EMAIL_SMTP_PASSWORD" "/run/secrets/smtp_password"
|
load_secret "EMAIL_SMTP_PASSWORD" "/run/secrets/smtp_password"
|
||||||
|
load_secret "OIDC_SECRET" "/run/secrets/oidc_secret"
|
||||||
|
|
||||||
# upstream has no entrypoint https://github.com/directus/directus/blob/main/Dockerfile
|
# upstream has no entrypoint https://github.com/directus/directus/blob/main/Dockerfile
|
||||||
node cli.js bootstrap && pm2-runtime start ecosystem.config.cjs
|
node cli.js bootstrap && pm2-runtime start ecosystem.config.cjs
|
||||||
1
release/0.3.0+11
Normal file
1
release/0.3.0+11
Normal file
@ -0,0 +1 @@
|
|||||||
|
added sso and smtp, two secrets are now optional
|
||||||
1
release/0.3.1+11
Normal file
1
release/0.3.1+11
Normal file
@ -0,0 +1 @@
|
|||||||
|
added example env for sso
|
||||||
1
release/0.4.0+11
Normal file
1
release/0.4.0+11
Normal file
@ -0,0 +1 @@
|
|||||||
|
compare release notes of 0.3.0 – some recipe upgrading issues
|
||||||
1
release/0.4.1+11
Normal file
1
release/0.4.1+11
Normal file
@ -0,0 +1 @@
|
|||||||
|
syntax error in oidc compose when using role_mapping
|
||||||
Reference in New Issue
Block a user