cameleer/cameleer-saas
2
0
Fork 0
Code Issues 22 Pull Requests Actions Packages Projects Releases Wiki Activity

fix: use localhost for bootstrap, restart Logto with public endpoints
All checks were successful
CI / build (push) Successful in 1m11s
Details
CI / docker (push) Successful in 13s
Details

Browse Source 
Start Logto with localhost endpoints so bootstrap can reach the
Management API without going through Traefik. After bootstrap
completes, restart Logto with the real public endpoints for
production use. This eliminates the Traefik race condition entirely.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
hsiegeln
2026-04-13 17:28:19 +02:00
parent 9042356e81
commit 83801d2499
1 changed files with 23 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
docker/cameleer-logto/logto-entrypoint.sh
View File

@@ -1,13 +1,21 @@
#!/bin/sh
set -e
# Save the real public endpoints for after bootstrap
REAL_ENDPOINT="$ENDPOINT"
REAL_ADMIN_ENDPOINT="$ADMIN_ENDPOINT"
echo "[entrypoint] Seeding Logto database..."
npm run cli db seed -- --swe 2>/dev/null || true
echo "[entrypoint] Deploying database alterations..."
npm run cli db alteration deploy 2>/dev/null || true
echo "[entrypoint] Starting Logto..."
# Start Logto with localhost endpoints so it can reach itself without Traefik
export ENDPOINT="http://localhost:3001"
export ADMIN_ENDPOINT="http://localhost:3002"
echo "[entrypoint] Starting Logto (bootstrap mode)..."
npm start &
LOGTO_PID=$!
@@ -24,26 +32,11 @@ for i in $(seq 1 120); do
sleep 1
done
# Wait for admin endpoint to be routable through Traefik
# The Management API needs ADMIN_ENDPOINT for admin tenant OIDC discovery.
# Since bootstrap runs inside this container (not a separate one), Traefik
# may not have discovered our labels yet — wait for it.
if [ -n "$ADMIN_ENDPOINT" ]; then
echo "[entrypoint] Waiting for admin endpoint ($ADMIN_ENDPOINT) to be routable..."
for i in $(seq 1 60); do
if curl -sfk "$ADMIN_ENDPOINT/oidc/.well-known/openid-configuration" >/dev/null 2>&1; then
echo "[entrypoint] Admin endpoint ready."
break
fi
if [ "$i" -eq 60 ]; then
echo "[entrypoint] WARNING: Admin endpoint not reachable after 60s, bootstrap may fail"
fi
sleep 1
done
fi
# Run bootstrap if not already done
# Run bootstrap if not already done — use localhost since we're inside the container
BOOTSTRAP_FILE="/data/logto-bootstrap.json"
export LOGTO_ENDPOINT="http://localhost:3001"
export LOGTO_ADMIN_ENDPOINT="http://localhost:3002"
if [ -f "$BOOTSTRAP_FILE" ]; then
CACHED_SECRET=$(jq -r '.m2mClientSecret // empty' "$BOOTSTRAP_FILE" 2>/dev/null)
CACHED_SPA=$(jq -r '.spaClientId // empty' "$BOOTSTRAP_FILE" 2>/dev/null)
@@ -58,5 +51,13 @@ else
/scripts/logto-bootstrap.sh
fi
echo "[entrypoint] Logto is running (PID $LOGTO_PID)."
wait $LOGTO_PID
# Restart Logto with real public endpoints
echo "[entrypoint] Bootstrap done. Restarting Logto with public endpoints..."
kill $LOGTO_PID 2>/dev/null
wait $LOGTO_PID 2>/dev/null || true
export ENDPOINT="$REAL_ENDPOINT"
export ADMIN_ENDPOINT="$REAL_ADMIN_ENDPOINT"
echo "[entrypoint] Starting Logto (production mode)..."
exec npm start