🎨(tooling) generate default SATOSA secrets for developemnt
`make bootstrap` will now generate well-formed secrets in env.d/development/satosa. This also serves to document one way of generating such secrets.
This commit is contained in:
@@ -137,7 +137,16 @@ env.d/development/common:
|
||||
cp -n env.d/development/common.dist env.d/development/common
|
||||
|
||||
env.d/development/satosa:
|
||||
cp -n env.d/development/satosa.dist env.d/development/satosa
|
||||
openssl req -quiet -batch -x509 -nodes -days 3650 -newkey rsa:2048 \
|
||||
-subj "/CN=satosa.traefik.me" -out - -keyout - \
|
||||
| awk '/BEGIN PRIVATE/,/END PRIVATE/{privkey=privkey $$0 "\n"} \
|
||||
/BEGIN CERTIFICATE/,/END CERTIFICATE/{cert=cert $$0 "\n"} \
|
||||
END { \
|
||||
printf "SAML2_BACKEND_KEY=\"%s\"\n", privkey; \
|
||||
printf "SAML2_BACKEND_CERT=\"%s\"\n", cert; \
|
||||
}' > $@
|
||||
echo "OIDC_FRONTEND_KEY=\"$$(openssl genrsa 2048)\"" >> $@
|
||||
echo "STATE_ENCRYPTION_KEY=$$(openssl rand -hex 32)" >> $@
|
||||
|
||||
# -- Misc
|
||||
clean: ## restore repository state as it was freshly cloned
|
||||
|
||||
@@ -28,10 +28,10 @@ The easiest way to start working on the project is to use GNU Make:
|
||||
$ make bootstrap
|
||||
```
|
||||
|
||||
This command builds the `app` container, installs dependencies, performs
|
||||
database migrations and compile translations. It's a good idea to use this
|
||||
command each time you are pulling code from the project repository to avoid
|
||||
dependency-related or migration-related issues.
|
||||
This command builds the `app-dev` container, installs dependencies, and sets up
|
||||
the development services. It's a good idea to use this command each time
|
||||
you are pulling code from the project repository to avoid dependency-related or
|
||||
migration-related issues.
|
||||
|
||||
Your Docker services should now be up and running 🎉
|
||||
|
||||
|
||||
+13
-12
@@ -10,24 +10,25 @@ services:
|
||||
environment:
|
||||
PYLINTHOME: /app/.pylint.d
|
||||
BASE_URL: https://satosa.traefik.me
|
||||
CLIENT_DB_JSON: |
|
||||
{
|
||||
"oidc-test-client": {
|
||||
"response_types": [
|
||||
"id_token",
|
||||
"code"
|
||||
],
|
||||
"redirect_uris": [
|
||||
"https://oidc-test-client.traefik.me/auth/callback"
|
||||
],
|
||||
"client_secret": "oidc-test-secret"
|
||||
}
|
||||
}
|
||||
env_file:
|
||||
- env.d/development/common
|
||||
- env.d/development/satosa
|
||||
volumes:
|
||||
- ./src/satosa:/app
|
||||
|
||||
app:
|
||||
build:
|
||||
context: .
|
||||
target: production
|
||||
args:
|
||||
DOCKER_USER: ${DOCKER_USER:-1000}
|
||||
user: ${DOCKER_USER:-1000}
|
||||
image: oidc2fer:production
|
||||
env_file:
|
||||
- env.d/development/common
|
||||
- env.d/development/satosa
|
||||
|
||||
oidc-test-client:
|
||||
image: ghcr.io/beryju/oidc-test-client
|
||||
depends_on:
|
||||
|
||||
@@ -1,19 +1,6 @@
|
||||
resolver 127.0.0.11;
|
||||
charset utf-8;
|
||||
|
||||
server {
|
||||
listen 8081;
|
||||
server_name localhost;
|
||||
|
||||
location / {
|
||||
set $backend "http://app:8000";
|
||||
proxy_pass $backend; # using a variable to force late name resolution
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
server_name satosa.traefik.me;
|
||||
listen 443 ssl;
|
||||
|
||||
@@ -1,27 +0,0 @@
|
||||
STATE_ENCRYPTION_KEY=
|
||||
SAML2_BACKEND_CERT="-----BEGIN CERTIFICATE-----
|
||||
...
|
||||
-----END CERTIFICATE-----
|
||||
"
|
||||
SAML2_BACKEND_KEY="-----BEGIN PRIVATE KEY-----
|
||||
...
|
||||
-----END PRIVATE KEY-----
|
||||
"
|
||||
OIDC_FRONTEND_KEY="-----BEGIN PRIVATE KEY-----
|
||||
...
|
||||
-----END PRIVATE KEY-----
|
||||
"
|
||||
CLIENT_DB_JSON="
|
||||
{
|
||||
\"oidc-test-client\": {
|
||||
\"response_types\": [
|
||||
\"id_token\",
|
||||
\"code\"
|
||||
],
|
||||
\"redirect_uris\": [
|
||||
\"https://oidc-test-client.traefik.me/auth/callback\"
|
||||
],
|
||||
\"client_secret\": \"oidc-test-secret\"
|
||||
}
|
||||
}
|
||||
"
|
||||
Reference in New Issue
Block a user