LumeWeb
/
skynet-webportal
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

use secure subdomain

This commit is contained in:
Karol Wypchlo 2020-12-15 16:12:46 +01:00
parent f261871731
commit 8a65e1aadf
4 changed files with 22 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
docker-compose.yml
View File

@ -227,7 +227,7 @@ services:
environment: environment:
- DSN=cockroach://root@cockroach:26257/defaultdb?sslmode=disable&max_conns=20&max_idle_conns=4 - DSN=cockroach://root@cockroach:26257/defaultdb?sslmode=disable&max_conns=20&max_idle_conns=4
- LOG_LEVEL=trace - LOG_LEVEL=trace
- SERVE_PUBLIC_BASE_URL=https://siasky.xyz/secure/.ory/kratos/public/ - SERVE_PUBLIC_BASE_URL=https://secure.siasky.xyz/.ory/kratos/public/
- SQA_OPT_OUT=true - SQA_OPT_OUT=true
command: serve -c /etc/config/kratos/kratos.yml command: serve -c /etc/config/kratos/kratos.yml
volumes: volumes:
@ -256,8 +256,8 @@ services:
- PORT=4435 - PORT=4435
- SECURITY_MODE=jwks - SECURITY_MODE=jwks
- PROJECT_NAME=Skynet - PROJECT_NAME=Skynet
- BASE_URL=https://siasky.xyz/secure/ - BASE_URL=https://secure.siasky.xyz
- KRATOS_BROWSER_URL=https://siasky.xyz/secure/.ory/kratos/public - KRATOS_BROWSER_URL=https://secure.siasky.xyz/.ory/kratos/public
- JWKS_URL=http://oathkeeper:4456/.well-known/jwks.json - JWKS_URL=http://oathkeeper:4456/.well-known/jwks.json
- KRATOS_PUBLIC_URL=http://kratos:4433/ - KRATOS_PUBLIC_URL=http://kratos:4433/
- KRATOS_ADMIN_URL=http://kratos:4434/ - KRATOS_ADMIN_URL=http://kratos:4434/

18
docker/kratos/config/kratos.yml
View File

@ -4,7 +4,7 @@ dsn: memory
serve: serve:
public: public:
base_url: https://siasky.xyz/secure/ base_url: https://secure.siasky.xyz
cors: cors:
enabled: true enabled: true
admin: admin:
@ -21,33 +21,33 @@ selfservice:
flows: flows:
error: error:
ui_url: https://siasky.xyz/secure/error ui_url: https://secure.siasky.xyz/error
settings: settings:
ui_url: https://siasky.xyz/secure/settings ui_url: https://secure.siasky.xyz/settings
privileged_session_max_age: 15m privileged_session_max_age: 15m
recovery: recovery:
enabled: true enabled: true
ui_url: https://siasky.xyz/secure/recovery ui_url: https://secure.siasky.xyz/recovery
verification: verification:
enabled: true enabled: true
ui_url: https://siasky.xyz/secure/verify ui_url: https://secure.siasky.xyz/verify
after: after:
default_browser_return_url: https://siasky.xyz default_browser_return_url: https://siasky.xyz
logout: logout:
after: after:
default_browser_return_url: https://siasky.xyz/secure/auth/login default_browser_return_url: https://secure.siasky.xyz/auth/login
login: login:
ui_url: https://siasky.xyz/secure/auth/login ui_url: https://secure.siasky.xyz/auth/login
lifespan: 10m lifespan: 10m
registration: registration:
lifespan: 10m lifespan: 10m
ui_url: https://siasky.xyz/secure/auth/registration ui_url: https://secure.siasky.xyz/auth/registration
after: after:
password: password:
hooks: hooks:
@ -64,7 +64,7 @@ secrets:
session: session:
cookie: cookie:
domain: siasky.xyz domain: secure.siasky.xyz
hashers: hashers:
argon2: argon2:

24
docker/kratos/oathkeeper/access-rules.yml
View File

@ -1,5 +1,4 @@
- - id: "ory:kratos:public"
id: "ory:kratos:public"
upstream: upstream:
preserve_host: true preserve_host: true
url: "http://kratos:4433" url: "http://kratos:4433"
@ -13,15 +12,13 @@
- DELETE - DELETE
- PATCH - PATCH
authenticators: authenticators:
- - handler: noop
handler: noop
authorizer: authorizer:
handler: allow handler: allow
mutators: mutators:
- handler: noop - handler: noop
- - id: "ory:kratos-selfservice-ui-node:anonymous"
id: "ory:kratos-selfservice-ui-node:anonymous"
upstream: upstream:
preserve_host: true preserve_host: true
url: "http://kratos-selfservice-ui-node:4435" url: "http://kratos-selfservice-ui-node:4435"
@ -30,16 +27,13 @@
methods: methods:
- GET - GET
authenticators: authenticators:
- - handler: anonymous
handler: anonymous
authorizer: authorizer:
handler: allow handler: allow
mutators: mutators:
- - handler: noop
handler: noop
- - id: "ory:kratos-selfservice-ui-node:protected"
id: "ory:kratos-selfservice-ui-node:protected"
upstream: upstream:
preserve_host: true preserve_host: true
url: "http://kratos-selfservice-ui-node:4435" url: "http://kratos-selfservice-ui-node:4435"
@ -48,8 +42,7 @@
methods: methods:
- GET - GET
authenticators: authenticators:
- - handler: cookie_session
handler: cookie_session
authorizer: authorizer:
handler: allow handler: allow
mutators: mutators:
@ -58,5 +51,4 @@
- handler: redirect - handler: redirect
config: config:
#to: http://oathkeeper:4455/auth/login #to: http://oathkeeper:4455/auth/login
to: https://siasky.xyz/secure/auth/login to: https://secure.siasky.xyz/auth/login

6
docker/kratos/oathkeeper/oathkeeper.yml
View File

@ -31,10 +31,9 @@ errors:
enabled: true enabled: true
config: config:
#to: http://oathkeeper:4455/auth/login #to: http://oathkeeper:4455/auth/login
to: https://siasky.xyz/secure/auth/login to: https://secure.siasky.xyz/auth/login
when: when:
- - error:
error:
- unauthorized - unauthorized
- forbidden - forbidden
request: request:
@ -88,4 +87,3 @@ mutators:
{ {
"session": {{ .Extra | toJson }} "session": {{ .Extra | toJson }}
} }