forked from baron/baron-sso
97 lines
2.8 KiB
Plaintext
97 lines
2.8 KiB
Plaintext
# ==========================================
|
|
# Baron SSO - Unified Environment Configuration
|
|
# ==========================================
|
|
|
|
# --- General System ---
|
|
APP_ENV=stage # 애플리케이션 실행 환경 (dev, stage, production)
|
|
TZ=Asia/Seoul
|
|
|
|
# --- Infrastructure Ports ---
|
|
DB_PORT=5432
|
|
CLICKHOUSE_PORT_HTTP=8123
|
|
CLICKHOUSE_PORT_NATIVE=9000
|
|
BACKEND_PORT=3000
|
|
FRONTEND_PORT=5000
|
|
|
|
# --- Database Credentials (PostgreSQL) ---
|
|
DB_USER=baron
|
|
DB_PASSWORD=password
|
|
DB_NAME=baron_sso
|
|
|
|
# --- Backend Configuration ---
|
|
# Must be 32 bytes. Generate with `openssl rand -hex 32`
|
|
COOKIE_SECRET=super-secret-key-must-be-32-bytes!
|
|
JWT_SECRET=super-secret-key-must-be-32-bytes!
|
|
REDIS_ADDR=redis:6389 # compose.infra.yaml의 redis 포트(컨테이너 내부 기준)
|
|
|
|
# Descope Project ID (Required for Auth)
|
|
DESCOPE_PROJECT_ID=P2t...your_descope_project_id
|
|
DESCOPE_MANAGEMENT_KEY=your_descope_management_key_here
|
|
DESCOPE_TEST_ACCOUNT=dyddus1210@gmail.com # 테스트 자동화용 계정(loginId). 없으면 생성 후 비밀번호 변경 시나리오 실행
|
|
DESCOPE_TEST_ACCOUNT=tester@baroncs.co.kr
|
|
|
|
# --- Naver Cloud Services ---
|
|
NAVER_CLOUD_ACCESS_KEY=ncp_iam_...
|
|
NAVER_CLOUD_SECRET_KEY=ncp_iam_...
|
|
NAVER_CLOUD_SERVICE_ID=ncp:sms:kr:...:...
|
|
NAVER_SENDER_PHONE_NUMBER=...
|
|
|
|
# --- AWS SES (이메일 발송용) ---
|
|
AWS_REGION=ap-northeast-2
|
|
AWS_ACCESS_KEY_ID=...
|
|
AWS_SECRET_ACCESS_KEY=...
|
|
AWS_SES_SENDER=no-reply@baron.co.kr
|
|
|
|
# --- 관리자 page pw ---
|
|
ADMIN_EMAIL=admin@baron.co.kr
|
|
ADMIN_PASSWORD=adminPasswordIsNotSimple
|
|
|
|
# --- URLs for Proxy/Handoff ---
|
|
FRONTEND_URL=https://sso.hmac.kr # 프론트엔드 접속 주소 (이메일/SMS 링크 생성 시 사용)
|
|
BACKEND_URL=https://sso.hmac.kr # 프론트엔드에서 참조할 백엔드 API 주소
|
|
|
|
# IDP_PROVIDER는 우선순위 순으로 콤마 구분 (예: Kratos/Hydra 우선, Descope 백업)
|
|
IDP_PROVIDER=ory,descope
|
|
|
|
|
|
# ory-stack 변수들
|
|
ORY_POSTGRES_TAG=17-trixie
|
|
ORY_POSTGRES_USER=ory
|
|
ORY_POSTGRES_PASSWORD=EuBV5ywvXFehkggHQrnYo5727MseEi6i9
|
|
ORY_POSTGRES_DB=ory
|
|
ORY_POSTGRES_PORT=5433
|
|
|
|
KRATOS_DB=ory_kratos
|
|
HYDRA_DB=ory_hydra
|
|
KETO_DB=ory_keto
|
|
|
|
# Ory Kratos Configuration
|
|
KRATOS_VERSION=v25.4.0-distroless
|
|
KRATOS_PUBLIC_PORT=4433
|
|
KRATOS_ADMIN_PORT=4434
|
|
|
|
KRATOS_UI_NODE_VERSION=v25.4.0
|
|
KRATOS_UI_PORT=4455
|
|
|
|
# Ory Hydra Configuration
|
|
HYDRA_VERSION=v25.4.0-distroless
|
|
HYDRA_PUBLIC_PORT=4441
|
|
HYDRA_ADMIN_PORT=4445
|
|
|
|
# Ory Keto Configuration
|
|
KETO_VERSION=v25.4.0-distroless
|
|
KETO_READ_PORT=4466
|
|
KETO_WRITE_PORT=4467
|
|
|
|
# Kratos Selfservice UI upstreams (override for deployments)
|
|
ORY_SDK_URL=http://kratos:4433
|
|
KRATOS_PUBLIC_URL=http://kratos:4433
|
|
KRATOS_ADMIN_URL=http://kratos:4434
|
|
HYDRA_ADMIN_URL=http://hydra:4445
|
|
JWKS_URL=http://oathkeeper:4456/.well-known/jwks.json
|
|
|
|
# Kratos Selfservice UI required secrets (local only)
|
|
COOKIE_SECRET=localcookie123
|
|
CSRF_COOKIE_NAME=__HOST-baronSSO_csrf
|
|
CSRF_COOKIE_SECRET=localcsrf123
|