From 0d5719db4ffd6b4865ad5b25bb6a6ae3e0750479 Mon Sep 17 00:00:00 2001 From: Fuuma Date: Thu, 29 May 2025 10:53:39 +0900 Subject: [PATCH 01/12] =?UTF-8?q?feat:=20ECCNetLab=E3=81=AE=E3=83=A6?= =?UTF-8?q?=E3=83=BC=E3=82=B6=E3=81=AE=E3=81=BFoidc=E3=81=99=E3=82=8B?= =?UTF-8?q?=E3=82=88=E3=81=86=E3=81=AB=E8=A8=AD=E5=AE=9A?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- dex-config.yaml | 30 +++++++++++++++++++++++++ docker-compose.yml | 56 ++++++++++++++++++++++++++++++++++++++-------- 2 files changed, 77 insertions(+), 9 deletions(-) create mode 100644 dex-config.yaml diff --git a/dex-config.yaml b/dex-config.yaml new file mode 100644 index 0000000..6397bdf --- /dev/null +++ b/dex-config.yaml @@ -0,0 +1,30 @@ +issuer: http://localhost:5556 + +storage: + type: memory + +connectors: + - type: github + id: github + name: GitHub + config: + clientID: + clientSecret: + redirectURI: http://localhost:5556/callback + orgs: + - name: ECCNetLab + loadAllGroups: false + +oauth2: + skipApprovalScreen: true + +staticClients: + - id: growi-client + redirectURIs: + - "http://127.0.0.1:3000/passport/oidc/callback" + name: "Growi Wiki" + secret: growi-secret + +web: + http: 0.0.0.0:5556 + allowedOrigins: ["*"] diff --git a/docker-compose.yml b/docker-compose.yml index f39df76..d091c09 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,22 +1,35 @@ -version: '3' +version: "3" services: app: image: weseek/growi:7 ports: - - 127.0.0.1:3000:3000 # localhost only by default + - 3000:3000 links: - mongo:mongo - elasticsearch:elasticsearch + - dex:dex depends_on: - mongo: - condition: service_healthy - elasticsearch: - condition: service_healthy + mongo: + condition: service_healthy + elasticsearch: + condition: service_healthy + dex: + condition: service_healthy environment: + # Basic Growi settings - MONGO_URI=mongodb://mongo:27017/growi - ELASTICSEARCH_URI=http://elasticsearch:9200/growi - PASSWORD_SEED=changeme + - APP_SITE_URL=http://127.0.0.1:3000 + - SECRET_TOKEN=your-secret-token-here + + # OIDC settings for GitHub authentication via Dex + - OAUTH_OIDC_ISSUER_HOST=http://dex:5556 + - OAUTH_OIDC_CLIENT_ID=growi-client + - OAUTH_OIDC_CLIENT_SECRET=growi-secret + + # Optional settings (uncomment as needed) # - FILE_UPLOAD=mongodb # activate this line if you use MongoDB GridFS rather than AWS # - FILE_UPLOAD=local # activate this line if you use local storage of server rather than AWS # - MATHJAX=1 # activate this line if you want to use MathJax @@ -25,12 +38,37 @@ services: # - FORCE_WIKI_MODE='private' # activate this line to force wiki private mode entrypoint: "/docker-entrypoint.sh" - command: ["npm run migrate && node -r dotenv-flow/config --expose_gc dist/server/app.js"] - + command: + [ + "npm run migrate && node -r dotenv-flow/config --expose_gc dist/server/app.js", + ] restart: unless-stopped volumes: - growi_data:/data + dex: + image: ghcr.io/dexidp/dex:v2.43.1 + restart: unless-stopped + ports: + - "5556:5556" + volumes: + - ./dex-config.yaml:/etc/dex/config.yaml:ro + command: ["dex", "serve", "/etc/dex/config.yaml"] + environment: + - DEX_LISTEN=0.0.0.0:5556 + healthcheck: + test: + [ + "CMD", + "sh", + "-c", + "echo -e 'GET /healthz HTTP/1.1\\r\\nHost: localhost:5556\\r\\n\\r\\n' | nc localhost 5556 | grep -q '200 OK'", + ] + interval: 30s + timeout: 15s + retries: 3 + start_period: 45s + mongo: image: mongo:6.0 restart: unless-stopped @@ -49,7 +87,7 @@ services: dockerfile: ./Dockerfile environment: - bootstrap.memory_lock=true - - "ES_JAVA_OPTS=-Xms256m -Xmx256m" # increase amount if you have enough memory + - "ES_JAVA_OPTS=-Xms256m -Xmx256m" # increase amount if you have enough memory - LOG4J_FORMAT_MSG_NO_LOOKUPS=true # CVE-2021-44228 mitigation for Elasticsearch <= 6.8.20/7.16.0 ulimits: memlock: From dda908cc2b787929d0c213b8b468191261960e8f Mon Sep 17 00:00:00 2001 From: Fuuma Date: Thu, 29 May 2025 11:24:08 +0900 Subject: [PATCH 02/12] =?UTF-8?q?fix:=20dex=E3=81=AE=E3=82=A4=E3=83=A1?= =?UTF-8?q?=E3=83=BC=E3=82=B8=E3=82=92ghcr.io=E3=81=8B=E3=82=89docker.io?= =?UTF-8?q?=E3=81=AB=E5=A4=89=E6=9B=B4?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index d091c09..72b0c07 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -47,7 +47,7 @@ services: - growi_data:/data dex: - image: ghcr.io/dexidp/dex:v2.43.1 + image: docker.io/dexidp/dex:v2.43.1 restart: unless-stopped ports: - "5556:5556" From 4a275b3d56f9d6f84b7dd452ea750d44e2e31552 Mon Sep 17 00:00:00 2001 From: Fuuma Date: Thu, 29 May 2025 11:56:32 +0900 Subject: [PATCH 03/12] =?UTF-8?q?feat:=20dex=E3=82=92auth.netken.ecc-comp.?= =?UTF-8?q?com=E3=81=A7=E5=85=AC=E9=96=8B=E3=81=99=E3=82=8B=E3=82=88?= =?UTF-8?q?=E3=81=86=E3=81=AB=E5=A4=89=E6=9B=B4?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- dex-config.yaml | 4 ++-- docker-compose.override.yml | 5 ++++- docker-compose.yml | 4 ++-- 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/dex-config.yaml b/dex-config.yaml index 6397bdf..22eaac2 100644 --- a/dex-config.yaml +++ b/dex-config.yaml @@ -10,7 +10,7 @@ connectors: config: clientID: clientSecret: - redirectURI: http://localhost:5556/callback + redirectURI: https://auth.netken.ecc-comp.com/callback orgs: - name: ECCNetLab loadAllGroups: false @@ -21,7 +21,7 @@ oauth2: staticClients: - id: growi-client redirectURIs: - - "http://127.0.0.1:3000/passport/oidc/callback" + - "https://wiki.netken.ecc-comp.com/passport/oidc/callback" name: "Growi Wiki" secret: growi-secret diff --git a/docker-compose.override.yml b/docker-compose.override.yml index 356f461..a27adde 100644 --- a/docker-compose.override.yml +++ b/docker-compose.override.yml @@ -8,10 +8,13 @@ services: ports: - "80:80" - "443:443" + - "5556:5556" links: - app:app environment: - DOMAINS: "wiki.netken.ecc-comp.com -> http://app:3000" + DOMAINS: > + "wiki.netken.ecc-comp.com -> http://app:3000" + "auth.netken.ecc-comp.com -> http://dex:5556" STAGE: "production" FORCE_RENEW: "false" WEBSOCKET: "true" diff --git a/docker-compose.yml b/docker-compose.yml index 72b0c07..865553c 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -21,11 +21,11 @@ services: - MONGO_URI=mongodb://mongo:27017/growi - ELASTICSEARCH_URI=http://elasticsearch:9200/growi - PASSWORD_SEED=changeme - - APP_SITE_URL=http://127.0.0.1:3000 + - APP_SITE_URL=https://wiki.netken.ecc-comp.com - SECRET_TOKEN=your-secret-token-here # OIDC settings for GitHub authentication via Dex - - OAUTH_OIDC_ISSUER_HOST=http://dex:5556 + - OAUTH_OIDC_ISSUER_HOST=https://auth.netken.ecc-comp.com - OAUTH_OIDC_CLIENT_ID=growi-client - OAUTH_OIDC_CLIENT_SECRET=growi-secret From 88dcbcfed0a0a4a77dd678332e2b25b1632b1eb3 Mon Sep 17 00:00:00 2001 From: Fuuma Date: Thu, 29 May 2025 11:59:23 +0900 Subject: [PATCH 04/12] =?UTF-8?q?fix:=20docker-compose.override.yml?= =?UTF-8?q?=E3=81=AE=E7=92=B0=E5=A2=83=E5=A4=89=E6=95=B0DOMAINS=E3=82=92?= =?UTF-8?q?=E6=9B=B4=E6=96=B0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- docker-compose.override.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/docker-compose.override.yml b/docker-compose.override.yml index a27adde..63d3920 100644 --- a/docker-compose.override.yml +++ b/docker-compose.override.yml @@ -11,6 +11,7 @@ services: - "5556:5556" links: - app:app + - dex:dex environment: DOMAINS: > "wiki.netken.ecc-comp.com -> http://app:3000" From f48dc602db8b9d48d8f734abdae6e9c2a71a60fe Mon Sep 17 00:00:00 2001 From: Fuuma Date: Thu, 29 May 2025 12:02:43 +0900 Subject: [PATCH 05/12] =?UTF-8?q?fix:=20=E3=83=AA=E3=83=90=E3=83=BC?= =?UTF-8?q?=E3=82=B9=E3=83=97=E3=83=AD=E3=82=AD=E3=82=B7=E3=81=AA=E3=81=AE?= =?UTF-8?q?=E3=81=A75556=E3=82=92=E5=89=8A=E9=99=A4?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- docker-compose.override.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/docker-compose.override.yml b/docker-compose.override.yml index 63d3920..45b29b4 100644 --- a/docker-compose.override.yml +++ b/docker-compose.override.yml @@ -8,7 +8,6 @@ services: ports: - "80:80" - "443:443" - - "5556:5556" links: - app:app - dex:dex From 3216791f71f489489df51f7a97fa19e9a55f15e8 Mon Sep 17 00:00:00 2001 From: Fuuma Date: Thu, 29 May 2025 12:07:23 +0900 Subject: [PATCH 06/12] =?UTF-8?q?fix:=20=E8=A4=87=E6=95=B0=E3=81=AE?= =?UTF-8?q?=E3=83=89=E3=83=A1=E3=82=A4=E3=83=B3=E3=81=AE=E3=82=AB=E3=83=B3?= =?UTF-8?q?=E3=83=9E=E5=8C=BA=E5=88=87=E3=82=8A=E3=82=92=E8=BF=BD=E5=8A=A0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- docker-compose.override.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.override.yml b/docker-compose.override.yml index 45b29b4..707d367 100644 --- a/docker-compose.override.yml +++ b/docker-compose.override.yml @@ -13,7 +13,7 @@ services: - dex:dex environment: DOMAINS: > - "wiki.netken.ecc-comp.com -> http://app:3000" + "wiki.netken.ecc-comp.com -> http://app:3000", "auth.netken.ecc-comp.com -> http://dex:5556" STAGE: "production" FORCE_RENEW: "false" From 53c465144631e628f372242781450b9daca6174a Mon Sep 17 00:00:00 2001 From: Fuuma Date: Thu, 29 May 2025 12:11:30 +0900 Subject: [PATCH 07/12] =?UTF-8?q?fix:=20=E3=83=89=E3=82=AD=E3=83=A5?= =?UTF-8?q?=E3=83=A1=E3=83=B3=E3=83=88=E3=81=AB=E6=9B=B8=E3=81=84=E3=81=A6?= =?UTF-8?q?=E3=81=84=E3=82=8B=E3=81=8C=E3=80=81=E3=81=93=E3=81=AE=E6=9B=B8?= =?UTF-8?q?=E3=81=8D=E6=96=B9=E3=81=AF=E5=87=BA=E6=9D=A5=E3=81=AA=E3=81=84?= =?UTF-8?q?=E3=81=A3=E3=81=BD=E3=81=84=E3=81=AE=E3=81=A7=E4=BF=AE=E6=AD=A3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- docker-compose.override.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/docker-compose.override.yml b/docker-compose.override.yml index 707d367..eac561d 100644 --- a/docker-compose.override.yml +++ b/docker-compose.override.yml @@ -12,9 +12,7 @@ services: - app:app - dex:dex environment: - DOMAINS: > - "wiki.netken.ecc-comp.com -> http://app:3000", - "auth.netken.ecc-comp.com -> http://dex:5556" + DOMAINS: 'wiki.netken.ecc-comp.com -> http://app:3000, auth.netken.ecc-comp.com -> http://dex:5556' STAGE: "production" FORCE_RENEW: "false" WEBSOCKET: "true" From dcaa78e46708e96e6fb5016587d49858374c0147 Mon Sep 17 00:00:00 2001 From: Fuuma Date: Mon, 2 Jun 2025 03:17:10 +0900 Subject: [PATCH 08/12] =?UTF-8?q?add:=20allowOrings=E3=81=ABwiki.=E3=81=A8?= =?UTF-8?q?auth.=E3=82=92=E8=A8=AD=E5=AE=9A?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- dex-config.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/dex-config.yaml b/dex-config.yaml index 22eaac2..ee95001 100644 --- a/dex-config.yaml +++ b/dex-config.yaml @@ -27,4 +27,6 @@ staticClients: web: http: 0.0.0.0:5556 - allowedOrigins: ["*"] + allowedOrigins: + - "https://wiki.netken.ecc-comp.com" + - "https://auth.netken.ecc-comp.com" From 92acd07e0269624627f49bf946a27965147c62ab Mon Sep 17 00:00:00 2001 From: Fuuma Date: Mon, 2 Jun 2025 03:17:52 +0900 Subject: [PATCH 09/12] =?UTF-8?q?fix:=20issuer=E3=82=92http://dex=E3=81=AB?= =?UTF-8?q?=E5=A4=89=E6=9B=B4?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- dex-config.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dex-config.yaml b/dex-config.yaml index ee95001..9bba3fc 100644 --- a/dex-config.yaml +++ b/dex-config.yaml @@ -1,4 +1,4 @@ -issuer: http://localhost:5556 +issuer: http://dex:5556 storage: type: memory From 7c4f942d3e0020c0abbaf4a1360b28a2b14c7fb6 Mon Sep 17 00:00:00 2001 From: Fuuma Date: Mon, 2 Jun 2025 03:24:03 +0900 Subject: [PATCH 10/12] =?UTF-8?q?fix:=20issuer=E3=82=92docker=E3=83=8D?= =?UTF-8?q?=E3=83=83=E3=83=88=E3=83=AF=E3=83=BC=E3=82=AF=E5=86=85=E3=81=AB?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index 865553c..36e6b42 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -25,7 +25,7 @@ services: - SECRET_TOKEN=your-secret-token-here # OIDC settings for GitHub authentication via Dex - - OAUTH_OIDC_ISSUER_HOST=https://auth.netken.ecc-comp.com + - OAUTH_OIDC_ISSUER_HOST=http://dex:5556 - OAUTH_OIDC_CLIENT_ID=growi-client - OAUTH_OIDC_CLIENT_SECRET=growi-secret From c9d7fcd803f5f3f86aad6f858137ab7bf93d134a Mon Sep 17 00:00:00 2001 From: Fuuma Date: Mon, 2 Jun 2025 03:25:00 +0900 Subject: [PATCH 11/12] =?UTF-8?q?feat:=20dex=E3=81=AEhealthcheck=E6=99=82?= =?UTF-8?q?=E9=96=93=E3=82=92=E4=BB=96=E3=81=AB=E5=90=88=E3=82=8F=E3=81=9B?= =?UTF-8?q?=E3=81=9F?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- docker-compose.yml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 36e6b42..f0e7cbd 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -64,10 +64,9 @@ services: "-c", "echo -e 'GET /healthz HTTP/1.1\\r\\nHost: localhost:5556\\r\\n\\r\\n' | nc localhost 5556 | grep -q '200 OK'", ] - interval: 30s - timeout: 15s - retries: 3 - start_period: 45s + interval: 10s + timeout: 5s + retries: 6 mongo: image: mongo:6.0 From a2b4c9e0868287e21e62ee7ac5fac9659e389908 Mon Sep 17 00:00:00 2001 From: Fuuma Date: Mon, 2 Jun 2025 03:51:06 +0900 Subject: [PATCH 12/12] =?UTF-8?q?fix:=20github=E3=81=AEAuthorization=20cal?= =?UTF-8?q?lback=20URL=E3=81=AB=E5=90=88=E3=82=8F=E3=81=9B=E3=81=9F?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- dex-config.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dex-config.yaml b/dex-config.yaml index 9bba3fc..bcb0243 100644 --- a/dex-config.yaml +++ b/dex-config.yaml @@ -1,4 +1,4 @@ -issuer: http://dex:5556 +issuer: https://auth.netken.ecc-comp.com storage: type: memory