cameleer/cameleer-saas
2
0
Fork 0
Code Issues 22 Pull Requests Actions Packages Projects Releases Wiki Activity

fix: centralize public hostname into single PUBLIC_HOST env var
All checks were successful
CI / build (push) Successful in 39s
Details
CI / docker (push) Successful in 36s
Details

Browse Source 
All public-facing URLs (Logto OIDC, redirect URIs, dashboard links) now
derive from PUBLIC_HOST in .env instead of scattered localhost references.
Resolves Docker networking ambiguity where localhost inside containers
doesn't reach the host machine.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
hsiegeln
2026-04-05 17:07:20 +02:00
parent 423803b303
commit e90ca29920
4 changed files with 23 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
docker-compose.yml
View File

@@ -39,8 +39,8 @@ services:
entrypoint: ["sh", "-c", "npm run cli db seed -- --swe && npm start"] entrypoint: ["sh", "-c", "npm run cli db seed -- --swe && npm start"]
environment: environment:
DB_URL: postgres://${POSTGRES_USER:-cameleer}:${POSTGRES_PASSWORD:-cameleer_dev}@postgres:5432/logto DB_URL: postgres://${POSTGRES_USER:-cameleer}:${POSTGRES_PASSWORD:-cameleer_dev}@postgres:5432/logto
ENDPOINT: ${LOGTO_PUBLIC_ENDPOINT:-http://localhost:3001} ENDPOINT: http://${PUBLIC_HOST:-localhost}:3001
ADMIN_ENDPOINT: ${LOGTO_ADMIN_ENDPOINT:-http://localhost:3002} ADMIN_ENDPOINT: http://${PUBLIC_HOST:-localhost}:3002
TRUST_PROXY_HEADER: 1 TRUST_PROXY_HEADER: 1
healthcheck: healthcheck:
test: ["CMD-SHELL", "node -e \"require('http').get('http://localhost:3001/oidc/.well-known/openid-configuration', r => process.exit(r.statusCode === 200 ? 0 : 1)).on('error', () => process.exit(1))\""] test: ["CMD-SHELL", "node -e \"require('http').get('http://localhost:3001/oidc/.well-known/openid-configuration', r => process.exit(r.statusCode === 200 ? 0 : 1)).on('error', () => process.exit(1))\""]
@@ -67,7 +67,8 @@ services:
environment: environment:
LOGTO_ENDPOINT: http://logto:3001 LOGTO_ENDPOINT: http://logto:3001
LOGTO_ADMIN_ENDPOINT: http://logto:3002 LOGTO_ADMIN_ENDPOINT: http://logto:3002
LOGTO_PUBLIC_ENDPOINT: ${LOGTO_PUBLIC_ENDPOINT:-http://localhost:3001} LOGTO_PUBLIC_ENDPOINT: http://${PUBLIC_HOST:-localhost}:3001
PUBLIC_HOST: ${PUBLIC_HOST:-localhost}
PG_HOST: postgres PG_HOST: postgres
PG_USER: ${POSTGRES_USER:-cameleer} PG_USER: ${POSTGRES_USER:-cameleer}
PG_PASSWORD: ${POSTGRES_PASSWORD:-cameleer_dev} PG_PASSWORD: ${POSTGRES_PASSWORD:-cameleer_dev}
@@ -103,9 +104,9 @@ services:
SPRING_DATASOURCE_USERNAME: ${POSTGRES_USER:-cameleer} SPRING_DATASOURCE_USERNAME: ${POSTGRES_USER:-cameleer}
SPRING_DATASOURCE_PASSWORD: ${POSTGRES_PASSWORD:-cameleer_dev} SPRING_DATASOURCE_PASSWORD: ${POSTGRES_PASSWORD:-cameleer_dev}
LOGTO_ENDPOINT: ${LOGTO_ENDPOINT:-http://logto:3001} LOGTO_ENDPOINT: ${LOGTO_ENDPOINT:-http://logto:3001}
LOGTO_PUBLIC_ENDPOINT: ${LOGTO_PUBLIC_ENDPOINT:-http://localhost:3001} LOGTO_PUBLIC_ENDPOINT: http://${PUBLIC_HOST:-localhost}:3001
LOGTO_ISSUER_URI: ${LOGTO_ISSUER_URI:-http://logto:3001/oidc} LOGTO_ISSUER_URI: http://${PUBLIC_HOST:-localhost}:3001/oidc
LOGTO_JWK_SET_URI: ${LOGTO_JWK_SET_URI:-http://logto:3001/oidc/jwks} LOGTO_JWK_SET_URI: http://${PUBLIC_HOST:-localhost}:3001/oidc/jwks
LOGTO_M2M_CLIENT_ID: ${LOGTO_M2M_CLIENT_ID:-} LOGTO_M2M_CLIENT_ID: ${LOGTO_M2M_CLIENT_ID:-}
LOGTO_M2M_CLIENT_SECRET: ${LOGTO_M2M_CLIENT_SECRET:-} LOGTO_M2M_CLIENT_SECRET: ${LOGTO_M2M_CLIENT_SECRET:-}
CAMELEER3_SERVER_ENDPOINT: http://cameleer3-server:8081 CAMELEER3_SERVER_ENDPOINT: http://cameleer3-server:8081
@@ -138,7 +139,7 @@ services:
CAMELEER_AUTH_TOKEN: ${CAMELEER_AUTH_TOKEN:-default-bootstrap-token} CAMELEER_AUTH_TOKEN: ${CAMELEER_AUTH_TOKEN:-default-bootstrap-token}
CAMELEER_JWT_SECRET: ${CAMELEER_JWT_SECRET:-cameleer-dev-jwt-secret-change-in-production} CAMELEER_JWT_SECRET: ${CAMELEER_JWT_SECRET:-cameleer-dev-jwt-secret-change-in-production}
CAMELEER_TENANT_ID: ${CAMELEER_TENANT_SLUG:-default} CAMELEER_TENANT_ID: ${CAMELEER_TENANT_SLUG:-default}
CAMELEER_OIDC_ISSUER_URI: ${LOGTO_ISSUER_URI:-http://logto:3001/oidc} CAMELEER_OIDC_ISSUER_URI: http://${PUBLIC_HOST:-localhost}:3001/oidc
CAMELEER_OIDC_AUDIENCE: ${CAMELEER_OIDC_AUDIENCE:-https://api.cameleer.local} CAMELEER_OIDC_AUDIENCE: ${CAMELEER_OIDC_AUDIENCE:-https://api.cameleer.local}
healthcheck: healthcheck:
test: ["CMD-SHELL", "curl -sf http://localhost:8081/api/v1/health || exit 1"] test: ["CMD-SHELL", "curl -sf http://localhost:8081/api/v1/health || exit 1"]

25
docker/logto-bootstrap.sh
View File

@@ -40,11 +40,12 @@ SERVER_ENDPOINT="${SERVER_ENDPOINT:-http://cameleer3-server:8081}"
SERVER_UI_USER="${SERVER_UI_USER:-admin}" SERVER_UI_USER="${SERVER_UI_USER:-admin}"
SERVER_UI_PASS="${SERVER_UI_PASS:-admin}" SERVER_UI_PASS="${SERVER_UI_PASS:-admin}"
# Redirect URIs # Redirect URIs (derived from PUBLIC_HOST)
SPA_REDIRECT_URIS='["http://localhost/callback","http://localhost:8080/callback","http://localhost:5173/callback"]' HOST="${PUBLIC_HOST:-localhost}"
SPA_POST_LOGOUT_URIS='["http://localhost/login","http://localhost:8080/login","http://localhost:5173/login"]' SPA_REDIRECT_URIS="[\"http://${HOST}/callback\",\"http://${HOST}:8080/callback\",\"http://${HOST}:5173/callback\"]"
TRAD_REDIRECT_URIS='["http://localhost:8081/oidc/callback"]' SPA_POST_LOGOUT_URIS="[\"http://${HOST}/login\",\"http://${HOST}:8080/login\",\"http://${HOST}:5173/login\"]"
TRAD_POST_LOGOUT_URIS='["http://localhost:8081"]' TRAD_REDIRECT_URIS="[\"http://${HOST}:8081/oidc/callback\"]"
TRAD_POST_LOGOUT_URIS="[\"http://${HOST}:8081\"]"
log() { echo "[bootstrap] $1"; } log() { echo "[bootstrap] $1"; }
pgpass() { PGPASSWORD="${PG_PASSWORD:-cameleer_dev}"; export PGPASSWORD; } pgpass() { PGPASSWORD="${PG_PASSWORD:-cameleer_dev}"; export PGPASSWORD; }
@@ -96,14 +97,14 @@ M_DEFAULT_SECRET=$(psql -h "$PG_HOST" -U "$PG_USER" -d "$PG_DB_LOGTO" -t -A -c \
get_admin_token() { get_admin_token() {
curl -s -X POST "${LOGTO_ADMIN_ENDPOINT}/oidc/token" \ curl -s -X POST "${LOGTO_ADMIN_ENDPOINT}/oidc/token" \
-H "Content-Type: application/x-www-form-urlencoded" \ -H "Content-Type: application/x-www-form-urlencoded" \
-H "Host: localhost:3002" \ -H "Host: ${HOST}:3002" \
-d "grant_type=client_credentials&client_id=${1}&client_secret=${2}&resource=${MGMT_API_RESOURCE}&scope=all" -d "grant_type=client_credentials&client_id=${1}&client_secret=${2}&resource=${MGMT_API_RESOURCE}&scope=all"
} }
get_default_token() { get_default_token() {
curl -s -X POST "${LOGTO_ENDPOINT}/oidc/token" \ curl -s -X POST "${LOGTO_ENDPOINT}/oidc/token" \
-H "Content-Type: application/x-www-form-urlencoded" \ -H "Content-Type: application/x-www-form-urlencoded" \
-H "Host: localhost:3001" \ -H "Host: ${HOST}:3001" \
-d "grant_type=client_credentials&client_id=${1}&client_secret=${2}&resource=${MGMT_API_RESOURCE}&scope=all" -d "grant_type=client_credentials&client_id=${1}&client_secret=${2}&resource=${MGMT_API_RESOURCE}&scope=all"
} }
@@ -115,18 +116,18 @@ log "Got Management API token."
# --- Helper: Logto API calls --- # --- Helper: Logto API calls ---
api_get() { api_get() {
curl -s -H "Authorization: Bearer $TOKEN" -H "Host: localhost:3001" "${LOGTO_ENDPOINT}${1}" 2>/dev/null || echo "[]" curl -s -H "Authorization: Bearer $TOKEN" -H "Host: ${HOST}:3001" "${LOGTO_ENDPOINT}${1}" 2>/dev/null || echo "[]"
} }
api_post() { api_post() {
curl -s -X POST -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" -H "Host: localhost:3001" \ curl -s -X POST -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" -H "Host: ${HOST}:3001" \
-d "$2" "${LOGTO_ENDPOINT}${1}" 2>/dev/null || true -d "$2" "${LOGTO_ENDPOINT}${1}" 2>/dev/null || true
} }
api_put() { api_put() {
curl -s -X PUT -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" -H "Host: localhost:3001" \ curl -s -X PUT -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" -H "Host: ${HOST}:3001" \
-d "$2" "${LOGTO_ENDPOINT}${1}" 2>/dev/null || true -d "$2" "${LOGTO_ENDPOINT}${1}" 2>/dev/null || true
} }
api_delete() { api_delete() {
curl -s -X DELETE -H "Authorization: Bearer $TOKEN" -H "Host: localhost:3001" "${LOGTO_ENDPOINT}${1}" 2>/dev/null || true curl -s -X DELETE -H "Authorization: Bearer $TOKEN" -H "Host: ${HOST}:3001" "${LOGTO_ENDPOINT}${1}" 2>/dev/null || true
} }
# ============================================================ # ============================================================
@@ -442,7 +443,7 @@ if [ "$SERVER_HEALTHY" = "yes" ] && [ -n "$TRAD_SECRET" ]; then
-H "Content-Type: application/json" \ -H "Content-Type: application/json" \
-d "{ -d "{
\"enabled\": true, \"enabled\": true,
\"issuerUri\": \"$LOGTO_ENDPOINT/oidc\", \"issuerUri\": \"$LOGTO_PUBLIC_ENDPOINT/oidc\",
\"clientId\": \"$TRAD_ID\", \"clientId\": \"$TRAD_ID\",
\"clientSecret\": \"$TRAD_SECRET\", \"clientSecret\": \"$TRAD_SECRET\",
\"autoSignup\": true, \"autoSignup\": true,

2
ui/src/components/Layout.tsx
View File

@@ -162,7 +162,7 @@ export function Layout() {
<Sidebar.FooterLink <Sidebar.FooterLink
icon={<ObsIcon />} icon={<ObsIcon />}
label="View Dashboard" label="View Dashboard"
onClick={() => window.open('http://localhost:8082', '_blank', 'noopener')} onClick={() => window.open(`http://${window.location.hostname}:8082`, '_blank', 'noopener')}
/> />
{/* User info + logout */} {/* User info + logout */}

2
ui/src/config.ts
View File

@@ -22,7 +22,7 @@ export async function fetchConfig(): Promise<AppConfig> {
// Fallback to env vars (Vite dev mode) // Fallback to env vars (Vite dev mode)
cached = { cached = {
logtoEndpoint: import.meta.env.VITE_LOGTO_ENDPOINT || 'http://localhost:3001', logtoEndpoint: import.meta.env.VITE_LOGTO_ENDPOINT || `http://${window.location.hostname}:3001`,
logtoClientId: import.meta.env.VITE_LOGTO_CLIENT_ID || '', logtoClientId: import.meta.env.VITE_LOGTO_CLIENT_ID || '',
logtoResource: import.meta.env.VITE_LOGTO_RESOURCE || '', logtoResource: import.meta.env.VITE_LOGTO_RESOURCE || '',
scopes: [ scopes: [