diff --git a/.env.sample b/.env.sample index 710a1f5..fa58e45 100644 --- a/.env.sample +++ b/.env.sample @@ -18,13 +18,6 @@ SECRET_COLLABORATION_SERVER_SECRET_VERSION=v1 SECRET_POSTGRES_PASSWORD_VERSION=v1 SECRET_DB_PASSWORD_VERSION=v1 -############################################################################## -# BASIC SETTINGS -############################################################################## -# FIXME: Move to Docker secret -DJANGO_SECRET_KEY=ThisIsAnExampleKeyForDevPurposeOnly -# FIXME: Move to docker secret -DJANGO_SUPERUSER_PASSWORD=admin ############################################################################## # EMAIL @@ -38,13 +31,11 @@ DJANGO_EMAIL_PORT=1025 # SINGLE SIGN ON ############################################################################## # NOTE: OpenID Connect (OIDC) single sign-on is **required**, see recipe README -OIDC_OP_JWKS_ENDPOINT=https://auth.${DOMAIN}/realms/impress/protocol/openid-connect/certs -OIDC_OP_AUTHORIZATION_ENDPOINT=https://auth.${DOMAIN}/realms/impress/protocol/openid-connect/auth -OIDC_OP_TOKEN_ENDPOINT=https://auth.${DOMAIN}/realms/impress/protocol/openid-connect/token -OIDC_OP_USER_ENDPOINT=https://auth.${DOMAIN}/realms/impress/protocol/openid-connect/userinfo -OIDC_RP_CLIENT_ID=impress -# FIXME: Move to docker secret -OIDC_RP_CLIENT_SECRET=example +OIDC_OP_JWKS_ENDPOINT=https://auth.${DOMAIN}/realms/${DOMAIN}/protocol/openid-connect/certs +OIDC_OP_AUTHORIZATION_ENDPOINT=https://auth.${DOMAIN}/realms/${DOMAIN}/protocol/openid-connect/auth +OIDC_OP_TOKEN_ENDPOINT=https://auth.${DOMAIN}/realms/${DOMAIN}/protocol/openid-connect/token +OIDC_OP_USER_ENDPOINT=https://auth.${DOMAIN}/realms/${DOMAIN}/protocol/openid-connect/userinfo +OIDC_RP_CLIENT_ID=${DOMAIN} OIDC_RP_SIGN_ALGO=RS256 OIDC_RP_SCOPES="openid email" LOGIN_REDIRECT_URL=https://${DOMAIN} diff --git a/abra-entrypoint.sh b/abra-entrypoint.sh index 552b18b..6dcd2ba 100644 --- a/abra-entrypoint.sh +++ b/abra-entrypoint.sh @@ -1,11 +1,8 @@ #!/bin/sh set -e -ORIGINAL_ENTRYPOINT="$1" -shift - [ -f /run/secrets/postgres_password ] && export DB_PASSWORD="$(cat /run/secrets/postgres_password)" -[ -f /run/secrets/postgres_password ] && export POSTGRES_PASSWORD="$(cat /run/secrets/postgres_password)" +#[ -f /run/secrets/postgres_password ] && export POSTGRES_PASSWORD="$(cat /run/secrets/postgres_password)" [ -f /run/secrets/django_secret_key ] && export DJANGO_SECRET_KEY="$(cat /run/secrets/django_secret_key)" [ -f /run/secrets/minio_root_password ] && export MINIO_ROOT_PASSWORD="$(cat /run/secrets/minio_root_password)" [ -f /run/secrets/minio_root_password ] && export AWS_S3_SECRET_ACCESS_KEY="$(cat /run/secrets/minio_root_password)" @@ -13,9 +10,13 @@ shift [ -f /run/secrets/oidc_rp_client_secret ] && export OIDC_RP_CLIENT_SECRET="$(cat /run/secrets/oidc_rp_client_secret)" [ -f /run/secrets/collaboration_server_secret ] && export COLLABORATION_SERVER_SECRET="$(cat /run/secrets/collaboration_server_secret)" -# --- Execute the original entrypoint and command --- -if [ -n "$ORIGINAL_ENTRYPOINT" ] && [ "$ORIGINAL_ENTRYPOINT" != "null" ]; then - exec "$ORIGINAL_ENTRYPOINT" "$@" -else - exec "$@" -fi +# if not in "env" mode, then execute the original entrypoint and command +if [ ! "$1" = "-e" ]; then + ORIGINAL_ENTRYPOINT="$1" + shift + if [ -n "$ORIGINAL_ENTRYPOINT" ] && [ "$ORIGINAL_ENTRYPOINT" != "null" ]; then + exec "$ORIGINAL_ENTRYPOINT" "$@" + else + exec "$@" + fi +fi \ No newline at end of file diff --git a/abra.sh b/abra.sh index 08f3f3c..7880bff 100755 --- a/abra.sh +++ b/abra.sh @@ -1,18 +1,12 @@ # Set any config versions here # Docs: https://docs.coopcloud.tech/maintainers/handbook/#manage-configs export ABRA_ENTRYPOINT_VERSION=v4 -export NGINX_CONF_VERSION=v2 +export NGINX_CONF_VERSION=v3 export PG_BACKUP_VERSION=v3 environment() { - [ -f /run/secrets/postgres_password ] && export DB_PASSWORD="$(cat /run/secrets/postgres_password)" - [ -f /run/secrets/postgres_password ] && export POSTGRES_PASSWORD="$(cat /run/secrets/postgres_password)" - [ -f /run/secrets/django_secret_key ] && export DJANGO_SECRET_KEY="$(cat /run/secrets/django_secret_key)" - [ -f /run/secrets/minio_root_password ] && export MINIO_ROOT_PASSWORD="$(cat /run/secrets/minio_root_password)" - [ -f /run/secrets/minio_root_password ] && export AWS_S3_SECRET_ACCESS_KEY="$(cat /run/secrets/minio_root_password)" - [ -f /run/secrets/django_superuser_password ] && export DJANGO_SUPERUSER_PASSWORD="$(cat /run/secrets/django_superuser_password)" - [ -f /run/secrets/oidc_rp_client_secret ] && export OIDC_RP_CLIENT_SECRET="$(cat /run/secrets/oidc_rp_client_secret)" - [ -f /run/secrets/collaboration_server_secret ] && export COLLABORATION_SERVER_SECRET="$(cat /run/secrets/collaboration_server_secret)" + # this exports all the secrets as environment variables + source /abra-entrypoint.sh -e } migrate() { diff --git a/compose.yml b/compose.yml index 6497189..21bf2a4 100644 --- a/compose.yml +++ b/compose.yml @@ -57,6 +57,7 @@ x-postgres-env: &postgres-env # Postgresql db container configuration POSTGRES_DB: docs POSTGRES_USER: docs + POSTGRES_PASSWORD_FILE: /run/secrets/postgres_password # App database configuration DB_HOST: db DB_NAME: docs @@ -82,9 +83,7 @@ services: app: image: lasuite/impress-frontend:v3.4.2 networks: - backend: - aliases: - - lasuite-app + - backend deploy: labels: - "traefik.enable=false" @@ -292,7 +291,8 @@ volumes: configs: nginx_conf: name: ${STACK_NAME}_nginx_conf_${NGINX_CONF_VERSION} - file: nginx.conf + file: nginx.conf.tmpl + template_driver: golang pg_backup: name: ${STACK_NAME}_pg_backup_${PG_BACKUP_VERSION} file: pg_backup.sh diff --git a/nginx.conf b/nginx.conf.tmpl similarity index 96% rename from nginx.conf rename to nginx.conf.tmpl index 3ae1e1c..07d5d07 100644 --- a/nginx.conf +++ b/nginx.conf.tmpl @@ -1,9 +1,9 @@ upstream docs_backend { - server backend:8000 fail_timeout=0; + server {{ env "STACK_NAME" }}_backend:8000 fail_timeout=0; } upstream docs_frontend { - server lasuite-app:8080 fail_timeout=0; + server {{ env "STACK_NAME" }}_app:8080 fail_timeout=0; } server {