cameleer/cameleer-saas
2
0
Fork 0
Code Issues 22 Pull Requests Actions Packages Projects Releases Wiki Activity

feat: HTTPS admin console via Traefik with NODE_TLS_REJECT_UNAUTHORIZED
All checks were successful
CI / build (push) Successful in 47s
Details
CI / docker (push) Successful in 8s
Details

Browse Source 
ADMIN_ENDPOINT set to HTTPS so OIDC issuer matches browser URL.
NODE_TLS_REJECT_UNAUTHORIZED=0 lets Logto's internal ky-based
OIDC self-discovery accept the self-signed cert through Traefik.
Remove in production with real certs.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
hsiegeln
2026-04-07 00:44:33 +02:00
parent 0e5016cdcc
commit e0e65bb62c
3 changed files with 10 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
docker-compose.dev.yml
View File

@@ -8,7 +8,6 @@ services:
logto: logto:
ports: ports:
- "3001:3001" - "3001:3001"
- "3002:3002"
cameleer-saas: cameleer-saas:
ports: ports:

9
docker-compose.yml
View File

@@ -30,6 +30,7 @@ services:
ports: ports:
- "80:80" - "80:80"
- "443:443" - "443:443"
- "3002:3002"
volumes: volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro - /var/run/docker.sock:/var/run/docker.sock:ro
- ./traefik.yml:/etc/traefik/traefik.yml:ro - ./traefik.yml:/etc/traefik/traefik.yml:ro
@@ -66,8 +67,9 @@ services:
environment: environment:
DB_URL: postgres://${POSTGRES_USER:-cameleer}:${POSTGRES_PASSWORD:-cameleer_dev}@postgres:5432/logto DB_URL: postgres://${POSTGRES_USER:-cameleer}:${POSTGRES_PASSWORD:-cameleer_dev}@postgres:5432/logto
ENDPOINT: ${PUBLIC_PROTOCOL:-https}://${PUBLIC_HOST:-localhost} ENDPOINT: ${PUBLIC_PROTOCOL:-https}://${PUBLIC_HOST:-localhost}
ADMIN_ENDPOINT: http://${PUBLIC_HOST:-localhost}:3002 ADMIN_ENDPOINT: ${PUBLIC_PROTOCOL:-https}://${PUBLIC_HOST:-localhost}:3002
TRUST_PROXY_HEADER: 1 TRUST_PROXY_HEADER: 1
NODE_TLS_REJECT_UNAUTHORIZED: "0" # dev only — accept self-signed cert for internal OIDC discovery
healthcheck: healthcheck:
test: ["CMD-SHELL", "node -e \"require('http').get('http://localhost:3001/oidc/.well-known/openid-configuration', r => process.exit(r.statusCode === 200 ? 0 : 1)).on('error', () => process.exit(1))\""] test: ["CMD-SHELL", "node -e \"require('http').get('http://localhost:3001/oidc/.well-known/openid-configuration', r => process.exit(r.statusCode === 200 ? 0 : 1)).on('error', () => process.exit(1))\""]
interval: 5s interval: 5s
@@ -81,6 +83,11 @@ services:
- traefik.http.routers.logto.entrypoints=websecure - traefik.http.routers.logto.entrypoints=websecure
- traefik.http.routers.logto.tls=true - traefik.http.routers.logto.tls=true
- traefik.http.services.logto.loadbalancer.server.port=3001 - traefik.http.services.logto.loadbalancer.server.port=3001
- traefik.http.routers.logto-console.rule=PathPrefix(`/`)
- traefik.http.routers.logto-console.entrypoints=admin-console
- traefik.http.routers.logto-console.tls=true
- traefik.http.routers.logto-console.service=logto-console
- traefik.http.services.logto-console.loadbalancer.server.port=3002
networks: networks:
- cameleer - cameleer

2
traefik.yml
View File

@@ -11,6 +11,8 @@ entryPoints:
scheme: https scheme: https
websecure: websecure:
address: ":443" address: ":443"
admin-console:
address: ":3002"
providers: providers:
docker: docker: