core/oc-deploy
6
0
Fork 0
Code Issues 2 Pull Requests Packages Projects Releases 1 Wiki Activity

New OAUTH2 Docker deployment

Browse Source
This commit is contained in:
mr
2026-02-19 14:57:14 +01:00
parent cbf32fff48
commit 67fc433ab5
6 changed files with 67 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
docker/tools/clients.json Normal file
View File

@@ -0,0 +1,23 @@
[
{
"client_id": "test-client",
"client_secret": "oc-auth-got-secret",
"client_name": "test-client",
"grant_types": [
"implicit",
"refresh_token",
"authorization_code",
"client_credentials"
],
"response_types": [
"id_token",
"token",
"code"
],
"scope": "openid profile email roles",
"redirect_uris": [
"http://localhost:8094/swagger"
],
"token_endpoint_auth_method": "client_secret_post"
}
]

72
docker/tools/docker-compose.dev.yml
View File

@@ -1,4 +1,4 @@
version: '3.4'
version: '3.9'
services:
mongo:
@@ -76,12 +76,30 @@ services:
SECRETS_SYSTEM: oc-auth-got-secret
LOG_LEAK_SENSITIVE_VALUES: true
# OAUTH2_TOKEN_HOOK_URL: http://oc-auth:8080/oc/claims
URLS_SELF_ISSUER: http://hydra:4444
URLS_SELF_PUBLIC: http://hydra:4444
HYDRA_ADMIN_URL: http://hydra:4445
URLS_SELF_ISSUER: http://localhost:8000/hydra
URLS_SELF_PUBLIC: http://localhost:8000/hydra
URLS_LOGIN: http://localhost:8000/auth/login
URLS_CONSENT: http://localhost:8000/auth/consent
URLS_LOGOUT: http://localhost:8000/auth/logout
WEBFINGER_OIDC_DISCOVERY_SUPPORTED_SCOPES: profile,email,phone,roles
WEBFINGER_OIDC_DISCOVERY_SUPPORTED_CLAIMS: name,family_name,given_name,nickname,email,phone_number
DSN: memory
command: serve all --dev
user: root
entrypoint: >
sh -c "
hydra serve all --dev &
echo '⏳ Waiting for Hydra admin API...' &&
until wget -q --spider http://localhost:4445/health/ready; do
sleep 2;
done &&
echo '✅ Hydra is ready. Importing clients...' &&
hydra import oauth2-client /clients.json -e http://hydra:4445 &&
echo '🚀 Clients imported.' &&
wait
"
volumes:
- ./clients.json:/clients.json
networks:
- oc
ports:
@@ -90,6 +108,13 @@ services:
deploy:
restart_policy:
condition: on-failure
labels:
- "traefik.enable=true"
- "traefik.http.routers.hydra.entrypoints=web"
- "traefik.http.routers.hydra.rule=PathPrefix(`/hydra`)"
- "traefik.http.services.hydra.loadbalancer.server.port=4444"
- "traefik.http.middlewares.hydra-stripprefix.stripprefix.prefixes=/hydra"
- "traefik.http.routers.hydra.middlewares=hydra-stripprefix"
ldap:
image: pgarrett/ldap-alpine
container_name: ldap
@@ -116,44 +141,6 @@ services:
container_name: keto
networks:
- oc
hydra-client:
image: oryd/hydra:v2.2.0
container_name: hydra-client
environment:
HYDRA_ADMIN_URL: http://hydra:4445
ORY_SDK_URL: http://hydra:4445
command:
- create
- oauth2-client
- --skip-tls-verify
- --name
- test-client
- --secret
- oc-auth-got-secret
- --response-type
- id_token,token,code
- --grant-type
- implicit,refresh_token,authorization_code,client_credentials
- --scope
- openid,profile,email,roles
- --token-endpoint-auth-method
- client_secret_post
- --redirect-uri
- http://localhost:3000
networks:
- oc
deploy:
restart_policy:
condition: none
depends_on:
- hydra
healthcheck:
test: ["CMD", "curl", "-f", "http://hydra:4445"]
interval: 10s
timeout: 10s
retries: 10
volumes:
oc-data:
@@ -161,3 +148,4 @@ volumes:
networks:
oc:
external: true

8
docker/tools/docker-compose.traefik.yml
View File

@@ -1,8 +1,8 @@
version: '3.4'
version: '3.9'
services:
traefik:
image: traefik:v2.10.4
image: traefik:v3.6
container_name: traefik
restart: unless-stopped
networks:
@@ -10,11 +10,13 @@ services:
command:
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:8000"
user: root
ports:
- "8000:8000" # Expose Traefik on port 8000
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /var/run/docker.sock:/var/run/docker.sock:ro
volumes:
oc-data: