correction docker

2023-09-14 22:44:53 +02:00 · 2023-09-14 22:44:53 +02:00 · db0e67b04e
parent cad2babda5
commit db0e67b04e
5 changed files with 41 additions and 40 deletions
--- a/.env
+++ b/.env
@ -20,7 +20,7 @@ MAILER_DSN=smtp://mailer:1025
 MAILER_NOREPLY=noreply@noreply.fr

 # Basic
-APP_WEBURL=127.0.0.1:8080
+APP_WEBURL=localhost:8080
 APP_MASTERIDENTITY=SQL          # SQL | SSO | LDAP
 APP_AUTH=SQL                    # SQL | CAS | LDAP | OPENID | à faire SAML
 APP_ALIAS=/
@ -70,12 +70,12 @@ APP_SYNDCHROPURGEGROUP=1        # Purger les groups obsolète en cas de synchron
 APP_SYNDCHROPURGEUSER=1         # Purger les users obsolète en cas de synchronisation

 # LDAP
-LDAP_HOST=                      # host du serveur ldap
-LDAP_PORT=                      # port du serveur ldap
+LDAP_HOST=openldap              # host du serveur ldap
+LDAP_PORT=389                   # port du serveur ldap
 LDAP_USETLS=0                   # connection TLS 0/1
 LDAP_USERWRITER=0               # LDAP_USER compte writer ? 0/1
-LDAP_USER=                      # DN compte access ldap
-LDAP_PASSWORD=                  # Password comte access ldap
+LDAP_USER=                      # DN compte access ldap admin or reader
+LDAP_PASSWORD=                  # Password compte access ldap admin or reader
 LDAP_BASEDN=                    # Base DN ex:dc=nine,dc=fr
 LDAP_BASEORGANISATION=          # Base Organisation ex:ou=nineskeletor,dc=nine,dc=fr
 LDAP_BASENIVEAU01=              # Base Niveau01 ex:ou=niveau01,ou=nineskeletor,dc=nine,dc=fr
@ -114,12 +114,12 @@ CAS_AUTOSUBMIT=1                # if APP_AUTH = CAS autocréer les users non exi
 CAS_AUTOUPDATE=1                # if APP_AUTH = CAS automodifier les users existant

 # If APP_AUTH = OPENID
-OAUTH_CLIENTID=
-OAUTH_CLIENTSECRET=
-OAUTH_LOGINURL=
-OAUTH_LOGOUTURL=
-OAUTH_TOKENURL=
-OAUTH_USERINFO=
+OAUTH_CLIENTID=nineskeletor
+OAUTH_CLIENTSECRET="changeme"
+OAUTH_LOGINURL=http://localhost:7080/oauth2/auth
+OAUTH_LOGOUTURL=http://localhost:7080/oauth2/sessions/logout
+OAUTH_TOKENURL=http://hydra:4444/oauth2/token
+OAUTH_USERINFO=http://hydra:4444/userinfo
 OAUTH_USERNAME=username
 OAUTH_EMAIL=email
 OAUTH_LASTNAME=lastname
@ -127,7 +127,7 @@ OAUTH_FIRSTNAME=firstname
 OAUTH_AVATAR=
 OAUTH_NIVEAU01=
 OAUTH_GROUP=
-OAUTH_AUTOSUBMIT=1              # if APP_AUTH = OPENID autocréer les users non existant
+OAUTH_AUTOSUBMIT=0              # if APP_AUTH = OPENID autocréer les users non existant
 OAUTH_AUTOUPDATE=1              # if APP_AUTH = OPENID automodifier les users existant

 # IF APP_SYNCHRO=NINE2NINE
@ -150,8 +150,8 @@ SONDE_USE=0
 SONDE_URL=

 # Mercure
-MERCURE_URL=http://127.0.0.1:8081/.well-known/mercure
-MERCURE_PUBLIC_URL=http://127.0.0.1:8081/.well-known/mercure
+MERCURE_URL=http://mercure/.well-known/mercure
+MERCURE_PUBLIC_URL=http://localhost:8081/.well-known/mercure
 MERCURE_JWT_SECRET="!changeme!changeme!changeme!changeme!changeme!changeme!"

 # Minio
@ -164,13 +164,13 @@ MINIO_PATH_STYLE=1
 MINIO_SECURE=0

 # Hydra apps
-HYDRA_LOGINCHALLENGE="http://127.0.0.1:4445/oauth2/auth/requests/login?login_challenge="
-HYDRA_LOGINCHALLENGEACCEPT="http://127.0.0.1:4445/oauth2/auth/requests/login/accept?login_challenge="
-HYDRA_CONSENTCHALLENGE="http://127.0.0.1:4445/oauth2/auth/requests/consent?consent_challenge="
-HYDRA_CONSENTCHALLENGEACCEPT="http://127.0.0.1:4445/oauth2/auth/requests/consent/accept?consent_challenge="
+HYDRA_LOGINCHALLENGE="http://hydra:4445/oauth2/auth/requests/login?login_challenge="
+HYDRA_LOGINCHALLENGEACCEPT="http://hydra:4445/oauth2/auth/requests/login/accept?login_challenge="
+HYDRA_CONSENTCHALLENGE="http://hydra:4445/oauth2/auth/requests/consent?consent_challenge="
+HYDRA_CONSENTCHALLENGEACCEPT="http://hydra:4445/oauth2/auth/requests/consent/accept?consent_challenge="

 # Lock
-LOCK_DSN="postgresql://symfony:ChangeMe@127.0.0.1:5432/app?serverVersion=13&charset=utf8"
+LOCK_DSN="postgresql://symfony:changeme@postgres:5432/app?serverVersion=13&charset=utf8"

 # Sentry
 SENTRY_DSN=
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -93,7 +93,7 @@ services:
      MERCURE_PUBLISHER_JWT_KEY: '!changeme!changeme!changeme!changeme!changeme!changeme!'
      MERCURE_SUBSCRIBER_JWT_KEY: '!changeme!changeme!changeme!changeme!changeme!changeme!'
      MERCURE_EXTRA_DIRECTIVES: |
-        cors_origins "http://127.0.0.1:8080"
+        cors_origins "http://localhost:8080"
        anonymous
    # Comment the following line to disable the development mode
    #command: /usr/bin/caddy run -config /etc/caddy/Caddyfile.dev
@ -115,7 +115,7 @@ services:
      MINIO_ROOT_PASSWORD: changeme
    command: server http://minio{1...4}/data{1...2}
    healthcheck:
-      test: ["CMD", "curl", "-f", "http://127.0.0.1:9000/minio/health/live"]
+      test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"]
      interval: 30s
      timeout: 20s
      retries: 3
@ -134,7 +134,7 @@ services:
      MINIO_ROOT_PASSWORD: changeme
    command: server http://minio{1...4}/data{1...2}
    healthcheck:
-      test: ["CMD", "curl", "-f", "http://127.0.0.1:9000/minio/health/live"]
+      test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"]
      interval: 30s
      timeout: 20s
      retries: 3
@ -153,7 +153,7 @@ services:
      MINIO_ROOT_PASSWORD: changeme
    command: server http://minio{1...4}/data{1...2}
    healthcheck:
-      test: ["CMD", "curl", "-f", "http://127.0.0.1:9000/minio/health/live"]
+      test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"]
      interval: 30s
      timeout: 20s
      retries: 3
@ -172,7 +172,7 @@ services:
      MINIO_ROOT_PASSWORD: changeme
    command: server http://minio{1...4}/data{1...2}
    healthcheck:
-      test: ["CMD", "curl", "-f", "http://127.0.0.1:9000/minio/health/live"]
+      test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"]
      interval: 30s
      timeout: 20s
      retries: 3
@ -207,10 +207,10 @@ services:
    restart: on-failure
    environment:
      LOG_LEAK_SENSITIVE_VALUES: "true"
-      HYDRA_URLS_SELF_ISSUER: http://127.0.0.1:7080
-      HYDRA_URLS_CONSENT: http://127.0.0.1:7081/consent
-      HYDRA_URLS_LOGIN: http://127.0.0.1:7081/login
-      HYDRA_URLS_LOGOUT: http://127.0.0.1:7081/logout
+      HYDRA_URLS_SELF_ISSUER: http://localhost:7080
+      HYDRA_URLS_CONSENT: http://localhost:7081/consent
+      HYDRA_URLS_LOGIN: http://localhost:7081/login
+      HYDRA_URLS_LOGOUT: http://localhost:7081/logout
      HYDRA_DSN: postgres://symfony:changeme@postgres:5432/hydra
      #HYDRA_WAIT4X_DATABASE_TYPE: postgres
      #HYDRA_WAIT4X_DATABASE_DSN: postgres://symfony:changeme@postgres:5432/hydra
@ -232,7 +232,7 @@ services:
      - HYDRA_BASE_URL=http://hydra:4444
      - HYDRA_ADMIN_BASE_URL=http://hydra:4445
      # url dispatcher
-      - BASE_URL=http://127.0.0.1:7081
+      - BASE_URL=http://localhost:7081
      - COOKIE_PATH=/
      - DEFAULT_LOCALE=fr
      - APP_LOCALES=fr,en
--- a/misc/images/app/app-docker/Dockerfile
+++ b/misc/images/app/app-docker/Dockerfile
@ -6,6 +6,7 @@ ARG ADDITIONAL_PACKAGES="tree \
                         php81-pdo=${PHP_PKG_VERSION} \
                         php81-pdo_pgsql=${PHP_PKG_VERSION} \
                         php81-intl=${PHP_PKG_VERSION} \
+                         php81-ldap=${PHP_PKG_VERSION} \
                         php81-pecl-redis=5.3.7-r0"

 FROM reg.cadoles.com/cadoles/symfony:alpine-php-8.1-standalone
--- a/misc/images/hydra-dispatcher/hydra/providers.yml
+++ b/misc/images/hydra-dispatcher/hydra/providers.yml
@ -7,10 +7,10 @@ hydra:
      description: 
        fr: Authentification via NINESQL
        en: Authentication by NINESQL
-      icon_url: https://127.0.0.1:8000/medias/icons/icon_bdd.png
-      login_url: http://127.0.0.1:8000/hydra/loginsql
-      consent_url: http://127.0.0.1:8000/hydra/consent
-      logout_url: http://127.0.0.1:8000/hydra/logoutsql
+      icon_url: http://localhost:8080/medias/icons/icon_bdd.png
+      login_url: http://localhost:8080/hydra/loginsql
+      consent_url: http://localhost:8080/hydra/consent
+      logout_url: http://localhost:8080/hydra/logoutsql
      attributes_rewrite_rules:
        username: 
          - consent.session.id_token.username
@ -28,10 +28,10 @@ hydra:
      description: 
        fr: Authentification via NINELDAP
        en: Authentication by NINELDAP
-      icon_url: https://127.0.0.1:8000/medias/icons/icon_phpldapadmin.png
-      login_url: http://127.0.0.1:8000/hydra/loginldap
-      consent_url: http://127.0.0.1:8000/hydra/consent
-      logout_url: http://127.0.0.1:8000/hydra/logoutldap
+      icon_url: http://localhost:8080/medias/icons/icon_phpldapadmin.png
+      login_url: http://localhost:8080/hydra/loginldap
+      consent_url: http://localhost:8080/hydra/consent
+      logout_url: http://localhost:8080/hydra/logoutldap
      attributes_rewrite_rules:
        username: 
          - consent.session.id_token.username
--- a/misc/images/hydra/clients.d/nineskeletor.json
+++ b/misc/images/hydra/clients.d/nineskeletor.json
@ -9,11 +9,11 @@
 	"jwks": {},
 	"metadata": {},
 	"token_endpoint_auth_method": "client_secret_post",
-	"post_logout_redirect_uris": ["https://127.0.0.1:8000"],
-	"redirect_uris": ["https://127.0.0.1:8000/oauth2/callback"],
+	"post_logout_redirect_uris": ["http://localhost:8080"],
+	"redirect_uris": ["http://localhost:8080/oauth2/callback"],
 	"response_types": [
 		"code"
 	],
-	"logo_uri": "https://127.0.0.1:8000/minio/logo",
+	"logo_uri": "http://localhost:8080/minio/logo",
 	"scope": "openid"
 }