mirror of
https://github.com/opencloud-eu/opencloud-compose.git
synced 2026-06-08 12:10:05 +08:00
Compare commits
10 Commits
29749588de
...
270374d9e1
| Author | SHA1 | Date | |
|---|---|---|---|
|
270374d9e1 | ||
|
459b5ba9ff | ||
|
|
17012ada58 | ||
|
|
0ddef8a7f1 | ||
|
|
12f855c9ce | ||
|
c3caf7e65b | ||
|
|
5998ffbc96 | ||
|
|
86f1d6fb7e | ||
|
|
212f87a89c | ||
|
|
68ddb4eb79 |
17
.env.example
17
.env.example
@@ -313,6 +313,23 @@ IDP_DOMAIN=
|
||||
IDP_ISSUER_URL=
|
||||
# Url of the account edit page from your Identity Provider.
|
||||
IDP_ACCOUNT_URL=
|
||||
# Global Client ID: You can override this by specifying a custom client ID, or leave it blank to use the OC defaults, as described in the documentation
|
||||
#OC_OIDC_CLIENT_ID=
|
||||
# Declares which property should be used for the oidc claim
|
||||
# Example: "roles"
|
||||
PROXY_ROLE_ASSIGNMENT_OIDC_CLAIM=
|
||||
# Defines the OIDC client scope
|
||||
# Example: "openid profile email roles"
|
||||
OC_OIDC_CLIENT_SCOPES=
|
||||
# Client specific environment vars
|
||||
#WEBFINGER_WEB_OIDC_CLIENT_ID=
|
||||
#WEBFINGER_WEB_OIDC_CLIENT_SCOPES=
|
||||
#WEBFINGER_IOS_OIDC_CLIENT_ID=
|
||||
#WEBFINGER_IOS_OIDC_CLIENT_SCOPES=
|
||||
#WEBFINGER_ANDROID_OIDC_CLIENT_ID=
|
||||
#WEBFINGER_ANDROID_OIDC_CLIENT_SCOPES=
|
||||
#WEBFINGER_DESKTOP_OIDC_CLIENT_ID=
|
||||
#WEBFINGER_DESKTOP_OIDC_CLIENT_SCOPES=
|
||||
|
||||
## Shared User Directory Mode ##
|
||||
# Use together with idm/ldap-keycloak.yml and traefik/ldap-keycloak.yml
|
||||
|
||||
@@ -14,7 +14,17 @@ services:
|
||||
GRAPH_LDAP_REFINT_ENABLED: "true" # osixia has refint enabled.
|
||||
FRONTEND_READONLY_USER_ATTRIBUTES: "user.onPremisesSamAccountName,user.displayName,user.mail,user.passwordProfile,user.accountEnabled,user.appRoleAssignments"
|
||||
PROXY_OIDC_REWRITE_WELLKNOWN: "true"
|
||||
WEB_OIDC_CLIENT_ID: ${OC_OIDC_CLIENT_ID:-web}
|
||||
OC_OIDC_CLIENT_ID: ${OC_OIDC_CLIENT_ID}
|
||||
OC_OIDC_CLIENT_SCOPES: ${OC_OIDC_CLIENT_SCOPES}
|
||||
PROXY_ROLE_ASSIGNMENT_OIDC_CLAIM: ${PROXY_ROLE_ASSIGNMENT_OIDC_CLAIM:-roles}
|
||||
WEBFINGER_WEB_OIDC_CLIENT_ID: ${WEBFINGER_WEB_OIDC_CLIENT_ID}
|
||||
WEBFINGER_WEB_OIDC_CLIENT_SCOPES: ${WEBFINGER_WEB_OIDC_CLIENT_SCOPES}
|
||||
WEBFINGER_ANDROID_OIDC_CLIENT_ID: ${WEBFINGER_ANDROID_OIDC_CLIENT_ID}
|
||||
WEBFINGER_ANDROID_OIDC_CLIENT_SCOPES: ${WEBFINGER_ANDROID_OIDC_CLIENT_SCOPES}
|
||||
WEBFINGER_IOS_OIDC_CLIENT_ID: ${WEBFINGER_IOS_OIDC_CLIENT_ID}
|
||||
WEBFINGER_IOS_OIDC_CLIENT_SCOPES: ${WEBFINGER_IOS_OIDC_CLIENT_SCOPES}
|
||||
WEBFINGER_DESKTOP_OIDC_CLIENT_ID: ${WEBFINGER_DESKTOP_OIDC_CLIENT_ID}
|
||||
WEBFINGER_DESKTOP_OIDC_CLIENT_SCOPES: ${WEBFINGER_DESKTOP_OIDC_CLIENT_SCOPES}
|
||||
PROXY_ROLE_ASSIGNMENT_DRIVER: "oidc"
|
||||
OC_OIDC_ISSUER: ${IDP_ISSUER_URL:-https://keycloak.opencloud.test/realms/openCloud}
|
||||
# This specifies to start all services except idm and idp. These are replaced by external services.
|
||||
@@ -45,6 +55,7 @@ services:
|
||||
WEB_OPTION_ACCOUNT_EDIT_LINK_HREF: ${IDP_ACCOUNT_URL}
|
||||
ldap-server:
|
||||
image: bitnamilegacy/openldap:2.6
|
||||
# Bitnami images require GID 0 to write to internal socket and PID directories
|
||||
networks:
|
||||
opencloud-net:
|
||||
entrypoint: [ "/bin/sh", "/opt/bitnami/scripts/openldap/docker-entrypoint-override.sh", "/opt/bitnami/scripts/openldap/run.sh" ]
|
||||
|
||||
@@ -23,19 +23,19 @@ services:
|
||||
# Keycloak IDP specific configuration
|
||||
PROXY_AUTOPROVISION_ACCOUNTS: "false"
|
||||
PROXY_ROLE_ASSIGNMENT_DRIVER: "oidc"
|
||||
OC_OIDC_ISSUER: https://${KEYCLOAK_DOMAIN:-keycloak.opencloud.test}/realms/openCloud
|
||||
OC_OIDC_ISSUER: https://${KEYCLOAK_DOMAIN:-keycloak.opencloud.test}${TRAEFIK_PORT_HTTPS:+:}${TRAEFIK_PORT_HTTPS:-}/realms/openCloud
|
||||
PROXY_OIDC_REWRITE_WELLKNOWN: "true"
|
||||
WEB_OIDC_CLIENT_ID: ${OC_OIDC_CLIENT_ID:-web}
|
||||
PROXY_USER_OIDC_CLAIM: "uuid"
|
||||
PROXY_USER_CS3_CLAIM: "userid"
|
||||
WEB_OPTION_ACCOUNT_EDIT_LINK_HREF: "https://${KEYCLOAK_DOMAIN:-keycloak.opencloud.test}/realms/openCloud/account"
|
||||
WEB_OPTION_ACCOUNT_EDIT_LINK_HREF: "https://${KEYCLOAK_DOMAIN:-keycloak.opencloud.test}${TRAEFIK_PORT_HTTPS:+:}${TRAEFIK_PORT_HTTPS:-}/realms/openCloud/account"
|
||||
# admin and demo accounts must be created in Keycloak
|
||||
OC_ADMIN_USER_ID: ""
|
||||
SETTINGS_SETUP_DEFAULT_ASSIGNMENTS: "false"
|
||||
GRAPH_ASSIGN_DEFAULT_USER_ROLE: "false"
|
||||
GRAPH_USERNAME_MATCH: "none"
|
||||
# This is needed to set the correct CSP rules for OpenCloud
|
||||
IDP_DOMAIN: ${KEYCLOAK_DOMAIN:-keycloak.opencloud.test}
|
||||
IDP_DOMAIN: ${KEYCLOAK_DOMAIN:-keycloak.opencloud.test}${TRAEFIK_PORT_HTTPS:+:}${TRAEFIK_PORT_HTTPS:-}
|
||||
|
||||
ldap-server:
|
||||
image: bitnamilegacy/openldap:2.6
|
||||
@@ -89,7 +89,7 @@ services:
|
||||
- "./config/keycloak/themes/opencloud:/opt/keycloak/themes/opencloud"
|
||||
environment:
|
||||
LDAP_ADMIN_PASSWORD: ${LDAP_BIND_PASSWORD:-admin}
|
||||
OC_DOMAIN: ${OC_DOMAIN:-cloud.opencloud.test}
|
||||
OC_DOMAIN: ${OC_DOMAIN:-cloud.opencloud.test}${TRAEFIK_PORT_HTTPS:+:}${TRAEFIK_PORT_HTTPS:-}
|
||||
KC_HOSTNAME: ${KEYCLOAK_DOMAIN:-keycloak.opencloud.test}
|
||||
KC_DB: postgres
|
||||
KC_DB_URL: "jdbc:postgresql://postgres:5432/keycloak"
|
||||
|
||||
Reference in New Issue
Block a user