Skip to content

F
flowengine-docker
Commit dad7e3f2 by marwan
Options

add oauth

parent 3e211513
Showing with 63 additions and 29 deletions
.gitignore 0 → 100644
grafana.ini*
bk/
.env
docker-compose.yaml
services: services:
app: app:
image: dock.nexpie.com/stack/flowengine:1.3.5-2-f633d8d2 image: dock.nexpie.com/stack/flowengine:1.3.5-2-f633d8d2
...@@ -8,34 +6,33 @@ services: ...@@ -8,34 +6,33 @@ services:
- store_data:/usr/local/store-data - store_data:/usr/local/store-data
ports: ports:
- 30081:80 - 30081:80
# environment: environment:
# PROJECT_ID: "${SH_PROJECT_ID}" PROJECT_ID: ${NEXIIOT_PROJECT_ID}
# OAUTH_LOGIN: "TRUE" OAUTH_LOGIN: ${NEXIIOT_OAUTH_LOGIN}
# PASSWORD_LOGIN: "TRUE" PASSWORD_LOGIN: ${NEXIIOT_PASSWORD_LOGIN}
# AUTH_ENDPOINT: https://auth.nexiiot.io/dialog/authorize AUTH_ENDPOINT: ${NEXIIOT_AUTH_ENDPOINT}
# AUTH_PLATFORM_NAME: NEXIIOT AUTH_PLATFORM_NAME: ${NEXIIOT_AUTH_PLATFORM_NAME}
# GQLV2_ENDPOINT: https://gqlv2.nexiiot.io GQLV2_ENDPOINT: ${NEXIIOT_GQLV2_ENDPOINT}
# INSTANCE_NAME: NEXIIOT FlowEngine INSTANCE_NAME: ${NEXIIOT_INSTANCE_NAME}
# OAUTH_CLIENT_ID: ${SH_OAUTH_CLIENT_ID} OAUTH_CLIENT_ID: ${NEXIIOT_OAUTH_CLIENT_ID}
# OAUTH_CLIENT_SECRET: ${SH_OAUTH_CLIENT_SECRET} OAUTH_CLIENT_SECRET: ${NEXIIOT_OAUTH_CLIENT_SECRET}
# TOKEN_ENDPOINT: https://auth.nexiiot.io/oauth/token TOKEN_ENDPOINT: ${NEXIIOT_TOKEN_ENDPOINT}
# USERINFO_API_ENDPOINT: https://auth.nexiiot.io/api/userinfo USERINFO_API_ENDPOINT: ${NEXIIOT_USERINFO_API_ENDPOINT}
influxdb: influxdb:
image: docker.io/bitnami/influxdb:2.7.1 image: docker.io/bitnami/influxdb:2.7.1
ports: ports:
- 38087:8086 - 38087:8086
- 38089:8088 - 38089:8088
environment: environment:
- INFLUXDB_ADMIN_USER_PASSWORD=nexiiotpassword - INFLUXDB_ADMIN_USER_PASSWORD=${NEXIIOT_INFLUXDB_ADMIN_USER_PASSWORD}
- INFLUXDB_ADMIN_USER_TOKEN=nexiiottoken - INFLUXDB_ADMIN_USER_TOKEN=${NEXIIOT_INFLUXDB_ADMIN_USER_TOKEN}
- INFLUXDB_PRIMARY_BUCKET=primary - INFLUXDB_PRIMARY_BUCKET=primary
- INFLUXDB_ADMIN_ORGANIZATION=primary - INFLUXDB_ADMIN_ORGANIZATION=primary
- INFLUXDB_RETENTION_PERIOD=4320 #24 * 180 อายุข้อมูล - INFLUXDB_RETENTION_PERIOD=4320 #24 * 180 อายุข้อมูล -
- INFLUXDB_MONITOR_STORE_DATABASE="primary" - INFLUXDB_MONITOR_STORE_DATABASE="primary"
- INFLUXD_UI_DISABLED=false - INFLUXD_UI_DISABLED=false
- INFLUXD_REPORTING_DISABLED=false - INFLUXD_REPORTING_DISABLED=false
- INFLUXD_NO_TASKS=false - INFLUXD_NO_TASKS=false
- INFLUXD_METRICS_DISABLED=false - INFLUXD_METRICS_DISABLED=false
volumes: volumes:
- influxdb:/bitnami/influxdb - influxdb:/bitnami/influxdb
...@@ -47,7 +44,7 @@ services: ...@@ -47,7 +44,7 @@ services:
- influxdb - influxdb
entrypoint: ["bash","-c","bash /bitnami/script/init.bash $${INFLUXDB_ADMIN_ORGANIZATION} $${INFLUXDB_ADMIN_USER_TOKEN} http://influxdb:8086"] entrypoint: ["bash","-c","bash /bitnami/script/init.bash $${INFLUXDB_ADMIN_ORGANIZATION} $${INFLUXDB_ADMIN_USER_TOKEN} http://influxdb:8086"]
environment: environment:
- INFLUXDB_ADMIN_USER_TOKEN=nexiiottoken - INFLUXDB_ADMIN_USER_TOKEN=${NEXIIOT_INFLUXDB_ADMIN_USER_TOKEN}
- INFLUXDB_ADMIN_ORGANIZATION=primary - INFLUXDB_ADMIN_ORGANIZATION=primary
volumes: volumes:
- ./bash-influx:/bitnami/script - ./bash-influx:/bitnami/script
...@@ -58,15 +55,29 @@ services: ...@@ -58,15 +55,29 @@ services:
ports: ports:
- '33011:3000' - '33011:3000'
environment: environment:
- 'GF_SECURITY_ADMIN_PASSWORD=nexiiot' - GF_SECURITY_ADMIN_PASSWORD=${NEXIIOT_GF_SECURITY_ADMIN_PASSWORD}
- GF_SECURITY_LOGIN_REMEMBER_DAYS=0" - GF_SESSION_COOKIE_NAME=${NEXIIOT_GF_SESSION_COOKIE_NAME}
- GF_SESSION_SESSION_LIFE_TIME=5"
- GF_SESSION_COOKIE_NAME=grafana_sess" - GF_LOG_LEVEL=${NEXIIOT_GF_LOG_LEVEL}
- GF_SERVER_ROOT_URL=${NEXIIOT_GF_SERVER_ROOT_URL}
- GF_SECURITY_ALLOW_EMBEDDING=${NEXIIOT_GF_SECURITY_ALLOW_EMBEDDING}
- GF_AUTH_GENERIC_OAUTH_ENABLED=${NEXIIOT_GF_AUTH_GENERIC_OAUTH_ENABLED}
- GF_AUTH_GENERIC_OAUTH_NAME=${NEXIIOT_GF_AUTH_GENERIC_OAUTH_NAME}
- GF_AUTH_GENERIC_OAUTH_ALLOW_SIGN_UP=${NEXIIOT_GF_AUTH_GENERIC_OAUTH_ALLOW_SIGN_UP}
- GF_AUTH_GENERIC_OAUTH_CLIENT_ID=${NEXIIOT_GF_AUTH_GENERIC_OAUTH_CLIENT_ID}
- GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET=${NEXIIOT_GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET}
- GF_AUTH_GENERIC_OAUTH_SCOPES=${NEXIIOT_GF_AUTH_GENERIC_OAUTH_SCOPES}
- GF_AUTH_GENERIC_OAUTH_AUTH_URL=${NEXIIOT_GF_AUTH_GENERIC_OAUTH_AUTH_URL}
- GF_AUTH_GENERIC_OAUTH_TOKEN_URL=${NEXIIOT_GF_AUTH_GENERIC_OAUTH_TOKEN_URL}
- GF_AUTH_GENERIC_OAUTH_API_URL=${NEXIIOT_GF_AUTH_GENERIC_OAUTH_API_URL}
- GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH=${NEXIIOT_GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH}
- GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_STRICT=${NEXIIOT_GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_STRICT}
- GF_AUTH_GENERIC_OAUTH_REQUIRED_ROLE=${NEXIIOT_GF_AUTH_GENERIC_OAUTH_REQUIRED_ROLE}
volumes: volumes:
- grafana_data:/opt/bitnami/grafana/data - grafana_data:/opt/bitnami/grafana/data
- ./grafana/datasources:/opt/bitnami/grafana/conf/provisioning/datasources/ - ./grafana/datasources:/opt/bitnami/grafana/conf/provisioning/datasources/
- ./grafana/dashboard/templates:/var/lib/dashboards - ./grafana/dashboard/templates:/var/lib/dashboards
- ./grafana/dashboard/conf:/opt/bitnami/grafana/conf/provisioning/dashboards/ # - ./grafana/dashboard/conf:/opt/bitnami/grafana/conf/provisioning/dashboards/
- ./grafana/config/grafana.ini:/opt/bitnami/grafana/conf/grafana.ini - ./grafana/config/grafana.ini:/opt/bitnami/grafana/conf/grafana.ini
- ./ssh:/opt/bitnami/ssh - ./ssh:/opt/bitnami/ssh
......
grafana/config/grafana.ini
[log]
level = debug
[server]
root_url = https://test.flowengine.nexiiot.io
[auth.jwt] [auth.jwt]
# By default, auth.jwt is disabled. # By default, auth.jwt is disabled.
cache_ttl = 600m cache_ttl = 600m
enabled = true enabled = true
header_name = X-JWT-Assertion header_name = X-JWT-Assertion
auto_sign_up = true auto_sign_up = true
username_claim = sub username_claim = sub
email_claim = sub email_claim = sub
url_login = true url_login = true
key_file = /opt/bitnami/ssh/key.pem key_file = /opt/bitnami/ssh/key.pem
role_attribute_path = role role_attribute_path = role
skip_org_role_sync = true skip_org_role_sync = true
allow_assign_grafana_admin = true allow_assign_grafana_admin = true
[security] [security]
allow_embedding = true allow_embedding = true
[auth.generic_oauth]
enabled = true
name = Keycloak-OAuth
allow_sign_up = true
scopes = openid login
#from json of info
role_attribute_path = userid == 'U993736096545' && 'Editor'
#deny all unknow role when login
role_attribute_strict = true
required_role = true
client_id = b251a594295613c43543b1484aae2082
client_secret = 508dc83ac016e803b56ecfd9edd0f93803f82ac12c947aa05da48fea21885f2f
auth_url = https://auth.nexiiot.io/dialog/authorize
token_url = https://auth.nexiiot.io/oauth/token
api_url = https://auth.nexiiot.io/api/userinfo
#tls_skip_verify_insecure = true
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment