fix: use localhost for ADMIN_ENDPOINT, rely on TRUST_PROXY_HEADER
ADMIN_ENDPOINT=http://localhost:3002 for Logto self-calls. TRUST_PROXY_HEADER makes Logto use X-Forwarded-Proto from Traefik to generate HTTPS URLs for browser-facing OIDC flows. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
hsiegeln
@@ -67,7 +67,7 @@ services:
|
|||||||
environment:
|
environment:
|
||||||
DB_URL: postgres://${POSTGRES_USER:-cameleer}:${POSTGRES_PASSWORD:-cameleer_dev}@postgres:5432/logto
|
DB_URL: postgres://${POSTGRES_USER:-cameleer}:${POSTGRES_PASSWORD:-cameleer_dev}@postgres:5432/logto
|
||||||
ENDPOINT: ${PUBLIC_PROTOCOL:-https}://${PUBLIC_HOST:-localhost}
|
ENDPOINT: ${PUBLIC_PROTOCOL:-https}://${PUBLIC_HOST:-localhost}
|
||||||
ADMIN_ENDPOINT: http://${PUBLIC_HOST:-localhost}:3002
|
ADMIN_ENDPOINT: http://localhost:3002
|
||||||
TRUST_PROXY_HEADER: 1
|
TRUST_PROXY_HEADER: 1
|
||||||
healthcheck:
|
healthcheck:
|
||||||
test: ["CMD-SHELL", "node -e \"require('http').get('http://localhost:3001/oidc/.well-known/openid-configuration', r => process.exit(r.statusCode === 200 ? 0 : 1)).on('error', () => process.exit(1))\""]
|
test: ["CMD-SHELL", "node -e \"require('http').get('http://localhost:3001/oidc/.well-known/openid-configuration', r => process.exit(r.statusCode === 200 ? 0 : 1)).on('error', () => process.exit(1))\""]
|
||||||
@@ -88,9 +88,7 @@ services:
|
|||||||
- traefik.http.routers.logto-console.service=logto-console
|
- traefik.http.routers.logto-console.service=logto-console
|
||||||
- traefik.http.services.logto-console.loadbalancer.server.port=3002
|
- traefik.http.services.logto-console.loadbalancer.server.port=3002
|
||||||
networks:
|
networks:
|
||||||
cameleer:
|
- cameleer
|
||||||
aliases:
|
|
||||||
- ${PUBLIC_HOST:-localhost}
|
|
||||||
|
|
||||||
logto-bootstrap:
|
logto-bootstrap:
|
||||||
image: postgres:16-alpine
|
image: postgres:16-alpine
|
||||||
|
|||||||
Reference in New Issue
Block a user