Okupa_Mi_Coche/Okupa_mi_coche_-_Spring_boot_backend
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Development environment ready and documented

Browse Source
This commit is contained in:
Eneko Nieto
2021-04-23 02:33:21 +02:00
parent a1be51859c
commit 10402f4de0
4 changed files with 82 additions and 69 deletions
Download Patch File Download Diff File Expand all files Collapse all files

61
docker/README.md
View File

@@ -1,30 +1,45 @@
# Okupa mi coche - Docker containers for the backend
Travel management in the valley.
THIS PROJECT IS IN EARLY DEVELOPMENT - WORK IN PROGRESS (including this README)
Guide for seting up development environment for the backend.
## Setup
### Keycloak
`docker run --name keycloak -p 8080:8080 -p 8443:8443 --mount type=volume,src=https,dst=/etc/x509/https -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=admin --network=okupamicoche quay.io/keycloak/keycloak:12.0.4`
### Matrix
https://github.com/matrix-org/synapse/tree/master/docker
Add synapse in /etc/hosts as localhost alias.
`docker run -it --rm --mount type=volume,src=synapse-data,dst=/data -e SYNAPSE_SERVER_NAME=synapse -e SYNAPSE_REPORT_STATS=no matrixdotorg/synapse:latest generate`
`docker run --name synapse --mount type=volume,src=synapse-data,dst=/data -p 8008:8008 --network=okupamicoche matrixdotorg/synapse:latest`
1. Install Docker in local machine
2. Add following line to /etc/hosts
```
127.0.0.1 okupamicoche-keycloak okupamicoche-synapse
```
3. Run dockerized Keycloak
```
cd docker/keycloak
docker run --name okupamicoche-keycloak -p 8080:8080 -p 8443:8443 -v $(pwd)/https:/etc/x509/https \
-e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=admin --network=okupamicoche \
-e KEYCLOAK_IMPORT=/tmp/realm.json -v $(pwd)/okupamicoche-realm-export.json:/tmp/realm.json quay.io/keycloak/keycloak:12.0.4
```
4. Go to https://localhost:8443/auth/admin/master/console and login with user=admin pass=admin
5. In Clients -> synapse -> Credentials push Regenerate Secret and copy the secret
6. Open docker/synapse/data/homeserver.yaml and paste the secret to client_secret variable (inside oidc_providers section)
7. Build Synapse container
```
cd docker/synape
docker build -t okupamicoche-synapse .
```
8. Generate data folder for Synapse
```
docker run -it --rm \
--mount type=volume,src=synapse-data,dst=/data \
-e SYNAPSE_SERVER_NAME=okupamicoche-synapse \
-e SYNAPSE_REPORT_STATS=no \
okupamicoche-synapse generate
```
9. Run dockerized Synapse
```
docker run --name okupamicoche-synapse -p 8008:8008 --mount type=volume,src=synapse-data,dst=/data \
-e SYNAPSE_CONFIG_PATH=/homeserver.yaml \
-v $(pwd)/homeserver.yaml:/homeserver.yaml --network=okupamicoche okupamicoche-synapse
```
## Run
`docker restart keycloak`
`docker restart synapse`
`docker start okupamicoche-keycloak`
`docker start okupamicoche-synapse`
## Inspect containter
`docker exec -t -i synapse /bin/bash`
## Setup using Docker Compose
sudo chown 991:991 -R synapse-data/
Copy ca.pem, root.pem and keycloak.pem to /usr/local/share/ca-certificates in synapse container and run update-ca-certificates
`docker exec -t -i okupamicoche-synapse /bin/bash`

84
docker/keycloak/okupamicoche-realm-export.json
View File

@@ -501,8 +501,8 @@
"defaultClientScopes": [
"web-origins",
"role_list",
"profile",
"roles",
"profile",
"email"
],
"optionalClientScopes": [
@@ -743,19 +743,18 @@
{
"id": "a68779c0-75db-433e-93fd-0a5bcc0601d9",
"clientId": "synapse",
"rootUrl": "http://localhost:8008/",
"adminUrl": "http://localhost:8008/",
"rootUrl": "http://okupamicoche-synapse:8008/",
"adminUrl": "http://okupamicoche-synapse:8008/",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret",
"secret": "**********",
"redirectUris": [
"http://localhost:8008/*",
"https://okupamicoche-synapse:8448/_synapse/client/oidc/callback"
"http://okupamicoche-synapse:8008/_synapse/client/oidc/callback"
],
"webOrigins": [
"http://localhost:8008"
"http://okupamicoche-synapse:8008"
],
"notBefore": 0,
"bearerOnly": false,
@@ -791,8 +790,8 @@
"defaultClientScopes": [
"web-origins",
"role_list",
"profile",
"roles",
"profile",
"email"
],
"optionalClientScopes": [
@@ -896,6 +895,7 @@
"consentRequired": false,
"config": {
"multivalued": "true",
"userinfo.token.claim": "true",
"user.attribute": "foo",
"id.token.claim": "true",
"access.token.claim": "true",
@@ -1289,17 +1289,17 @@
}
],
"defaultDefaultClientScopes": [
"role_list",
"profile",
"email",
"roles",
"web-origins"
"web-origins",
"role_list",
"profile"
],
"defaultOptionalClientScopes": [
"offline_access",
"address",
"phone",
"microprofile-jwt"
"offline_access",
"microprofile-jwt",
"address"
],
"browserSecurityHeaders": {
"contentSecurityPolicyReportOnly": "",
@@ -1330,14 +1330,14 @@
"subComponents": {},
"config": {
"allowed-protocol-mapper-types": [
"oidc-address-mapper",
"oidc-sha256-pairwise-sub-mapper",
"saml-role-list-mapper",
"saml-user-attribute-mapper",
"saml-user-property-mapper",
"oidc-sha256-pairwise-sub-mapper",
"saml-role-list-mapper",
"oidc-full-name-mapper",
"oidc-address-mapper",
"oidc-usermodel-property-mapper",
"oidc-usermodel-attribute-mapper",
"oidc-full-name-mapper"
"oidc-usermodel-attribute-mapper"
]
}
},
@@ -1377,12 +1377,12 @@
"subComponents": {},
"config": {
"allowed-protocol-mapper-types": [
"saml-role-list-mapper",
"oidc-address-mapper",
"oidc-full-name-mapper",
"saml-user-attribute-mapper",
"oidc-usermodel-attribute-mapper",
"oidc-full-name-mapper",
"oidc-sha256-pairwise-sub-mapper",
"saml-role-list-mapper",
"oidc-usermodel-property-mapper",
"saml-user-property-mapper"
]
@@ -1471,7 +1471,7 @@
"supportedLocales": [],
"authenticationFlows": [
{
"id": "348ea7b1-80f0-47cf-8d33-a08c5c6e1f09",
"id": "bcb85566-3957-4e56-8e14-eb221a9a93ce",
"alias": "Account verification options",
"description": "Method with which to verity the existing account",
"providerId": "basic-flow",
@@ -1495,7 +1495,7 @@
]
},
{
"id": "e0318ca9-7e45-4c40-a730-38e6ff14e73e",
"id": "7a38fd51-d8c2-4d2f-85fc-d50652a80579",
"alias": "Authentication Options",
"description": "Authentication options.",
"providerId": "basic-flow",
@@ -1526,7 +1526,7 @@
]
},
{
"id": "d53c7b49-ed1f-474a-ac5c-305482d67b27",
"id": "45a3f0e7-aaf6-402f-971f-5ca29994e006",
"alias": "Browser - Conditional OTP",
"description": "Flow to determine if the OTP is required for the authentication",
"providerId": "basic-flow",
@@ -1550,7 +1550,7 @@
]
},
{
"id": "ac15c601-6909-4c50-955d-ee1c2b2f9c92",
"id": "b759fcd6-a460-4024-83fb-53b179f77544",
"alias": "Direct Grant - Conditional OTP",
"description": "Flow to determine if the OTP is required for the authentication",
"providerId": "basic-flow",
@@ -1574,7 +1574,7 @@
]
},
{
"id": "961d16f4-c350-475e-8005-e33dfc84c7ea",
"id": "3aac1ee1-edbe-4238-bc99-f30bf711c0e8",
"alias": "First broker login - Conditional OTP",
"description": "Flow to determine if the OTP is required for the authentication",
"providerId": "basic-flow",
@@ -1598,7 +1598,7 @@
]
},
{
"id": "46ab9ef8-f125-48be-a5c5-493f0515b7c0",
"id": "e59a8f9c-f56b-423a-91d3-9833cd107cf3",
"alias": "Handle Existing Account",
"description": "Handle what to do if there is existing account with same email/username like authenticated identity provider",
"providerId": "basic-flow",
@@ -1622,7 +1622,7 @@
]
},
{
"id": "8835098a-dd6e-45ac-ad70-57bf2b133524",
"id": "79937470-7f2e-49e1-86ef-1195f8b10130",
"alias": "Reset - Conditional OTP",
"description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.",
"providerId": "basic-flow",
@@ -1646,7 +1646,7 @@
]
},
{
"id": "3223df9d-d6a4-4a22-a36f-e9063a3ccdd0",
"id": "f5c4875a-c375-4a59-b7a5-7ac2c2efde7a",
"alias": "User creation or linking",
"description": "Flow for the existing/non-existing user alternatives",
"providerId": "basic-flow",
@@ -1671,7 +1671,7 @@
]
},
{
"id": "2afe27f6-e689-423d-a2a8-0bd7015432e4",
"id": "1df89ef0-c3eb-4e37-94cb-61ff6d39c615",
"alias": "Verify Existing Account by Re-authentication",
"description": "Reauthentication of existing account",
"providerId": "basic-flow",
@@ -1695,7 +1695,7 @@
]
},
{
"id": "862a2be3-eae3-43fb-aad7-b8ffe31563e6",
"id": "5f29ce6a-abcb-4087-9d57-d7a2afce6ef0",
"alias": "browser",
"description": "browser based authentication",
"providerId": "basic-flow",
@@ -1733,7 +1733,7 @@
]
},
{
"id": "b26051f0-cb8b-4c35-abed-be1bcdc313f5",
"id": "77e7f21f-71ae-4209-9291-e6724aba9dee",
"alias": "clients",
"description": "Base authentication for clients",
"providerId": "client-flow",
@@ -1771,7 +1771,7 @@
]
},
{
"id": "a9ab7720-b194-44a3-871a-623a8dd7b0f6",
"id": "d5cb48c7-26cc-48c5-ba75-e718c22bf0c9",
"alias": "direct grant",
"description": "OpenID Connect Resource Owner Grant",
"providerId": "basic-flow",
@@ -1802,7 +1802,7 @@
]
},
{
"id": "11dcf751-b389-4f7a-9cb1-c349d5587919",
"id": "c5547006-3abe-4c7f-91ce-d8ed3676272c",
"alias": "docker auth",
"description": "Used by Docker clients to authenticate against the IDP",
"providerId": "basic-flow",
@@ -1819,7 +1819,7 @@
]
},
{
"id": "27a49d77-9e15-4f91-9572-97f7bb214718",
"id": "fbf9354a-a8e9-4658-87c0-ef9ab01f2b88",
"alias": "first broker login",
"description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account",
"providerId": "basic-flow",
@@ -1844,7 +1844,7 @@
]
},
{
"id": "bd3697e0-c53b-4795-ba24-b3577753c1df",
"id": "7dc8b36e-cf25-46e5-b28e-9df0fb394af6",
"alias": "forms",
"description": "Username, password, otp and other auth forms.",
"providerId": "basic-flow",
@@ -1868,7 +1868,7 @@
]
},
{
"id": "2c2b1787-ac08-48da-9aa8-ae13e34de6f7",
"id": "2469f58e-3c54-45a3-b6f1-abdb1ed3fbb5",
"alias": "http challenge",
"description": "An authentication flow based on challenge-response HTTP Authentication Schemes",
"providerId": "basic-flow",
@@ -1892,7 +1892,7 @@
]
},
{
"id": "b371ea7e-611e-4bc1-81a5-950390f6a545",
"id": "735ece4d-c23e-4a52-8d30-7a2cc774a0aa",
"alias": "registration",
"description": "registration flow",
"providerId": "basic-flow",
@@ -1910,7 +1910,7 @@
]
},
{
"id": "43c527b9-2cea-4d97-a46a-f6c1e362aa9f",
"id": "129f743f-920b-4204-a546-26ee8709de5f",
"alias": "registration form",
"description": "registration form",
"providerId": "form-flow",
@@ -1948,7 +1948,7 @@
]
},
{
"id": "1a265a7e-dbb1-4998-bf81-ebba63947da7",
"id": "4ce15dcf-0c06-47bf-930d-ef4d85b018b2",
"alias": "reset credentials",
"description": "Reset credentials for a user if they forgot their password or something",
"providerId": "basic-flow",
@@ -1986,7 +1986,7 @@
]
},
{
"id": "8ae7480c-9be1-4048-930a-7c1f75539d6e",
"id": "2fc84240-3e96-4780-a576-e016ee9e1350",
"alias": "saml ecp",
"description": "SAML ECP Profile Authentication Flow",
"providerId": "basic-flow",
@@ -2005,14 +2005,14 @@
],
"authenticatorConfig": [
{
"id": "6ec25acf-4c76-4aa8-b2ed-f2c15ec849aa",
"id": "2951f36b-7903-4ad3-9b5d-5b4f72a61b04",
"alias": "create unique user config",
"config": {
"require.password.update.after.registration": "false"
}
},
{
"id": "4b1d97f6-3b0e-47b8-a87a-e8084c800510",
"id": "141914b4-63e4-4d72-b507-e032e65615bf",
"alias": "review profile config",
"config": {
"update.profile.on.first.login": "missing"

2
docker/synapse/.gitignore vendored
View File

@@ -1,2 +0,0 @@
data/
!data/homeserver.yaml

4
docker/synapse/data/homeserver.yaml → docker/synapse/homeserver.yaml
View File

@@ -21,7 +21,7 @@ database:
args:
database: /data/homeserver.db
log_config: "/data/okupamicoche-synapse.log.config"
#media_store_path: "/data/media_store"
media_store_path: "/data/media_store"
registration_shared_secret: "Y_XNuno*Dh,T2IpHA;i,bWF^fg&x.*t=iEz*@:y5REBMhgCA63"
report_stats: false
macaroon_secret_key: "6VvBQj_TedGcDDB_z,-qXV1W3:.CXrRG6AWF&4p:~iGNguy&_h"
@@ -35,7 +35,7 @@ oidc_providers:
idp_name: Keycloak
issuer: "https://okupamicoche-keycloak:8443/auth/realms/okupamicoche"
client_id: "synapse"
client_secret: "40cf8d3a-f910-4617-b290-7b5b12f6ae87"
client_secret: "2d2b51cf-09ab-44a3-97d8-b7c3c5289c87"
scopes: [ "openid", "profile" ]
user_mapping_provider:
config: