Add OAuth
This commit is contained in:
parent
dc81610de1
commit
4ef620c887
|
@ -6,3 +6,14 @@ export LETS_ENCRYPT_ENV=production
|
||||||
|
|
||||||
export DB_ROOT_PASSWORD_VERSION=v1
|
export DB_ROOT_PASSWORD_VERSION=v1
|
||||||
export ENTRYPOINT_CONF_VERSION=v1
|
export ENTRYPOINT_CONF_VERSION=v1
|
||||||
|
|
||||||
|
# OAuth
|
||||||
|
|
||||||
|
#export CMD_OAUTH2_PROVIDERNAME="Keycloak"
|
||||||
|
#export CMD_OAUTH2_BASEURL="https://keycloak.example.com/realms/realmname/protocol/openid-connect/"
|
||||||
|
#export CMD_OAUTH2_CLIENT_ID="codimd"
|
||||||
|
#export CMD_OAUTH2_AUTHORIZATION_URL="https://keycloak.example.com/auth/realms/realmname/protocol/openid-connect/auth"
|
||||||
|
#export CMD_OAUTH2_TOKEN_URL="https://keycloak.example.com/auth/realms/realmname/protocol/openid-connect/token"
|
||||||
|
#export CMD_OAUTH2_USER_PROFILE_URL="https://keycloak.example.com/auth/realms/realmname/protocol/openid-connect/userinfo"
|
||||||
|
#
|
||||||
|
#export OAUTH_KEY_VERSION=v1
|
||||||
|
|
13
compose.yml
13
compose.yml
|
@ -26,10 +26,11 @@ services:
|
||||||
- CMD_OAUTH2_PROVIDERNAME
|
- CMD_OAUTH2_PROVIDERNAME
|
||||||
- CMD_OAUTH2_BASEURL
|
- CMD_OAUTH2_BASEURL
|
||||||
- CMD_OAUTH2_CLIENT_ID
|
- CMD_OAUTH2_CLIENT_ID
|
||||||
- CMD_OAUTH2_CLIENT_SECRET
|
- CMD_OAUTH2_CLIENT_SECRET_FILE=/run/secrets/oauth_key
|
||||||
- CMD_OAUTH2_AUTHORIZATION_URL
|
- CMD_OAUTH2_AUTHORIZATION_URL
|
||||||
- CMD_OAUTH2_TOKEN_URL
|
- CMD_OAUTH2_TOKEN_URL
|
||||||
- CMD_OAUTH2_USER_PROFILE_URL
|
- CMD_OAUTH2_USER_PROFILE_URL
|
||||||
|
- CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR
|
||||||
depends_on:
|
depends_on:
|
||||||
- postgres
|
- postgres
|
||||||
networks:
|
networks:
|
||||||
|
@ -39,6 +40,7 @@ services:
|
||||||
- codimd_uploads:/home/hackmd/app/public/uploads
|
- codimd_uploads:/home/hackmd/app/public/uploads
|
||||||
secrets:
|
secrets:
|
||||||
- db_password
|
- db_password
|
||||||
|
- oauth_key
|
||||||
entrypoint: /docker-entrypoint2.sh
|
entrypoint: /docker-entrypoint2.sh
|
||||||
configs:
|
configs:
|
||||||
- source: entrypoint2_conf
|
- source: entrypoint2_conf
|
||||||
|
@ -55,6 +57,12 @@ services:
|
||||||
- "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)"
|
- "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)"
|
||||||
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
||||||
- "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
|
- "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
|
||||||
|
healthcheck:
|
||||||
|
test: ["CMD", "wget", "-qO", "-", "http://localhost:3000"]
|
||||||
|
interval: 30s
|
||||||
|
timeout: 10s
|
||||||
|
retries: 10
|
||||||
|
start_period: 1m
|
||||||
|
|
||||||
volumes:
|
volumes:
|
||||||
postgres:
|
postgres:
|
||||||
|
@ -64,6 +72,9 @@ secrets:
|
||||||
db_password:
|
db_password:
|
||||||
external: true
|
external: true
|
||||||
name: ${STACK_NAME}_db_password_${DB_PASSWORD_VERSION}
|
name: ${STACK_NAME}_db_password_${DB_PASSWORD_VERSION}
|
||||||
|
oauth_key:
|
||||||
|
external: true
|
||||||
|
name: ${STACK_NAME}_oauth_key_${OAUTH_KEY_VERSION}
|
||||||
|
|
||||||
networks:
|
networks:
|
||||||
proxy:
|
proxy:
|
||||||
|
|
|
@ -23,6 +23,7 @@ file_env() {
|
||||||
|
|
||||||
load_vars() {
|
load_vars() {
|
||||||
file_env "CMD_DB_PASSWORD"
|
file_env "CMD_DB_PASSWORD"
|
||||||
|
file_env "CMD_OAUTH2_CLIENT_SECRET"
|
||||||
}
|
}
|
||||||
|
|
||||||
main() {
|
main() {
|
||||||
|
|
Loading…
Reference in New Issue