From 54acd65edd5f539ce10e88eb68c29805175bee04 Mon Sep 17 00:00:00 2001 From: notplants Date: Thu, 6 Nov 2025 12:46:06 -0500 Subject: [PATCH] working before secret shortening --- .env.sample | 13 ++++++++----- compose.yml | 2 ++ 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/.env.sample b/.env.sample index fa58e45..d99ff47 100644 --- a/.env.sample +++ b/.env.sample @@ -18,6 +18,8 @@ SECRET_COLLABORATION_SERVER_SECRET_VERSION=v1 SECRET_POSTGRES_PASSWORD_VERSION=v1 SECRET_DB_PASSWORD_VERSION=v1 +MINIO_ROOT_PASSWORD_FILE="/run/secrets/minio_pass" +POSTGRES_PASSWORD_FILE="/run/secrets/postgres_pass" ############################################################################## # EMAIL @@ -31,11 +33,12 @@ DJANGO_EMAIL_PORT=1025 # SINGLE SIGN ON ############################################################################## # NOTE: OpenID Connect (OIDC) single sign-on is **required**, see recipe README -OIDC_OP_JWKS_ENDPOINT=https://auth.${DOMAIN}/realms/${DOMAIN}/protocol/openid-connect/certs -OIDC_OP_AUTHORIZATION_ENDPOINT=https://auth.${DOMAIN}/realms/${DOMAIN}/protocol/openid-connect/auth -OIDC_OP_TOKEN_ENDPOINT=https://auth.${DOMAIN}/realms/${DOMAIN}/protocol/openid-connect/token -OIDC_OP_USER_ENDPOINT=https://auth.${DOMAIN}/realms/${DOMAIN}/protocol/openid-connect/userinfo -OIDC_RP_CLIENT_ID=${DOMAIN} +OIDC_REALM=yourkeycloakrealm +OIDC_OP_JWKS_ENDPOINT=https://auth.${DOMAIN}/realms/${OIDC_REALM}/protocol/openid-connect/certs +OIDC_OP_AUTHORIZATION_ENDPOINT=https://auth.${DOMAIN}/realms/${OIDC_REALM}/protocol/openid-connect/auth +OIDC_OP_TOKEN_ENDPOINT=https://auth.${DOMAIN}/realms/${OIDC_REALM}/protocol/openid-connect/token +OIDC_OP_USER_ENDPOINT=https://auth.${DOMAIN}/realms/${OIDC_REALM}/protocol/openid-connect/userinfo +OIDC_RP_CLIENT_ID=yourkeycloakclientid OIDC_RP_SIGN_ALGO=RS256 OIDC_RP_SCOPES="openid email" LOGIN_REDIRECT_URL=https://${DOMAIN} diff --git a/compose.yml b/compose.yml index 21bf2a4..cff3f02 100644 --- a/compose.yml +++ b/compose.yml @@ -269,6 +269,8 @@ services: networks: proxy: backend: + environment: + - STACK_NAME deploy: labels: - "traefik.enable=true"