core/oc-deploy
6
0
Fork 0
Code Issues 2 Pull Requests Packages Projects Releases 1 Wiki Activity

New OAUTH2 Docker deployment

Browse Source
This commit is contained in:
mr
2026-02-19 14:57:14 +01:00
parent cbf32fff48
commit 67fc433ab5
6 changed files with 67 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
README.md
View File

@@ -1,4 +1,5 @@
# RUN DOCKER DEMO # RUN DOCKER DEMO
http://localhost:8000/hydra/oauth2/auth?client_id=2171304d-d15e-45b7-8cc0-1f8e18235ccb&scope=openid offline profile email&response_type=code&redirect_uri=http://localhost:8094/swagger&state=xyz
ADD a clean argo ADD a clean argo
``` ```

23
docker/tools/clients.json Normal file
View File

@@ -0,0 +1,23 @@
[
{
"client_id": "test-client",
"client_secret": "oc-auth-got-secret",
"client_name": "test-client",
"grant_types": [
"implicit",
"refresh_token",
"authorization_code",
"client_credentials"
],
"response_types": [
"id_token",
"token",
"code"
],
"scope": "openid profile email roles",
"redirect_uris": [
"http://localhost:8094/swagger"
],
"token_endpoint_auth_method": "client_secret_post"
}
]

72
docker/tools/docker-compose.dev.yml
View File

@@ -1,4 +1,4 @@
version: '3.4' version: '3.9'
services: services:
mongo: mongo:
@@ -76,12 +76,30 @@ services:
SECRETS_SYSTEM: oc-auth-got-secret SECRETS_SYSTEM: oc-auth-got-secret
LOG_LEAK_SENSITIVE_VALUES: true LOG_LEAK_SENSITIVE_VALUES: true
# OAUTH2_TOKEN_HOOK_URL: http://oc-auth:8080/oc/claims # OAUTH2_TOKEN_HOOK_URL: http://oc-auth:8080/oc/claims
URLS_SELF_ISSUER: http://hydra:4444 HYDRA_ADMIN_URL: http://hydra:4445
URLS_SELF_PUBLIC: http://hydra:4444 URLS_SELF_ISSUER: http://localhost:8000/hydra
URLS_SELF_PUBLIC: http://localhost:8000/hydra
URLS_LOGIN: http://localhost:8000/auth/login
URLS_CONSENT: http://localhost:8000/auth/consent
URLS_LOGOUT: http://localhost:8000/auth/logout
WEBFINGER_OIDC_DISCOVERY_SUPPORTED_SCOPES: profile,email,phone,roles WEBFINGER_OIDC_DISCOVERY_SUPPORTED_SCOPES: profile,email,phone,roles
WEBFINGER_OIDC_DISCOVERY_SUPPORTED_CLAIMS: name,family_name,given_name,nickname,email,phone_number WEBFINGER_OIDC_DISCOVERY_SUPPORTED_CLAIMS: name,family_name,given_name,nickname,email,phone_number
DSN: memory DSN: memory
command: serve all --dev user: root
entrypoint: >
sh -c "
hydra serve all --dev &
echo '⏳ Waiting for Hydra admin API...' &&
until wget -q --spider http://localhost:4445/health/ready; do
sleep 2;
done &&
echo '✅ Hydra is ready. Importing clients...' &&
hydra import oauth2-client /clients.json -e http://hydra:4445 &&
echo '🚀 Clients imported.' &&
wait
"
volumes:
- ./clients.json:/clients.json
networks: networks:
- oc - oc
ports: ports:
@@ -90,6 +108,13 @@ services:
deploy: deploy:
restart_policy: restart_policy:
condition: on-failure condition: on-failure
labels:
- "traefik.enable=true"
- "traefik.http.routers.hydra.entrypoints=web"
- "traefik.http.routers.hydra.rule=PathPrefix(`/hydra`)"
- "traefik.http.services.hydra.loadbalancer.server.port=4444"
- "traefik.http.middlewares.hydra-stripprefix.stripprefix.prefixes=/hydra"
- "traefik.http.routers.hydra.middlewares=hydra-stripprefix"
ldap: ldap:
image: pgarrett/ldap-alpine image: pgarrett/ldap-alpine
container_name: ldap container_name: ldap
@@ -117,47 +142,10 @@ services:
networks: networks:
- oc - oc
hydra-client:
image: oryd/hydra:v2.2.0
container_name: hydra-client
environment:
HYDRA_ADMIN_URL: http://hydra:4445
ORY_SDK_URL: http://hydra:4445
command:
- create
- oauth2-client
- --skip-tls-verify
- --name
- test-client
- --secret
- oc-auth-got-secret
- --response-type
- id_token,token,code
- --grant-type
- implicit,refresh_token,authorization_code,client_credentials
- --scope
- openid,profile,email,roles
- --token-endpoint-auth-method
- client_secret_post
- --redirect-uri
- http://localhost:3000
networks:
- oc
deploy:
restart_policy:
condition: none
depends_on:
- hydra
healthcheck:
test: ["CMD", "curl", "-f", "http://hydra:4445"]
interval: 10s
timeout: 10s
retries: 10
volumes: volumes:
oc-data: oc-data:
networks: networks:
oc: oc:
external: true external: true

8
docker/tools/docker-compose.traefik.yml
View File

@@ -1,8 +1,8 @@
version: '3.4' version: '3.9'
services: services:
traefik: traefik:
image: traefik:v2.10.4 image: traefik:v3.6
container_name: traefik container_name: traefik
restart: unless-stopped restart: unless-stopped
networks: networks:
@@ -10,11 +10,13 @@ services:
command: command:
- "--api.insecure=true" - "--api.insecure=true"
- "--providers.docker=true" - "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:8000" - "--entrypoints.web.address=:8000"
user: root
ports: ports:
- "8000:8000" # Expose Traefik on port 8000 - "8000:8000" # Expose Traefik on port 8000
volumes: volumes:
- /var/run/docker.sock:/var/run/docker.sock - /var/run/docker.sock:/var/run/docker.sock:ro
volumes: volumes:
oc-data: oc-data:

8
k8s/datas/cluster-1/peer.json
View File

@@ -6,7 +6,7 @@
"id":"c0cece97-7730-4c2a-8c20-a30944564106", "id":"c0cece97-7730-4c2a-8c20-a30944564106",
"name":"local","is_draft":false, "name":"local","is_draft":false,
"creation_date":{"$date":"2025-03-27T09:13:13.230Z"}}, "creation_date":{"$date":"2025-03-27T09:13:13.230Z"}},
"api_url":"http://192.168.1.1", "api_url":"http://beta.opencloud.com:9600",
"nats_address": "nats://nats:4222", "nats_address": "nats://nats:4222",
"stream_address":"/ip4/192.168.1.1/tcp/4001/p2p/QmXkKz9kE7pY3Yw4m6x9FhJ3JY5P2QJpX9C7Yz2T4H8WvA", "stream_address":"/ip4/192.168.1.1/tcp/4001/p2p/QmXkKz9kE7pY3Yw4m6x9FhJ3JY5P2QJpX9C7Yz2T4H8WvA",
"wallet_address":"my-wallet", "wallet_address":"my-wallet",
@@ -22,12 +22,12 @@
"id":"6a3fc74d-8c06-4dbb-ad11-d5c53562775b", "id":"6a3fc74d-8c06-4dbb-ad11-d5c53562775b",
"name":"local","is_draft":false, "name":"local","is_draft":false,
"creation_date":{"$date":"2025-03-27T09:13:13.230Z"}}, "creation_date":{"$date":"2025-03-27T09:13:13.230Z"}},
"api_url":"http://192.168.1.2", "api_url":"http://beta.opencloud.com:9700",
"nats_address": "nats://nats:4222", "nats_address": "nats://nats:4222",
"stream_address":"/ip4/192.168.1.1/tcp/4002/p2p/QmTzQ1NwFz9bYH7Kp8Zs4XyJQk3E6C5R9H1m2A8L7V", "stream_address":"/ip4/192.168.1.1/tcp/4002/p2p/QmTzQ1NwFz9bYH7Kp8Zs4XyJQk3E6C5R9H1m2A8L7V",
"peer_id": "QmTzQ1NwFz9bYH7Kp8Zs4XyJQk3E6C5R9H1m2A8L7V", "peer_id": "QmTzQ1NwFz9bYH7Kp8Zs4XyJQk3E6C5R9H1m2A8L7V",
"wallet_address":"my-wallet", "wallet_address":"my-wallet",
"public_key":"MCowBQYDK2VwAyEAZ2nLJBL8a5opfa8nFeVj0SZToW8pl4+zgcSUkeZFRO4=", "public_key":"MCowBQYDK2VwAyEAZ2nLJBL8a5opfa8nFeVj0SZToW8pl4+zgcSUkeZFRO4=",
"state":2, "state":1,
"relation": 1 "relation": 2
}] }]

8
k8s/datas/cluster-2/peer.json
View File

@@ -6,11 +6,11 @@
"id":"c0cece97-7730-4c2a-8c20-a30944564106", "id":"c0cece97-7730-4c2a-8c20-a30944564106",
"name":"local","is_draft":false, "name":"local","is_draft":false,
"creation_date":{"$date":"2025-03-27T09:13:13.230Z"}}, "creation_date":{"$date":"2025-03-27T09:13:13.230Z"}},
"url":"http://192.168.1.1", "url":"http://beta.opencloud.com:9600",
"wallet_address":"my-wallet", "wallet_address":"my-wallet",
"public_key":"-----BEGIN RSA PUBLIC KEY-----\nMIICCgKCAgEAw2pdG6wMtuLcP0+k1LFvIb0DQo/oHW2uNJaEJK74plXqp4ztz2dR\nb+RQHFLeLuqk4i/zc3b4K3fKPXSlwnVPJCwzPrnyT8jYGOZVlWlETiV9xeJhu6s/\nBh6g1PWz75XjjwV50iv/CEiLNBT23f/3J44wrQzygqNQCiQSALdxWLAEl4l5kHSa\n9oMyV70/Uql94/ayMARZsHgp9ZvqQKbkZPw6yzVMfCBxQozlNlo315OHevudhnhp\nDRjN5I7zWmqYt6rbXJJC7Y3Izdvzn7QI88RqjSRST5I/7Kz3ndCqrOnI+OQUE5NT\nREyQebphvQfTDTKlRPXkdyktdK2DH28Zj6ZF3yjQvN35Q4zhOzlq77dO5IhhopI7\nct8dZH1T1nYkvdyCA/EVMtQsASmBOitH0Y0ACoXQK5Kb6nm/TcM/9ZSJUNiEMuy5\ngBZ3YKE9oa4cpTpPXwcA+S/cU7HPNnQAsvD3iJi8GTW9uJs84pn4/WhpQqmXd4rv\nhKWECCN3fHy01fUs/U0PaSj2jDY/kQVeXoikNMzPUjdZd9m816TIBh3v3aVXCH/0\niTHHAxctvDgMRb2fpvRJ/wwnYjFG9RpamVFDMvC9NffuYzWAA9IRIY4cqgerfHrV\nZ2HHiPTDDvDAIsvImXZc/h7mXN6m3RCQ4Qywy993wd9gUdgg/qnynHcCAwEAAQ==\n-----END RSA PUBLIC KEY-----\n", "public_key":"-----BEGIN RSA PUBLIC KEY-----\nMIICCgKCAgEAw2pdG6wMtuLcP0+k1LFvIb0DQo/oHW2uNJaEJK74plXqp4ztz2dR\nb+RQHFLeLuqk4i/zc3b4K3fKPXSlwnVPJCwzPrnyT8jYGOZVlWlETiV9xeJhu6s/\nBh6g1PWz75XjjwV50iv/CEiLNBT23f/3J44wrQzygqNQCiQSALdxWLAEl4l5kHSa\n9oMyV70/Uql94/ayMARZsHgp9ZvqQKbkZPw6yzVMfCBxQozlNlo315OHevudhnhp\nDRjN5I7zWmqYt6rbXJJC7Y3Izdvzn7QI88RqjSRST5I/7Kz3ndCqrOnI+OQUE5NT\nREyQebphvQfTDTKlRPXkdyktdK2DH28Zj6ZF3yjQvN35Q4zhOzlq77dO5IhhopI7\nct8dZH1T1nYkvdyCA/EVMtQsASmBOitH0Y0ACoXQK5Kb6nm/TcM/9ZSJUNiEMuy5\ngBZ3YKE9oa4cpTpPXwcA+S/cU7HPNnQAsvD3iJi8GTW9uJs84pn4/WhpQqmXd4rv\nhKWECCN3fHy01fUs/U0PaSj2jDY/kQVeXoikNMzPUjdZd9m816TIBh3v3aVXCH/0\niTHHAxctvDgMRb2fpvRJ/wwnYjFG9RpamVFDMvC9NffuYzWAA9IRIY4cqgerfHrV\nZ2HHiPTDDvDAIsvImXZc/h7mXN6m3RCQ4Qywy993wd9gUdgg/qnynHcCAwEAAQ==\n-----END RSA PUBLIC KEY-----\n",
"state":2, "state":1,
"relation": 1 "relation": 2
}, { }, {
"_id":"6a3fc74d-8c06-4dbb-ad11-d5c53562775b", "_id":"6a3fc74d-8c06-4dbb-ad11-d5c53562775b",
"failed_execution":null, "failed_execution":null,
@@ -19,7 +19,7 @@
"id":"6a3fc74d-8c06-4dbb-ad11-d5c53562775b", "id":"6a3fc74d-8c06-4dbb-ad11-d5c53562775b",
"name":"local","is_draft":false, "name":"local","is_draft":false,
"creation_date":{"$date":"2025-03-27T09:13:13.230Z"}}, "creation_date":{"$date":"2025-03-27T09:13:13.230Z"}},
"url":"http://192.168.1.2", "url":"http://beta.opencloud.com:9700",
"wallet_address":"my-wallet", "wallet_address":"my-wallet",
"public_key":"-----BEGIN RSA PUBLIC KEY-----\nMIICCgKCAgEAw2pdG6wMtuLcP0+k1LFvIb0DQo/oHW2uNJaEJK74plXqp4ztz2dR\nb+RQHFLeLuqk4i/zc3b4K3fKPXSlwnVPJCwzPrnyT8jYGOZVlWlETiV9xeJhu6s/\nBh6g1PWz75XjjwV50iv/CEiLNBT23f/3J44wrQzygqNQCiQSALdxWLAEl4l5kHSa\n9oMyV70/Uql94/ayMARZsHgp9ZvqQKbkZPw6yzVMfCBxQozlNlo315OHevudhnhp\nDRjN5I7zWmqYt6rbXJJC7Y3Izdvzn7QI88RqjSRST5I/7Kz3ndCqrOnI+OQUE5NT\nREyQebphvQfTDTKlRPXkdyktdK2DH28Zj6ZF3yjQvN35Q4zhOzlq77dO5IhhopI7\nct8dZH1T1nYkvdyCA/EVMtQsASmBOitH0Y0ACoXQK5Kb6nm/TcM/9ZSJUNiEMuy5\ngBZ3YKE9oa4cpTpPXwcA+S/cU7HPNnQAsvD3iJi8GTW9uJs84pn4/WhpQqmXd4rv\nhKWECCN3fHy01fUs/U0PaSj2jDY/kQVeXoikNMzPUjdZd9m816TIBh3v3aVXCH/0\niTHHAxctvDgMRb2fpvRJ/wwnYjFG9RpamVFDMvC9NffuYzWAA9IRIY4cqgerfHrV\nZ2HHiPTDDvDAIsvImXZc/h7mXN6m3RCQ4Qywy993wd9gUdgg/qnynHcCAwEAAQ==\n-----END RSA PUBLIC KEY-----\n", "public_key":"-----BEGIN RSA PUBLIC KEY-----\nMIICCgKCAgEAw2pdG6wMtuLcP0+k1LFvIb0DQo/oHW2uNJaEJK74plXqp4ztz2dR\nb+RQHFLeLuqk4i/zc3b4K3fKPXSlwnVPJCwzPrnyT8jYGOZVlWlETiV9xeJhu6s/\nBh6g1PWz75XjjwV50iv/CEiLNBT23f/3J44wrQzygqNQCiQSALdxWLAEl4l5kHSa\n9oMyV70/Uql94/ayMARZsHgp9ZvqQKbkZPw6yzVMfCBxQozlNlo315OHevudhnhp\nDRjN5I7zWmqYt6rbXJJC7Y3Izdvzn7QI88RqjSRST5I/7Kz3ndCqrOnI+OQUE5NT\nREyQebphvQfTDTKlRPXkdyktdK2DH28Zj6ZF3yjQvN35Q4zhOzlq77dO5IhhopI7\nct8dZH1T1nYkvdyCA/EVMtQsASmBOitH0Y0ACoXQK5Kb6nm/TcM/9ZSJUNiEMuy5\ngBZ3YKE9oa4cpTpPXwcA+S/cU7HPNnQAsvD3iJi8GTW9uJs84pn4/WhpQqmXd4rv\nhKWECCN3fHy01fUs/U0PaSj2jDY/kQVeXoikNMzPUjdZd9m816TIBh3v3aVXCH/0\niTHHAxctvDgMRb2fpvRJ/wwnYjFG9RpamVFDMvC9NffuYzWAA9IRIY4cqgerfHrV\nZ2HHiPTDDvDAIsvImXZc/h7mXN6m3RCQ4Qywy993wd9gUdgg/qnynHcCAwEAAQ==\n-----END RSA PUBLIC KEY-----\n",
"state":1, "state":1,