From db0e67b04e11ed4c2c2c38a338d04b355d309e5f Mon Sep 17 00:00:00 2001 From: Arnaud Fornerot Date: Thu, 14 Sep 2023 22:44:53 +0200 Subject: [PATCH] correction docker --- .env | 38 +++++++++---------- docker-compose.yml | 20 +++++----- misc/images/app/app-docker/Dockerfile | 1 + .../hydra-dispatcher/hydra/providers.yml | 16 ++++---- misc/images/hydra/clients.d/nineskeletor.json | 6 +-- 5 files changed, 41 insertions(+), 40 deletions(-) diff --git a/.env b/.env index bab474c..87e0597 100755 --- a/.env +++ b/.env @@ -20,7 +20,7 @@ MAILER_DSN=smtp://mailer:1025 MAILER_NOREPLY=noreply@noreply.fr # Basic -APP_WEBURL=127.0.0.1:8080 +APP_WEBURL=localhost:8080 APP_MASTERIDENTITY=SQL # SQL | SSO | LDAP APP_AUTH=SQL # SQL | CAS | LDAP | OPENID | à faire SAML APP_ALIAS=/ @@ -70,12 +70,12 @@ APP_SYNDCHROPURGEGROUP=1 # Purger les groups obsolète en cas de synchron APP_SYNDCHROPURGEUSER=1 # Purger les users obsolète en cas de synchronisation # LDAP -LDAP_HOST= # host du serveur ldap -LDAP_PORT= # port du serveur ldap +LDAP_HOST=openldap # host du serveur ldap +LDAP_PORT=389 # port du serveur ldap LDAP_USETLS=0 # connection TLS 0/1 LDAP_USERWRITER=0 # LDAP_USER compte writer ? 0/1 -LDAP_USER= # DN compte access ldap -LDAP_PASSWORD= # Password comte access ldap +LDAP_USER= # DN compte access ldap admin or reader +LDAP_PASSWORD= # Password compte access ldap admin or reader LDAP_BASEDN= # Base DN ex:dc=nine,dc=fr LDAP_BASEORGANISATION= # Base Organisation ex:ou=nineskeletor,dc=nine,dc=fr LDAP_BASENIVEAU01= # Base Niveau01 ex:ou=niveau01,ou=nineskeletor,dc=nine,dc=fr @@ -114,12 +114,12 @@ CAS_AUTOSUBMIT=1 # if APP_AUTH = CAS autocréer les users non exi CAS_AUTOUPDATE=1 # if APP_AUTH = CAS automodifier les users existant # If APP_AUTH = OPENID -OAUTH_CLIENTID= -OAUTH_CLIENTSECRET= -OAUTH_LOGINURL= -OAUTH_LOGOUTURL= -OAUTH_TOKENURL= -OAUTH_USERINFO= +OAUTH_CLIENTID=nineskeletor +OAUTH_CLIENTSECRET="changeme" +OAUTH_LOGINURL=http://localhost:7080/oauth2/auth +OAUTH_LOGOUTURL=http://localhost:7080/oauth2/sessions/logout +OAUTH_TOKENURL=http://hydra:4444/oauth2/token +OAUTH_USERINFO=http://hydra:4444/userinfo OAUTH_USERNAME=username OAUTH_EMAIL=email OAUTH_LASTNAME=lastname @@ -127,7 +127,7 @@ OAUTH_FIRSTNAME=firstname OAUTH_AVATAR= OAUTH_NIVEAU01= OAUTH_GROUP= -OAUTH_AUTOSUBMIT=1 # if APP_AUTH = OPENID autocréer les users non existant +OAUTH_AUTOSUBMIT=0 # if APP_AUTH = OPENID autocréer les users non existant OAUTH_AUTOUPDATE=1 # if APP_AUTH = OPENID automodifier les users existant # IF APP_SYNCHRO=NINE2NINE @@ -150,8 +150,8 @@ SONDE_USE=0 SONDE_URL= # Mercure -MERCURE_URL=http://127.0.0.1:8081/.well-known/mercure -MERCURE_PUBLIC_URL=http://127.0.0.1:8081/.well-known/mercure +MERCURE_URL=http://mercure/.well-known/mercure +MERCURE_PUBLIC_URL=http://localhost:8081/.well-known/mercure MERCURE_JWT_SECRET="!changeme!changeme!changeme!changeme!changeme!changeme!" # Minio @@ -164,13 +164,13 @@ MINIO_PATH_STYLE=1 MINIO_SECURE=0 # Hydra apps -HYDRA_LOGINCHALLENGE="http://127.0.0.1:4445/oauth2/auth/requests/login?login_challenge=" -HYDRA_LOGINCHALLENGEACCEPT="http://127.0.0.1:4445/oauth2/auth/requests/login/accept?login_challenge=" -HYDRA_CONSENTCHALLENGE="http://127.0.0.1:4445/oauth2/auth/requests/consent?consent_challenge=" -HYDRA_CONSENTCHALLENGEACCEPT="http://127.0.0.1:4445/oauth2/auth/requests/consent/accept?consent_challenge=" +HYDRA_LOGINCHALLENGE="http://hydra:4445/oauth2/auth/requests/login?login_challenge=" +HYDRA_LOGINCHALLENGEACCEPT="http://hydra:4445/oauth2/auth/requests/login/accept?login_challenge=" +HYDRA_CONSENTCHALLENGE="http://hydra:4445/oauth2/auth/requests/consent?consent_challenge=" +HYDRA_CONSENTCHALLENGEACCEPT="http://hydra:4445/oauth2/auth/requests/consent/accept?consent_challenge=" # Lock -LOCK_DSN="postgresql://symfony:ChangeMe@127.0.0.1:5432/app?serverVersion=13&charset=utf8" +LOCK_DSN="postgresql://symfony:changeme@postgres:5432/app?serverVersion=13&charset=utf8" # Sentry SENTRY_DSN= diff --git a/docker-compose.yml b/docker-compose.yml index 84ee861..71e7cf4 100755 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -93,7 +93,7 @@ services: MERCURE_PUBLISHER_JWT_KEY: '!changeme!changeme!changeme!changeme!changeme!changeme!' MERCURE_SUBSCRIBER_JWT_KEY: '!changeme!changeme!changeme!changeme!changeme!changeme!' MERCURE_EXTRA_DIRECTIVES: | - cors_origins "http://127.0.0.1:8080" + cors_origins "http://localhost:8080" anonymous # Comment the following line to disable the development mode #command: /usr/bin/caddy run -config /etc/caddy/Caddyfile.dev @@ -115,7 +115,7 @@ services: MINIO_ROOT_PASSWORD: changeme command: server http://minio{1...4}/data{1...2} healthcheck: - test: ["CMD", "curl", "-f", "http://127.0.0.1:9000/minio/health/live"] + test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"] interval: 30s timeout: 20s retries: 3 @@ -134,7 +134,7 @@ services: MINIO_ROOT_PASSWORD: changeme command: server http://minio{1...4}/data{1...2} healthcheck: - test: ["CMD", "curl", "-f", "http://127.0.0.1:9000/minio/health/live"] + test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"] interval: 30s timeout: 20s retries: 3 @@ -153,7 +153,7 @@ services: MINIO_ROOT_PASSWORD: changeme command: server http://minio{1...4}/data{1...2} healthcheck: - test: ["CMD", "curl", "-f", "http://127.0.0.1:9000/minio/health/live"] + test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"] interval: 30s timeout: 20s retries: 3 @@ -172,7 +172,7 @@ services: MINIO_ROOT_PASSWORD: changeme command: server http://minio{1...4}/data{1...2} healthcheck: - test: ["CMD", "curl", "-f", "http://127.0.0.1:9000/minio/health/live"] + test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"] interval: 30s timeout: 20s retries: 3 @@ -207,10 +207,10 @@ services: restart: on-failure environment: LOG_LEAK_SENSITIVE_VALUES: "true" - HYDRA_URLS_SELF_ISSUER: http://127.0.0.1:7080 - HYDRA_URLS_CONSENT: http://127.0.0.1:7081/consent - HYDRA_URLS_LOGIN: http://127.0.0.1:7081/login - HYDRA_URLS_LOGOUT: http://127.0.0.1:7081/logout + HYDRA_URLS_SELF_ISSUER: http://localhost:7080 + HYDRA_URLS_CONSENT: http://localhost:7081/consent + HYDRA_URLS_LOGIN: http://localhost:7081/login + HYDRA_URLS_LOGOUT: http://localhost:7081/logout HYDRA_DSN: postgres://symfony:changeme@postgres:5432/hydra #HYDRA_WAIT4X_DATABASE_TYPE: postgres #HYDRA_WAIT4X_DATABASE_DSN: postgres://symfony:changeme@postgres:5432/hydra @@ -232,7 +232,7 @@ services: - HYDRA_BASE_URL=http://hydra:4444 - HYDRA_ADMIN_BASE_URL=http://hydra:4445 # url dispatcher - - BASE_URL=http://127.0.0.1:7081 + - BASE_URL=http://localhost:7081 - COOKIE_PATH=/ - DEFAULT_LOCALE=fr - APP_LOCALES=fr,en diff --git a/misc/images/app/app-docker/Dockerfile b/misc/images/app/app-docker/Dockerfile index 723a7c3..23c2752 100644 --- a/misc/images/app/app-docker/Dockerfile +++ b/misc/images/app/app-docker/Dockerfile @@ -6,6 +6,7 @@ ARG ADDITIONAL_PACKAGES="tree \ php81-pdo=${PHP_PKG_VERSION} \ php81-pdo_pgsql=${PHP_PKG_VERSION} \ php81-intl=${PHP_PKG_VERSION} \ + php81-ldap=${PHP_PKG_VERSION} \ php81-pecl-redis=5.3.7-r0" FROM reg.cadoles.com/cadoles/symfony:alpine-php-8.1-standalone diff --git a/misc/images/hydra-dispatcher/hydra/providers.yml b/misc/images/hydra-dispatcher/hydra/providers.yml index 9563da0..9dca190 100755 --- a/misc/images/hydra-dispatcher/hydra/providers.yml +++ b/misc/images/hydra-dispatcher/hydra/providers.yml @@ -7,10 +7,10 @@ hydra: description: fr: Authentification via NINESQL en: Authentication by NINESQL - icon_url: https://127.0.0.1:8000/medias/icons/icon_bdd.png - login_url: http://127.0.0.1:8000/hydra/loginsql - consent_url: http://127.0.0.1:8000/hydra/consent - logout_url: http://127.0.0.1:8000/hydra/logoutsql + icon_url: http://localhost:8080/medias/icons/icon_bdd.png + login_url: http://localhost:8080/hydra/loginsql + consent_url: http://localhost:8080/hydra/consent + logout_url: http://localhost:8080/hydra/logoutsql attributes_rewrite_rules: username: - consent.session.id_token.username @@ -28,10 +28,10 @@ hydra: description: fr: Authentification via NINELDAP en: Authentication by NINELDAP - icon_url: https://127.0.0.1:8000/medias/icons/icon_phpldapadmin.png - login_url: http://127.0.0.1:8000/hydra/loginldap - consent_url: http://127.0.0.1:8000/hydra/consent - logout_url: http://127.0.0.1:8000/hydra/logoutldap + icon_url: http://localhost:8080/medias/icons/icon_phpldapadmin.png + login_url: http://localhost:8080/hydra/loginldap + consent_url: http://localhost:8080/hydra/consent + logout_url: http://localhost:8080/hydra/logoutldap attributes_rewrite_rules: username: - consent.session.id_token.username diff --git a/misc/images/hydra/clients.d/nineskeletor.json b/misc/images/hydra/clients.d/nineskeletor.json index 4e66d72..97484b6 100755 --- a/misc/images/hydra/clients.d/nineskeletor.json +++ b/misc/images/hydra/clients.d/nineskeletor.json @@ -9,11 +9,11 @@ "jwks": {}, "metadata": {}, "token_endpoint_auth_method": "client_secret_post", - "post_logout_redirect_uris": ["https://127.0.0.1:8000"], - "redirect_uris": ["https://127.0.0.1:8000/oauth2/callback"], + "post_logout_redirect_uris": ["http://localhost:8080"], + "redirect_uris": ["http://localhost:8080/oauth2/callback"], "response_types": [ "code" ], - "logo_uri": "https://127.0.0.1:8000/minio/logo", + "logo_uri": "http://localhost:8080/minio/logo", "scope": "openid" } \ No newline at end of file