kevin/baron-sso
1
0
Fork 0
forked from baron/baron-sso
Code Pull Requests Activity

go 버전업 && ory 설정파일들 자동 생성 스크립트 추가

Browse Source
This commit is contained in:
admin-bot
2026-05-07 11:01:25 +09:00
parent 45a14163bf
commit 2cba9c9c1f
25 changed files with 504 additions and 144 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
docker/compose.ory.yaml
View File

@@ -30,7 +30,7 @@ services:
- KRATOS_SELFSERVICE_DEFAULT_BROWSER_RETURN_URL=${KRATOS_UI_URL}
- KRATOS_SELFSERVICE_ALLOWED_RETURN_URLS=${KRATOS_ALLOWED_RETURN_URLS_JSON:-["${KRATOS_UI_URL}","${USERFRONT_URL}"]}
volumes:
- ./docker/ory/kratos:/etc/config/kratos
- ../config/.generated/ory/kratos:/etc/config/kratos
command: migrate sql up -e -c /etc/config/kratos/kratos.yml --yes
depends_on:
postgres_ory:
@@ -49,7 +49,7 @@ services:
- KRATOS_SELFSERVICE_DEFAULT_BROWSER_RETURN_URL=${KRATOS_UI_URL}
- KRATOS_SELFSERVICE_ALLOWED_RETURN_URLS=${KRATOS_ALLOWED_RETURN_URLS_JSON:-["${KRATOS_UI_URL}","${USERFRONT_URL}"]}
volumes:
- ./docker/ory/kratos:/etc/config/kratos
- ../config/.generated/ory/kratos:/etc/config/kratos
command: serve -c /etc/config/kratos/kratos.yml
depends_on:
kratos-migrate:
@@ -80,7 +80,7 @@ services:
- URLS_ERROR=${HYDRA_ERROR_URL:-${USERFRONT_URL}/error}
- SECRETS_SYSTEM=${ORY_POSTGRES_PASSWORD}
volumes:
- ./docker/ory/hydra:/etc/config/hydra
- ../config/.generated/ory/hydra:/etc/config/hydra
command: serve -c /etc/config/hydra/hydra.yml all --dev
depends_on:
hydra-migrate:
@@ -94,7 +94,7 @@ services:
environment:
- DSN=postgres://${ORY_POSTGRES_USER}:${ORY_POSTGRES_PASSWORD}@postgres_ory:5432/${KETO_DB:-ory_keto}?sslmode=disable&max_conns=20
volumes:
- ./docker/ory/keto:/etc/config/keto
- ../config/.generated/ory/keto:/etc/config/keto
command: ["migrate", "up", "-c", "/etc/config/keto/keto.yml", "--yes"]
depends_on:
postgres_ory:
@@ -108,7 +108,7 @@ services:
environment:
- DSN=postgres://${ORY_POSTGRES_USER}:${ORY_POSTGRES_PASSWORD}@postgres_ory:5432/${KETO_DB:-ory_keto}?sslmode=disable&max_conns=20
volumes:
- ./docker/ory/keto:/etc/config/keto
- ../config/.generated/ory/keto:/etc/config/keto
command: serve -c /etc/config/keto/keto.yml
depends_on:
keto-migrate:
@@ -129,7 +129,7 @@ services:
- OATHKEEPER_INTROSPECT_CLIENT_ID=${OATHKEEPER_INTROSPECT_CLIENT_ID:-oathkeeper-introspect}
- OATHKEEPER_INTROSPECT_CLIENT_SECRET=${OATHKEEPER_INTROSPECT_CLIENT_SECRET:-oathkeeper-secret}
volumes:
- ./docker/ory/oathkeeper:/etc/config/oathkeeper
- ../config/.generated/ory/oathkeeper:/etc/config/oathkeeper
- oathkeeper_logs:/var/log/oathkeeper
entrypoint: ["/etc/config/oathkeeper/entrypoint.sh"]
networks:
@@ -152,9 +152,27 @@ services:
/bin/sh -c "
apk add --no-cache curl;
echo 'Wait for services...';
until curl -s http://kratos:4433/health/ready; do sleep 1; done;
until curl -s http://hydra:4444/health/ready; do sleep 1; done;
until curl -s http://keto:4466/health/ready; do sleep 1; done;
check_ready() {
name=\"$$1\";
url=\"$$2\";
max=\"$${ORY_STACK_CHECK_MAX_ATTEMPTS:-60}\";
i=1;
while [ \"$$i\" -le \"$$max\" ]; do
if curl --connect-timeout 2 --max-time 3 -fsS \"$$url\" >/dev/null; then
echo \"Ory service ready: $$name\";
return 0;
fi;
echo \"Waiting for Ory service: $$name ($$i/$$max)\";
i=$$((i + 1));
sleep 1;
done;
echo \"ERROR: Ory service not ready: $$name after $$max attempts ($$url)\" >&2;
echo \"ERROR: Check service logs: docker logs ory_$$name\" >&2;
return 1;
};
check_ready kratos http://kratos:4433/health/ready || exit 1;
check_ready hydra http://hydra:4444/health/ready || exit 1;
check_ready keto http://keto:4466/health/ready || exit 1;
echo 'Ory Stack is fully operational!';"
depends_on:
- kratos

4
docker/ory/hydra/hydra.yml → docker/ory/hydra/hydra.yml.template
View File

@@ -1,4 +1,4 @@
dsn: ${DSN}
dsn: ${HYDRA_DSN}
serve:
cookies:
@@ -77,7 +77,7 @@ urls:
secrets:
system:
- ${SECRETS_SYSTEM}
- ${HYDRA_SYSTEM_SECRET}
webfinger:
oidc_discovery:

2
docker/ory/keto/keto.yml → docker/ory/keto/keto.yml.template
View File

@@ -1,5 +1,5 @@
version: v0.11.0
dsn: ${DSN}
dsn: ${KETO_DSN}
serve:
read:
host: 0.0.0.0

56
docker/ory/kratos/kratos.yml → docker/ory/kratos/kratos.yml.template
View File

@@ -1,21 +1,21 @@
version: v26.2.0
dsn: ${DSN}
dsn: ${KRATOS_DSN}
serve:
public:
base_url: ${KRATOS_BROWSER_URL}
base_url: http://localhost:4433/
cors:
enabled: true
allowed_origins:
- ${USERFRONT_URL}
- ${ADMINFRONT_URL}
- ${DEVFRONT_URL}
- ${ORGFRONT_URL}
- http://localhost:5000
- http://localhost:5173
- http://localhost:5174
- http://localhost:5175
- http://backend:3000
- http://baron_backend:3000
admin:
base_url: ${KRATOS_ADMIN_URL}
base_url: http://localhost:4434/
session:
cookie:
@@ -24,22 +24,20 @@ session:
path: /
selfservice:
default_browser_return_url: ${KRATOS_UI_URL}
default_browser_return_url: http://localhost:5000/
allowed_return_urls:
- ${KRATOS_UI_URL}
- ${KRATOS_UI_URL}/
- ${USERFRONT_URL}
- ${USERFRONT_URL}/
- ${USERFRONT_URL}/ko
- ${USERFRONT_URL}/ko/
- ${USERFRONT_URL}/en
- ${USERFRONT_URL}/en/
- ${USERFRONT_URL}/auth/callback
- ${USERFRONT_URL}/ko/auth/callback
- ${USERFRONT_URL}/en/auth/callback
- ${ADMINFRONT_URL}/auth/callback
- ${DEVFRONT_URL}/auth/callback
- ${ORGFRONT_URL}/auth/callback
- http://localhost:5000
- http://localhost:5000/
- http://localhost:5000/ko
- http://localhost:5000/ko/
- http://localhost:5000/en
- http://localhost:5000/en/
- http://localhost:5000/auth/callback
- http://localhost:5000/ko/auth/callback
- http://localhost:5000/en/auth/callback
- http://localhost:5173/auth/callback
- http://localhost:5174/auth/callback
- http://localhost:5175/auth/callback
methods:
password:
@@ -52,24 +50,24 @@ selfservice:
flows:
error:
ui_url: ${KRATOS_UI_URL}/error
ui_url: http://localhost:5000/error
settings:
ui_url: ${KRATOS_UI_URL}/error?error=settings_disabled
ui_url: http://localhost:5000/error?error=settings_disabled
privileged_session_max_age: 15m
recovery:
ui_url: ${KRATOS_UI_URL}/recovery
ui_url: http://localhost:5000/recovery
use: code
verification:
ui_url: ${KRATOS_UI_URL}/verification
ui_url: http://localhost:5000/verification
use: code
logout:
after:
default_browser_return_url: ${KRATOS_UI_URL}/login
default_browser_return_url: http://localhost:5000/login
login:
ui_url: ${KRATOS_UI_URL}/login
ui_url: http://localhost:5000/login
lifespan: 10m
registration:
ui_url: ${KRATOS_UI_URL}/registration
ui_url: http://localhost:5000/registration
lifespan: 10m
log:

0
docker/ory/oathkeeper/oathkeeper.yml → docker/ory/oathkeeper/oathkeeper.yml.template
View File

36
docker/staging_pull_compose.template.yaml
View File

@@ -114,7 +114,7 @@ services:
- KRATOS_SELFSERVICE_FLOWS_REGISTRATION_UI_URL=${KRATOS_UI_URL}/registration
- KRATOS_SELFSERVICE_FLOWS_LOGOUT_AFTER_DEFAULT_BROWSER_RETURN_URL=${KRATOS_UI_URL}/login
volumes:
- ./docker/ory/kratos:/etc/config/kratos
- ./config/.generated/ory/kratos:/etc/config/kratos
command: migrate sql up -e -c /etc/config/kratos/kratos.yml --yes
depends_on:
postgres_ory:
@@ -140,7 +140,7 @@ services:
- KRATOS_SELFSERVICE_FLOWS_REGISTRATION_UI_URL=${KRATOS_UI_URL}/registration
- KRATOS_SELFSERVICE_FLOWS_LOGOUT_AFTER_DEFAULT_BROWSER_RETURN_URL=${KRATOS_UI_URL}/login
volumes:
- ./docker/ory/kratos:/etc/config/kratos
- ./config/.generated/ory/kratos:/etc/config/kratos
command: serve -c /etc/config/kratos/kratos.yml --dev --watch-courier
depends_on:
kratos-migrate:
@@ -171,7 +171,7 @@ services:
- URLS_ERROR=${HYDRA_ERROR_URL:-${USERFRONT_URL}/error}
- SECRETS_SYSTEM=${ORY_POSTGRES_PASSWORD}
volumes:
- ./docker/ory/hydra:/etc/config/hydra
- ./config/.generated/ory/hydra:/etc/config/hydra
command: serve -c /etc/config/hydra/hydra.yml all --dev
depends_on:
hydra-migrate:
@@ -185,7 +185,7 @@ services:
environment:
- DSN=postgres://${ORY_POSTGRES_USER}:${ORY_POSTGRES_PASSWORD}@postgres_ory:5432/${KETO_DB:-ory_keto}?sslmode=disable&max_conns=20
volumes:
- ./docker/ory/keto:/etc/config/keto
- ./config/.generated/ory/keto:/etc/config/keto
command: ["migrate", "up", "-c", "/etc/config/keto/keto.yml", "--yes"]
depends_on:
postgres_ory:
@@ -199,7 +199,7 @@ services:
environment:
- DSN=postgres://${ORY_POSTGRES_USER}:${ORY_POSTGRES_PASSWORD}@postgres_ory:5432/${KETO_DB:-ory_keto}?sslmode=disable&max_conns=20
volumes:
- ./docker/ory/keto:/etc/config/keto
- ./config/.generated/ory/keto:/etc/config/keto
command: serve -c /etc/config/keto/keto.yml
depends_on:
keto-migrate:
@@ -236,7 +236,7 @@ services:
- OATHKEEPER_INTROSPECT_CLIENT_ID=${OATHKEEPER_INTROSPECT_CLIENT_ID:-oathkeeper-introspect}
- OATHKEEPER_INTROSPECT_CLIENT_SECRET=${OATHKEEPER_INTROSPECT_CLIENT_SECRET:-oathkeeper-secret}
volumes:
- ./docker/ory/oathkeeper:/etc/config/oathkeeper
- ./config/.generated/ory/oathkeeper:/etc/config/oathkeeper
- oathkeeper_logs:/var/log/oathkeeper
entrypoint: ["/etc/config/oathkeeper/entrypoint.sh"]
networks:
@@ -271,9 +271,27 @@ services:
/bin/sh -c "
apk add --no-cache curl;
echo 'Wait for services...';
until curl -s http://kratos:4433/health/ready; do sleep 1; done;
until curl -s http://hydra:4444/health/ready; do sleep 1; done;
until curl -s http://keto:4466/health/ready; do sleep 1; done;
check_ready() {
name=\"$$1\";
url=\"$$2\";
max=\"$${ORY_STACK_CHECK_MAX_ATTEMPTS:-60}\";
i=1;
while [ \"$$i\" -le \"$$max\" ]; do
if curl --connect-timeout 2 --max-time 3 -fsS \"$$url\" >/dev/null; then
echo \"Ory service ready: $$name\";
return 0;
fi;
echo \"Waiting for Ory service: $$name ($$i/$$max)\";
i=$$((i + 1));
sleep 1;
done;
echo \"ERROR: Ory service not ready: $$name after $$max attempts ($$url)\" >&2;
echo \"ERROR: Check service logs: docker logs ory_$$name\" >&2;
return 1;
};
check_ready kratos http://kratos:4433/health/ready || exit 1;
check_ready hydra http://hydra:4444/health/ready || exit 1;
check_ready keto http://keto:4466/health/ready || exit 1;
echo 'Ory Stack is fully operational!';"
depends_on:
- kratos