Archives/gristlabs_grist-core
1
0
Fork 0
mirror of https://github.com/gristlabs/grist-core.git synced 2024-10-27 20:44:07 +00:00
Code Issues Projects Releases Wiki Activity

Makes small improvements to basic-auth setup

Browse Source
This commit is contained in:
Spoffy 2024-07-26 16:44:40 +01:00
parent 08ad5a510d
commit 8f07d2906d
2 changed files with 9 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
docker-compose-examples/grist-traefik-basic-auth/configs/traefik-dynamic-config.yml
View File

@ -10,27 +10,4 @@ http:
# E.g: `htpasswd -nB test@example.org` # E.g: `htpasswd -nB test@example.org`
users: users:
# The default username is "test@example.org". The default password is "test". # The default username is "test@example.org". The default password is "test".
- "test@example.org:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/" - "test@example.org:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
routers:
# General router for almost all Grist traffic.
general:
entrypoints:
- web
- websecure
rule: "HostRegexp(`.*`)"
service: grist@docker
tls:
certresolver: letsencrypt
# Separate Traefik router for the login pages.
# This allows a user to visit the site without hitting the basic auth login page.
login:
entrypoints:
- web
- websecure
rule: "PathPrefix(`/auth/login`) || PathPrefix(`/_oauth`)"
middlewares:
- grist-basic-auth
service: grist@docker
tls:
certresolver: letsencrypt

13
docker-compose-examples/grist-traefik-basic-auth/docker-compose.yml
View File

@ -13,8 +13,6 @@ services:
grist: grist:
image: gristlabs/grist:latest image: gristlabs/grist:latest
environment: environment:
# Use Python 3 instead of 2.
PYTHON_VERSION: 3
# Sets the header to look at for authentication # Sets the header to look at for authentication
GRIST_FORWARD_AUTH_HEADER: X-Forwarded-User GRIST_FORWARD_AUTH_HEADER: X-Forwarded-User
# Forces Grist to only use a single team called 'Example' # Forces Grist to only use a single team called 'Example'
@ -22,7 +20,7 @@ services:
# Force users to login (disable anonymous access) # Force users to login (disable anonymous access)
GRIST_FORCE_LOGIN: true GRIST_FORCE_LOGIN: true
# Base URL Grist redirects to when navigating. Change this to your domain. # Base URL Grist redirects to when navigating. Change this to your domain.
APP_HOME_URL: https://localhost APP_HOME_URL: https://grist.localhost
# Default email for the "Admin" account # Default email for the "Admin" account
GRIST_DEFAULT_EMAIL: test@example.org GRIST_DEFAULT_EMAIL: test@example.org
volumes: volumes:
@ -30,6 +28,11 @@ services:
- ./grist_local_data:/persist - ./grist_local_data:/persist
labels: labels:
- "traefik.http.services.grist.loadbalancer.server.port=8484" - "traefik.http.services.grist.loadbalancer.server.port=8484"
- "traefik.http.routers.grist.rule=Host(`grist.localhost`)"
- "traefik.http.routers.grist.tls.certresolver=letsencrypt"
- "traefik.http.routers.grist-auth.rule=Host(`grist.localhost`) && (PathPrefix(`/auth/login`) || PathPrefix(`/_oauth`))"
- "traefik.http.routers.grist-auth.middlewares=grist-basic-auth@file"
- "traefik.http.routers.grist-auth.tls.certresolver=letsencrypt"
traefik: traefik:
image: traefik:latest image: traefik:latest
@ -44,8 +47,8 @@ services:
- ./configs/traefik-config.yml:/etc/traefik/traefik.yml - ./configs/traefik-config.yml:/etc/traefik/traefik.yml
# Set the config file for the dynamic config, such as middleware. # Set the config file for the dynamic config, such as middleware.
- ./configs/traefik-dynamic-config.yml:/etc/traefik/dynamic/dynamic-config.yml - ./configs/traefik-dynamic-config.yml:/etc/traefik/dynamic/dynamic-config.yml
# You may want to put state somewhere other than /tmp :-) # Certificate location, if automatic certificate setup is enabled.
- /tmp/grist/acme:/acme - ./configs/acme:/acme
# Traefik needs docker access when configured via docker labels. # Traefik needs docker access when configured via docker labels.
- /var/run/docker.sock:/var/run/docker.sock - /var/run/docker.sock:/var/run/docker.sock
depends_on: depends_on: