diff --git a/.env b/.env index a0446e1..09902d8 100644 --- a/.env +++ b/.env @@ -3,4 +3,8 @@ DB_PORT=3306 DB_USER=itam DB_PASS=itam1234 DB_NAME=itam +CLIENT_ID=836cd2e1-995a-4027-bcb5-5dd9c94c2b84 +ISSUER=https://sso.hmac.kr/oidc +REDIRECT_URI=http://172.16.9.44:8080/callback +JWKS_URI=http://172.16.9.44:8080/.well-known/jwks.json PORT=3000 \ No newline at end of file diff --git a/docker-compose.prod.yaml b/docker-compose.prod.yaml index 38910fd..79bcf59 100644 --- a/docker-compose.prod.yaml +++ b/docker-compose.prod.yaml @@ -11,9 +11,13 @@ services: environment: NODE_ENV: production PORT: 3000 + KEYS_PATH: /app/data/keys.json + REDIRECT_URI: ${PROD_REDIRECT_URI:-http://172.16.10.175:9090/callback} + JWKS_URI: ${PROD_JWKS_URI:-http://172.16.10.175:9090/.well-known/jwks.json} volumes: - ./uploads:/app/uploads - ./map_config.json:/app/map_config.json:ro + - backend_keys:/app/data expose: - "3000" restart: unless-stopped @@ -70,4 +74,7 @@ services: restart: always command: - --character-set-server=utf8mb4 - - --collation-server=utf8mb4_unicode_ci \ No newline at end of file + - --collation-server=utf8mb4_unicode_ci + +volumes: + backend_keys: \ No newline at end of file diff --git a/docker-compose.test.yaml b/docker-compose.test.yaml index 4d354dd..ffd9fd9 100644 --- a/docker-compose.test.yaml +++ b/docker-compose.test.yaml @@ -13,11 +13,13 @@ services: environment: NODE_ENV: development PORT: 3000 - DB_HOST: ${DB_HOST:-172.16.8.151} + DB_HOST: ${TEST_DB_HOST:-host.docker.internal} DB_PORT: ${DB_PORT:-3306} DB_USER: ${DB_USER:-root} DB_PASS: ${DB_PASS:-} DB_NAME: ${DB_NAME:-itam} + extra_hosts: + - "host.docker.internal:host-gateway" ports: - "3000:3000" volumes: diff --git a/docker/nginx/default.conf b/docker/nginx/default.conf index 58e44b2..e0e7d40 100644 --- a/docker/nginx/default.conf +++ b/docker/nginx/default.conf @@ -31,6 +31,16 @@ server { application/json application/javascript; gzip_min_length 1000; + # Expose the backend JWKS document for Baron SSO headless login verification. + location = /.well-known/jwks.json { + proxy_pass http://backend/.well-known/jwks.json; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_http_version 1.1; + } + # Forward all app requests to the frontend container location / { proxy_pass http://frontend; diff --git a/index.html b/index.html index dbeaba1..cc38b8a 100644 --- a/index.html +++ b/index.html @@ -14,6 +14,49 @@ + +