forked from baron/baron-sso
go 버전업 && ory 설정파일들 자동 생성 스크립트 추가
This commit is contained in:
@@ -18,11 +18,12 @@ echo "🚀 Creating instance: ${INSTANCE_NAME} (Port Prefix: ${PORT_PREFIX}xxx)"
|
||||
|
||||
# 1. 폴더 구조 생성
|
||||
mkdir -p "${TARGET_DIR}/gateway"
|
||||
mkdir -p "${TARGET_DIR}/config/.generated"
|
||||
mkdir -p "${TARGET_DIR}/ory/init-db"
|
||||
mkdir -p "${TARGET_DIR}/ory/kratos"
|
||||
mkdir -p "${TARGET_DIR}/ory/hydra"
|
||||
mkdir -p "${TARGET_DIR}/ory/keto"
|
||||
mkdir -p "${TARGET_DIR}/ory/oathkeeper"
|
||||
mkdir -p "${TARGET_DIR}/ory/templates/kratos"
|
||||
mkdir -p "${TARGET_DIR}/ory/templates/hydra"
|
||||
mkdir -p "${TARGET_DIR}/ory/templates/keto"
|
||||
mkdir -p "${TARGET_DIR}/ory/templates/oathkeeper"
|
||||
mkdir -p "${TARGET_DIR}/userfront"
|
||||
mkdir -p "${TARGET_DIR}/adminfront"
|
||||
mkdir -p "${TARGET_DIR}/devfront"
|
||||
@@ -47,13 +48,15 @@ cp "${BASE_DIR}/templates/docker-compose.yaml" "${TARGET_DIR}/"
|
||||
sed "s/{{BACKEND_PORT}}/${BACKEND_PORT}/g" "${BASE_DIR}/templates/gateway/nginx.conf" > "${TARGET_DIR}/gateway/nginx.conf"
|
||||
sed "s/{{BACKEND_PORT}}/${BACKEND_PORT}/g" "${BASE_DIR}/templates/userfront/nginx.conf" > "${TARGET_DIR}/userfront/nginx.conf"
|
||||
|
||||
# Oathkeeper Rules
|
||||
sed "s/{{BACKEND_PORT}}/${BACKEND_PORT}/g" "${BASE_DIR}/templates/ory/oathkeeper/rules.json" > "${TARGET_DIR}/ory/oathkeeper/rules.json"
|
||||
cp "${TARGET_DIR}/ory/oathkeeper/rules.json" "${TARGET_DIR}/ory/oathkeeper/rules.active.json"
|
||||
# Oathkeeper Rules template
|
||||
sed "s/{{BACKEND_PORT}}/${BACKEND_PORT}/g" "${BASE_DIR}/templates/ory/oathkeeper/rules.json" > "${TARGET_DIR}/ory/templates/oathkeeper/rules.json"
|
||||
cp "${TARGET_DIR}/ory/templates/oathkeeper/rules.json" "${TARGET_DIR}/ory/templates/oathkeeper/rules.stage.json"
|
||||
cp "${TARGET_DIR}/ory/templates/oathkeeper/rules.json" "${TARGET_DIR}/ory/templates/oathkeeper/rules.prod.json"
|
||||
cp "${TARGET_DIR}/ory/templates/oathkeeper/rules.json" "${TARGET_DIR}/ory/templates/oathkeeper/rules.active.json"
|
||||
|
||||
# Kratos Config
|
||||
# Kratos Config template
|
||||
sed "s/{{BACKEND_PORT}}/${BACKEND_PORT}/g; s/{{USERFRONT_PORT}}/${USERFRONT_PORT}/g" \
|
||||
"${BASE_DIR}/templates/ory/kratos/kratos.yml" > "${TARGET_DIR}/ory/kratos/kratos.yml"
|
||||
"${BASE_DIR}/templates/ory/kratos/kratos.yml.template" > "${TARGET_DIR}/ory/templates/kratos/kratos.yml.template"
|
||||
|
||||
# Vite Configs
|
||||
sed "s/{{ADMINFRONT_DOMAIN}}/${ADMINFRONT_DOMAIN}/g; s/{{BACKEND_PORT}}/${BACKEND_PORT}/g" \
|
||||
@@ -71,12 +74,18 @@ sed "s/{{USERFRONT_PORT}}/${USERFRONT_PORT}/g; s/{{CLIENT_ID}}/devfront/g" \
|
||||
sed "s/{{USERFRONT_PORT}}/${USERFRONT_PORT}/g" \
|
||||
"${BASE_DIR}/templates/orgfront/auth.ts" > "${TARGET_DIR}/orgfront/auth.ts"
|
||||
|
||||
# 5. Ory 정적 설정 복사
|
||||
# 5. Ory template 복사 및 완성 config 렌더링
|
||||
if [ -d "${BASE_DIR}/../docker/ory/init-db" ]; then cp -n "${BASE_DIR}/../docker/ory/init-db/"* "${TARGET_DIR}/ory/init-db/" 2>/dev/null || true; fi
|
||||
if [ -d "${BASE_DIR}/../docker/ory/kratos" ]; then cp -n "${BASE_DIR}/../docker/ory/kratos/"* "${TARGET_DIR}/ory/kratos/" 2>/dev/null || true; fi
|
||||
if [ -d "${BASE_DIR}/../docker/ory/hydra" ]; then cp -n "${BASE_DIR}/../docker/ory/hydra/"* "${TARGET_DIR}/ory/hydra/" 2>/dev/null || true; fi
|
||||
if [ -d "${BASE_DIR}/../docker/ory/keto" ]; then cp -n "${BASE_DIR}/../docker/ory/keto/"* "${TARGET_DIR}/ory/keto/" 2>/dev/null || true; fi
|
||||
if [ -d "${BASE_DIR}/../docker/ory/oathkeeper" ]; then cp -n "${BASE_DIR}/../docker/ory/oathkeeper/"* "${TARGET_DIR}/ory/oathkeeper/" 2>/dev/null || true; fi
|
||||
if [ -d "${BASE_DIR}/../docker/ory/kratos" ]; then cp -n "${BASE_DIR}/../docker/ory/kratos/"* "${TARGET_DIR}/ory/templates/kratos/" 2>/dev/null || true; fi
|
||||
if [ -d "${BASE_DIR}/../docker/ory/kratos/courier-templates" ]; then cp -a "${BASE_DIR}/../docker/ory/kratos/courier-templates" "${TARGET_DIR}/ory/templates/kratos/" 2>/dev/null || true; fi
|
||||
if [ -d "${BASE_DIR}/../docker/ory/hydra" ]; then cp -n "${BASE_DIR}/../docker/ory/hydra/"* "${TARGET_DIR}/ory/templates/hydra/" 2>/dev/null || true; fi
|
||||
if [ -d "${BASE_DIR}/../docker/ory/keto" ]; then cp -n "${BASE_DIR}/../docker/ory/keto/"* "${TARGET_DIR}/ory/templates/keto/" 2>/dev/null || true; fi
|
||||
if [ -d "${BASE_DIR}/../docker/ory/oathkeeper" ]; then cp -n "${BASE_DIR}/../docker/ory/oathkeeper/"* "${TARGET_DIR}/ory/templates/oathkeeper/" 2>/dev/null || true; fi
|
||||
|
||||
ORY_CONFIG_ENV_FILES="${TARGET_DIR}/.env" \
|
||||
ORY_CONFIG_TEMPLATE_ROOT="${TARGET_DIR}/ory/templates" \
|
||||
ORY_CONFIG_OUTPUT_DIR="${TARGET_DIR}/config/.generated/ory" \
|
||||
bash "${BASE_DIR}/../scripts/render_ory_config.sh"
|
||||
|
||||
# 6. 마무리
|
||||
chmod +x "${TARGET_DIR}/.env"
|
||||
|
||||
@@ -69,7 +69,7 @@ services:
|
||||
- KRATOS_SELFSERVICE_FLOWS_REGISTRATION_UI_URL=${KRATOS_UI_URL}/registration
|
||||
- KRATOS_SELFSERVICE_FLOWS_LOGOUT_AFTER_DEFAULT_BROWSER_RETURN_URL=${KRATOS_UI_URL}/login
|
||||
volumes:
|
||||
- ./ory/kratos:/etc/config/kratos:ro
|
||||
- ./config/.generated/ory/kratos:/etc/config/kratos:ro
|
||||
command: migrate sql up -e -c /etc/config/kratos/kratos.yml --yes
|
||||
networks: [app_net]
|
||||
depends_on:
|
||||
@@ -94,7 +94,7 @@ services:
|
||||
- KRATOS_SELFSERVICE_FLOWS_REGISTRATION_UI_URL=${KRATOS_UI_URL}/registration
|
||||
- KRATOS_SELFSERVICE_FLOWS_LOGOUT_AFTER_DEFAULT_BROWSER_RETURN_URL=${KRATOS_UI_URL}/login
|
||||
volumes:
|
||||
- ./ory/kratos:/etc/config/kratos:ro
|
||||
- ./config/.generated/ory/kratos:/etc/config/kratos:ro
|
||||
command: serve -c /etc/config/kratos/kratos.yml --dev --watch-courier
|
||||
networks: [app_net]
|
||||
depends_on:
|
||||
@@ -122,7 +122,7 @@ services:
|
||||
- URLS_ERROR=${HYDRA_ERROR_URL:-${USERFRONT_URL}/error}
|
||||
- SECRETS_SYSTEM=${ORY_POSTGRES_PASSWORD}
|
||||
volumes:
|
||||
- ./ory/hydra:/etc/config/hydra:ro
|
||||
- ./config/.generated/ory/hydra:/etc/config/hydra:ro
|
||||
command: serve -c /etc/config/hydra/hydra.yml all --dev
|
||||
networks: [app_net]
|
||||
depends_on:
|
||||
@@ -134,7 +134,7 @@ services:
|
||||
environment:
|
||||
- DSN=postgres://${ORY_POSTGRES_USER:-ory}:${ORY_POSTGRES_PASSWORD}@postgres_ory:5432/${KETO_DB:-ory_keto}?sslmode=disable&max_conns=20
|
||||
volumes:
|
||||
- ./ory/keto:/etc/config/keto:ro
|
||||
- ./config/.generated/ory/keto:/etc/config/keto:ro
|
||||
command: ["migrate", "up", "-c", "/etc/config/keto/keto.yml", "--yes"]
|
||||
networks: [app_net]
|
||||
depends_on:
|
||||
@@ -147,7 +147,7 @@ services:
|
||||
environment:
|
||||
- DSN=postgres://${ORY_POSTGRES_USER:-ory}:${ORY_POSTGRES_PASSWORD}@postgres_ory:5432/${KETO_DB:-ory_keto}?sslmode=disable&max_conns=20
|
||||
volumes:
|
||||
- ./ory/keto:/etc/config/keto:ro
|
||||
- ./config/.generated/ory/keto:/etc/config/keto:ro
|
||||
command: serve -c /etc/config/keto/keto.yml
|
||||
networks: [app_net]
|
||||
depends_on:
|
||||
@@ -173,7 +173,7 @@ services:
|
||||
- OATHKEEPER_INTROSPECT_CLIENT_ID=${OATHKEEPER_INTROSPECT_CLIENT_ID:-oathkeeper-introspect}
|
||||
- OATHKEEPER_INTROSPECT_CLIENT_SECRET=${OATHKEEPER_INTROSPECT_CLIENT_SECRET:-oathkeeper-secret}
|
||||
volumes:
|
||||
- ./ory/oathkeeper:/etc/config/oathkeeper:ro
|
||||
- ./config/.generated/ory/oathkeeper:/etc/config/oathkeeper:ro
|
||||
- oathkeeper_logs:/var/log/oathkeeper
|
||||
entrypoint: ["/etc/config/oathkeeper/entrypoint.sh"]
|
||||
networks: [app_net]
|
||||
@@ -189,9 +189,27 @@ services:
|
||||
/bin/sh -c "
|
||||
apk add --no-cache curl;
|
||||
echo 'Wait for Ory services...';
|
||||
until curl -s http://kratos:4433/health/ready; do sleep 1; done;
|
||||
until curl -s http://hydra:4444/health/ready; do sleep 1; done;
|
||||
until curl -s http://keto:4466/health/ready; do sleep 1; done;
|
||||
check_ready() {
|
||||
name=\"$$1\";
|
||||
url=\"$$2\";
|
||||
max=\"$${ORY_STACK_CHECK_MAX_ATTEMPTS:-60}\";
|
||||
i=1;
|
||||
while [ \"$$i\" -le \"$$max\" ]; do
|
||||
if curl --connect-timeout 2 --max-time 3 -fsS \"$$url\" >/dev/null; then
|
||||
echo \"Ory service ready: $$name\";
|
||||
return 0;
|
||||
fi;
|
||||
echo \"Waiting for Ory service: $$name ($$i/$$max)\";
|
||||
i=$$((i + 1));
|
||||
sleep 1;
|
||||
done;
|
||||
echo \"ERROR: Ory service not ready: $$name after $$max attempts ($$url)\" >&2;
|
||||
echo \"ERROR: Check service logs: docker logs $${COMPOSE_PROJECT_NAME}_$$name\" >&2;
|
||||
return 1;
|
||||
};
|
||||
check_ready kratos http://kratos:4433/health/ready || exit 1;
|
||||
check_ready hydra http://hydra:4444/health/ready || exit 1;
|
||||
check_ready keto http://keto:4466/health/ready || exit 1;
|
||||
echo 'Ory stack is ready.';"
|
||||
depends_on:
|
||||
- kratos
|
||||
|
||||
@@ -1,20 +1,17 @@
|
||||
version: v26.2.0
|
||||
|
||||
dsn: ${DSN}
|
||||
dsn: ${KRATOS_DSN}
|
||||
|
||||
serve:
|
||||
public:
|
||||
base_url: ${KRATOS_BROWSER_URL}
|
||||
base_url: http://localhost:4433/
|
||||
cors:
|
||||
enabled: true
|
||||
allowed_origins:
|
||||
- http://backend:{{BACKEND_PORT}}
|
||||
- ${USERFRONT_URL}
|
||||
- ${ADMINFRONT_URL}
|
||||
- ${DEVFRONT_URL}
|
||||
- ${ORGFRONT_URL}
|
||||
- http://localhost:{{USERFRONT_PORT}}
|
||||
admin:
|
||||
base_url: ${KRATOS_ADMIN_URL}
|
||||
base_url: http://localhost:4434/
|
||||
|
||||
session:
|
||||
cookie:
|
||||
@@ -23,22 +20,17 @@ session:
|
||||
path: /
|
||||
|
||||
selfservice:
|
||||
default_browser_return_url: ${KRATOS_UI_URL}
|
||||
default_browser_return_url: http://localhost:{{USERFRONT_PORT}}/
|
||||
allowed_return_urls:
|
||||
- ${KRATOS_UI_URL}
|
||||
- ${KRATOS_UI_URL}/
|
||||
- ${USERFRONT_URL}
|
||||
- ${USERFRONT_URL}/
|
||||
- ${USERFRONT_URL}/ko
|
||||
- ${USERFRONT_URL}/ko/
|
||||
- ${USERFRONT_URL}/en
|
||||
- ${USERFRONT_URL}/en/
|
||||
- ${USERFRONT_URL}/auth/callback
|
||||
- ${USERFRONT_URL}/ko/auth/callback
|
||||
- ${USERFRONT_URL}/en/auth/callback
|
||||
- ${ADMINFRONT_URL}/auth/callback
|
||||
- ${DEVFRONT_URL}/auth/callback
|
||||
- ${ORGFRONT_URL}/auth/callback
|
||||
- http://localhost:{{USERFRONT_PORT}}
|
||||
- http://localhost:{{USERFRONT_PORT}}/
|
||||
- http://localhost:{{USERFRONT_PORT}}/ko
|
||||
- http://localhost:{{USERFRONT_PORT}}/ko/
|
||||
- http://localhost:{{USERFRONT_PORT}}/en
|
||||
- http://localhost:{{USERFRONT_PORT}}/en/
|
||||
- http://localhost:{{USERFRONT_PORT}}/auth/callback
|
||||
- http://localhost:{{USERFRONT_PORT}}/ko/auth/callback
|
||||
- http://localhost:{{USERFRONT_PORT}}/en/auth/callback
|
||||
|
||||
methods:
|
||||
password:
|
||||
@@ -51,24 +43,24 @@ selfservice:
|
||||
|
||||
flows:
|
||||
error:
|
||||
ui_url: ${KRATOS_UI_URL}/error
|
||||
ui_url: http://localhost:{{USERFRONT_PORT}}/error
|
||||
settings:
|
||||
ui_url: ${KRATOS_UI_URL}/error?error=settings_disabled
|
||||
ui_url: http://localhost:{{USERFRONT_PORT}}/error?error=settings_disabled
|
||||
privileged_session_max_age: 15m
|
||||
recovery:
|
||||
ui_url: ${KRATOS_UI_URL}/recovery
|
||||
ui_url: http://localhost:{{USERFRONT_PORT}}/recovery
|
||||
use: code
|
||||
verification:
|
||||
ui_url: ${KRATOS_UI_URL}/verification
|
||||
ui_url: http://localhost:{{USERFRONT_PORT}}/verification
|
||||
use: code
|
||||
logout:
|
||||
after:
|
||||
default_browser_return_url: ${KRATOS_UI_URL}/login
|
||||
default_browser_return_url: http://localhost:{{USERFRONT_PORT}}/login
|
||||
login:
|
||||
ui_url: ${KRATOS_UI_URL}/login
|
||||
ui_url: http://localhost:{{USERFRONT_PORT}}/login
|
||||
lifespan: 10m
|
||||
registration:
|
||||
ui_url: ${KRATOS_UI_URL}/registration
|
||||
ui_url: http://localhost:{{USERFRONT_PORT}}/registration
|
||||
lifespan: 10m
|
||||
|
||||
log:
|
||||
Reference in New Issue
Block a user