LumeWeb
/
skynet-webportal
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

use secure subdomain

This commit is contained in:
Karol Wypchlo 2020-12-16 13:08:51 +01:00
parent b3029b43e3
commit 3d897cb3ab
5 changed files with 24 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
docker-compose.yml
View File

@ -227,7 +227,7 @@ services:
environment: environment:
- DSN=cockroach://root@cockroach:26257/defaultdb?sslmode=disable&max_conns=20&max_idle_conns=4 - DSN=cockroach://root@cockroach:26257/defaultdb?sslmode=disable&max_conns=20&max_idle_conns=4
- LOG_LEVEL=trace - LOG_LEVEL=trace
- SERVE_PUBLIC_BASE_URL=/secure/.ory/kratos/public/ - SERVE_PUBLIC_BASE_URL=/.ory/kratos/public/
- SQA_OPT_OUT=true - SQA_OPT_OUT=true
command: serve -c /etc/config/kratos/kratos.yml command: serve -c /etc/config/kratos/kratos.yml
volumes: volumes:
@ -256,8 +256,8 @@ services:
- PORT=4435 - PORT=4435
- SECURITY_MODE=jwks - SECURITY_MODE=jwks
- PROJECT_NAME=Skynet - PROJECT_NAME=Skynet
- BASE_URL=/secure/ - BASE_URL=/
- KRATOS_BROWSER_URL=/secure/.ory/kratos/public - KRATOS_BROWSER_URL=/.ory/kratos/public
- JWKS_URL=http://oathkeeper:4456/.well-known/jwks.json - JWKS_URL=http://oathkeeper:4456/.well-known/jwks.json
- KRATOS_PUBLIC_URL=http://kratos:4433/ - KRATOS_PUBLIC_URL=http://kratos:4433/
- KRATOS_ADMIN_URL=http://kratos:4434/ - KRATOS_ADMIN_URL=http://kratos:4434/

19
docker/kratos/config/kratos.yml
View File

@ -4,7 +4,7 @@ dsn: memory
serve: serve:
public: public:
base_url: http://127.0.0.1/secure/ base_url: http://127.0.0.1/
cors: cors:
enabled: true enabled: true
admin: admin:
@ -21,33 +21,33 @@ selfservice:
flows: flows:
error: error:
ui_url: http://127.0.0.1/secure/error ui_url: http://127.0.0.1/error
settings: settings:
ui_url: http://127.0.0.1/secure/settings ui_url: http://127.0.0.1/settings
privileged_session_max_age: 15m privileged_session_max_age: 15m
recovery: recovery:
enabled: true enabled: true
ui_url: http://127.0.0.1/secure/recovery ui_url: http://127.0.0.1/recovery
verification: verification:
enabled: true enabled: true
ui_url: http://127.0.0.1/secure/verify ui_url: http://127.0.0.1/verify
after: after:
default_browser_return_url: http://127.0.0.1/ default_browser_return_url: http://127.0.0.1/
logout: logout:
after: after:
default_browser_return_url: http://127.0.0.1/secure/auth/login default_browser_return_url: http://127.0.0.1/auth/login
login: login:
ui_url: http://127.0.0.1/secure/auth/login ui_url: http://127.0.0.1/auth/login
lifespan: 10m lifespan: 10m
registration: registration:
lifespan: 10m lifespan: 10m
ui_url: http://127.0.0.1/secure/auth/registration ui_url: http://127.0.0.1/auth/registration
after: after:
password: password:
hooks: hooks:
@ -64,8 +64,7 @@ secrets:
session: session:
cookie: cookie:
domain: siasky.xyz domain: secure.siasky.xyz
path: /secure
hashers: hashers:
argon2: argon2:

2
docker/kratos/oathkeeper/access-rules.yml
View File

@ -50,7 +50,7 @@
errors: errors:
- handler: redirect - handler: redirect
config: config:
to: http://127.0.0.1/secure/auth/login to: http://127.0.0.1/auth/login
- id: "accounts" - id: "accounts"
upstream: upstream:

2
docker/kratos/oathkeeper/oathkeeper.yml
View File

@ -30,7 +30,7 @@ errors:
redirect: redirect:
enabled: true enabled: true
config: config:
to: http://127.0.0.1/secure/auth/login to: http://127.0.0.1/auth/login
when: when:
- error: - error:
- unauthorized - unauthorized

10
docker/nginx/conf.d/secure.conf Normal file
View File

@ -0,0 +1,10 @@
server {
listen 80;
listen [::]:80;
server_name secure.*;
location / {
proxy_redirect http://127.0.0.1/ https://$host/;
proxy_pass http://oathkeeper:4455;
}
}