# ========================================== # Baron SSO - Unified Environment Configuration # ========================================== # --- General System --- APP_ENV=stage # 애플리케이션 실행 환경 (dev, stage, production) TZ=Asia/Seoul # IDP_PROVIDER는 우선순위 순으로 콤마 구분 (예: Kratos/Hydra 우선, Descope 백업) IDP_PROVIDER=ory # --- Infrastructure Ports --- DB_PORT=5432 CLICKHOUSE_PORT_HTTP=8123 CLICKHOUSE_PORT_NATIVE=9000 BACKEND_PORT=3000 ADMINFRONT_PORT=5173 DEVFRONT_PORT=5174 USERFRONT_PORT=5000 # --- Database Credentials (PostgreSQL) --- DB_USER=baron DB_PASSWORD=password DB_NAME=baron_sso # --- Backend Configuration --- # Must be 32 bytes. Generate with `openssl rand -hex 32` COOKIE_SECRET=super-secret-key-must-be-32-bytes! JWT_SECRET=super-secret-key-must-be-32-bytes! REDIS_ADDR=redis:6389 # compose.infra.yaml의 redis 포트(컨테이너 내부 기준) CORS_ALLOWED_ORIGINS=http://localhost:5000 # 쿠키 인증 사용 시 정확한 Origin 지정 필요 # Audit System Configuration AUDIT_WORKER_COUNT=5 # 비동기 감사 로그 처리를 위한 고루틴 워커 수 AUDIT_QUEUE_SIZE=2000 # 감사 로그 대기열(채널) 버퍼 크기 # Redis Cache Configuration PROFILE_CACHE_TTL=30m # User Profile Redis 캐시 만료 시간 # --- Naver Cloud Services --- NAVER_CLOUD_ACCESS_KEY=ncp_iam_... NAVER_CLOUD_SECRET_KEY=ncp_iam_... NAVER_CLOUD_SERVICE_ID=ncp:sms:kr:...:... NAVER_SENDER_PHONE_NUMBER=... # --- AWS SES (이메일 발송용) --- AWS_REGION=ap-northeast-2 AWS_ACCESS_KEY_ID=... AWS_SECRET_ACCESS_KEY=... AWS_SES_SENDER=no-reply@baron.co.kr # --- 관리자 page pw --- ADMIN_EMAIL=admin@baron.co.kr ADMIN_PASSWORD=adminPasswordIsNotSimple # --- URLs for Proxy/Handoff --- # Project Public Base URL (Served by UserFront Nginx) USERFRONT_URL=https://sso.hmac.kr # Services proxied via Nginx BACKEND_URL=${USERFRONT_URL} OATHKEEPER_PUBLIC_URL=${USERFRONT_URL} # ory-stack 변수들 ORY_POSTGRES_TAG=17-trixie ORY_POSTGRES_USER=ory ORY_POSTGRES_PASSWORD=EuBV5ywvXFehkggHQrnYo5727MseEi6i9 ORY_POSTGRES_DB=ory # ORY_POSTGRES_PORT=5433 # Internal only KRATOS_DB=ory_kratos HYDRA_DB=ory_hydra KETO_DB=ory_keto # Ory Kratos Configuration KRATOS_VERSION=v25.4.0-distroless # KRATOS_PUBLIC_PORT=4433 # Internal only # KRATOS_ADMINFRONT_PORT=4434 # Internal only KRATOS_UI_NODE_VERSION=v25.4.0 # KRATOS_UI_PORT=4455 # Internal only # Ory Hydra Configuration HYDRA_VERSION=v25.4.0-distroless # HYDRA_PUBLIC_PORT=4441 # Internal only # HYDRA_ADMINFRONT_PORT=4445 # Internal only # Ory Keto Configuration KETO_VERSION=v25.4.0-distroless # KETO_READ_PORT=4466 # Internal only # KETO_WRITE_PORT=4467 # Internal only KETO_READ_URL=http://keto:4466 KETO_WRITE_URL=http://keto:4467 # Kratos Selfservice UI upstreams (override for deployments) ORY_SDK_URL=http://kratos:4433 KRATOS_PUBLIC_URL=http://kratos:4433 KRATOS_ADMIN_URL=http://kratos:4434 # 브라우저가 접근할 Kratos Public/UI 외부 URL # Oathkeeper가 /auth 경로를 Kratos Public API로 라우팅합니다. KRATOS_BROWSER_URL=${OATHKEEPER_PUBLIC_URL}/auth # Kratos UI는 UserFront가 렌더링합니다. KRATOS_UI_URL=http://localhost:5000 HYDRA_ADMIN_URL=http://hydra:4445 # Oathkeeper가 /oidc 경로를 Hydra Public API로 라우팅합니다. HYDRA_PUBLIC_URL=${OATHKEEPER_PUBLIC_URL}/oidc # Kratos allowed_return_urls 확장 목록 (콤마 구분, 선택) # 기본값은 KRATOS_UI_URL, USERFRONT_URL, 각 callback URL을 자동 포함합니다. KRATOS_ALLOWED_RETURN_URLS_EXTRA=[] # Oathkeeper JWKS (내부 통신용) JWKS_URL=http://oathkeeper:4456/.well-known/jwks.json # Oathkeeper 실행 사용자/프로브 설정 OATHKEEPER_VERSION=v25.4.0 OATHKEEPER_UID=1001 OATHKEEPER_GID=1001 OATHKEEPER_HEALTH_URL=http://oathkeeper:4456/health/ready OATHKEEPER_HEALTH_INTERVAL_SECONDS=10 OATHKEEPER_HEALTH_TIMEOUT_SECONDS=2 OATHKEEPER_HEALTH_ENABLED=true # Kratos Selfservice UI required secrets (local only) COOKIE_SECRET=localcookie123 CSRF_COOKIE_NAME=__HOST-baronSSO_csrf CSRF_COOKIE_SECRET=localcsrf123 # AdminFront OIDC 설정 ADMINFRONT_URL=http://localhost:5173 ADMINFRONT_CALLBACK_URLS=http://localhost:5173/auth/callback,https://sso.hmac.kr/auth/callback # DevFront OIDC 설정 VITE_OIDC_CLIENT_ID=devfront VITE_OIDC_AUTHORITY=https://sso.hmac.kr/oidc DEVFRONT_URL=http://localhost:5174 DEVFRONT_CALLBACK_URLS=http://localhost:5174/auth/callback,https://sso.hmac.kr/devfront/auth/callback