cameleer/cameleer-saas
2
0
Fork 0
Code Issues 22 Pull Requests Actions Packages Projects Releases Wiki Activity

fix: route all public traffic through Traefik at localhost:80
All checks were successful
CI / build (push) Successful in 38s
Details
CI / docker (push) Successful in 39s
Details

Browse Source 
Logto ENDPOINT now points at Traefik (http://localhost) instead of
directly at port 3001. All services share the same base URL, eliminating
OIDC issuer mismatches and crypto.subtle secure context issues.

- Remove :3001 from all public-facing Logto URLs
- Add cameleer3-server-ui to Traefik at /server/ with prefix strip
- Dashboard link uses /server/ path instead of port 8082
- Bootstrap Host headers match Logto ENDPOINT (no port)
- Redirect URIs simplified (Traefik handles port 80)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
hsiegeln
2026-04-05 17:32:36 +02:00
parent 3a93b68ea5
commit c58ca34b2c
4 changed files with 21 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
docker-compose.yml
View File

@@ -39,7 +39,7 @@ services:
entrypoint: ["sh", "-c", "npm run cli db seed -- --swe && npm start"] entrypoint: ["sh", "-c", "npm run cli db seed -- --swe && npm start"]
environment: environment:
DB_URL: postgres://${POSTGRES_USER:-cameleer}:${POSTGRES_PASSWORD:-cameleer_dev}@postgres:5432/logto DB_URL: postgres://${POSTGRES_USER:-cameleer}:${POSTGRES_PASSWORD:-cameleer_dev}@postgres:5432/logto
ENDPOINT: http://${PUBLIC_HOST:-localhost}:3001 ENDPOINT: http://${PUBLIC_HOST:-localhost}
ADMIN_ENDPOINT: http://${PUBLIC_HOST:-localhost}:3002 ADMIN_ENDPOINT: http://${PUBLIC_HOST:-localhost}:3002
TRUST_PROXY_HEADER: 1 TRUST_PROXY_HEADER: 1
healthcheck: healthcheck:
@@ -67,7 +67,7 @@ services:
environment: environment:
LOGTO_ENDPOINT: http://logto:3001 LOGTO_ENDPOINT: http://logto:3001
LOGTO_ADMIN_ENDPOINT: http://logto:3002 LOGTO_ADMIN_ENDPOINT: http://logto:3002
LOGTO_PUBLIC_ENDPOINT: http://${PUBLIC_HOST:-localhost}:3001 LOGTO_PUBLIC_ENDPOINT: http://${PUBLIC_HOST:-localhost}
PUBLIC_HOST: ${PUBLIC_HOST:-localhost} PUBLIC_HOST: ${PUBLIC_HOST:-localhost}
PG_HOST: postgres PG_HOST: postgres
PG_USER: ${POSTGRES_USER:-cameleer} PG_USER: ${POSTGRES_USER:-cameleer}
@@ -104,8 +104,8 @@ services:
SPRING_DATASOURCE_USERNAME: ${POSTGRES_USER:-cameleer} SPRING_DATASOURCE_USERNAME: ${POSTGRES_USER:-cameleer}
SPRING_DATASOURCE_PASSWORD: ${POSTGRES_PASSWORD:-cameleer_dev} SPRING_DATASOURCE_PASSWORD: ${POSTGRES_PASSWORD:-cameleer_dev}
LOGTO_ENDPOINT: ${LOGTO_ENDPOINT:-http://logto:3001} LOGTO_ENDPOINT: ${LOGTO_ENDPOINT:-http://logto:3001}
LOGTO_PUBLIC_ENDPOINT: http://${PUBLIC_HOST:-localhost}:3001 LOGTO_PUBLIC_ENDPOINT: http://${PUBLIC_HOST:-localhost}
LOGTO_ISSUER_URI: http://${PUBLIC_HOST:-localhost}:3001/oidc LOGTO_ISSUER_URI: http://${PUBLIC_HOST:-localhost}/oidc
LOGTO_JWK_SET_URI: ${LOGTO_ENDPOINT:-http://logto:3001}/oidc/jwks LOGTO_JWK_SET_URI: ${LOGTO_ENDPOINT:-http://logto:3001}/oidc/jwks
LOGTO_M2M_CLIENT_ID: ${LOGTO_M2M_CLIENT_ID:-} LOGTO_M2M_CLIENT_ID: ${LOGTO_M2M_CLIENT_ID:-}
LOGTO_M2M_CLIENT_SECRET: ${LOGTO_M2M_CLIENT_SECRET:-} LOGTO_M2M_CLIENT_SECRET: ${LOGTO_M2M_CLIENT_SECRET:-}
@@ -139,7 +139,7 @@ services:
CAMELEER_AUTH_TOKEN: ${CAMELEER_AUTH_TOKEN:-default-bootstrap-token} CAMELEER_AUTH_TOKEN: ${CAMELEER_AUTH_TOKEN:-default-bootstrap-token}
CAMELEER_JWT_SECRET: ${CAMELEER_JWT_SECRET:-cameleer-dev-jwt-secret-change-in-production} CAMELEER_JWT_SECRET: ${CAMELEER_JWT_SECRET:-cameleer-dev-jwt-secret-change-in-production}
CAMELEER_TENANT_ID: ${CAMELEER_TENANT_SLUG:-default} CAMELEER_TENANT_ID: ${CAMELEER_TENANT_SLUG:-default}
CAMELEER_OIDC_ISSUER_URI: http://${PUBLIC_HOST:-localhost}:3001/oidc CAMELEER_OIDC_ISSUER_URI: http://${PUBLIC_HOST:-localhost}/oidc
CAMELEER_OIDC_AUDIENCE: ${CAMELEER_OIDC_AUDIENCE:-https://api.cameleer.local} CAMELEER_OIDC_AUDIENCE: ${CAMELEER_OIDC_AUDIENCE:-https://api.cameleer.local}
healthcheck: healthcheck:
test: ["CMD-SHELL", "curl -sf http://localhost:8081/api/v1/health || exit 1"] test: ["CMD-SHELL", "curl -sf http://localhost:8081/api/v1/health || exit 1"]
@@ -168,6 +168,13 @@ services:
condition: service_healthy condition: service_healthy
environment: environment:
CAMELEER_API_URL: http://cameleer3-server:8081 CAMELEER_API_URL: http://cameleer3-server:8081
labels:
- traefik.enable=true
- traefik.http.routers.server-ui.rule=PathPrefix(`/server`)
- traefik.http.routers.server-ui.service=server-ui
- traefik.http.routers.server-ui.middlewares=server-ui-strip
- traefik.http.middlewares.server-ui-strip.stripprefix.prefixes=/server
- traefik.http.services.server-ui.loadbalancer.server.port=80
networks: networks:
- cameleer - cameleer

14
docker/logto-bootstrap.sh
View File

@@ -42,8 +42,8 @@ SERVER_UI_PASS="${SERVER_UI_PASS:-admin}"
# Redirect URIs (derived from PUBLIC_HOST) # Redirect URIs (derived from PUBLIC_HOST)
HOST="${PUBLIC_HOST:-localhost}" HOST="${PUBLIC_HOST:-localhost}"
SPA_REDIRECT_URIS="[\"http://${HOST}/callback\",\"http://${HOST}:8080/callback\",\"http://${HOST}:5173/callback\"]" SPA_REDIRECT_URIS="[\"http://${HOST}/callback\",\"http://${HOST}:5173/callback\"]"
SPA_POST_LOGOUT_URIS="[\"http://${HOST}/login\",\"http://${HOST}:8080/login\",\"http://${HOST}:5173/login\"]" SPA_POST_LOGOUT_URIS="[\"http://${HOST}/login\",\"http://${HOST}:5173/login\"]"
TRAD_REDIRECT_URIS="[\"http://${HOST}:8081/oidc/callback\"]" TRAD_REDIRECT_URIS="[\"http://${HOST}:8081/oidc/callback\"]"
TRAD_POST_LOGOUT_URIS="[\"http://${HOST}:8081\"]" TRAD_POST_LOGOUT_URIS="[\"http://${HOST}:8081\"]"
@@ -104,7 +104,7 @@ get_admin_token() {
get_default_token() { get_default_token() {
curl -s -X POST "${LOGTO_ENDPOINT}/oidc/token" \ curl -s -X POST "${LOGTO_ENDPOINT}/oidc/token" \
-H "Content-Type: application/x-www-form-urlencoded" \ -H "Content-Type: application/x-www-form-urlencoded" \
-H "Host: ${HOST}:3001" \ -H "Host: ${HOST}" \
-d "grant_type=client_credentials&client_id=${1}&client_secret=${2}&resource=${MGMT_API_RESOURCE}&scope=all" -d "grant_type=client_credentials&client_id=${1}&client_secret=${2}&resource=${MGMT_API_RESOURCE}&scope=all"
} }
@@ -116,18 +116,18 @@ log "Got Management API token."
# --- Helper: Logto API calls --- # --- Helper: Logto API calls ---
api_get() { api_get() {
curl -s -H "Authorization: Bearer $TOKEN" -H "Host: ${HOST}:3001" "${LOGTO_ENDPOINT}${1}" 2>/dev/null || echo "[]" curl -s -H "Authorization: Bearer $TOKEN" -H "Host: ${HOST}" "${LOGTO_ENDPOINT}${1}" 2>/dev/null || echo "[]"
} }
api_post() { api_post() {
curl -s -X POST -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" -H "Host: ${HOST}:3001" \ curl -s -X POST -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" -H "Host: ${HOST}" \
-d "$2" "${LOGTO_ENDPOINT}${1}" 2>/dev/null || true -d "$2" "${LOGTO_ENDPOINT}${1}" 2>/dev/null || true
} }
api_put() { api_put() {
curl -s -X PUT -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" -H "Host: ${HOST}:3001" \ curl -s -X PUT -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" -H "Host: ${HOST}" \
-d "$2" "${LOGTO_ENDPOINT}${1}" 2>/dev/null || true -d "$2" "${LOGTO_ENDPOINT}${1}" 2>/dev/null || true
} }
api_delete() { api_delete() {
curl -s -X DELETE -H "Authorization: Bearer $TOKEN" -H "Host: ${HOST}:3001" "${LOGTO_ENDPOINT}${1}" 2>/dev/null || true curl -s -X DELETE -H "Authorization: Bearer $TOKEN" -H "Host: ${HOST}" "${LOGTO_ENDPOINT}${1}" 2>/dev/null || true
} }
# ============================================================ # ============================================================

2
ui/src/components/Layout.tsx
View File

@@ -162,7 +162,7 @@ export function Layout() {
<Sidebar.FooterLink <Sidebar.FooterLink
icon={<ObsIcon />} icon={<ObsIcon />}
label="View Dashboard" label="View Dashboard"
onClick={() => window.open(`http://${window.location.hostname}:8082`, '_blank', 'noopener')} onClick={() => window.open('/server/', '_blank', 'noopener')}
/> />
{/* User info + logout */} {/* User info + logout */}

2
ui/src/config.ts
View File

@@ -22,7 +22,7 @@ export async function fetchConfig(): Promise<AppConfig> {
// Fallback to env vars (Vite dev mode) // Fallback to env vars (Vite dev mode)
cached = { cached = {
logtoEndpoint: import.meta.env.VITE_LOGTO_ENDPOINT || `http://${window.location.hostname}:3001`, logtoEndpoint: import.meta.env.VITE_LOGTO_ENDPOINT || `http://${window.location.hostname}`,
logtoClientId: import.meta.env.VITE_LOGTO_CLIENT_ID || '', logtoClientId: import.meta.env.VITE_LOGTO_CLIENT_ID || '',
logtoResource: import.meta.env.VITE_LOGTO_RESOURCE || '', logtoResource: import.meta.env.VITE_LOGTO_RESOURCE || '',
scopes: [ scopes: [