LumeWeb
/
skynet-webportal
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Revert "use secure subdomain" 

This reverts commit d8003fdd85f37049ac2c7074495f180f2fcfa1b5.
This commit is contained in:
Karol Wypchlo 2020-12-15 16:29:30 +01:00
parent 8a65e1aadf
commit e2d7397d05
4 changed files with 32 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
docker-compose.yml
View File

@ -227,7 +227,7 @@ services:
environment: environment:
- DSN=cockroach://root@cockroach:26257/defaultdb?sslmode=disable&max_conns=20&max_idle_conns=4 - DSN=cockroach://root@cockroach:26257/defaultdb?sslmode=disable&max_conns=20&max_idle_conns=4
- LOG_LEVEL=trace - LOG_LEVEL=trace
- SERVE_PUBLIC_BASE_URL=https://secure.siasky.xyz/.ory/kratos/public/ - SERVE_PUBLIC_BASE_URL=https://siasky.xyz/secure/.ory/kratos/public/
- SQA_OPT_OUT=true - SQA_OPT_OUT=true
command: serve -c /etc/config/kratos/kratos.yml command: serve -c /etc/config/kratos/kratos.yml
volumes: volumes:
@ -256,8 +256,8 @@ services:
- PORT=4435 - PORT=4435
- SECURITY_MODE=jwks - SECURITY_MODE=jwks
- PROJECT_NAME=Skynet - PROJECT_NAME=Skynet
- BASE_URL=https://secure.siasky.xyz - BASE_URL=https://siasky.xyz/secure/
- KRATOS_BROWSER_URL=https://secure.siasky.xyz/.ory/kratos/public - KRATOS_BROWSER_URL=https://siasky.xyz/secure/.ory/kratos/public
- JWKS_URL=http://oathkeeper:4456/.well-known/jwks.json - JWKS_URL=http://oathkeeper:4456/.well-known/jwks.json
- KRATOS_PUBLIC_URL=http://kratos:4433/ - KRATOS_PUBLIC_URL=http://kratos:4433/
- KRATOS_ADMIN_URL=http://kratos:4434/ - KRATOS_ADMIN_URL=http://kratos:4434/

18
docker/kratos/config/kratos.yml
View File

@ -4,7 +4,7 @@ dsn: memory
serve: serve:
public: public:
base_url: https://secure.siasky.xyz base_url: https://siasky.xyz/secure/
cors: cors:
enabled: true enabled: true
admin: admin:
@ -21,33 +21,33 @@ selfservice:
flows: flows:
error: error:
ui_url: https://secure.siasky.xyz/error ui_url: https://siasky.xyz/secure/error
settings: settings:
ui_url: https://secure.siasky.xyz/settings ui_url: https://siasky.xyz/secure/settings
privileged_session_max_age: 15m privileged_session_max_age: 15m
recovery: recovery:
enabled: true enabled: true
ui_url: https://secure.siasky.xyz/recovery ui_url: https://siasky.xyz/secure/recovery
verification: verification:
enabled: true enabled: true
ui_url: https://secure.siasky.xyz/verify ui_url: https://siasky.xyz/secure/verify
after: after:
default_browser_return_url: https://siasky.xyz default_browser_return_url: https://siasky.xyz
logout: logout:
after: after:
default_browser_return_url: https://secure.siasky.xyz/auth/login default_browser_return_url: https://siasky.xyz/secure/auth/login
login: login:
ui_url: https://secure.siasky.xyz/auth/login ui_url: https://siasky.xyz/secure/auth/login
lifespan: 10m lifespan: 10m
registration: registration:
lifespan: 10m lifespan: 10m
ui_url: https://secure.siasky.xyz/auth/registration ui_url: https://siasky.xyz/secure/auth/registration
after: after:
password: password:
hooks: hooks:
@ -64,7 +64,7 @@ secrets:
session: session:
cookie: cookie:
domain: secure.siasky.xyz domain: siasky.xyz
hashers: hashers:
argon2: argon2:

24
docker/kratos/oathkeeper/access-rules.yml
View File

@ -1,4 +1,5 @@
- id: "ory:kratos:public" -
id: "ory:kratos:public"
upstream: upstream:
preserve_host: true preserve_host: true
url: "http://kratos:4433" url: "http://kratos:4433"
@ -12,13 +13,15 @@
- DELETE - DELETE
- PATCH - PATCH
authenticators: authenticators:
- handler: noop -
handler: noop
authorizer: authorizer:
handler: allow handler: allow
mutators: mutators:
- handler: noop - handler: noop
- id: "ory:kratos-selfservice-ui-node:anonymous" -
id: "ory:kratos-selfservice-ui-node:anonymous"
upstream: upstream:
preserve_host: true preserve_host: true
url: "http://kratos-selfservice-ui-node:4435" url: "http://kratos-selfservice-ui-node:4435"
@ -27,13 +30,16 @@
methods: methods:
- GET - GET
authenticators: authenticators:
- handler: anonymous -
handler: anonymous
authorizer: authorizer:
handler: allow handler: allow
mutators: mutators:
- handler: noop -
handler: noop
- id: "ory:kratos-selfservice-ui-node:protected" -
id: "ory:kratos-selfservice-ui-node:protected"
upstream: upstream:
preserve_host: true preserve_host: true
url: "http://kratos-selfservice-ui-node:4435" url: "http://kratos-selfservice-ui-node:4435"
@ -42,7 +48,8 @@
methods: methods:
- GET - GET
authenticators: authenticators:
- handler: cookie_session -
handler: cookie_session
authorizer: authorizer:
handler: allow handler: allow
mutators: mutators:
@ -51,4 +58,5 @@
- handler: redirect - handler: redirect
config: config:
#to: http://oathkeeper:4455/auth/login #to: http://oathkeeper:4455/auth/login
to: https://secure.siasky.xyz/auth/login to: https://siasky.xyz/secure/auth/login

6
docker/kratos/oathkeeper/oathkeeper.yml
View File

@ -31,9 +31,10 @@ errors:
enabled: true enabled: true
config: config:
#to: http://oathkeeper:4455/auth/login #to: http://oathkeeper:4455/auth/login
to: https://secure.siasky.xyz/auth/login to: https://siasky.xyz/secure/auth/login
when: when:
- error: -
error:
- unauthorized - unauthorized
- forbidden - forbidden
request: request:
@ -87,3 +88,4 @@ mutators:
{ {
"session": {{ .Extra | toJson }} "session": {{ .Extra | toJson }}
} }