fix: generate CAMELEER_SERVER_SECURITY_JWTSECRET in installer and wire into containers
The server now requires a non-empty JWT secret. The installer (bash + ps1) generates a random value for both SaaS and standalone modes, and the compose templates map it into the respective containers. Also fixes container names in generated INSTALL.md docs to use the cameleer- prefix consistently. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
hsiegeln
@@ -578,32 +578,37 @@ function Generate-EnvFile {
|
||||
$ts = (Get-Date -Format 'yyyy-MM-dd HH:mm:ss') + ' UTC'
|
||||
$bt = Generate-Password
|
||||
|
||||
$jwtSecret = Generate-Password
|
||||
|
||||
if ($c.DeploymentMode -eq 'standalone') {
|
||||
$content = @"
|
||||
# Cameleer Server Configuration (standalone)
|
||||
# Generated by installer v${CAMELEER_INSTALLER_VERSION} on $ts
|
||||
|
||||
|
||||
VERSION=$($c.Version)
|
||||
PUBLIC_HOST=$($c.PublicHost)
|
||||
PUBLIC_PROTOCOL=$($c.PublicProtocol)
|
||||
HTTP_PORT=$($c.HttpPort)
|
||||
HTTPS_PORT=$($c.HttpsPort)
|
||||
|
||||
|
||||
# PostgreSQL
|
||||
POSTGRES_USER=cameleer
|
||||
POSTGRES_PASSWORD=$($c.PostgresPassword)
|
||||
POSTGRES_DB=cameleer
|
||||
|
||||
|
||||
# ClickHouse
|
||||
CLICKHOUSE_PASSWORD=$($c.ClickhousePassword)
|
||||
|
||||
|
||||
# Server admin
|
||||
SERVER_ADMIN_USER=$($c.AdminUser)
|
||||
SERVER_ADMIN_PASS=$($c.AdminPass)
|
||||
|
||||
|
||||
# Bootstrap token
|
||||
BOOTSTRAP_TOKEN=$bt
|
||||
|
||||
|
||||
# JWT signing secret (required by server, must be non-empty)
|
||||
CAMELEER_SERVER_SECURITY_JWTSECRET=$jwtSecret
|
||||
|
||||
# Docker
|
||||
DOCKER_SOCKET=$($c.DockerSocket)
|
||||
DOCKER_GID=$gid
|
||||
@@ -668,6 +673,9 @@ DOCKER_GID=$gid
|
||||
CAMELEER_SAAS_PROVISIONING_SERVERIMAGE=${REGISTRY}/cameleer-server:$($c.Version)
|
||||
CAMELEER_SAAS_PROVISIONING_SERVERUIIMAGE=${REGISTRY}/cameleer-server-ui:$($c.Version)
|
||||
CAMELEER_SAAS_PROVISIONING_RUNTIMEBASEIMAGE=${REGISTRY}/cameleer-runtime-base:$($c.Version)
|
||||
|
||||
# JWT signing secret (forwarded to provisioned tenant servers, must be non-empty)
|
||||
CAMELEER_SERVER_SECURITY_JWTSECRET=$jwtSecret
|
||||
"@
|
||||
$content += $provisioningBlock
|
||||
$composeFile = 'docker-compose.yml;docker-compose.saas.yml'
|
||||
@@ -1033,10 +1041,10 @@ $logtoConsoleRow
|
||||
|
||||
| Container | Purpose |
|
||||
|---|---|
|
||||
| ``traefik`` | Reverse proxy, TLS termination, routing |
|
||||
| ``postgres`` | PostgreSQL database (SaaS + Logto + tenant schemas) |
|
||||
| ``clickhouse`` | Time-series storage (traces, metrics, logs) |
|
||||
| ``logto`` | OIDC identity provider + bootstrap |
|
||||
| ``cameleer-traefik`` | Reverse proxy, TLS termination, routing |
|
||||
| ``cameleer-postgres`` | PostgreSQL database (SaaS + Logto + tenant schemas) |
|
||||
| ``cameleer-clickhouse`` | Time-series storage (traces, metrics, logs) |
|
||||
| ``cameleer-logto`` | OIDC identity provider + bootstrap |
|
||||
| ``cameleer-saas`` | SaaS platform (Spring Boot + React) |
|
||||
|
||||
Per-tenant ``cameleer-server`` and ``cameleer-server-ui`` containers are provisioned dynamically.
|
||||
@@ -1157,11 +1165,11 @@ placing your certificate and key files in the ``certs/`` directory and restartin
|
||||
|
||||
| Container | Purpose |
|
||||
|---|---|
|
||||
| ``traefik`` | Reverse proxy, TLS termination, routing |
|
||||
| ``postgres`` | PostgreSQL database (server data) |
|
||||
| ``clickhouse`` | Time-series storage (traces, metrics, logs) |
|
||||
| ``server`` | Cameleer Server (Spring Boot backend) |
|
||||
| ``server-ui`` | Cameleer Dashboard (React frontend) |
|
||||
| ``cameleer-traefik`` | Reverse proxy, TLS termination, routing |
|
||||
| ``cameleer-postgres`` | PostgreSQL database (server data) |
|
||||
| ``cameleer-clickhouse`` | Time-series storage (traces, metrics, logs) |
|
||||
| ``cameleer-server`` | Cameleer Server (Spring Boot backend) |
|
||||
| ``cameleer-server-ui`` | Cameleer Dashboard (React frontend) |
|
||||
|
||||
## Networking
|
||||
|
||||
@@ -1203,7 +1211,7 @@ docker compose -p $($c.ComposeProject) exec cameleer-clickhouse clickhouse-clien
|
||||
| Issue | Command |
|
||||
|---|---|
|
||||
| Service not starting | ``docker compose -p $($c.ComposeProject) logs SERVICE_NAME`` |
|
||||
| Server issues | ``docker compose -p $($c.ComposeProject) logs server`` |
|
||||
| Server issues | ``docker compose -p $($c.ComposeProject) logs cameleer-server`` |
|
||||
| Routing issues | ``docker compose -p $($c.ComposeProject) logs cameleer-traefik`` |
|
||||
| Database issues | ``docker compose -p $($c.ComposeProject) exec cameleer-postgres psql -U cameleer -d cameleer`` |
|
||||
|
||||
|
||||
Reference in New Issue
Block a user