Baron SSO 다중 인스턴스 배포 템플릿

deploy/templates/ory/kratos/kratos.yml

@@ -0,0 +1,114 @@
+version: v25.4.0
+
+dsn: ${DSN}
+
+serve:
+    public:
+        base_url: http://localhost:4433/
+        cors:
+            enabled: true
+            allowed_origins:
+                - http://backend:{{BACKEND_PORT}}
+    admin:
+        base_url: http://localhost:4434/
+
+session:
+    cookie:
+        domain: hmac.kr
+        same_site: Lax
+        path: /
+
+selfservice:
+    default_browser_return_url: http://localhost:{{USERFRONT_PORT}}/
+    allowed_return_urls:
+        - http://backend:{{BACKEND_PORT}}
+        - http://backend:{{BACKEND_PORT}}/
+        - http://localhost:{{USERFRONT_PORT}}
+        - https://app.brsw.kr
+        - https://app.brsw.kr/
+        - https://sss.hmac.kr
+        - https://sss.hmac.kr/
+        - https://sso.hmac.kr
+        - https://sso.hmac.kr/
+        - https://ssologin.hmac.kr
+        - https://ssologin.hmac.kr/
+        - https://sso-test.hmac.kr
+        - https://sso-test.hmac.kr/
+        - https://ssob.hmac.kr
+        - https://ssob.hmac.kr/
+        - https://ssob.hmac.kr/ko
+        - https://ssob.hmac.kr/ko/
+        - https://ssob.hmac.kr/en
+        - https://ssob.hmac.kr/en/
+        - https://ssob.hmac.kr/auth/callback
+        - https://ssob.hmac.kr/ko/auth/callback
+        - https://ssob.hmac.kr/en/auth/callback
+
+    methods:
+        password:
+            enabled: true
+        link:
+            enabled: true
+        code:
+            enabled: true
+            passwordless_enabled: true
+
+    flows:
+        error:
+            ui_url: http://localhost:{{USERFRONT_PORT}}/error
+        settings:
+            ui_url: http://localhost:{{USERFRONT_PORT}}/error?error=settings_disabled
+            privileged_session_max_age: 15m
+        recovery:
+            ui_url: http://localhost:{{USERFRONT_PORT}}/recovery
+            use: code
+        verification:
+            ui_url: http://localhost:{{USERFRONT_PORT}}/verification
+            use: code
+        logout:
+            after:
+                default_browser_return_url: http://localhost:{{USERFRONT_PORT}}/login
+        login:
+            ui_url: http://localhost:{{USERFRONT_PORT}}/login
+            lifespan: 10m
+        registration:
+            ui_url: http://localhost:{{USERFRONT_PORT}}/registration
+            lifespan: 10m
+
+log:
+    level: debug
+    format: text
+    leak_sensitive_values: true
+
+secrets:
+    cookie:
+        - PLEASE-CHANGE-ME-I-AM-VERY-INSECURE
+    cipher:
+        - 32-LONG-SECRET-NOT-SECURE-AT-ALL
+
+ciphers:
+    algorithm: xchacha20-poly1305
+
+hashers:
+    algorithm: bcrypt
+    bcrypt:
+        cost: 8
+
+identity:
+    default_schema_id: default
+    schemas:
+        - id: default
+          url: file:///etc/config/kratos/identity.schema.json
+
+courier:
+    template_override_path: /etc/config/kratos/courier-templates
+    delivery_strategy: http
+    http:
+        request_config:
+            url: http://backend:{{BACKEND_PORT}}/api/v1/auth/webhooks/kratos-courier
+            method: POST
+            body: file:///etc/config/kratos/courier-http.jsonnet
+            headers:
+                Content-Type: application/json
+    smtp:
+        connection_uri: smtps://test:test@mailslurper:1025/?skip_ssl_verify=true

deploy/templates/ory/oathkeeper/rules.json

@@ -0,0 +1,15 @@
+[
+  {
+    "id": "backend-api-rule",
+    "match": {
+      "url": "<.*>://<.*>/api/v1/<.*>",
+      "methods": ["GET", "POST", "PUT", "DELETE", "PATCH"]
+    },
+    "upstream": {
+      "url": "http://backend:{{BACKEND_PORT}}"
+    },
+    "authenticators": [{ "handler": "cookie_session" }],
+    "authorizer": { "handler": "remote_json" },
+    "mutators": [{ "handler": "noop" }]
+  }
+]