coop-cloud/element-web
1
0
Fork 1
generated from coop-cloud/example
Code Issues 1 Pull Requests 2 Projects Releases Wiki Activity

only use sso redirection if sso is enabled #2

Open
moosemower wants to merge 1 commits from moosemower/element-web:use-sso into main
pull from: moosemower/element-web:use-sso
merge into: coop-cloud:main
Conversation 3 Commits 1 Files Changed 4 +5 -2
moosemower commented 2026-03-01 02:11:06 +00:00
Owner
Copy Link

Had to do this to get element-web working on my SSO-less instance

Had to do this to get element-web working on my SSO-less instance
moosemower added 1 commit 2026-03-01 02:11:07 +00:00
only use sso redirection if sso is enabled
Some checks reported errors
continuous-integration/drone/pr Build encountered an error
Details
7875013844
moosemower requested review from carla 2026-03-01 02:12:17 +00:00
decentral1se reviewed 2026-03-01 08:26:45 +00:00
decentral1se left a comment
Owner
Copy Link

Great that to have this support non-SSO installs 🍊

Great that to have this support non-SSO installs 🍊
config.json.tmpl Outdated
@ -7,3 +7,3 @@
},
"sso_redirect_options": {
"immediate": true
"immediate": {{ env "USE_SSO" }}
decentral1se commented 2026-03-01 08:26:06 +00:00
Owner
Copy Link

Thanks @moosemower 👏

If you run abra app run <app> app bash and then env | grep -i sso, do you see a value? I believe this is evaluating to false or some "non-truthy" value because it is not threaded through via the env configuration?

It's not present in the .env.sample: https://git.coopcloud.tech/coop-cloud/element-web/src/branch/main/.env.sample (#USE_SOO=)

And that needs to be threaded through into the container 👇

compose.yml Lines 8 to 10 in bb930287ed
- DOMAIN
- HOMESERVER
- SERVER_NAME

Then other operators can then customise the value. I believe to maintain backwards compatibility, you should set it to USE_SSO=${USE_SSO:-true} to ensure that operators who don't update their .env file will not have a broken upgrade. See below for more examples 👇

compose.yml Lines 78 to 83 in 8b7ed8142e
- PHP_MEMORY_LIMIT=${PHP_MEMORY_LIMIT:-1G}
- PHP_UPLOAD_LIMIT=${PHP_UPLOAD_LIMIT:-512M}
- FPM_MAX_CHILDREN=${FPM_MAX_CHILDREN:-131}
- FPM_START_SERVERS=${FPM_START_SERVERS:-32}
- FPM_MIN_SPARE_SERVERS=${FPM_MIN_SPARE_SERVERS:-32}
- FPM_MAX_SPARE_SERVERS=${FPM_MAX_SPARE_SERVERS:-98}

We wanted to document this slightly involved environment updating dance over on https://docs.coopcloud.tech/maintainers/upgrade/#backwards-compatible-environment-variable-changes but didn't get around to it 🙃 Docs patches welcome!

Thanks @moosemower 👏 If you run `abra app run <app> app bash` and then `env | grep -i sso`, do you see a value? I believe this is evaluating to `false` or some "non-truthy" value because it is not threaded through via the env configuration? It's not present in the `.env.sample`: https://git.coopcloud.tech/coop-cloud/element-web/src/branch/main/.env.sample (`#USE_SOO=`) And that needs to be threaded through into the container 👇 https://git.coopcloud.tech/coop-cloud/element-web/src/commit/bb930287ed89efbfc2f0822cf4393b8f3a92cc5a/compose.yml#L8-L10 Then other operators can then customise the value. I believe to maintain backwards compatibility, you should set it to `USE_SSO=${USE_SSO:-true}` to ensure that operators who don't update their `.env` file will not have a broken upgrade. See below for more examples 👇 https://git.coopcloud.tech/coop-cloud/nextcloud/src/commit/8b7ed8142e6a492fb107141a163bbec1107bb979/compose.yml#L78-L83 We wanted to document this slightly involved environment updating dance over on https://docs.coopcloud.tech/maintainers/upgrade/#backwards-compatible-environment-variable-changes but didn't get around to it 🙃 Docs patches welcome!
moosemower commented 2026-03-20 01:45:50 +00:00
Author
Owner
Copy Link

Oooh, good catch! Indeed, deploying a new element-web with my changes,

$ abra app run element-web.moose.garden app sh
/ $ env | grep -i sso
/ $

No SSO variables in there! Derp. Including my .env.sample changes in an amended commit.

Also, now that I plumb in environment: USE_SSO=${USE_SSO:-true} I get USE_SSO=true by default in the container's env, even if I don't set that variable to anything. Thanks for the tip! I won't promise a doc patch but I would like to :)

Changes to my commit:

  • plumbed in USE_SSO to compose.yml
  • default that var to true if not set for compat
  • add it to .env.sample
Oooh, good catch! Indeed, deploying a new element-web with my changes, ``` $ abra app run element-web.moose.garden app sh / $ env | grep -i sso / $ ``` No SSO variables in there! Derp. Including my .env.sample changes in an amended commit. Also, now that I plumb in `environment: USE_SSO=${USE_SSO:-true}` I get USE_SSO=true by default in the container's env, even if I don't set that variable to anything. Thanks for the tip! I won't promise a doc patch but I would like to :) ---- Changes to my commit: - plumbed in USE_SSO to compose.yml - default that var to `true` if not set for compat - add it to .env.sample
decentral1se commented 2026-03-23 14:18:39 +00:00
Owner
Copy Link

Great, thanks for the update!

Great, thanks for the update!
decentral1se marked this conversation as resolved
moosemower force-pushed use-sso from 7875013844 to b9c7d54db8 2026-03-20 01:44:51 +00:00 Compare
moosemower removed review request for carla 2026-03-20 01:46:25 +00:00
moosemower requested review from carla 2026-03-21 04:47:41 +00:00
carla commented 2026-03-23 13:38:01 +00:00
Owner
Copy Link

maybe @decentral1se should review it as you were already in the loop? :)

maybe @decentral1se should review it as you were already in the loop? :)
👍 1
decentral1se commented 2026-03-23 14:38:50 +00:00
Owner
Copy Link

Sorry, maybe super annoying @moosemower but this is kind of a strange change after all that it sets the env var to both true and false by default 😅 It's fully backwards compatible but now it's confusing 🙃 Typically, a recipe will have the SSO feature as an add-on instead of the default. So, we're kind of in this problem due to that past decision (that I probably made? 😆). I actually would not be against making a breaking major recipe version release to set the USE_SSO to false in all cases unless you enable it as operator?

Sorry, maybe super annoying @moosemower but this is kind of a strange change after all that it sets the env var to both `true` and `false` by default 😅 It's fully backwards compatible but now it's confusing 🙃 Typically, a recipe will have the SSO feature as an add-on instead of the default. So, we're kind of in this problem due to that past decision (that I probably made? 😆). I actually would not be against making a breaking major recipe version release to set the `USE_SSO` to `false` in all cases unless you enable it as operator?
Some checks reported errors
continuous-integration/drone/pr Build encountered an error
Details
This pull request can be merged automatically.
This branch is out-of-date with the base branch
You are not authorized to merge this pull request.
View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.
git fetch -u use-sso:moosemower-use-sso
git checkout moosemower-use-sso
Sign in to join this conversation.
Reviewers
No Reviewers
carla
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
3wordchant aadil abra-bot ammaratef45 Apfelwurm appletalk arjan basebuilder Brooke carla cas codegod100 coopcloud cyrnel decentral1se devydave fauno flancian Frando iexos jade javielico jjsfunhouse jmakdah2 joe-irving kawaiipunk knoflook kolaente lambdabundesverband linnealovespie marlon mayel mirsal moosemower moritz nicksellen notplants p4u1 pau pharaohgraphy PhiNatalie renovate-bot ripclap rix rscmbbng sef simon sixsmith stevensting tobias trav val vaznasty virtualboys wolcen wykwit xynosis yksflip
No Assignees
3 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: coop-cloud/element-web#2
No description provided.
Delete Branch "moosemower/element-web:use-sso"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?