From 5919ec076f11045da525a7752301edeec59368da Mon Sep 17 00:00:00 2001 From: sekulicd Date: Fri, 27 Oct 2023 13:58:15 +0200 Subject: [PATCH] per model auth --- docker-compose.premapp.premd.yml | 5 ++--- docker-compose.premg.yml | 36 ++++++++++++++++++++++++++++---- install.sh | 31 ++++++++++++++++----------- 3 files changed, 53 insertions(+), 19 deletions(-) diff --git a/docker-compose.premapp.premd.yml b/docker-compose.premapp.premd.yml index 011548a..c191c9f 100644 --- a/docker-compose.premapp.premd.yml +++ b/docker-compose.premapp.premd.yml @@ -17,7 +17,8 @@ services: - "traefik.enable=true" - "traefik.http.routers.premd.rule=PathPrefix(`/premd`)" - "traefik.http.middlewares.premd-strip-prefix.stripprefix.prefixes=/premd" - - "traefik.http.routers.premd.middlewares=premd-strip-prefix" + - "traefik.http.routers.premd.middlewares=auth,premd-strip-prefix" + - "traefik.http.middlewares.auth.forwardauth.address=http://authd:8080/auth/verify" ports: - "8084:8000" restart: unless-stopped @@ -36,8 +37,6 @@ services: - "traefik.http.routers.premapp-http.rule=PathPrefix(`/`)" - "traefik.http.routers.premapp-http.entrypoints=web" - "traefik.http.services.premapp.loadbalancer.server.port=8080" - - "traefik.http.middlewares.mybasicauth.basicauth.users=${BASIC_AUTH_CREDENTIALS}" - - "traefik.http.routers.premapp-http.middlewares=mybasicauth" ports: - "8085:8080" restart: unless-stopped diff --git a/docker-compose.premg.yml b/docker-compose.premg.yml index aeb90b4..113c9bf 100644 --- a/docker-compose.premg.yml +++ b/docker-compose.premg.yml @@ -33,7 +33,8 @@ services: - "traefik.enable=true" - "traefik.http.routers.dnsd.rule=PathPrefix(`/dnsd`)" - "traefik.http.middlewares.dnsd-strip-prefix.stripprefix.prefixes=/dnsd" - - "traefik.http.routers.dnsd.middlewares=dnsd-strip-prefix" + - "traefik.http.routers.dnsd.middlewares=dnsd-strip-prefix,auth" + - "traefik.http.middlewares.auth.forwardauth.address=http://authd:8080/auth/verify" depends_on: - dnsd-db-pg - authd @@ -53,7 +54,7 @@ services: environment: POSTGRES_USER: ${POSTGRES_USER} POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} - POSTGRES_DB: ${POSTGRES_DB} + POSTGRES_DB: ${DNSD_POSTGRES_DB} volumes: - dnsd-pg-data:/var/lib/postgresql/data restart: unless-stopped @@ -63,10 +64,37 @@ services: image: ${PREMG_AUTHD_IMAGE} networks: - prem-gateway + labels: + - "traefik.enable=true" + - "traefik.http.routers.authd.rule=PathPrefix(`/authd`)" + - "traefik.http.routers.authd.middlewares=authd-strip-prefix" + - "traefik.http.middlewares.authd-strip-prefix.stripprefix.prefixes=/authd" + environment: + PREM_GATEWAY_AUTH_ROOT_API_KEY: ${PREM_GATEWAY_AUTH_ROOT_API_KEY} + PREM_GATEWAY_AUTH_ADMIN_USER: ${PREM_GATEWAY_AUTH_ADMIN_USER} + PREM_GATEWAY_AUTH_ADMIN_PASS: ${PREM_GATEWAY_AUTH_ADMIN_PASS} + PREM_GATEWAY_AUTH_DB_HOST: authd-db-pg + depends_on: + - authd-db-pg ports: - "8081:8080" restart: unless-stopped + authd-db-pg: + container_name: authd-db-pg + image: postgres:14.7 + networks: + - prem-gateway + ports: + - "5433:5432" + environment: + POSTGRES_USER: ${POSTGRES_USER} + POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} + POSTGRES_DB: ${AUTHD_POSTGRES_DB} + volumes: + - authd-pg-data:/var/lib/postgresql/data + restart: unless-stopped + controllerd: container_name: controllerd image: ${PREMG_CONTROLLERD_IMAGE} @@ -79,7 +107,6 @@ services: user: root environment: LETSENCRYPT_PROD: ${LETSENCRYPT_PROD} - SERVICES: ${SERVICES} restart: unless-stopped networks: @@ -88,4 +115,5 @@ networks: volumes: dnsd-pg-data: - traefik-letsencrypt: \ No newline at end of file + traefik-letsencrypt: + authd-pg-data: \ No newline at end of file diff --git a/install.sh b/install.sh index 13e26f8..527810a 100644 --- a/install.sh +++ b/install.sh @@ -301,19 +301,26 @@ POSTGRES_PASSWORD=$(openssl rand -base64 8) echo "POSTGRES_PASSWORD=$POSTGRES_PASSWORD" > $ORIGINAL_HOME/prem/secrets # Export the generated password as an environment variable +export POSTGRES_USER=root export POSTGRES_PASSWORD +export DNSD_POSTGRES_DB=dnsd-db +export AUTHD_POSTGRES_DB=authd-db export LETSENCRYPT_PROD=true -export SERVICES=premd,premapp -export POSTGRES_USER=root -export POSTGRES_PASSWORD=secret -export POSTGRES_DB=dnsd-db # Generate a random password for the basic auth user -BASIC_AUTH_USER="admin" -BASIC_AUTH_PASS=$(openssl rand -base64 4) -HASH=$(openssl passwd -apr1 $BASIC_AUTH_PASS) -BASIC_AUTH_CREDENTIALS="$BASIC_AUTH_USER:$HASH" -echo "BASIC_AUTH_CREDS=$BASIC_AUTH_USER/$BASIC_AUTH_PASS" >> $ORIGINAL_HOME/prem/secrets -export BASIC_AUTH_CREDENTIALS +ADMIN_USERNAME="admin" +ADMIN_PASSWORD=$(openssl rand -base64 4) +ROOT_API_KEY=$(openssl rand -base64 8) + +PREM_GATEWAY_AUTH_ADMIN_USER=$ADMIN_USERNAME +PREM_GATEWAY_AUTH_ADMIN_PASS=$ADMIN_PASSWORD +PREM_GATEWAY_AUTH_ROOT_API_KEY=$ROOT_API_KEY +export PREM_GATEWAY_AUTH_ADMIN_USER +export PREM_GATEWAY_AUTH_ADMIN_PASS +export PREM_GATEWAY_AUTH_ROOT_API_KEY + +echo "ADMIN_USERNAME=$ADMIN_USERNAME" >> $ORIGINAL_HOME/prem/secrets +echo "ADMIN_PASSWORD=$ADMIN_PASSWORD" >> $ORIGINAL_HOME/prem/secrets +echo "ROOT_API_KEY=$ROOT_API_KEY" >> $ORIGINAL_HOME/prem/secrets echo "" echo "🏁 Starting Prem..." @@ -351,8 +358,8 @@ done echo -e "🎉 Congratulations! Your Prem instance is ready to use" echo "" echo "Please visit http://$(curl -4s https://ifconfig.io) to get started." -echo "Basic auth user: $BASIC_AUTH_USER" -echo "Basic auth pass: $BASIC_AUTH_PASS" +echo "Admin user: $ADMIN_USERNAME" +echo "Admin pass: $ADMIN_PASSWORD" echo "" echo "You secrets are stored in $ORIGINAL_HOME/prem/secrets" echo "ie. cat $ORIGINAL_HOME/prem/secrets"