forked from baron/baron-sso
78 lines
2.3 KiB
Plaintext
78 lines
2.3 KiB
Plaintext
# === [1] 프로젝트 식별 (중요: 인스턴스마다 다르게 설정) ===
|
|
INSTANCE_NAME={{INSTANCE_NAME}}
|
|
COMPOSE_PROJECT_NAME=baron-sso-{{INSTANCE_NAME}}
|
|
APP_ENV=production
|
|
|
|
# === [2] 포트 Prefix 설정 (예: 23 입력 시 23000, 23432 등 생성) ===
|
|
P={{PORT_PREFIX}}
|
|
|
|
# 인프라 포트
|
|
DB_PORT=${P}432
|
|
REDIS_PORT=${P}399
|
|
CLICKHOUSE_PORT_HTTP=${P}123
|
|
CLICKHOUSE_PORT_NATIVE=${P}000
|
|
|
|
# 서비스 포트
|
|
BACKEND_PORT=${P}000
|
|
USERFRONT_PORT=${P}500
|
|
ADMINFRONT_PORT=${P}173
|
|
DEVFRONT_PORT=${P}174
|
|
ORGFRONT_PORT=${P}175
|
|
OATHKEEPER_PROXY_PORT=${P}467
|
|
|
|
# === [3] 도메인 설정 (별도 도메인 구조) ===
|
|
# {{INSTANCE_NAME}}이 stg면 sso-stg.hmac.kr 형식이 되도록 가이드
|
|
DOMAIN_SUFFIX=hmac.kr
|
|
USERFRONT_URL=https://{{INSTANCE_NAME}}-sso.${DOMAIN_SUFFIX}
|
|
ADMINFRONT_URL=https://{{INSTANCE_NAME}}-admin.${DOMAIN_SUFFIX}
|
|
DEVFRONT_URL=https://{{INSTANCE_NAME}}-dev.${DOMAIN_SUFFIX}
|
|
ORGFRONT_URL=https://{{INSTANCE_NAME}}-org.${DOMAIN_SUFFIX}
|
|
|
|
# OIDC/Auth URL
|
|
VITE_OIDC_AUTHORITY=${USERFRONT_URL}/oidc
|
|
ADMINFRONT_CALLBACK_URLS=${ADMINFRONT_URL}/auth/callback
|
|
DEVFRONT_CALLBACK_URLS=${DEVFRONT_URL}/auth/callback
|
|
ORGFRONT_CALLBACK_URLS=${ORGFRONT_URL}/auth/callback
|
|
|
|
# Ory URL
|
|
KRATOS_UI_URL=${USERFRONT_URL}/auth
|
|
KRATOS_BROWSER_URL=${USERFRONT_URL}/auth
|
|
KRATOS_ADMIN_URL=http://kratos:4434
|
|
HYDRA_PUBLIC_URL=${USERFRONT_URL}/oidc
|
|
HYDRA_ADMIN_URL=http://hydra:4445
|
|
OATHKEEPER_PUBLIC_URL=${USERFRONT_URL}
|
|
KETO_READ_URL=http://keto:4466
|
|
KETO_WRITE_URL=http://keto:4467
|
|
|
|
# Ory versions
|
|
KRATOS_VERSION=v26.2.0
|
|
HYDRA_VERSION=v26.2.0
|
|
KETO_VERSION=v26.2.0
|
|
OATHKEEPER_VERSION=v26.2.0
|
|
ORY_POSTGRES_TAG=17-alpine
|
|
|
|
# === [4] IDP 및 DB Config ===
|
|
IDP_PROVIDER=ory
|
|
DB_PASSWORD=password
|
|
ORY_POSTGRES_USER=ory
|
|
ORY_POSTGRES_PASSWORD=generated_secret_here
|
|
ORY_POSTGRES_DB=ory
|
|
KRATOS_DB=ory_kratos
|
|
HYDRA_DB=ory_hydra
|
|
KETO_DB=ory_keto
|
|
OATHKEEPER_UID=1001
|
|
OATHKEEPER_GID=1001
|
|
OATHKEEPER_INTROSPECT_CLIENT_ID=oathkeeper-introspect
|
|
OATHKEEPER_INTROSPECT_CLIENT_SECRET=oathkeeper-secret
|
|
CLICKHOUSE_PASSWORD=password
|
|
REDIS_ADDR=redis:6379
|
|
|
|
# Secrets (At least 32 chars)
|
|
COOKIE_SECRET=at_least_32_characters_long_secret_12345
|
|
JWT_SECRET=at_least_32_characters_long_secret_12345
|
|
CSRF_COOKIE_SECRET=at_least_32_characters_long_secret_12345
|
|
|
|
# Admin 초기 계정
|
|
ADMIN_EMAIL=admin@baron.co.kr
|
|
ADMIN_PASSWORD=adminPasswordIsNotSimple
|