From 205f87f987d9bbf34877a1819cefe1a9e998e9b1 Mon Sep 17 00:00:00 2001 From: Willy Kloucek Date: Fri, 5 Aug 2022 14:12:08 +0200 Subject: [PATCH] adapt deployment examples --- .../examples/oc10_ocis_parallel/docker-compose.yml | 12 +----------- .../examples/ocis_keycloak/docker-compose.yml | 10 +--------- 2 files changed, 2 insertions(+), 20 deletions(-) diff --git a/deployments/examples/oc10_ocis_parallel/docker-compose.yml b/deployments/examples/oc10_ocis_parallel/docker-compose.yml index 114398b744..c24ad7a6d2 100644 --- a/deployments/examples/oc10_ocis_parallel/docker-compose.yml +++ b/deployments/examples/oc10_ocis_parallel/docker-compose.yml @@ -70,6 +70,7 @@ services: environment: # Keycloak IDP specific configuration OCIS_OIDC_ISSUER: https://${KEYCLOAK_DOMAIN:-keycloak.owncloud.test}/auth/realms/${KEYCLOAK_REALM:-owncloud} + PROXY_OIDC_REWRITE_WELLKNOWN: "true" WEB_OIDC_CLIENT_ID: ocis-web WEB_OIDC_SCOPE: openid profile email owncloud # external ldap is supposed to be read only @@ -227,17 +228,6 @@ services: - "traefik.http.routers.keycloak.tls.certresolver=http" - "traefik.http.routers.keycloak.service=keycloak" - "traefik.http.services.keycloak.loadbalancer.server.port=8080" - # let /.well-known/openid-configuration be served by Keycloak - # so that clients (Desktop, iOS and Android) can detect OIDC, 302 redirect is not valid according RFC - # https://doc.owncloud.com/server/admin_manual/configuration/user/oidc/#set-up-service-discovery - - "traefik.http.middlewares.idp-headers.headers.customrequestheaders.X-Forwarded-Host=${KEYCLOAK_DOMAIN:-keycloak.owncloud.test}" - - "traefik.http.middlewares.idp-prefix.addprefix.prefix=/auth/realms/${KEYCLOAK_REALM:-owncloud}" - - "traefik.http.middlewares.idp-override.chain.middlewares=idp-headers,idp-prefix" - - "traefik.http.routers.idp-wellknown.entrypoints=https" - - "traefik.http.routers.idp-wellknown.tls.certresolver=http" - - "traefik.http.routers.idp-wellknown.rule=Host(`${CLOUD_DOMAIN:-cloud.owncloud.test}`) && Path(`/.well-known/openid-configuration`)" - - "traefik.http.routers.idp-wellknown.middlewares=idp-override" - - "traefik.http.routers.idp-wellknown.service=keycloak" logging: driver: "local" restart: always diff --git a/deployments/examples/ocis_keycloak/docker-compose.yml b/deployments/examples/ocis_keycloak/docker-compose.yml index 7fbb44ae95..630ca1b70e 100644 --- a/deployments/examples/ocis_keycloak/docker-compose.yml +++ b/deployments/examples/ocis_keycloak/docker-compose.yml @@ -57,6 +57,7 @@ services: # Keycloak IDP specific configuration PROXY_AUTOPROVISION_ACCOUNTS: "true" OCIS_OIDC_ISSUER: https://${KEYCLOAK_DOMAIN:-keycloak.owncloud.test}/auth/realms/${KEYCLOAK_REALM:-oCIS} + PROXY_OIDC_REWRITE_WELLKNOWN: "true" WEB_OIDC_CLIENT_ID: ${OCIS_OIDC_CLIENT_ID:-web} # general config OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test} @@ -121,15 +122,6 @@ services: - "traefik.http.routers.keycloak.tls.certresolver=http" - "traefik.http.routers.keycloak.service=keycloak" - "traefik.http.services.keycloak.loadbalancer.server.port=8080" - # let /.well-known/openid-configuration be served by Keycloak - - "traefik.http.middlewares.idp-headers.headers.customrequestheaders.X-Forwarded-Host=${KEYCLOAK_DOMAIN:-keycloak.owncloud.test}" - - "traefik.http.middlewares.idp-prefix.addprefix.prefix=/auth/realms/${KEYCLOAK_REALM:-oCIS}" - - "traefik.http.middlewares.idp-override.chain.middlewares=idp-headers,idp-prefix" - - "traefik.http.routers.idp-wellknown.entrypoints=https" - - "traefik.http.routers.idp-wellknown.tls.certresolver=http" - - "traefik.http.routers.idp-wellknown.rule=Host(`${OCIS_DOMAIN:-ocis.owncloud.test}`) && Path(`/.well-known/openid-configuration`)" - - "traefik.http.routers.idp-wellknown.middlewares=idp-override" - - "traefik.http.routers.idp-wellknown.service=keycloak" depends_on: - postgres logging: