Add OAuth
This commit is contained in:
parent
dc81610de1
commit
4ef620c887
|
@ -6,3 +6,14 @@ export LETS_ENCRYPT_ENV=production
|
|||
|
||||
export DB_ROOT_PASSWORD_VERSION=v1
|
||||
export ENTRYPOINT_CONF_VERSION=v1
|
||||
|
||||
# OAuth
|
||||
|
||||
#export CMD_OAUTH2_PROVIDERNAME="Keycloak"
|
||||
#export CMD_OAUTH2_BASEURL="https://keycloak.example.com/realms/realmname/protocol/openid-connect/"
|
||||
#export CMD_OAUTH2_CLIENT_ID="codimd"
|
||||
#export CMD_OAUTH2_AUTHORIZATION_URL="https://keycloak.example.com/auth/realms/realmname/protocol/openid-connect/auth"
|
||||
#export CMD_OAUTH2_TOKEN_URL="https://keycloak.example.com/auth/realms/realmname/protocol/openid-connect/token"
|
||||
#export CMD_OAUTH2_USER_PROFILE_URL="https://keycloak.example.com/auth/realms/realmname/protocol/openid-connect/userinfo"
|
||||
#
|
||||
#export OAUTH_KEY_VERSION=v1
|
||||
|
|
13
compose.yml
13
compose.yml
|
@ -26,10 +26,11 @@ services:
|
|||
- CMD_OAUTH2_PROVIDERNAME
|
||||
- CMD_OAUTH2_BASEURL
|
||||
- CMD_OAUTH2_CLIENT_ID
|
||||
- CMD_OAUTH2_CLIENT_SECRET
|
||||
- CMD_OAUTH2_CLIENT_SECRET_FILE=/run/secrets/oauth_key
|
||||
- CMD_OAUTH2_AUTHORIZATION_URL
|
||||
- CMD_OAUTH2_TOKEN_URL
|
||||
- CMD_OAUTH2_USER_PROFILE_URL
|
||||
- CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR
|
||||
depends_on:
|
||||
- postgres
|
||||
networks:
|
||||
|
@ -39,6 +40,7 @@ services:
|
|||
- codimd_uploads:/home/hackmd/app/public/uploads
|
||||
secrets:
|
||||
- db_password
|
||||
- oauth_key
|
||||
entrypoint: /docker-entrypoint2.sh
|
||||
configs:
|
||||
- source: entrypoint2_conf
|
||||
|
@ -55,6 +57,12 @@ services:
|
|||
- "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)"
|
||||
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
||||
- "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
|
||||
healthcheck:
|
||||
test: ["CMD", "wget", "-qO", "-", "http://localhost:3000"]
|
||||
interval: 30s
|
||||
timeout: 10s
|
||||
retries: 10
|
||||
start_period: 1m
|
||||
|
||||
volumes:
|
||||
postgres:
|
||||
|
@ -64,6 +72,9 @@ secrets:
|
|||
db_password:
|
||||
external: true
|
||||
name: ${STACK_NAME}_db_password_${DB_PASSWORD_VERSION}
|
||||
oauth_key:
|
||||
external: true
|
||||
name: ${STACK_NAME}_oauth_key_${OAUTH_KEY_VERSION}
|
||||
|
||||
networks:
|
||||
proxy:
|
||||
|
|
|
@ -23,6 +23,7 @@ file_env() {
|
|||
|
||||
load_vars() {
|
||||
file_env "CMD_DB_PASSWORD"
|
||||
file_env "CMD_OAUTH2_CLIENT_SECRET"
|
||||
}
|
||||
|
||||
main() {
|
||||
|
|
Loading…
Reference in New Issue