make oauth2 secret
This commit is contained in:
parent
c1c837678b
commit
dae94c307c
|
@ -1,6 +1,6 @@
|
|||
TYPE=wekan
|
||||
LETS_ENCRYPT_ENV=production
|
||||
SECRET_SSO_SECRET_VERSION=v1
|
||||
SECRET_OAUTH2_SECRET_VERSION=v1
|
||||
|
||||
MONGO_URL=mongodb://db:27017/wekan
|
||||
|
||||
|
@ -16,7 +16,7 @@ OAUTH2_SERVER_URL=https://sso.example.com
|
|||
OAUTH2_AUTH_ENDPOINT=/application/o/authorize/
|
||||
OAUTH2_USERINFO_ENDPOINT=/application/o/userinfo/
|
||||
OAUTH2_TOKEN_ENDPOINT=/application/o/token/
|
||||
OAUTH2_SECRET=secret
|
||||
# should be set in secret OAUTH2_SECRET=
|
||||
OAUTH2_REQUEST_PERMISSIONS="openid profile email wekan"
|
||||
OAUTH2_ID_MAP=preferred_username
|
||||
OAUTH2_USERNAME_MAP=preferred_username
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
# Wekan
|
||||
|
||||
The Open Source kanban (built with Meteor)
|
||||
[Github](https://github.com/wekan/wekan)
|
||||
|
||||
<!-- metadata -->
|
||||
* **Category**: Apps
|
||||
|
@ -23,5 +24,4 @@ The Open Source kanban (built with Meteor)
|
|||
See original [docker-compose.yml](https://github.com/wekan/wekan/blob/master/docker-compose.yml) for all possible env variables
|
||||
|
||||
|
||||
|
||||
For more, see [`docs.coopcloud.tech`](https://docs.coopcloud.tech).
|
||||
|
|
|
@ -0,0 +1,2 @@
|
|||
export SECRET_OAUTH2_SECRET_VERSION=v1
|
||||
export ENTRYPOINT_VERSION=1
|
13
compose.yml
13
compose.yml
|
@ -61,6 +61,10 @@ services:
|
|||
- source: healthcheck_js
|
||||
target: /build/healthcheck.js
|
||||
mode: 0555
|
||||
- source: entrypoint
|
||||
target: /home/wekan/app/docker-entrypoint.sh
|
||||
mode: 0555
|
||||
entrypoint: /home/wekan/app/docker-entrypoint.sh
|
||||
deploy:
|
||||
update_config:
|
||||
failure_action: rollback
|
||||
|
@ -86,3 +90,12 @@ configs:
|
|||
healthcheck_js:
|
||||
name: ${STACK_NAME}_healthcheck_js
|
||||
file: healthcheck.js
|
||||
entrypoint:
|
||||
name: ${STACK_NAME}_entrypoint_${ENTRYPOINT_VERSION}
|
||||
file: entrypoint.sh.tmpl
|
||||
template_driver: golang
|
||||
|
||||
secrets:
|
||||
oauth2_secret:
|
||||
name: ${STACK_NAME}_oauth2_secret_${SECRET_OAUTH2_SECRET_VERSION}
|
||||
external: true
|
|
@ -0,0 +1,29 @@
|
|||
#!/bin/bash
|
||||
|
||||
set -eu
|
||||
|
||||
file_env() {
|
||||
local var="$1"
|
||||
local fileVar="${var}_FILE"
|
||||
local def="${2:-}"
|
||||
|
||||
if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
|
||||
echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
local val="$def"
|
||||
|
||||
if [ "${!var:-}" ]; then
|
||||
val="${!var}"
|
||||
elif [ "${!fileVar:-}" ]; then
|
||||
val="$(< "${!fileVar}")"
|
||||
fi
|
||||
|
||||
export "$var"="$val"
|
||||
unset "$fileVar"
|
||||
}
|
||||
|
||||
file_env "OAUTH2_SECRET"
|
||||
|
||||
node /build/main.js
|
Loading…
Reference in New Issue