Nono/gesthub
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add working sso + working Caddy + 2 scripts for hosts

Browse Source
This commit is contained in:
M1n-0
2025-05-13 21:21:07 +02:00
parent 248b608aba
commit cd4678c883
5 changed files with 64 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
Caddyfile
View File

@@ -1,17 +1,17 @@
# Caddyfile # Caddyfile
flask.localhost { http://flask.localhost {
reverse_proxy flask:5000 reverse_proxy flask:5000
} }
wekan.localhost { http://wekan.localhost {
reverse_proxy wekan:8080 reverse_proxy wekan:8080
} }
chat.localhost { http://chat.localhost {
reverse_proxy mattermost:8065 reverse_proxy mattermost:8065
} }
keycloak.localhost { http://keycloak.localhost {
reverse_proxy keycloak:8080 reverse_proxy keycloak:8080
} }

19
add-localhosts.bat Normal file
View File

@@ -0,0 +1,19 @@
@echo off
set HOSTS_FILE=%SystemRoot%\System32\drivers\etc\hosts
set DOMAINS=flask.localhost keycloak.localhost chat.localhost wekan.localhost
echo [🔧] Mise à jour de %HOSTS_FILE%
for %%D in (%DOMAINS%) do (
findstr /C:"%%D" %HOSTS_FILE% >nul
if errorlevel 1 (
echo 127.0.0.1 %%D >> %HOSTS_FILE%
echo [+] Ajouté : %%D
) else (
echo [=] Déjà présent : %%D
)
)
echo [✅] Terminé.
pause

17
add-localhosts.sh Executable file
View File

@@ -0,0 +1,17 @@
#!/bin/bash
HOSTS_FILE="/etc/hosts"
DOMAINS=("flask.localhost" "keycloak.localhost" "chat.localhost" "wekan.localhost")
echo "[🔧] Mise à jour de : $HOSTS_FILE"
for domain in "${DOMAINS[@]}"; do
if grep -q "$domain" "$HOSTS_FILE"; then
echo "[=] Déjà présent : $domain"
else
echo "127.0.0.1 $domain" | sudo tee -a "$HOSTS_FILE" > /dev/null
echo "[+] Ajouté : $domain"
fi
done
echo "[✅] Terminé."

36
docker-compose.yml
View File

@@ -13,7 +13,7 @@ services:
- wekan - wekan
- mattermost - mattermost
networks: networks:
- backend - gesthub
flask: flask:
build: ./web build: ./web
@@ -22,13 +22,14 @@ services:
- DB_USER=flaskuser - DB_USER=flaskuser
- DB_PASSWORD=flaskpass - DB_PASSWORD=flaskpass
- DB_NAME=flaskdb - DB_NAME=flaskdb
extra_hosts:
- "keycloak.localhost:172.18.0.10"
depends_on: depends_on:
- mariadb - mariadb
- keycloak
volumes: volumes:
- ./web:/app - ./web:/app
networks: networks:
- backend - gesthub
mariadb: mariadb:
image: mariadb:latest image: mariadb:latest
@@ -40,7 +41,7 @@ services:
volumes: volumes:
- mariadb_data:/var/lib/mysql - mariadb_data:/var/lib/mysql
networks: networks:
- backend - gesthub
wekan: wekan:
image: wekanteam/wekan image: wekanteam/wekan
@@ -50,14 +51,14 @@ services:
depends_on: depends_on:
- mongo - mongo
networks: networks:
- backend - gesthub
mongo: mongo:
image: mongo:latest image: mongo:latest
volumes: volumes:
- mongo_data:/data/db - mongo_data:/data/db
networks: networks:
- backend - gesthub
mattermost: mattermost:
image: mattermost/mattermost-team-edition:latest image: mattermost/mattermost-team-edition:latest
@@ -72,7 +73,7 @@ services:
volumes: volumes:
- mattermost_data:/mattermost/data - mattermost_data:/mattermost/data
networks: networks:
- backend - gesthub
db: db:
image: postgres:13 image: postgres:13
@@ -83,8 +84,7 @@ services:
volumes: volumes:
- postgres_data:/var/lib/postgresql/data - postgres_data:/var/lib/postgresql/data
networks: networks:
- backend - gesthub
keycloak: keycloak:
image: quay.io/keycloak/keycloak:22.0.5 image: quay.io/keycloak/keycloak:22.0.5
command: start-dev command: start-dev
@@ -94,13 +94,8 @@ services:
- KC_DB=postgres - KC_DB=postgres
- KC_DB_URL_HOST=keycloak-db - KC_DB_URL_HOST=keycloak-db
- KC_DB_URL_DATABASE=keycloak - KC_DB_URL_DATABASE=keycloak
# - KC_DB_USERNAME=keycloak - KC_DB_USERNAME=keycloak
- KC_DB_PASSWORD=keycloakpass - KC_DB_PASSWORD=keycloakpass
- KC_HOSTNAME=keycloak
- KC_HTTP_ENABLED=true
- KC_HOSTNAME_STRICT=false
- KC_HOSTNAME_STRICT_HTTPS=false
- KC_PROXY=edge
ports: ports:
- "8080:8080" - "8080:8080"
depends_on: depends_on:
@@ -108,8 +103,7 @@ services:
volumes: volumes:
- keycloak_data:/opt/keycloak/data - keycloak_data:/opt/keycloak/data
networks: networks:
- backend - gesthub
keycloak-db: keycloak-db:
image: postgres:13 image: postgres:13
environment: environment:
@@ -119,7 +113,10 @@ services:
volumes: volumes:
- keycloakdb_data:/var/lib/postgresql/data - keycloakdb_data:/var/lib/postgresql/data
networks: networks:
- backend - gesthub
networks:
gesthub:
driver: bridge
volumes: volumes:
caddy_data: caddy_data:
@@ -130,6 +127,3 @@ volumes:
postgres_data: postgres_data:
keycloak_data: keycloak_data:
keycloakdb_data: keycloakdb_data:
networks:
backend:

10
web/app.py
View File

@@ -1,3 +1,4 @@
import os
from flask import Flask, redirect, url_for, session, render_template from flask import Flask, redirect, url_for, session, render_template
from flask_sqlalchemy import SQLAlchemy from flask_sqlalchemy import SQLAlchemy
from authlib.integrations.flask_client import OAuth from authlib.integrations.flask_client import OAuth
@@ -5,7 +6,7 @@ from authlib.integrations.flask_client import OAuth
app = Flask(__name__) app = Flask(__name__)
app.config['SQLALCHEMY_DATABASE_URI'] = 'mysql+pymysql://flaskuser:flaskpass@mariadb/flaskdb' app.config['SQLALCHEMY_DATABASE_URI'] = 'mysql+pymysql://flaskuser:flaskpass@mariadb/flaskdb'
app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False
app.secret_key = 'ninolabat' app.secret_key = os.environ.get("SECRET_KEY", "dev-key")
db = SQLAlchemy(app) db = SQLAlchemy(app)
@@ -15,8 +16,8 @@ oauth = OAuth(app)
keycloak = oauth.register( keycloak = oauth.register(
name='keycloak', name='keycloak',
client_id='flask-app', client_id='flask-app',
client_secret='jp4T3FnlpzHyc4Ch4zNoO8cAakXzHi50', client_secret='6R70kt1x9KjYpccZCMnPvJAGiJFzRHjE',
server_metadata_url='http://keycloak:8080/realms/GestHub/.well-known/openid-configuration', server_metadata_url='http://keycloak.localhost/realms/gesthub/.well-known/openid-configuration',
client_kwargs={ client_kwargs={
'scope': 'openid profile email', 'scope': 'openid profile email',
} }
@@ -31,12 +32,15 @@ def index():
@app.route('/login') @app.route('/login')
def login(): def login():
nonce = uuid.uuid4().hex
session['nonce'] = nonce
redirect_uri = url_for('auth', _external=True) redirect_uri = url_for('auth', _external=True)
return keycloak.authorize_redirect(redirect_uri) return keycloak.authorize_redirect(redirect_uri)
@app.route('/auth') @app.route('/auth')
def auth(): def auth():
token = keycloak.authorize_access_token() token = keycloak.authorize_access_token()
nonce = session.pop('nonce', None)
userinfo = keycloak.parse_id_token(token) userinfo = keycloak.parse_id_token(token)
session['user'] = userinfo session['user'] = userinfo
return redirect('/') return redirect('/')