Compare commits
8 Commits
1.0.0+0.32
...
enable-bac
| Author | SHA1 | Date | |
|---|---|---|---|
| 1cf5a8a195 | |||
| eecfe6239c | |||
| 012818dfc2 | |||
| 705a039676 | |||
| cf9739b856 | |||
| 0c59e8d3c1 | |||
| 8a1423afaf | |||
| a56da6b1a2 |
@ -1,6 +1,7 @@
|
||||
TYPE=rauthy
|
||||
DOMAIN=rauthy.example.com
|
||||
LETS_ENCRYPT_ENV=production
|
||||
ENABLE_BACKUPS=true
|
||||
|
||||
COMPOSE_FILE="compose.yml"
|
||||
|
||||
|
||||
2
abra.sh
2
abra.sh
@ -1,6 +1,6 @@
|
||||
set -e
|
||||
|
||||
export CONFIG_TOML_VERSION=v2
|
||||
export CONFIG_TOML_VERSION=v3
|
||||
|
||||
generate_enc_keys() {
|
||||
KEY_A="$(openssl rand -base64 32)"
|
||||
|
||||
@ -5,6 +5,7 @@ services:
|
||||
- SMTP_ENABLED
|
||||
- SMTP_FROM
|
||||
- SMTP_URL
|
||||
- SMTP_PORT
|
||||
- SMTP_USERNAME
|
||||
secrets:
|
||||
- smtp_password
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
services:
|
||||
app:
|
||||
image: ghcr.io/sebadob/rauthy:0.32.3
|
||||
image: ghcr.io/sebadob/rauthy:0.33.1
|
||||
environment:
|
||||
- ADMIN_EMAIL
|
||||
- ADMIN_FORCE_MFA
|
||||
@ -31,7 +31,8 @@ services:
|
||||
- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
|
||||
- "traefik.http.middlewares.${STACK_NAME}-redirect.redirectscheme.scheme=https"
|
||||
- "traefik.http.middlewares.${STACK_NAME}-redirect.redirectscheme.permanent=true"
|
||||
- "coop-cloud.${STACK_NAME}.version=1.0.0+0.32.3"
|
||||
- "coop-cloud.${STACK_NAME}.version=1.1.0+0.33.1"
|
||||
- "backupbot.backup=${ENABLE_BACKUPS:-true}"
|
||||
|
||||
networks:
|
||||
proxy:
|
||||
|
||||
@ -6,17 +6,17 @@ This release supports encryption key rotation, which unfortunately requires some
|
||||
docker secret list # to obtain the secret's full name
|
||||
docker service create --name temp-reader --secret <secret-name> --mode replicated-job alpine:latest sh -c "cat /run/secrets/<secret-name>" && docker service logs --raw temp-reader && echo && docker service rm temp-reader
|
||||
|
||||
NOTE: the encryption key is only the characters AFTER the "/"
|
||||
NOTE: the enc_keys secret has the format `<key_id>/<key_value>`; we'll refer to those two parts as $KEY_ID and $KEY_VALUE from here on.
|
||||
|
||||
2. Add these lines to your config, overwriting the existing SECRET_ENC_KEYS_VERSION and ENC_KEY_ACTIVE values:
|
||||
|
||||
SECRET_ENC_KEYS_A_VERSION=a1 # generated=false
|
||||
SECRET_ENC_KEYS_A_VERSION=$KEY_ID # generated=false
|
||||
SECRET_ENC_KEYS_B_VERSION=b1 # generated=false
|
||||
ENC_KEY_ACTIVE="a1"
|
||||
ENC_KEY_ACTIVE="$KEY_ID"
|
||||
|
||||
3. Set key_a and generate key_b:
|
||||
|
||||
abra app secret insert $STACK_NAME enc_keys_a a1 "<your-existing-secret>" -C
|
||||
abra app secret insert $STACK_NAME enc_keys_a $KEY_ID "<your-existing-secret>" -C
|
||||
abra app secret insert $STACK_NAME enc_keys_b b1 "$(openssl rand -base64 32)" -C
|
||||
|
||||
Then you can deploy :)
|
||||
|
||||
1
release/next
Normal file
1
release/next
Normal file
@ -0,0 +1 @@
|
||||
Enables backup-bot-2 backups
|
||||
6
renovate.json
Normal file
6
renovate.json
Normal file
@ -0,0 +1,6 @@
|
||||
{
|
||||
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
|
||||
"extends": [
|
||||
"config:recommended"
|
||||
]
|
||||
}
|
||||
Reference in New Issue
Block a user