mirror of
https://github.com/opf/openproject.git
synced 2026-06-14 03:30:14 +00:00
Jan Sandbrink
e9d2d10712
The latest upgrades to our frontend stack prohibited access through the openproject.local hostname and also caused trouble with the previous setup where the frontend stack would proxy requests to the backend. Thus the default setup was now changed so that both frontend and backend are exposed to the browser via different hostnames. The main service to start will be the backend, which will redirect requests to certain assets to the frontend service (this was already integrated into the rails routes previously).
73 lines
2.8 KiB
YAML
73 lines
2.8 KiB
YAML
# Some containers (e.g. backend and workers) need some variables to be configured properly
|
|
x-op-env-override: &environment
|
|
OPENPROJECT_CLI_PROXY: "${OPENPROJECT_DEV_URL}"
|
|
OPENPROJECT_DEV_EXTRA_HOSTS: "${OPENPROJECT_DEV_HOST}"
|
|
OPENPROJECT_HTTPS: true
|
|
SSL_CERT_FILE: /etc/ssl/certs/ca-certificates.crt
|
|
# uncomment and set all the envs below to integrate keycloak with OpenProject
|
|
# OPENPROJECT_OPENID__CONNECT_KEYCLOAK_DISPLAY__NAME: Keycloak
|
|
# OPENPROJECT_OPENID__CONNECT_KEYCLOAK_HOST: keycloak.local
|
|
# OPENPROJECT_OPENID__CONNECT_KEYCLOAK_IDENTIFIER: https://openproject.local
|
|
# OPENPROJECT_OPENID__CONNECT_KEYCLOAK_SECRET: <The client secret you copied from keycloak>
|
|
# OPENPROJECT_OPENID__CONNECT_KEYCLOAK_ISSUER: https://keycloak.local/realms/<REALM>
|
|
# OPENPROJECT_OPENID__CONNECT_KEYCLOAK_AUTHORIZATION__ENDPOINT: /realms/<REALM>/protocol/openid-connect/auth
|
|
# OPENPROJECT_OPENID__CONNECT_KEYCLOAK_TOKEN__ENDPOINT: /realms/<REALM>/protocol/openid-connect/token
|
|
# OPENPROJECT_OPENID__CONNECT_KEYCLOAK_USERINFO__ENDPOINT: /realms/<REALM>/protocol/openid-connect/userinfo
|
|
# OPENPROJECT_OPENID__CONNECT_KEYCLOAK_END__SESSION__ENDPOINT: https://keycloak.local/realms/<REALM>/protocol/openid-connect/logout
|
|
|
|
services:
|
|
backend:
|
|
environment:
|
|
<<: *environment
|
|
OPENPROJECT_CLI_PROXY: "https://openproject-assets.local"
|
|
networks:
|
|
- external
|
|
volumes:
|
|
# Linux
|
|
- /etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt:ro
|
|
# Mac OS
|
|
# - ~/.step/certs:/etc/ssl/certs
|
|
# - ~/.step/certs:/usr/local/share/ca-certificates
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.openproject.rule=Host(`openproject.local`)"
|
|
- "traefik.http.routers.openproject.entrypoints=websecure"
|
|
|
|
worker:
|
|
environment:
|
|
<<: *environment
|
|
networks:
|
|
- external
|
|
volumes:
|
|
# Linux
|
|
- /etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt:ro
|
|
# Mac OS
|
|
# - ~/.step/certs:/etc/ssl/certs
|
|
# - ~/.step/certs:/usr/local/share/ca-certificates
|
|
|
|
backend-test:
|
|
# Connect the backend-test container to the same network as the backend for nextcloud HTTP interactions
|
|
networks:
|
|
- external
|
|
volumes:
|
|
# Linux
|
|
- /etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt:ro
|
|
# Mac OS
|
|
# - ~/.step/certs:/etc/ssl/certs
|
|
# - ~/.step/certs:/usr/local/share/ca-certificates
|
|
|
|
frontend:
|
|
networks:
|
|
- external
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.openproject-assets.rule=Host(`openproject-assets.local`)"
|
|
- "traefik.http.routers.openproject-assets.entrypoints=websecure"
|
|
|
|
# You need to define the same external network
|
|
# that is defined in the TLS proxy compose file
|
|
networks:
|
|
external:
|
|
name: gateway
|
|
external: true
|