forked from coop-cloud/civicrm-wordpress
adding authentik support
This commit is contained in:
many
parent
95903d25f4
commit
224e78ea6c
22
.env.sample
22
.env.sample
@ -1,6 +1,6 @@
|
||||
TYPE=civicrm-wordpress
|
||||
|
||||
DOMAIN=civicrm.example.com
|
||||
DOMAIN=civicrm-wordpress.example.com
|
||||
|
||||
## Domain aliases
|
||||
#EXTRA_DOMAINS=', `www.civicrm.example.com`'
|
||||
@ -16,6 +16,8 @@ CIVICRM_DB_USER=civicrm
|
||||
CIVICRM_DB_HOST=mysql
|
||||
CIVICRM_DB_PORT=3306
|
||||
|
||||
WORDPRESS_LOCALE=en_US
|
||||
WORDPRESS_ADMIN_EMAIL=
|
||||
WORDPRESS_DB_NAME=wordpress
|
||||
WORDPRESS_DB_USER=wordpress
|
||||
WORDPRESS_DB_HOST=mysql
|
||||
@ -34,3 +36,21 @@ SECRET_DB_ROOT_PASSWORD_VERSION=v1
|
||||
SECRET_CIVICRM_SITE_KEY_VERSION=v1 # length=16
|
||||
SECRET_CIVICRM_CRED_KEY_VERSION=v1 # length=43
|
||||
SECRET_CIVICRM_SIGN_KEY_VERSION=v1 # length=43
|
||||
SECRET_WORDPRESS_ADMIN_PASSWORD_VERSION=v1
|
||||
|
||||
## -- OpenId Connect --
|
||||
|
||||
#COMPOSE_FILE="compose.yml:compose.openidconnect.yml"
|
||||
#OPEN_ID_CLIENT_ID=
|
||||
#SECRET_OPEN_ID_CLIENT_SECRET_VERSION=v1
|
||||
|
||||
# If you are using authentik, just set this
|
||||
#AUTHENTIK_DOMAIN=authentik.company
|
||||
|
||||
# Otherwise, you must set all of these
|
||||
#OPEN_ID_PROVIDER_LOGIN_URL=https://authentik.company/application/o/authorize/
|
||||
#OPEN_ID_USERINFO_URL=https://authentik.company/application/o/userinfo/
|
||||
#OPEN_ID_TOKEN_ENDPOINT_URL=https://authentik.company/application/o/token/
|
||||
#OPEN_ID_END_SESSION_URL=https://authentik.company/application/o/wordpress/end-session/
|
||||
|
||||
## -- OpenId Connect --
|
||||
|
||||
1
abra.sh
1
abra.sh
@ -31,6 +31,7 @@ file_env "SMTP_PASSWORD"
|
||||
export APACHE_SITES_AVAILABLE_CONF_VERSION=v1
|
||||
export CIVICRM_SETTINGS_PHP_VERSION=v1
|
||||
export ENTRYPOINT_VERSION=v1
|
||||
export OPENID_SETTINGS_VERSION=v1
|
||||
|
||||
change_password(){
|
||||
echo "Changing password for $1"
|
||||
|
||||
14
compose.openidconnect.yml
Normal file
14
compose.openidconnect.yml
Normal file
@ -0,0 +1,14 @@
|
||||
---
|
||||
version: "3.8"
|
||||
|
||||
services:
|
||||
app:
|
||||
environment:
|
||||
- OPEN_ID_CLIENT_SECRET_FILE=/run/secrets/openid_client_secret
|
||||
secrets:
|
||||
- openid_client_secret
|
||||
|
||||
secrets:
|
||||
openid_client_secret:
|
||||
external: true
|
||||
name: ${STACK_NAME}_openid_client_secret_${SECRET_OPEN_ID_CLIENT_SECRET_VERSION}
|
||||
20
compose.yml
20
compose.yml
@ -3,7 +3,7 @@ version: "3.8"
|
||||
|
||||
services:
|
||||
app:
|
||||
image: michaelmcandrew/civicrm:5.59.4-wordpress-php8.1
|
||||
image: michaelmcandrew/civicrm:5.82.0-wordpress-php8.1
|
||||
hostname: civicrm
|
||||
environment:
|
||||
- PROJECT_NAME
|
||||
@ -24,16 +24,18 @@ services:
|
||||
- SMTP_PORT
|
||||
- SMTP_USER
|
||||
- SMTP_PASSWORD_FILE=/run/secrets/smtp_password
|
||||
- WORDPRESS_ADMIN_PASSWORD_FILE=/run/secrets/wordpress_admin_password
|
||||
secrets:
|
||||
- db_password
|
||||
- civicrm_site_key
|
||||
- civicrm_cred_key
|
||||
- civicrm_sign_key
|
||||
- smtp_password
|
||||
- wordpress_admin_password
|
||||
volumes:
|
||||
- data:/var/www/html/wp-content/uploads
|
||||
networks:
|
||||
- default
|
||||
- internal
|
||||
- proxy
|
||||
configs:
|
||||
- source: apache-sites-available-conf
|
||||
@ -43,6 +45,8 @@ services:
|
||||
mode: 555
|
||||
- source: civicrm-settings-php
|
||||
target: /usr/local/etc/civicrm/civicrm.settings.php
|
||||
- source: openid-settings
|
||||
target: /usr/local/etc/civicrm/openid_settings.json
|
||||
entrypoint: /usr/local/bin/entrypoint.sh
|
||||
deploy:
|
||||
restart_policy:
|
||||
@ -57,7 +61,7 @@ services:
|
||||
#- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
|
||||
#- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
|
||||
#- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
|
||||
- "coop-cloud.${STACK_NAME}.version=0.1.1+5.59.4-wordpress-php8.1"
|
||||
- "coop-cloud.${STACK_NAME}.version=0.1.3+5.82.0-wordpress-php8.1"
|
||||
- "backupbot.backup=true"
|
||||
- "backupbot.backup.path=/var/www/html/wp-content/uploads"
|
||||
healthcheck:
|
||||
@ -90,6 +94,8 @@ services:
|
||||
timeout: 10s
|
||||
retries: 10
|
||||
start_period: 1m
|
||||
networks:
|
||||
- internal
|
||||
deploy:
|
||||
restart_policy:
|
||||
condition: on-failure
|
||||
@ -114,6 +120,7 @@ services:
|
||||
networks:
|
||||
proxy:
|
||||
external: true
|
||||
internal:
|
||||
|
||||
volumes:
|
||||
mariadb:
|
||||
@ -134,6 +141,10 @@ configs:
|
||||
name: ${STACK_NAME}_entrypoint_${ENTRYPOINT_VERSION}
|
||||
file: entrypoint.sh
|
||||
template_driver: golang
|
||||
openid-settings:
|
||||
name: ${STACK_NAME}_openid_settings_${OPENID_SETTINGS_VERSION}
|
||||
file: openid_settings.json
|
||||
template_driver: golang
|
||||
|
||||
secrets:
|
||||
db_root_password:
|
||||
@ -154,3 +165,6 @@ secrets:
|
||||
civicrm_sign_key:
|
||||
external: true
|
||||
name: ${STACK_NAME}_civicrm_sign_key_${SECRET_CIVICRM_SIGN_KEY_VERSION}
|
||||
wordpress_admin_password:
|
||||
external: true
|
||||
name: ${STACK_NAME}_wordpress_admin_password_${SECRET_WORDPRESS_ADMIN_PASSWORD_VERSION}
|
||||
|
||||
@ -28,6 +28,8 @@ file_env "CIVICRM_DB_PASS"
|
||||
file_env "CIVICRM_SITE_KEY"
|
||||
file_env "CIVICRM_CRED_KEYS"
|
||||
file_env "SMTP_PASSWORD"
|
||||
file_env "WORDPRESS_ADMIN_PASSWORD"
|
||||
file_env "OPEN_ID_CLIENT_SECRET"
|
||||
|
||||
if [[ "${1-default}" == "cron" ]]; then
|
||||
echo "============ Running cron job ============"
|
||||
@ -49,9 +51,9 @@ if su civicrm -c "wp core is-installed"; then
|
||||
echo "============ Wordpress already installed ============"
|
||||
else
|
||||
echo "============ Installing Wordpress ============"
|
||||
su civicrm -c "wp core install --locale=de_DE --url=$BASE_URL --title=$PROJECT_NAME --admin_user=admin --admin_email=$SMTP_USER"
|
||||
su civicrm -c "wp language core install de_DE"
|
||||
su civicrm -c "wp language core activate de_DE"
|
||||
su civicrm -c "wp core install --locale=$WORDPRESS_LOCALE --url=$BASE_URL --title=$PROJECT_NAME --admin_user=admin --admin_email=$WORDPRESS_ADMIN_EMAIL --admin_password='$WORDPRESS_ADMIN_PASSWORD'"
|
||||
su civicrm -c "wp language core install $WORDPRESS_LOCALE"
|
||||
su civicrm -c "wp language core activate $WORDPRESS_LOCALE"
|
||||
fi
|
||||
|
||||
# Setup Civicrm L10n
|
||||
@ -73,7 +75,7 @@ pushd /var/www/html/wp-content/uploads/civicrm/
|
||||
touch is_installed
|
||||
rm -rf civicrm.settings.php
|
||||
su civicrm -c "wp plugin activate civicrm"
|
||||
su civicrm -c "cv core:install -vv --keep --db=mysql://$CIVICRM_DB_USER:$CIVICRM_DB_PASS@$CIVICRM_DB_HOST:$CIVICRM_DB_PORT/$CIVICRM_DB_NAME --lang de_DE --comp $CIVICRM_COMPONENTS"
|
||||
su civicrm -c "cv core:install -vv --keep --db=mysql://$CIVICRM_DB_USER:$CIVICRM_DB_PASS@$CIVICRM_DB_HOST:$CIVICRM_DB_PORT/$CIVICRM_DB_NAME --lang $WORDPRESS_LOCALE --comp $CIVICRM_COMPONENTS"
|
||||
mv civicrm.settings.php civicrm.settings.php.generated
|
||||
cp /usr/local/etc/civicrm/civicrm.settings.php civicrm.settings.php
|
||||
chmod a-wx /var/www/html/wp-content/uploads/civicrm/civicrm.settings.php
|
||||
@ -87,11 +89,58 @@ pushd /var/www/html/wp-content/uploads/civicrm/
|
||||
fi
|
||||
popd
|
||||
|
||||
if [[ -n "${OPEN_ID_CLIENT_ID}" ]]; then
|
||||
# install OpenID Connect Generic plugin
|
||||
if ! su civicrm -c "wp plugin is-installed daggerhart-openid-connect-generic"; then
|
||||
# su civicrm -c "wp option list"
|
||||
echo "============ Running OpenId Connect Install ============"
|
||||
su civicrm -c "wp plugin install daggerhart-openid-connect-generic --activate"
|
||||
# su civicrm -c "wp option list"
|
||||
fi
|
||||
|
||||
if ! su civicrm -c "wp option get openid_connect_generic_settings"; then
|
||||
echo "Couldn't find openid connect settings option!"
|
||||
# cat /usr/local/etc/civicrm/openid_settings.json
|
||||
su civicrm -c "wp option add openid_connect_generic_settings --format=json < /usr/local/etc/civicrm/openid_settings.json"
|
||||
fi
|
||||
|
||||
su civicrm -c "wp option list"
|
||||
su civicrm -c "wp option patch update openid_connect_generic_settings client_id $OPEN_ID_CLIENT_ID"
|
||||
su civicrm -c "wp option patch update openid_connect_generic_settings client_secret $OPEN_ID_CLIENT_SECRET"
|
||||
|
||||
if [[ -n "${AUTHENTIK_DOMAIN}" ]]; then
|
||||
su civicrm -c "wp option patch update openid_connect_generic_settings endpoint_login https://$AUTHENTIK_DOMAIN/application/o/authorize/"
|
||||
su civicrm -c "wp option patch update openid_connect_generic_settings endpoint_userinfo https://$AUTHENTIK_DOMAIN/application/o/userinfo/"
|
||||
su civicrm -c "wp option patch update openid_connect_generic_settings endpoint_token https://$AUTHENTIK_DOMAIN/application/o/token/"
|
||||
su civicrm -c "wp option patch update openid_connect_generic_settings endpoint_end_session https://$AUTHENTIK_DOMAIN/application/o/wordpress/end-session/"
|
||||
else
|
||||
su civicrm -c "wp option patch update openid_connect_generic_settings endpoint_login $OPEN_ID_PROVIDER_LOGIN_URL"
|
||||
su civicrm -c "wp option patch update openid_connect_generic_settings endpoint_userinfo $OPEN_ID_USERINFO_URL"
|
||||
su civicrm -c "wp option patch update openid_connect_generic_settings endpoint_token $OPEN_ID_TOKEN_ENDPOINT_URL"
|
||||
su civicrm -c "wp option patch update openid_connect_generic_settings endpoint_end_session $OPEN_ID_END_SESSION_URL"
|
||||
fi
|
||||
su civicrm -c "wp option list"
|
||||
fi
|
||||
|
||||
echo "============ Setting up cron ============"
|
||||
printenv > /etc/environment
|
||||
apt update && apt install -y cron
|
||||
crontab -l | { cat; echo "*/5 * * * * /usr/local/bin/entrypoint.sh cron > /tmp/cronlog 2>&1"; } | crontab -
|
||||
cron
|
||||
|
||||
|
||||
# if [[ "${OPEN_ID_CONNECT_ENABLED}" == "1" ]]; then
|
||||
# sleep 30s
|
||||
# echo "============ Configuring OpenID Connect ============"
|
||||
# if su civicrm -c "wp option get openid_connect_generic_settings"; then
|
||||
# echo "found openid connect settings option!"
|
||||
# su civicrm -c "wp option get openid_connect_generic_settings"
|
||||
# # su civicrm -c "wp option patch update openid_connect_generic_settings client_id $OPEN_ID_CLIENT_ID"
|
||||
# else
|
||||
# echo "Couldn't find openid connect settings option!"
|
||||
# fi
|
||||
# fi
|
||||
|
||||
|
||||
echo "============ Running Webserver ============"
|
||||
exec apache2-foreground
|
||||
exec apache2-foreground
|
||||
|
||||
29
openid_settings.json
Normal file
29
openid_settings.json
Normal file
@ -0,0 +1,29 @@
|
||||
|
||||
{
|
||||
"login_type":"button",
|
||||
"client_id":"",
|
||||
"client_secret":"",
|
||||
"scope":"email profile openid offline_access",
|
||||
"endpoint_login":"",
|
||||
"endpoint_userinfo":"",
|
||||
"endpoint_token":"",
|
||||
"endpoint_end_session":"",
|
||||
"acr_values":"",
|
||||
"identity_key":"preferred_username",
|
||||
"no_sslverify":"0",
|
||||
"http_request_timeout":"5",
|
||||
"enforce_privacy":"0",
|
||||
"alternate_redirect_uri":"0",
|
||||
"nickname_key":"preferred_username",
|
||||
"email_format":"{email}",
|
||||
"displayname_format":"",
|
||||
"identify_with_username":"0",
|
||||
"state_time_limit":"180",
|
||||
"token_refresh_enable":"1",
|
||||
"link_existing_users":"0",
|
||||
"create_if_does_not_exist":"1",
|
||||
"redirect_user_back":"0",
|
||||
"redirect_on_logout":"1",
|
||||
"enable_logging":"0",
|
||||
"log_limit":"1000"
|
||||
}
|
||||
Loading…
x
Reference in New Issue
Block a user