mirror of
https://github.com/byo-software/steam-openid-connect-provider.git
synced 2025-01-09 01:46:22 +00:00
Added nginx proxy with SSL support.
TODO keycloak truststore
This commit is contained in:
parent
425d7d1d85
commit
3cd36724c9
4 changed files with 89 additions and 8 deletions
29
dev.local.plantuml
Normal file
29
dev.local.plantuml
Normal file
|
@ -0,0 +1,29 @@
|
||||||
|
@startuml
|
||||||
|
|
||||||
|
node Host {
|
||||||
|
component Browser
|
||||||
|
|
||||||
|
node Docker {
|
||||||
|
component Proxy
|
||||||
|
component Keycloak
|
||||||
|
component SteamIdp
|
||||||
|
component Postgresql
|
||||||
|
|
||||||
|
Proxy --> Keycloak: keycloak (http)
|
||||||
|
Proxy --> SteamIdp: steamidp (http)
|
||||||
|
Keycloak --> Postgresql: postgres
|
||||||
|
|
||||||
|
Proxy <-- Keycloak: dev.local (https)
|
||||||
|
}
|
||||||
|
|
||||||
|
component SteamIdpDev as "SteamIdp"
|
||||||
|
}
|
||||||
|
|
||||||
|
cloud Internet {
|
||||||
|
component Steam
|
||||||
|
}
|
||||||
|
|
||||||
|
Browser --> Proxy: dev.local (https)
|
||||||
|
Proxy ..> SteamIdpDev: host.docker.internal (http)
|
||||||
|
|
||||||
|
@enduml
|
|
@ -1,9 +1,34 @@
|
||||||
|
# Create the file docker-compose.secrets.yml and add
|
||||||
|
# ```
|
||||||
|
# version: '2'
|
||||||
|
# services:
|
||||||
|
# proxy:
|
||||||
|
# volumes:
|
||||||
|
# - "<your-certs>/dev.local.crt:/tmp/dev.local.crt"
|
||||||
|
# - "<your-certs>/dev.local.key:/tmp/dev.local.key"
|
||||||
|
# steamidp:
|
||||||
|
# environment:
|
||||||
|
# Steam__ApplicationKey: <your-app-key>
|
||||||
|
# ```
|
||||||
|
#
|
||||||
|
# Than start with `docker compose -f .\docker-compose.yml -f .\docker-compose.secrets.yml up`
|
||||||
version: '2'
|
version: '2'
|
||||||
volumes:
|
volumes:
|
||||||
postgres_data:
|
postgres_data:
|
||||||
driver: local
|
driver: local
|
||||||
|
|
||||||
services:
|
services:
|
||||||
|
proxy:
|
||||||
|
image: nginx
|
||||||
|
container_name: proxy
|
||||||
|
volumes:
|
||||||
|
- "./proxy_ssl.conf:/etc/nginx/conf.d/proxy_ssl.conf"
|
||||||
|
ports:
|
||||||
|
- 443:443
|
||||||
|
links:
|
||||||
|
- keycloak
|
||||||
|
- steamidp
|
||||||
|
|
||||||
postgres:
|
postgres:
|
||||||
image: postgres
|
image: postgres
|
||||||
container_name: postgres
|
container_name: postgres
|
||||||
|
@ -26,16 +51,22 @@ services:
|
||||||
DB_PASSWORD: password
|
DB_PASSWORD: password
|
||||||
KEYCLOAK_USER: admin
|
KEYCLOAK_USER: admin
|
||||||
KEYCLOAK_PASSWORD: changeit
|
KEYCLOAK_PASSWORD: changeit
|
||||||
ports:
|
PROXY_ADDRESS_FORWARDING: "true"
|
||||||
- 8080:8080
|
|
||||||
links:
|
links:
|
||||||
- postgres
|
- postgres
|
||||||
|
extra_hosts:
|
||||||
|
- "dev.local:host-gateway"
|
||||||
|
|
||||||
|
|
||||||
steamidp:
|
steamidp:
|
||||||
image: neothor/steam-openid-connect-provider:develop
|
image: neothor/steam-openid-connect-provider:develop
|
||||||
build: ./src
|
build: ./src
|
||||||
container_name: steamidp
|
container_name: steamidp
|
||||||
ports:
|
|
||||||
- 80:80
|
|
||||||
links:
|
links:
|
||||||
- keycloak
|
- keycloak
|
||||||
|
environment:
|
||||||
|
OpenID__ClientID: keycloak
|
||||||
|
OpenID__ClientName: keycloak
|
||||||
|
OpenId__ClientSecret: keycloak
|
||||||
|
OpenID__RedirectUri: https://dev.local/auth/realms/dev/broker/steam/endpoint
|
||||||
|
Hosting__BasePath: /steam
|
21
proxy_ssl.conf
Normal file
21
proxy_ssl.conf
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
server {
|
||||||
|
listen 443 ssl;
|
||||||
|
ssl_certificate /tmp/dev.local.crt;
|
||||||
|
ssl_certificate_key /tmp/dev.local.key;
|
||||||
|
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_protocol_addr;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
return 301 https://$host/auth/realms/dev/account;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /auth {
|
||||||
|
proxy_pass http://keycloak:8080;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /steam {
|
||||||
|
proxy_pass http://steamidp:80;
|
||||||
|
}
|
||||||
|
}
|
|
@ -8,7 +8,7 @@
|
||||||
"OpenID": {
|
"OpenID": {
|
||||||
"ClientID": "proxy",
|
"ClientID": "proxy",
|
||||||
"ClientSecret": "secret",
|
"ClientSecret": "secret",
|
||||||
"RedirectUri": "http://localhost:8080/auth/realms/master/broker/steam/endpoint",
|
"RedirectUri": "http://localhost:8080/auth/realms/dev/broker/steam-dev/endpoint",
|
||||||
"PostLogoutRedirectUri": ""
|
"PostLogoutRedirectUri": ""
|
||||||
},
|
},
|
||||||
"Hosting": {
|
"Hosting": {
|
||||||
|
|
Loading…
Reference in a new issue