working on nginx.conf.tmpl

.env.sample

@@ -18,13 +18,6 @@ SECRET_COLLABORATION_SERVER_SECRET_VERSION=v1
 SECRET_POSTGRES_PASSWORD_VERSION=v1
 SECRET_DB_PASSWORD_VERSION=v1
 
-##############################################################################
-# BASIC SETTINGS 
-##############################################################################
-# FIXME: Move to Docker secret
-DJANGO_SECRET_KEY=ThisIsAnExampleKeyForDevPurposeOnly
-# FIXME: Move to docker secret
-DJANGO_SUPERUSER_PASSWORD=admin
 
 ##############################################################################
 # EMAIL
@@ -38,13 +31,11 @@ DJANGO_EMAIL_PORT=1025
 # SINGLE SIGN ON
 ##############################################################################
 # NOTE: OpenID Connect (OIDC) single sign-on is **required**, see recipe README
-OIDC_OP_JWKS_ENDPOINT=https://auth.${DOMAIN}/realms/impress/protocol/openid-connect/certs
-OIDC_OP_AUTHORIZATION_ENDPOINT=https://auth.${DOMAIN}/realms/impress/protocol/openid-connect/auth
-OIDC_OP_TOKEN_ENDPOINT=https://auth.${DOMAIN}/realms/impress/protocol/openid-connect/token
-OIDC_OP_USER_ENDPOINT=https://auth.${DOMAIN}/realms/impress/protocol/openid-connect/userinfo
-OIDC_RP_CLIENT_ID=impress
-# FIXME: Move to docker secret
-OIDC_RP_CLIENT_SECRET=example
+OIDC_OP_JWKS_ENDPOINT=https://auth.${DOMAIN}/realms/${DOMAIN}/protocol/openid-connect/certs
+OIDC_OP_AUTHORIZATION_ENDPOINT=https://auth.${DOMAIN}/realms/${DOMAIN}/protocol/openid-connect/auth
+OIDC_OP_TOKEN_ENDPOINT=https://auth.${DOMAIN}/realms/${DOMAIN}/protocol/openid-connect/token
+OIDC_OP_USER_ENDPOINT=https://auth.${DOMAIN}/realms/${DOMAIN}/protocol/openid-connect/userinfo
+OIDC_RP_CLIENT_ID=${DOMAIN}
 OIDC_RP_SIGN_ALGO=RS256
 OIDC_RP_SCOPES="openid email"
 LOGIN_REDIRECT_URL=https://${DOMAIN}

abra-entrypoint.sh

@@ -1,11 +1,8 @@
 #!/bin/sh
 set -e
 
-ORIGINAL_ENTRYPOINT="$1"
-shift
-
 [ -f /run/secrets/postgres_password ] && export DB_PASSWORD="$(cat /run/secrets/postgres_password)"
-[ -f /run/secrets/postgres_password ] && export POSTGRES_PASSWORD="$(cat /run/secrets/postgres_password)"
+#[ -f /run/secrets/postgres_password ] && export POSTGRES_PASSWORD="$(cat /run/secrets/postgres_password)"
 [ -f /run/secrets/django_secret_key ] && export DJANGO_SECRET_KEY="$(cat /run/secrets/django_secret_key)"
 [ -f /run/secrets/minio_root_password ] && export MINIO_ROOT_PASSWORD="$(cat /run/secrets/minio_root_password)"
 [ -f /run/secrets/minio_root_password ] && export AWS_S3_SECRET_ACCESS_KEY="$(cat /run/secrets/minio_root_password)"
@@ -13,9 +10,13 @@ shift
 [ -f /run/secrets/oidc_rp_client_secret ] && export OIDC_RP_CLIENT_SECRET="$(cat /run/secrets/oidc_rp_client_secret)"
 [ -f /run/secrets/collaboration_server_secret ] && export COLLABORATION_SERVER_SECRET="$(cat /run/secrets/collaboration_server_secret)"
 
-# --- Execute the original entrypoint and command ---
-if [ -n "$ORIGINAL_ENTRYPOINT" ] && [ "$ORIGINAL_ENTRYPOINT" != "null" ]; then
+# if not in "env" mode, then execute the original entrypoint and command
+if [ ! "$1" = "-e" ]; then
+  ORIGINAL_ENTRYPOINT="$1"
+  shift
+  if [ -n "$ORIGINAL_ENTRYPOINT" ] && [ "$ORIGINAL_ENTRYPOINT" != "null" ]; then
     exec "$ORIGINAL_ENTRYPOINT" "$@"
-else
+  else
     exec "$@"
+  fi
 fi

abra.sh

@@ -1,18 +1,12 @@
 # Set any config versions here
 # Docs: https://docs.coopcloud.tech/maintainers/handbook/#manage-configs
 export ABRA_ENTRYPOINT_VERSION=v4
-export NGINX_CONF_VERSION=v2
+export NGINX_CONF_VERSION=v3
 export PG_BACKUP_VERSION=v3
 
 environment() {
-  [ -f /run/secrets/postgres_password ] && export DB_PASSWORD="$(cat /run/secrets/postgres_password)"
-  [ -f /run/secrets/postgres_password ] && export POSTGRES_PASSWORD="$(cat /run/secrets/postgres_password)"
-  [ -f /run/secrets/django_secret_key ] && export DJANGO_SECRET_KEY="$(cat /run/secrets/django_secret_key)"
-  [ -f /run/secrets/minio_root_password ] && export MINIO_ROOT_PASSWORD="$(cat /run/secrets/minio_root_password)"
-  [ -f /run/secrets/minio_root_password ] && export AWS_S3_SECRET_ACCESS_KEY="$(cat /run/secrets/minio_root_password)"
-  [ -f /run/secrets/django_superuser_password ] && export DJANGO_SUPERUSER_PASSWORD="$(cat /run/secrets/django_superuser_password)"
-  [ -f /run/secrets/oidc_rp_client_secret ] && export OIDC_RP_CLIENT_SECRET="$(cat /run/secrets/oidc_rp_client_secret)"
-  [ -f /run/secrets/collaboration_server_secret ] && export COLLABORATION_SERVER_SECRET="$(cat /run/secrets/collaboration_server_secret)"
+  # this exports all the secrets as environment variables
+  source /abra-entrypoint.sh -e
 }
 
 migrate() {

compose.yml

@@ -57,6 +57,7 @@ x-postgres-env: &postgres-env
   # Postgresql db container configuration
   POSTGRES_DB: docs
   POSTGRES_USER: docs
+  POSTGRES_PASSWORD_FILE: /run/secrets/postgres_password
   # App database configuration
   DB_HOST: db
   DB_NAME: docs
@@ -82,9 +83,7 @@ services:
   app:
     image: lasuite/impress-frontend:v3.4.2
     networks:
-      backend: 
-        aliases:
-          - lasuite-app
+      - backend
     deploy:
       labels:
         - "traefik.enable=false"
@@ -292,7 +291,8 @@ volumes:
 configs:
   nginx_conf:
     name: ${STACK_NAME}_nginx_conf_${NGINX_CONF_VERSION}
-    file: nginx.conf
+    file: nginx.conf.tmpl
+    template_driver: golang
   pg_backup:
     name: ${STACK_NAME}_pg_backup_${PG_BACKUP_VERSION}
     file: pg_backup.sh

nginx.conf.tmpl

@@ -1,9 +1,9 @@
 upstream docs_backend {
-    server backend:8000 fail_timeout=0;
+    server {{ env "STACK_NAME" }}_backend:8000 fail_timeout=0;
 }
 
 upstream docs_frontend {
-    server lasuite-app:8080 fail_timeout=0;
+    server {{ env "STACK_NAME" }}_app:8080 fail_timeout=0;
 }
 
 server {