kevin/baron-sso
1
0
Fork 0
forked from baron/baron-sso
Code Pull Requests Activity

ory-hosting 기본구동

Browse Source
This commit is contained in:
Lectom C Han
2026-01-27 22:58:49 +09:00
parent 41f0549435
commit c3f7b18afc
31 changed files with 1910 additions and 176 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
.env.sample
View File

@@ -3,7 +3,7 @@
# ==========================================
# --- General System ---
APP_ENV=dev # 애플리케이션 실행 환경 (dev, stage, production)
APP_ENV=stage # 애플리케이션 실행 환경 (dev, stage, production)
TZ=Asia/Seoul
# --- Infrastructure Ports ---
@@ -21,6 +21,7 @@ DB_NAME=baron_sso
# --- Backend Configuration ---
# Must be 32 bytes. Generate with `openssl rand -hex 32`
COOKIE_SECRET=super-secret-key-must-be-32-bytes!
JWT_SECRET=super-secret-key-must-be-32-bytes!
REDIS_ADDR=redis:6389 # compose.infra.yaml의 redis 포트(컨테이너 내부 기준)
# Descope Project ID (Required for Auth)
@@ -42,10 +43,54 @@ AWS_SECRET_ACCESS_KEY=...
AWS_SES_SENDER=no-reply@baron.co.kr
# --- 관리자 page pw ---
ADMIN_PASSWORD=admin
ADMIN_EMAIL=admin@baron.co.kr
ADMIN_PASSWORD=adminPasswordIsNotSimple
# --- URLs for Proxy/Handoff ---
FRONTEND_URL=https://sso.hmac.kr # 프론트엔드 접속 주소 (이메일/SMS 링크 생성 시 사용)
BACKEND_URL=https://sso.hmac.kr # 프론트엔드에서 참조할 백엔드 API 주소
IDP_PROVIDER=descopse, hydra ...
# IDP_PROVIDER는 우선순위 순으로 콤마 구분 (예: Kratos/Hydra 우선, Descope 백업)
IDP_PROVIDER=ory,descope
# ory-stack 변수들
ORY_POSTGRES_TAG=17-trixie
ORY_POSTGRES_USER=ory
ORY_POSTGRES_PASSWORD=EuBV5ywvXFehkggHQrnYo5727MseEi6i9
ORY_POSTGRES_DB=ory
ORY_POSTGRES_PORT=5433
KRATOS_DB=ory_kratos
HYDRA_DB=ory_hydra
KETO_DB=ory_keto
# Ory Kratos Configuration
KRATOS_VERSION=v25.4.0-distroless
KRATOS_PUBLIC_PORT=4433
KRATOS_ADMIN_PORT=4434
KRATOS_UI_NODE_VERSION=v25.4.0
KRATOS_UI_PORT=4455
# Ory Hydra Configuration
HYDRA_VERSION=v25.4.0-distroless
HYDRA_PUBLIC_PORT=4441
HYDRA_ADMIN_PORT=4445
# Ory Keto Configuration
KETO_VERSION=v25.4.0-distroless
KETO_READ_PORT=4466
KETO_WRITE_PORT=4467
# Kratos Selfservice UI upstreams (override for deployments)
ORY_SDK_URL=http://kratos:4433
KRATOS_PUBLIC_URL=http://kratos:4433
KRATOS_ADMIN_URL=http://kratos:4434
HYDRA_ADMIN_URL=http://hydra:4445
JWKS_URL=http://oathkeeper:4456/.well-known/jwks.json
# Kratos Selfservice UI required secrets (local only)
COOKIE_SECRET=localcookie123
CSRF_COOKIE_NAME=__HOST-baronSSO_csrf
CSRF_COOKIE_SECRET=localcsrf123