LumeWeb
/
skynet-webportal
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

use secure subdomain

This commit is contained in:
Karol Wypchlo 2020-12-15 16:12:46 +01:00
parent f261871731
commit 8a65e1aadf
4 changed files with 22 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
docker-compose.yml
View File

@ -227,7 +227,7 @@ services:
environment:
- DSN=cockroach://root@cockroach:26257/defaultdb?sslmode=disable&max_conns=20&max_idle_conns=4
- LOG_LEVEL=trace
- SERVE_PUBLIC_BASE_URL=https://siasky.xyz/secure/.ory/kratos/public/
- SERVE_PUBLIC_BASE_URL=https://secure.siasky.xyz/.ory/kratos/public/
- SQA_OPT_OUT=true
command: serve -c /etc/config/kratos/kratos.yml
volumes:
@ -256,8 +256,8 @@ services:
- PORT=4435
- SECURITY_MODE=jwks
- PROJECT_NAME=Skynet
- BASE_URL=https://siasky.xyz/secure/
- KRATOS_BROWSER_URL=https://siasky.xyz/secure/.ory/kratos/public
- BASE_URL=https://secure.siasky.xyz
- KRATOS_BROWSER_URL=https://secure.siasky.xyz/.ory/kratos/public
- JWKS_URL=http://oathkeeper:4456/.well-known/jwks.json
- KRATOS_PUBLIC_URL=http://kratos:4433/
- KRATOS_ADMIN_URL=http://kratos:4434/

18
docker/kratos/config/kratos.yml
View File

@ -4,7 +4,7 @@ dsn: memory
serve:
public:
base_url: https://siasky.xyz/secure/
base_url: https://secure.siasky.xyz
cors:
enabled: true
admin:
@ -21,33 +21,33 @@ selfservice:
flows:
error:
ui_url: https://siasky.xyz/secure/error
ui_url: https://secure.siasky.xyz/error
settings:
ui_url: https://siasky.xyz/secure/settings
ui_url: https://secure.siasky.xyz/settings
privileged_session_max_age: 15m
recovery:
enabled: true
ui_url: https://siasky.xyz/secure/recovery
ui_url: https://secure.siasky.xyz/recovery
verification:
enabled: true
ui_url: https://siasky.xyz/secure/verify
ui_url: https://secure.siasky.xyz/verify
after:
default_browser_return_url: https://siasky.xyz
logout:
after:
default_browser_return_url: https://siasky.xyz/secure/auth/login
default_browser_return_url: https://secure.siasky.xyz/auth/login
login:
ui_url: https://siasky.xyz/secure/auth/login
ui_url: https://secure.siasky.xyz/auth/login
lifespan: 10m
registration:
lifespan: 10m
ui_url: https://siasky.xyz/secure/auth/registration
ui_url: https://secure.siasky.xyz/auth/registration
after:
password:
hooks:
@ -64,7 +64,7 @@ secrets:
session:
cookie:
domain: siasky.xyz
domain: secure.siasky.xyz
hashers:
argon2:

24
docker/kratos/oathkeeper/access-rules.yml
View File

@ -1,5 +1,4 @@
-
id: "ory:kratos:public"
- id: "ory:kratos:public"
upstream:
preserve_host: true
url: "http://kratos:4433"
@ -13,15 +12,13 @@
- DELETE
- PATCH
authenticators:
-
handler: noop
- handler: noop
authorizer:
handler: allow
mutators:
- handler: noop
-
id: "ory:kratos-selfservice-ui-node:anonymous"
- id: "ory:kratos-selfservice-ui-node:anonymous"
upstream:
preserve_host: true
url: "http://kratos-selfservice-ui-node:4435"
@ -30,16 +27,13 @@
methods:
- GET
authenticators:
-
handler: anonymous
- handler: anonymous
authorizer:
handler: allow
mutators:
-
handler: noop
- handler: noop
-
id: "ory:kratos-selfservice-ui-node:protected"
- id: "ory:kratos-selfservice-ui-node:protected"
upstream:
preserve_host: true
url: "http://kratos-selfservice-ui-node:4435"
@ -48,8 +42,7 @@
methods:
- GET
authenticators:
-
handler: cookie_session
- handler: cookie_session
authorizer:
handler: allow
mutators:
@ -58,5 +51,4 @@
- handler: redirect
config:
#to: http://oathkeeper:4455/auth/login
to: https://siasky.xyz/secure/auth/login
to: https://secure.siasky.xyz/auth/login

6
docker/kratos/oathkeeper/oathkeeper.yml
View File

@ -31,10 +31,9 @@ errors:
enabled: true
config:
#to: http://oathkeeper:4455/auth/login
to: https://siasky.xyz/secure/auth/login
to: https://secure.siasky.xyz/auth/login
when:
-
error:
- error:
- unauthorized
- forbidden
request:
@ -88,4 +87,3 @@ mutators:
{
"session": {{ .Extra | toJson }}
}