spell fixes and disable email password secret
This commit is contained in:
21
.env.sample
21
.env.sample
@ -13,7 +13,7 @@ LETS_ENCRYPT_ENV=production
|
||||
SECRET_MINIO_ROOT_PASSWORD_VERSION=v1
|
||||
SECRET_COLLABORATION_SERVER_SECRET_VERSION=v1
|
||||
SECRET_POSTGRES_PASSWORD_VERSION=v1
|
||||
SECRET_AWS_S3_SECRET_KEY_VERSION=v1
|
||||
SECRET_AWS_S3_SECRET_ACCESS_KEY_VERSION=v1
|
||||
SECRET_OIDC_RP_CLIENT_SECRET_VERSION=v1
|
||||
SECRET_DJANGO_SECRET_KEY_VERSION=v1
|
||||
SECRET_DJANGO_SUPERUSER_PASSWORD_VERSION=v1
|
||||
@ -35,18 +35,23 @@ DJANGO_EMAIL_PORT=1025
|
||||
# SINGLE SIGN ON
|
||||
##############################################################################
|
||||
# NOTE: OpenID Connect (OIDC) single sign-on is **required**, see recipe README
|
||||
OIDC_OP_JWKS_ENDPOINT=https://auth.${DOMAIN}/realms/impress/protocol/openid-connect/certs
|
||||
OIDC_OP_AUTHORIZATION_ENDPOINT=https://auth.${DOMAIN}/realms/impress/protocol/openid-connect/auth
|
||||
OIDC_OP_TOKEN_ENDPOINT=https://auth.${DOMAIN}/realms/impress/protocol/openid-connect/token
|
||||
OIDC_OP_USER_ENDPOINT=https://auth.${DOMAIN}/realms/impress/protocol/openid-connect/userinfo
|
||||
OIDC_RP_CLIENT_ID=impress
|
||||
## Set those according to your needs
|
||||
OIDC_RP_CLIENT_ID=docs
|
||||
REALM_NAME=
|
||||
SSO_DOMAIN=
|
||||
|
||||
## These can probably be left as-is
|
||||
OIDC_OP_JWKS_ENDPOINT=https://${SSO_DOMAIN}/realms/${REALM_NAME}/protocol/openid-connect/certs
|
||||
OIDC_OP_AUTHORIZATION_ENDPOINT=https://${SSO_DOMAIN}/realms/${REALM_NAME}/protocol/openid-connect/auth
|
||||
OIDC_OP_TOKEN_ENDPOINT=https://${SSO_DOMAIN}/realms/${REALM_NAME}/protocol/openid-connect/token
|
||||
OIDC_OP_USER_ENDPOINT=https://${SSO_DOMAIN}/realms/${REALM_NAME}/protocol/openid-connect/userinfo
|
||||
OIDC_RP_SIGN_ALGO=RS256
|
||||
OIDC_RP_SCOPES="openid email"
|
||||
LOGIN_REDIRECT_URL=https://${DOMAIN}
|
||||
LOGIN_REDIRECT_URL_FAILURE=https://${DOMAIN}
|
||||
LOGOUT_REDIRECT_URL=https://${DOMAIN}
|
||||
OIDC_REDIRECT_ALLOWED_HOSTS='["https://auth.${DOMAIN}", "https://${DOMAIN}"]'
|
||||
OIDC_AUTH_REQUEST_EXTRA_PARAMS="{'acr_values'='eidas1'}"
|
||||
OIDC_REDIRECT_ALLOWED_HOSTS='["https://id.docs.coop", "https://${DOMAIN}"]'
|
||||
#OIDC_AUTH_REQUEST_EXTRA_PARAMS="{'acr_values'='eidas1'}"
|
||||
|
||||
##############################################################################
|
||||
# LOGGING
|
||||
|
||||
27
compose.yml
27
compose.yml
@ -21,7 +21,8 @@ x-common-env: &common-env
|
||||
DJANGO_EMAIL_LOGO_IMG:
|
||||
DJANGO_EMAIL_PORT:
|
||||
DJANGO_EMAIL_HOST_USER:
|
||||
DJANGO_EMAIL_HOST_PASSWORD_FILE: /run/secrets/django_email_host_password
|
||||
DJANGO_EMAIL_HOST_PASSWORD_FILE:
|
||||
# /run/secrets/django_email_host_password
|
||||
# Backend url
|
||||
IMPRESS_BASE_URL: "https://${DOMAIN}"
|
||||
# Media
|
||||
@ -100,11 +101,11 @@ services:
|
||||
secrets:
|
||||
- collaboration_server_secret
|
||||
- postgres_password
|
||||
- aws_s3_secret_key
|
||||
- aws_s3_secret_access_key
|
||||
- oidc_rp_client_secret
|
||||
- django_secret_key
|
||||
- django_superuser_password
|
||||
- django_email_host_password
|
||||
#- django_email_host_password
|
||||
healthcheck:
|
||||
test: ["CMD", "python", "manage.py", "check"]
|
||||
interval: 15s
|
||||
@ -123,10 +124,10 @@ services:
|
||||
- collaboration_server_secret
|
||||
- django_superuser_password
|
||||
- postgres_password
|
||||
- aws_s3_secret_key
|
||||
- aws_s3_secret_access_key
|
||||
- oidc_rp_client_secret
|
||||
- django_secret_key
|
||||
- django_email_host_password
|
||||
#- django_email_host_password
|
||||
|
||||
y-provider:
|
||||
image: lasuite/impress-y-provider:v3.6.0
|
||||
@ -151,6 +152,8 @@ services:
|
||||
PGDATA: var/lib/postgresql/data/pgdata
|
||||
volumes:
|
||||
- postgres:/var/lib/postgresql/data/pgdata
|
||||
secrets:
|
||||
- postgres_password
|
||||
deploy:
|
||||
labels:
|
||||
backupbot.backup: "${ENABLE_BACKUPS:-true}"
|
||||
@ -169,7 +172,7 @@ services:
|
||||
|
||||
minio-bootstrap:
|
||||
# NOTE: Not started by default, only run with a manual `abra app restart` / `docker service scale`
|
||||
image: minio/mc:RELEASE.2025-09-07T16-13-09Z
|
||||
image: minio/mc:RELEASE.2025-08-13T08-35-41Z
|
||||
environment:
|
||||
- MINIO_ROOT_USER=minio
|
||||
- MINIO_ROOT_PASSWORD_FILE=/run/secrets/minio_root_password
|
||||
@ -184,7 +187,7 @@ services:
|
||||
condition: none
|
||||
|
||||
minio:
|
||||
image: minio/minio:RELEASE.RELEASE.2025-09-07T16-13-09Z
|
||||
image: minio/minio:RELEASE.2025-09-07T16-13-09Z
|
||||
environment:
|
||||
- MINIO_ROOT_USER=minio
|
||||
- MINIO_ROOT_PASSWORD_FILE=/run/secrets/minio_root_password
|
||||
@ -272,8 +275,8 @@ secrets:
|
||||
postgres_password:
|
||||
name: ${STACK_NAME}_postgres_password_${SECRET_POSTGRES_PASSWORD_VERSION}
|
||||
external: true
|
||||
aws_s3_secret_key:
|
||||
name: ${STACK_NAME}_aws_s3_secret_key_${SECRET_AWS_S3_SECRET_KEY_VERSION}
|
||||
aws_s3_secret_access_key:
|
||||
name: ${STACK_NAME}_aws_s3_secret_access_key_${SECRET_AWS_S3_SECRET_ACCESS_KEY_VERSION}
|
||||
external: true
|
||||
oidc_rp_client_secret:
|
||||
name: ${STACK_NAME}_oidc_rp_client_secret_${SECRET_OIDC_RP_CLIENT_SECRET_VERSION}
|
||||
@ -284,6 +287,6 @@ secrets:
|
||||
django_superuser_password:
|
||||
name: ${STACK_NAME}_django_superuser_password_${SECRET_DJANGO_SUPERUSER_PASSWORD_VERSION}
|
||||
external: true
|
||||
django_email_host_password:
|
||||
name: ${STACK_NAME}_django_email_host_passsword_${SECRET_DJANGO_EMAIL_HOST_PASSWORD_VERSION}
|
||||
external: true
|
||||
# django_email_host_password:
|
||||
# name: ${STACK_NAME}_django_email_host_passsword_${SECRET_DJANGO_EMAIL_HOST_PASSWORD_VERSION}
|
||||
# external: true
|
||||
|
||||
Reference in New Issue
Block a user