Skip to content

F
flowengine-docker
Commit dad7e3f2 by marwan
Options

add oauth

parent 3e211513
Showing with 63 additions and 29 deletions
.gitignore 0 → 100644
grafana.ini*
bk/
.env
docker-compose.yaml
services:
app:
image: dock.nexpie.com/stack/flowengine:1.3.5-2-f633d8d2
......@@ -8,34 +6,33 @@ services:
- store_data:/usr/local/store-data
ports:
- 30081:80
# environment:
# PROJECT_ID: "${SH_PROJECT_ID}"
# OAUTH_LOGIN: "TRUE"
# PASSWORD_LOGIN: "TRUE"
# AUTH_ENDPOINT: https://auth.nexiiot.io/dialog/authorize
# AUTH_PLATFORM_NAME: NEXIIOT
# GQLV2_ENDPOINT: https://gqlv2.nexiiot.io
# INSTANCE_NAME: NEXIIOT FlowEngine
# OAUTH_CLIENT_ID: ${SH_OAUTH_CLIENT_ID}
# OAUTH_CLIENT_SECRET: ${SH_OAUTH_CLIENT_SECRET}
# TOKEN_ENDPOINT: https://auth.nexiiot.io/oauth/token
# USERINFO_API_ENDPOINT: https://auth.nexiiot.io/api/userinfo
environment:
PROJECT_ID: ${NEXIIOT_PROJECT_ID}
OAUTH_LOGIN: ${NEXIIOT_OAUTH_LOGIN}
PASSWORD_LOGIN: ${NEXIIOT_PASSWORD_LOGIN}
AUTH_ENDPOINT: ${NEXIIOT_AUTH_ENDPOINT}
AUTH_PLATFORM_NAME: ${NEXIIOT_AUTH_PLATFORM_NAME}
GQLV2_ENDPOINT: ${NEXIIOT_GQLV2_ENDPOINT}
INSTANCE_NAME: ${NEXIIOT_INSTANCE_NAME}
OAUTH_CLIENT_ID: ${NEXIIOT_OAUTH_CLIENT_ID}
OAUTH_CLIENT_SECRET: ${NEXIIOT_OAUTH_CLIENT_SECRET}
TOKEN_ENDPOINT: ${NEXIIOT_TOKEN_ENDPOINT}
USERINFO_API_ENDPOINT: ${NEXIIOT_USERINFO_API_ENDPOINT}
influxdb:
image: docker.io/bitnami/influxdb:2.7.1
ports:
- 38087:8086
- 38089:8088
environment:
- INFLUXDB_ADMIN_USER_PASSWORD=nexiiotpassword
- INFLUXDB_ADMIN_USER_TOKEN=nexiiottoken
- INFLUXDB_ADMIN_USER_PASSWORD=${NEXIIOT_INFLUXDB_ADMIN_USER_PASSWORD}
- INFLUXDB_ADMIN_USER_TOKEN=${NEXIIOT_INFLUXDB_ADMIN_USER_TOKEN}
- INFLUXDB_PRIMARY_BUCKET=primary
- INFLUXDB_ADMIN_ORGANIZATION=primary
- INFLUXDB_RETENTION_PERIOD=4320 #24 * 180 อายุข้อมูล
- INFLUXDB_RETENTION_PERIOD=4320 #24 * 180 อายุข้อมูล -
- INFLUXDB_MONITOR_STORE_DATABASE="primary"
- INFLUXD_UI_DISABLED=false
- INFLUXD_REPORTING_DISABLED=false
- INFLUXD_NO_TASKS=false
- INFLUXD_UI_DISABLED=false
- INFLUXD_REPORTING_DISABLED=false
- INFLUXD_NO_TASKS=false
- INFLUXD_METRICS_DISABLED=false
volumes:
- influxdb:/bitnami/influxdb
......@@ -47,7 +44,7 @@ services:
- influxdb
entrypoint: ["bash","-c","bash /bitnami/script/init.bash $${INFLUXDB_ADMIN_ORGANIZATION} $${INFLUXDB_ADMIN_USER_TOKEN} http://influxdb:8086"]
environment:
- INFLUXDB_ADMIN_USER_TOKEN=nexiiottoken
- INFLUXDB_ADMIN_USER_TOKEN=${NEXIIOT_INFLUXDB_ADMIN_USER_TOKEN}
- INFLUXDB_ADMIN_ORGANIZATION=primary
volumes:
- ./bash-influx:/bitnami/script
......@@ -58,15 +55,29 @@ services:
ports:
- '33011:3000'
environment:
- 'GF_SECURITY_ADMIN_PASSWORD=nexiiot'
- GF_SECURITY_LOGIN_REMEMBER_DAYS=0"
- GF_SESSION_SESSION_LIFE_TIME=5"
- GF_SESSION_COOKIE_NAME=grafana_sess"
- GF_SECURITY_ADMIN_PASSWORD=${NEXIIOT_GF_SECURITY_ADMIN_PASSWORD}
- GF_SESSION_COOKIE_NAME=${NEXIIOT_GF_SESSION_COOKIE_NAME}
- GF_LOG_LEVEL=${NEXIIOT_GF_LOG_LEVEL}
- GF_SERVER_ROOT_URL=${NEXIIOT_GF_SERVER_ROOT_URL}
- GF_SECURITY_ALLOW_EMBEDDING=${NEXIIOT_GF_SECURITY_ALLOW_EMBEDDING}
- GF_AUTH_GENERIC_OAUTH_ENABLED=${NEXIIOT_GF_AUTH_GENERIC_OAUTH_ENABLED}
- GF_AUTH_GENERIC_OAUTH_NAME=${NEXIIOT_GF_AUTH_GENERIC_OAUTH_NAME}
- GF_AUTH_GENERIC_OAUTH_ALLOW_SIGN_UP=${NEXIIOT_GF_AUTH_GENERIC_OAUTH_ALLOW_SIGN_UP}
- GF_AUTH_GENERIC_OAUTH_CLIENT_ID=${NEXIIOT_GF_AUTH_GENERIC_OAUTH_CLIENT_ID}
- GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET=${NEXIIOT_GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET}
- GF_AUTH_GENERIC_OAUTH_SCOPES=${NEXIIOT_GF_AUTH_GENERIC_OAUTH_SCOPES}
- GF_AUTH_GENERIC_OAUTH_AUTH_URL=${NEXIIOT_GF_AUTH_GENERIC_OAUTH_AUTH_URL}
- GF_AUTH_GENERIC_OAUTH_TOKEN_URL=${NEXIIOT_GF_AUTH_GENERIC_OAUTH_TOKEN_URL}
- GF_AUTH_GENERIC_OAUTH_API_URL=${NEXIIOT_GF_AUTH_GENERIC_OAUTH_API_URL}
- GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH=${NEXIIOT_GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH}
- GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_STRICT=${NEXIIOT_GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_STRICT}
- GF_AUTH_GENERIC_OAUTH_REQUIRED_ROLE=${NEXIIOT_GF_AUTH_GENERIC_OAUTH_REQUIRED_ROLE}
volumes:
- grafana_data:/opt/bitnami/grafana/data
- ./grafana/datasources:/opt/bitnami/grafana/conf/provisioning/datasources/
- ./grafana/dashboard/templates:/var/lib/dashboards
- ./grafana/dashboard/conf:/opt/bitnami/grafana/conf/provisioning/dashboards/
# - ./grafana/dashboard/conf:/opt/bitnami/grafana/conf/provisioning/dashboards/
- ./grafana/config/grafana.ini:/opt/bitnami/grafana/conf/grafana.ini
- ./ssh:/opt/bitnami/ssh
......
grafana/config/grafana.ini
[log]
level = debug
[server]
root_url = https://test.flowengine.nexiiot.io
[auth.jwt]
# By default, auth.jwt is disabled.
cache_ttl = 600m
enabled = true
header_name = X-JWT-Assertion
auto_sign_up = true
username_claim = sub
email_claim = sub
url_login = true
key_file = /opt/bitnami/ssh/key.pem
role_attribute_path = role
skip_org_role_sync = true
allow_assign_grafana_admin = true
[security]
allow_embedding = true
[auth.generic_oauth]
enabled = true
name = Keycloak-OAuth
allow_sign_up = true
scopes = openid login
#from json of info
role_attribute_path = userid == 'U993736096545' && 'Editor'
#deny all unknow role when login
role_attribute_strict = true
required_role = true
client_id = b251a594295613c43543b1484aae2082
client_secret = 508dc83ac016e803b56ecfd9edd0f93803f82ac12c947aa05da48fea21885f2f
auth_url = https://auth.nexiiot.io/dialog/authorize
token_url = https://auth.nexiiot.io/oauth/token
api_url = https://auth.nexiiot.io/api/userinfo
#tls_skip_verify_insecure = true
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment