Initial QSfera import
This commit is contained in:
@@ -0,0 +1,63 @@
|
||||
{
|
||||
"clientId": "КуСфераAndroid",
|
||||
"name": "КуСфера Android App",
|
||||
"surrogateAuthRequired": false,
|
||||
"enabled": true,
|
||||
"alwaysDisplayInConsole": false,
|
||||
"clientAuthenticatorType": "client-secret",
|
||||
"redirectUris": [
|
||||
"oc://android.qsfera.eu"
|
||||
],
|
||||
"webOrigins": [],
|
||||
"notBefore": 0,
|
||||
"bearerOnly": false,
|
||||
"consentRequired": false,
|
||||
"standardFlowEnabled": true,
|
||||
"implicitFlowEnabled": false,
|
||||
"directAccessGrantsEnabled": true,
|
||||
"serviceAccountsEnabled": false,
|
||||
"publicClient": true,
|
||||
"frontchannelLogout": false,
|
||||
"protocol": "openid-connect",
|
||||
"attributes": {
|
||||
"saml.assertion.signature": "false",
|
||||
"saml.force.post.binding": "false",
|
||||
"saml.multivalued.roles": "false",
|
||||
"saml.encrypt": "false",
|
||||
"post.logout.redirect.uris": "oc://android.qsfera.eu",
|
||||
"backchannel.logout.revoke.offline.tokens": "false",
|
||||
"saml.server.signature": "false",
|
||||
"saml.server.signature.keyinfo.ext": "false",
|
||||
"exclude.session.state.from.auth.response": "false",
|
||||
"backchannel.logout.session.required": "true",
|
||||
"client_credentials.use_refresh_token": "false",
|
||||
"saml_force_name_id_format": "false",
|
||||
"saml.client.signature": "false",
|
||||
"tls.client.certificate.bound.access.tokens": "false",
|
||||
"saml.authnstatement": "false",
|
||||
"display.on.consent.screen": "false",
|
||||
"saml.onetimeuse.condition": "false"
|
||||
},
|
||||
"authenticationFlowBindingOverrides": {},
|
||||
"fullScopeAllowed": true,
|
||||
"nodeReRegistrationTimeout": -1,
|
||||
"defaultClientScopes": [
|
||||
"web-origins",
|
||||
"profile",
|
||||
"roles",
|
||||
"groups",
|
||||
"basic",
|
||||
"email"
|
||||
],
|
||||
"optionalClientScopes": [
|
||||
"address",
|
||||
"phone",
|
||||
"offline_access",
|
||||
"microprofile-jwt"
|
||||
],
|
||||
"access": {
|
||||
"view": true,
|
||||
"configure": true,
|
||||
"manage": true
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,64 @@
|
||||
{
|
||||
"clientId": "КуСфераDesktop",
|
||||
"name": "КуСфера Desktop Client",
|
||||
"surrogateAuthRequired": false,
|
||||
"enabled": true,
|
||||
"alwaysDisplayInConsole": false,
|
||||
"clientAuthenticatorType": "client-secret",
|
||||
"redirectUris": [
|
||||
"http://127.0.0.1",
|
||||
"http://localhost"
|
||||
],
|
||||
"webOrigins": [],
|
||||
"notBefore": 0,
|
||||
"bearerOnly": false,
|
||||
"consentRequired": false,
|
||||
"standardFlowEnabled": true,
|
||||
"implicitFlowEnabled": false,
|
||||
"directAccessGrantsEnabled": true,
|
||||
"serviceAccountsEnabled": false,
|
||||
"publicClient": true,
|
||||
"frontchannelLogout": false,
|
||||
"protocol": "openid-connect",
|
||||
"attributes": {
|
||||
"saml.assertion.signature": "false",
|
||||
"saml.force.post.binding": "false",
|
||||
"saml.multivalued.roles": "false",
|
||||
"saml.encrypt": "false",
|
||||
"post.logout.redirect.uris": "+",
|
||||
"backchannel.logout.revoke.offline.tokens": "false",
|
||||
"saml.server.signature": "false",
|
||||
"saml.server.signature.keyinfo.ext": "false",
|
||||
"exclude.session.state.from.auth.response": "false",
|
||||
"backchannel.logout.session.required": "true",
|
||||
"client_credentials.use_refresh_token": "false",
|
||||
"saml_force_name_id_format": "false",
|
||||
"saml.client.signature": "false",
|
||||
"tls.client.certificate.bound.access.tokens": "false",
|
||||
"saml.authnstatement": "false",
|
||||
"display.on.consent.screen": "false",
|
||||
"saml.onetimeuse.condition": "false"
|
||||
},
|
||||
"authenticationFlowBindingOverrides": {},
|
||||
"fullScopeAllowed": true,
|
||||
"nodeReRegistrationTimeout": -1,
|
||||
"defaultClientScopes": [
|
||||
"web-origins",
|
||||
"profile",
|
||||
"roles",
|
||||
"groups",
|
||||
"basic",
|
||||
"email"
|
||||
],
|
||||
"optionalClientScopes": [
|
||||
"address",
|
||||
"phone",
|
||||
"offline_access",
|
||||
"microprofile-jwt"
|
||||
],
|
||||
"access": {
|
||||
"view": true,
|
||||
"configure": true,
|
||||
"manage": true
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,63 @@
|
||||
{
|
||||
"clientId": "КуСфераIOS",
|
||||
"name": "КуСфера iOS App",
|
||||
"surrogateAuthRequired": false,
|
||||
"enabled": true,
|
||||
"alwaysDisplayInConsole": false,
|
||||
"clientAuthenticatorType": "client-secret",
|
||||
"redirectUris": [
|
||||
"oc://ios.qsfera.eu"
|
||||
],
|
||||
"webOrigins": [],
|
||||
"notBefore": 0,
|
||||
"bearerOnly": false,
|
||||
"consentRequired": false,
|
||||
"standardFlowEnabled": true,
|
||||
"implicitFlowEnabled": false,
|
||||
"directAccessGrantsEnabled": true,
|
||||
"serviceAccountsEnabled": false,
|
||||
"publicClient": true,
|
||||
"frontchannelLogout": false,
|
||||
"protocol": "openid-connect",
|
||||
"attributes": {
|
||||
"saml.assertion.signature": "false",
|
||||
"saml.force.post.binding": "false",
|
||||
"saml.multivalued.roles": "false",
|
||||
"saml.encrypt": "false",
|
||||
"post.logout.redirect.uris": "oc://ios.qsfera.eu",
|
||||
"backchannel.logout.revoke.offline.tokens": "false",
|
||||
"saml.server.signature": "false",
|
||||
"saml.server.signature.keyinfo.ext": "false",
|
||||
"exclude.session.state.from.auth.response": "false",
|
||||
"backchannel.logout.session.required": "true",
|
||||
"client_credentials.use_refresh_token": "false",
|
||||
"saml_force_name_id_format": "false",
|
||||
"saml.client.signature": "false",
|
||||
"tls.client.certificate.bound.access.tokens": "false",
|
||||
"saml.authnstatement": "false",
|
||||
"display.on.consent.screen": "false",
|
||||
"saml.onetimeuse.condition": "false"
|
||||
},
|
||||
"authenticationFlowBindingOverrides": {},
|
||||
"fullScopeAllowed": true,
|
||||
"nodeReRegistrationTimeout": -1,
|
||||
"defaultClientScopes": [
|
||||
"web-origins",
|
||||
"profile",
|
||||
"roles",
|
||||
"groups",
|
||||
"basic",
|
||||
"email"
|
||||
],
|
||||
"optionalClientScopes": [
|
||||
"address",
|
||||
"phone",
|
||||
"offline_access",
|
||||
"microprofile-jwt"
|
||||
],
|
||||
"access": {
|
||||
"view": true,
|
||||
"configure": true,
|
||||
"manage": true
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,66 @@
|
||||
{
|
||||
"clientId": "Cyberduck",
|
||||
"name": "Cyberduck",
|
||||
"description": "File transfer utility client",
|
||||
"surrogateAuthRequired": false,
|
||||
"enabled": true,
|
||||
"alwaysDisplayInConsole": false,
|
||||
"clientAuthenticatorType": "client-secret",
|
||||
"redirectUris": [
|
||||
"x-cyberduck-action:oauth",
|
||||
"x-mountainduck-action:oauth"
|
||||
],
|
||||
"webOrigins": [],
|
||||
"notBefore": 0,
|
||||
"bearerOnly": false,
|
||||
"consentRequired": false,
|
||||
"standardFlowEnabled": true,
|
||||
"implicitFlowEnabled": false,
|
||||
"directAccessGrantsEnabled": true,
|
||||
"serviceAccountsEnabled": false,
|
||||
"publicClient": true,
|
||||
"frontchannelLogout": false,
|
||||
"protocol": "openid-connect",
|
||||
"attributes": {
|
||||
"saml.assertion.signature": "false",
|
||||
"saml.force.post.binding": "false",
|
||||
"saml.multivalued.roles": "false",
|
||||
"saml.encrypt": "false",
|
||||
"oauth2.device.authorization.grant.enabled": "false",
|
||||
"backchannel.logout.revoke.offline.tokens": "false",
|
||||
"saml.server.signature": "false",
|
||||
"saml.server.signature.keyinfo.ext": "false",
|
||||
"exclude.session.state.from.auth.response": "false",
|
||||
"oidc.ciba.grant.enabled": "false",
|
||||
"backchannel.logout.session.required": "true",
|
||||
"client_credentials.use_refresh_token": "false",
|
||||
"saml_force_name_id_format": "false",
|
||||
"saml.client.signature": "false",
|
||||
"tls.client.certificate.bound.access.tokens": "false",
|
||||
"saml.authnstatement": "false",
|
||||
"display.on.consent.screen": "false",
|
||||
"saml.onetimeuse.condition": "false"
|
||||
},
|
||||
"authenticationFlowBindingOverrides": {},
|
||||
"fullScopeAllowed": true,
|
||||
"nodeReRegistrationTimeout": -1,
|
||||
"defaultClientScopes": [
|
||||
"web-origins",
|
||||
"profile",
|
||||
"roles",
|
||||
"groups",
|
||||
"basic",
|
||||
"email"
|
||||
],
|
||||
"optionalClientScopes": [
|
||||
"address",
|
||||
"phone",
|
||||
"offline_access",
|
||||
"microprofile-jwt"
|
||||
],
|
||||
"access": {
|
||||
"view": true,
|
||||
"configure": true,
|
||||
"manage": true
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,74 @@
|
||||
{
|
||||
"clientId": "web",
|
||||
"name": "КуСфера Web App",
|
||||
"description": "",
|
||||
"rootUrl": "{{OC_URL}}",
|
||||
"adminUrl": "{{OC_URL}}",
|
||||
"baseUrl": "",
|
||||
"surrogateAuthRequired": false,
|
||||
"enabled": true,
|
||||
"alwaysDisplayInConsole": false,
|
||||
"clientAuthenticatorType": "client-secret",
|
||||
"redirectUris": [
|
||||
"{{OC_URL}}/",
|
||||
"{{OC_URL}}/oidc-callback.html",
|
||||
"{{OC_URL}}/oidc-silent-redirect.html"
|
||||
],
|
||||
"webOrigins": [
|
||||
"{{OC_URL}}"
|
||||
],
|
||||
"notBefore": 0,
|
||||
"bearerOnly": false,
|
||||
"consentRequired": false,
|
||||
"standardFlowEnabled": true,
|
||||
"implicitFlowEnabled": false,
|
||||
"directAccessGrantsEnabled": true,
|
||||
"serviceAccountsEnabled": false,
|
||||
"publicClient": true,
|
||||
"frontchannelLogout": false,
|
||||
"protocol": "openid-connect",
|
||||
"attributes": {
|
||||
"saml.assertion.signature": "false",
|
||||
"saml.force.post.binding": "false",
|
||||
"saml.multivalued.roles": "false",
|
||||
"saml.encrypt": "false",
|
||||
"post.logout.redirect.uris": "+",
|
||||
"oauth2.device.authorization.grant.enabled": "false",
|
||||
"backchannel.logout.revoke.offline.tokens": "false",
|
||||
"saml.server.signature": "false",
|
||||
"saml.server.signature.keyinfo.ext": "false",
|
||||
"exclude.session.state.from.auth.response": "false",
|
||||
"oidc.ciba.grant.enabled": "false",
|
||||
"backchannel.logout.url": "{{OC_URL}}/backchannel_logout",
|
||||
"backchannel.logout.session.required": "true",
|
||||
"client_credentials.use_refresh_token": "false",
|
||||
"saml_force_name_id_format": "false",
|
||||
"saml.client.signature": "false",
|
||||
"tls.client.certificate.bound.access.tokens": "false",
|
||||
"saml.authnstatement": "false",
|
||||
"display.on.consent.screen": "false",
|
||||
"saml.onetimeuse.condition": "false"
|
||||
},
|
||||
"authenticationFlowBindingOverrides": {},
|
||||
"fullScopeAllowed": true,
|
||||
"nodeReRegistrationTimeout": -1,
|
||||
"defaultClientScopes": [
|
||||
"web-origins",
|
||||
"profile",
|
||||
"roles",
|
||||
"groups",
|
||||
"basic",
|
||||
"email"
|
||||
],
|
||||
"optionalClientScopes": [
|
||||
"address",
|
||||
"phone",
|
||||
"offline_access",
|
||||
"microprofile-jwt"
|
||||
],
|
||||
"access": {
|
||||
"view": true,
|
||||
"configure": true,
|
||||
"manage": true
|
||||
}
|
||||
}
|
||||
+8
@@ -0,0 +1,8 @@
|
||||
#!/bin/bash
|
||||
printenv
|
||||
# replace qsfera domain and LDAP password in keycloak realm import
|
||||
mkdir /opt/keycloak/data/import
|
||||
sed -e "s/cloud.qsfera.test/${OC_DOMAIN}/g" -e "s/ldap-admin-password/${LDAP_ADMIN_PASSWORD:-admin}/g" /opt/keycloak/data/import-dist/qsfera-realm.json > /opt/keycloak/data/import/qsfera-realm.json
|
||||
|
||||
# run original docker-entrypoint
|
||||
/opt/keycloak/bin/kc.sh "$@"
|
||||
File diff suppressed because it is too large
Load Diff
+38
@@ -0,0 +1,38 @@
|
||||
:root {
|
||||
--pf-global--primary-color--100: #e2baff;
|
||||
--pf-global--primary-color--200: #e2baff;
|
||||
--pf-global--primary-color--dark-100: #e2baff;
|
||||
--pf-global--Color--light-100: #20434f;
|
||||
}
|
||||
|
||||
@font-face {
|
||||
font-family: QSfera;
|
||||
src: url('../fonts/QSfera500-Regular.woff2') format('woff2');
|
||||
font-weight: normal;
|
||||
font-style: normal;
|
||||
}
|
||||
|
||||
@font-face {
|
||||
font-family: QSfera;
|
||||
src: url('../fonts/QSfera750-Bold.woff2') format('woff2');
|
||||
font-weight: bold;
|
||||
font-style: normal;
|
||||
}
|
||||
|
||||
body {
|
||||
font-family: "QSfera", "Open Sans", Helvetica, Arial, sans-serif;
|
||||
background: url(../img/background.png) no-repeat center !important;
|
||||
background-size: cover !important;
|
||||
}
|
||||
|
||||
.kc-logo-text {
|
||||
background-image: url(../img/logo.svg) !important;
|
||||
background-size: contain;
|
||||
width: 400px;
|
||||
margin: 0 !important;
|
||||
}
|
||||
|
||||
#kc-header-wrapper{
|
||||
display: flex;
|
||||
justify-content: center;
|
||||
}
|
||||
BIN
Binary file not shown.
BIN
Binary file not shown.
BIN
Binary file not shown.
|
After Width: | Height: | Size: 30 KiB |
+15
@@ -0,0 +1,15 @@
|
||||
<svg width="170" height="35" viewBox="0 0 170 35" fill="none" xmlns="http://www.w3.org/2000/svg" role="img" aria-label="КуСфера">
|
||||
<g transform="scale(0.1944444444)">
|
||||
<path fill="#061D2B" d="M34,12h112C158,12 168,22 168,34v112C168,158 158,168 146,168H34C22,168 12,158 12,146V34C12,22 22,12 34,12z"/>
|
||||
<path fill="#123E55" fill-opacity="0.74" d="M12,45C48,19 87,20 121,48C145,68 158,68 168,60V34C168,22 158,12 146,12H34C22,12 12,22 12,34z"/>
|
||||
<path fill="#19B8C9" fill-opacity="0.18" d="M12,126C46,105 82,104 114,124C139,139 156,139 168,128V146C168,158 158,168 146,168H34C22,168 12,158 12,146z"/>
|
||||
<path fill="none" stroke="#20D6E6" stroke-linecap="round" stroke-width="10" d="M75,47C100,29 138,39 153,70C167,100 151,135 121,147"/>
|
||||
<path fill="none" stroke="#9AF8FF" stroke-linecap="round" stroke-width="4" d="M81,45C101,35 130,39 146,62"/>
|
||||
<path fill="#21D1D6" d="M48,52h25v50h-25z"/>
|
||||
<path fill="#F8FCFF" d="M48,102h25v42h-25z"/>
|
||||
<path fill="#18BFD0" d="M77,94L111,55H143L99,103z"/>
|
||||
<path fill="#F8FCFF" d="M77,104L100,82L148,144H116z"/>
|
||||
<path fill="#9DF8FF" fill-opacity="0.45" d="M48,52h25v8h-25z"/>
|
||||
</g>
|
||||
<text x="47" y="24.5" fill="#20D6E6" font-family="Inter, Segoe UI, Arial, sans-serif" font-size="22" font-weight="700">КуСфера</text>
|
||||
</svg>
|
||||
|
After Width: | Height: | Size: 1.3 KiB |
+19
@@ -0,0 +1,19 @@
|
||||
document.addEventListener("DOMContentLoaded", function () {
|
||||
const setLogoUrl = (url) => {
|
||||
const logoTextSelector = document.querySelector(".kc-logo-text");
|
||||
|
||||
if (!logoTextSelector) {
|
||||
return
|
||||
}
|
||||
|
||||
const link = document.createElement("a");
|
||||
link.href = url;
|
||||
link.target = "_blank";
|
||||
|
||||
const parent = logoTextSelector.parentNode;
|
||||
parent.insertBefore(link, logoTextSelector);
|
||||
link.appendChild(logoTextSelector);
|
||||
}
|
||||
|
||||
setLogoUrl('')
|
||||
});
|
||||
+5
@@ -0,0 +1,5 @@
|
||||
parent=keycloak
|
||||
import=common/keycloak
|
||||
|
||||
styles=css/login.css css/theme.css
|
||||
scripts=js/script.js
|
||||
@@ -0,0 +1,9 @@
|
||||
#!/bin/bash
|
||||
echo "Running custom LDAP entrypoint script..."
|
||||
|
||||
if [ ! -f /opt/bitnami/openldap/share/openldap.key ]
|
||||
then
|
||||
openssl req -x509 -newkey rsa:4096 -keyout /opt/bitnami/openldap/share/openldap.key -out /opt/bitnami/openldap/share/openldap.crt -sha256 -days 365 -batch -nodes
|
||||
fi
|
||||
# run original docker-entrypoint
|
||||
/opt/bitnami/scripts/openldap/entrypoint.sh "$@"
|
||||
@@ -0,0 +1,20 @@
|
||||
dn: dc=qsfera,dc=eu
|
||||
objectClass: organization
|
||||
objectClass: dcObject
|
||||
dc: qsfera
|
||||
o: qsfera
|
||||
|
||||
dn: ou=users,dc=qsfera,dc=eu
|
||||
objectClass: organizationalUnit
|
||||
ou: users
|
||||
|
||||
dn: cn=admin,dc=qsfera,dc=eu
|
||||
objectClass: inetOrgPerson
|
||||
objectClass: person
|
||||
cn: admin
|
||||
sn: admin
|
||||
uid: ldapadmin
|
||||
|
||||
dn: ou=tenants,dc=qsfera,dc=eu
|
||||
objectClass: organizationalUnit
|
||||
ou: tenants
|
||||
@@ -0,0 +1,20 @@
|
||||
dn: uid=admin,ou=users,dc=qsfera,dc=eu
|
||||
objectClass: inetOrgPerson
|
||||
objectClass: organizationalPerson
|
||||
objectClass: person
|
||||
objectClass: top
|
||||
uid: admin
|
||||
givenName: Admin
|
||||
sn: Admin
|
||||
cn: admin
|
||||
displayName: Admin
|
||||
description: An admin for this КуСфера instance.
|
||||
mail: admin@example.org
|
||||
userPassword:: e1NTSEF9UWhmaFB3dERydTUydURoWFFObDRMbzVIckI3TkI5Nmo==
|
||||
|
||||
dn: cn=administrators,ou=groups,dc=qsfera,dc=eu
|
||||
objectClass: groupOfNames
|
||||
objectClass: top
|
||||
cn: administrators
|
||||
description: КуСфера Administrators
|
||||
member: uid=admin,ou=users,dc=qsfera,dc=eu
|
||||
@@ -0,0 +1,47 @@
|
||||
directives:
|
||||
child-src:
|
||||
- '''self'''
|
||||
connect-src:
|
||||
- '''self'''
|
||||
- 'blob:'
|
||||
- 'https://${COMPANION_DOMAIN|companion.qsfera.test}${TRAEFIK_PORT_HTTPS}/'
|
||||
- 'wss://${COMPANION_DOMAIN|companion.qsfera.test}${TRAEFIK_PORT_HTTPS}/'
|
||||
- 'https://raw.githubusercontent.com/qsfera-eu/awesome-apps/'
|
||||
- 'https://${IDP_DOMAIN|keycloak.qsfera.test}${TRAEFIK_PORT_HTTPS}/'
|
||||
- 'https://update.qsfera.eu/'
|
||||
default-src:
|
||||
- '''none'''
|
||||
font-src:
|
||||
- '''self'''
|
||||
frame-ancestors:
|
||||
- '''self'''
|
||||
frame-src:
|
||||
- '''self'''
|
||||
- 'blob:'
|
||||
- 'https://embed.diagrams.net/'
|
||||
# In contrary to bash and docker the default is given after the | character
|
||||
- 'https://${COLLABORA_DOMAIN|collabora.qsfera.test}${TRAEFIK_PORT_HTTPS}/'
|
||||
# This is needed for the external-sites web extension when embedding sites
|
||||
- 'https://docs.qsfera.eu'
|
||||
img-src:
|
||||
- '''self'''
|
||||
- 'data:'
|
||||
- 'blob:'
|
||||
- 'https://raw.githubusercontent.com/qsfera-eu/awesome-apps/'
|
||||
- 'https://tile.openstreetmap.org/'
|
||||
# In contrary to bash and docker the default is given after the | character
|
||||
- 'https://${COLLABORA_DOMAIN|collabora.qsfera.test}${TRAEFIK_PORT_HTTPS}/'
|
||||
manifest-src:
|
||||
- '''self'''
|
||||
media-src:
|
||||
- '''self'''
|
||||
object-src:
|
||||
- '''self'''
|
||||
- 'blob:'
|
||||
script-src:
|
||||
- '''self'''
|
||||
- '''unsafe-inline'''
|
||||
- 'https://${IDP_DOMAIN|keycloak.qsfera.test}${TRAEFIK_PORT_HTTPS}/'
|
||||
style-src:
|
||||
- '''self'''
|
||||
- '''unsafe-inline'''
|
||||
@@ -0,0 +1,40 @@
|
||||
# This adds four additional routes to the proxy. Forwarding
|
||||
# request on '/carddav/', '/caldav/' and the respective '/.well-knwown'
|
||||
# endpoints to the radicale container and setting the required headers.
|
||||
additional_policies:
|
||||
- name: default
|
||||
routes:
|
||||
- endpoint: /caldav/
|
||||
backend: http://radicale:5232
|
||||
remote_user_header: X-Remote-User
|
||||
skip_x_access_token: true
|
||||
additional_headers:
|
||||
- X-Script-Name: /caldav
|
||||
- endpoint: /.well-known/caldav
|
||||
backend: http://radicale:5232
|
||||
remote_user_header: X-Remote-User
|
||||
skip_x_access_token: true
|
||||
additional_headers:
|
||||
- X-Script-Name: /caldav
|
||||
- endpoint: /carddav/
|
||||
backend: http://radicale:5232
|
||||
remote_user_header: X-Remote-User
|
||||
skip_x_access_token: true
|
||||
additional_headers:
|
||||
- X-Script-Name: /carddav
|
||||
- endpoint: /.well-known/carddav
|
||||
backend: http://radicale:5232
|
||||
remote_user_header: X-Remote-User
|
||||
skip_x_access_token: true
|
||||
additional_headers:
|
||||
- X-Script-Name: /carddav
|
||||
# To enable the radicale web UI add this rule.
|
||||
# "unprotected" is True because the Web UI itself ask for
|
||||
# the password.
|
||||
# Also set "type" to "internal" in the config/radicale/config
|
||||
# - endpoint: /caldav/.web/
|
||||
# backend: http://radicale:5232/
|
||||
# unprotected: true
|
||||
# skip_x_access_token: true
|
||||
# additional_headers:
|
||||
# - X-Script-Name: /caldav
|
||||
+72
@@ -0,0 +1,72 @@
|
||||
set -e
|
||||
|
||||
printenv
|
||||
# Function to add arguments to the command
|
||||
add_arg() {
|
||||
TRAEFIK_CMD="$TRAEFIK_CMD $1"
|
||||
}
|
||||
|
||||
# Initialize the base command
|
||||
TRAEFIK_CMD="traefik"
|
||||
|
||||
# Base Traefik arguments (from your existing configuration)
|
||||
add_arg "--log.level=${TRAEFIK_LOG_LEVEL:-ERROR}"
|
||||
# enable dashboard
|
||||
add_arg "--api.dashboard=true"
|
||||
# define entrypoints
|
||||
add_arg "--entryPoints.http.address=:80"
|
||||
add_arg "--entryPoints.http.http.redirections.entryPoint.to=https"
|
||||
add_arg "--entryPoints.http.http.redirections.entryPoint.scheme=https"
|
||||
add_arg "--entryPoints.https.address=:443"
|
||||
# change default timeouts for long-running requests
|
||||
# this is needed for webdav clients that do not support the TUS protocol
|
||||
add_arg "--entryPoints.https.transport.respondingTimeouts.readTimeout=12h"
|
||||
add_arg "--entryPoints.https.transport.respondingTimeouts.writeTimeout=12h"
|
||||
add_arg "--entryPoints.https.transport.respondingTimeouts.idleTimeout=3m"
|
||||
# docker provider (get configuration from container labels)
|
||||
add_arg "--providers.docker.endpoint=unix:///var/run/docker.sock"
|
||||
add_arg "--providers.docker.exposedByDefault=false"
|
||||
# access log
|
||||
add_arg "--accessLog=${TRAEFIK_ACCESS_LOG:-false}"
|
||||
add_arg "--accessLog.format=json"
|
||||
add_arg "--accessLog.fields.headers.names.X-Request-Id=keep"
|
||||
|
||||
# Add Let's Encrypt configuration if enabled
|
||||
if [ "${TRAEFIK_SERVICES_TLS_CONFIG}" = "tls.certresolver=letsencrypt" ]; then
|
||||
echo "Configuring Traefik with Let's Encrypt..."
|
||||
add_arg "--certificatesResolvers.letsencrypt.acme.email=${TRAEFIK_ACME_MAIL:-example@example.org}"
|
||||
add_arg "--certificatesResolvers.letsencrypt.acme.storage=/certs/acme.json"
|
||||
add_arg "--certificatesResolvers.letsencrypt.acme.httpChallenge.entryPoint=http"
|
||||
add_arg "--certificatesResolvers.letsencrypt.acme.caserver=${TRAEFIK_ACME_CASERVER:-https://acme-v02.api.letsencrypt.org/directory}"
|
||||
fi
|
||||
|
||||
# Add local certificate configuration if enabled
|
||||
if [ "${TRAEFIK_SERVICES_TLS_CONFIG}" = "tls=true" ]; then
|
||||
echo "Configuring Traefik with local certificates..."
|
||||
add_arg "--providers.file.directory=/etc/traefik/dynamic"
|
||||
add_arg "--providers.file.watch=true"
|
||||
fi
|
||||
|
||||
# Warning if neither certificate method is enabled
|
||||
if [ "${TRAEFIK_SERVICES_TLS_CONFIG}" != "tls=true" ] && [ "${TRAEFIK_SERVICES_TLS_CONFIG}" != "tls.certresolver=letsencrypt" ]; then
|
||||
echo "WARNING: Neither Let's Encrypt nor local certificates are enabled."
|
||||
echo "HTTPS will not work properly without certificate configuration."
|
||||
fi
|
||||
|
||||
# Add any custom arguments from environment variable
|
||||
if [ -n "${TRAEFIK_CUSTOM_ARGS}" ]; then
|
||||
echo "Adding custom Traefik arguments: ${TRAEFIK_CUSTOM_ARGS}"
|
||||
TRAEFIK_CMD="$TRAEFIK_CMD $TRAEFIK_CUSTOM_ARGS"
|
||||
fi
|
||||
|
||||
# Add any additional arguments passed to the script
|
||||
for arg in "$@"; do
|
||||
add_arg "$arg"
|
||||
done
|
||||
|
||||
# Print the final command for debugging
|
||||
echo "Starting Traefik with command:"
|
||||
echo "$TRAEFIK_CMD"
|
||||
|
||||
# Execute Traefik
|
||||
exec $TRAEFIK_CMD
|
||||
Reference in New Issue
Block a user