From f0822ba66a1c9973cd7876162485d326cd8c809c Mon Sep 17 00:00:00 2001 From: Adrian Salamon Date: Sat, 26 Apr 2025 16:31:43 +0200 Subject: [PATCH 1/2] docker-compose sso --- Dockerfile.dev | 52 ++++++++++++++++++++++++++++++++++++++++++ docker-compose.yaml | 55 +++++++++++++++++++++++++++++++++++++++++++-- 2 files changed, 105 insertions(+), 2 deletions(-) create mode 100644 Dockerfile.dev diff --git a/Dockerfile.dev b/Dockerfile.dev new file mode 100644 index 0000000..c5ea0e0 --- /dev/null +++ b/Dockerfile.dev @@ -0,0 +1,52 @@ +ARG RUST_VERSION=1.82 +ARG DEBIAN_LTS=bookworm + +########## COMPILE PHASE ########## +FROM rust:${RUST_VERSION}-slim-${DEBIAN_LTS} AS build + +WORKDIR /hive + +# this looks strange but makes subsequent builds much faster +# because it leverages: +# - a cache mount to /usr/local/cargo/registry/ to avoid +# re-downloading all dependencies every time; +# - a cache mount to /hive/target to avoid re-compiling +# all dependencies every time; and +# - a bind mount to the sources to avoid copying them +# into the container every time +# after build we need to copy the binary to the container +# filesystem before /hive/target is unmounted +RUN --mount=type=cache,target=/usr/local/cargo/registry \ + --mount=type=cache,target=./target \ + --mount=type=bind,source=./Cargo.toml,target=./Cargo.toml \ + --mount=type=bind,source=./Cargo.lock,target=./Cargo.lock \ + --mount=type=bind,source=./src,target=./src \ + --mount=type=bind,source=./locales,target=./locales \ + --mount=type=bind,source=./migrations,target=./migrations \ + --mount=type=bind,source=./templates,target=./templates \ + --mount=type=bind,source=./rinja.toml,target=./rinja.toml \ + \ + cargo build --locked --release \ + && cp ./target/release/hive . + +########## RUN PHASE ########## +FROM debian:${DEBIAN_LTS}-slim AS final + +RUN apt-get update && apt-get install -y nginx + +ARG LOG_FILE=/var/log/hive.log + +RUN touch ${LOG_FILE} +ENV HIVE_LOG_FLE=${LOG_FILE} + +WORKDIR /hive +COPY --from=build /hive/hive . +COPY ./static /hive/static + +EXPOSE ${HIVE_PORT:-6869} + +HEALTHCHECK --interval=1m --timeout=20s --retries=3 \ + --start-period=5s --start-interval=1s \ + CMD curl -f http://localhost:${HIVE_PORT} || exit 1 + +ENTRYPOINT ["bash", "-c", "nginx && ./hive"] diff --git a/docker-compose.yaml b/docker-compose.yaml index 0ee9aed..1b4448a 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -1,12 +1,32 @@ services: + nyckeln: + image: ghcr.io/datasektionen/nyckeln-under-dorrmattan + configs: + - source: nyckeln.yaml + target: /config.yaml + ports: + - 7001:7001 + - 7002:7002 + - 7003:7003 + hive: - build: . + build: + context: . + dockerfile: Dockerfile.dev ports: - "6869:6869" - env_file: secrets.env environment: HIVE_DB_URL: postgresql://hive:hive@db:5432/hive TZ: Europe/Stockholm + HIVE_OIDC_ISSUER_URL: http://localhost:7003 + HIVE_OIDC_CLIENT_ID: client-id + HIVE_OIDC_CLIENT_SECRET: client-secret + HIVE_SECRET_KEY: 2be50af223f3257ee45f0f95127be5190579c411c1fea2ecec9c9fbdcfb30d3458742011dda42d07b7773a01ca136372c0b13f7b673cf2e3b350b6a7614af020 + + configs: + - source: nginx.conf + target: /etc/nginx/nginx.conf + develop: watch: - path: ./static @@ -50,3 +70,34 @@ services: volumes: hive-db-data: + +configs: + nyckeln.yaml: + content: | + clients: + - id: "client-id" + secret: "client-secret" + redirect_uris: + - "http://localhost:6869/auth/oidc-callback" + - "http://localhost:6869/auth/login" + + users: + - kth_id: turetek + email: turetek@kth.se + first_name: Ture + family_name: Teknolog + + # This is very cursed, but we proxy localhost:7003 to the nyckeln service, so + # that we can use the same http://localhost:7003 url for the oidc provider worker + # and the browser when logging in via oidc. + nginx.conf: + content: | + events {} + http { + server { + listen 7003; + location / { + proxy_pass http://nyckeln:7003; + } + } + } From 4e081e47ef3b5d1df5b827d2003443f1064b5de5 Mon Sep 17 00:00:00 2001 From: Adrian Salamon Date: Sat, 26 Apr 2025 16:39:21 +0200 Subject: [PATCH 2/2] remove unused ports for less confusion --- docker-compose.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/docker-compose.yaml b/docker-compose.yaml index 1b4448a..28c87d0 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -5,8 +5,6 @@ services: - source: nyckeln.yaml target: /config.yaml ports: - - 7001:7001 - - 7002:7002 - 7003:7003 hive: