fix: centralize public hostname into single PUBLIC_HOST env var
All public-facing URLs (Logto OIDC, redirect URIs, dashboard links) now derive from PUBLIC_HOST in .env instead of scattered localhost references. Resolves Docker networking ambiguity where localhost inside containers doesn't reach the host machine. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
hsiegeln
@@ -39,8 +39,8 @@ services:
|
||||
entrypoint: ["sh", "-c", "npm run cli db seed -- --swe && npm start"]
|
||||
environment:
|
||||
DB_URL: postgres://${POSTGRES_USER:-cameleer}:${POSTGRES_PASSWORD:-cameleer_dev}@postgres:5432/logto
|
||||
ENDPOINT: ${LOGTO_PUBLIC_ENDPOINT:-http://localhost:3001}
|
||||
ADMIN_ENDPOINT: ${LOGTO_ADMIN_ENDPOINT:-http://localhost:3002}
|
||||
ENDPOINT: http://${PUBLIC_HOST:-localhost}:3001
|
||||
ADMIN_ENDPOINT: http://${PUBLIC_HOST:-localhost}:3002
|
||||
TRUST_PROXY_HEADER: 1
|
||||
healthcheck:
|
||||
test: ["CMD-SHELL", "node -e \"require('http').get('http://localhost:3001/oidc/.well-known/openid-configuration', r => process.exit(r.statusCode === 200 ? 0 : 1)).on('error', () => process.exit(1))\""]
|
||||
@@ -67,7 +67,8 @@ services:
|
||||
environment:
|
||||
LOGTO_ENDPOINT: http://logto:3001
|
||||
LOGTO_ADMIN_ENDPOINT: http://logto:3002
|
||||
LOGTO_PUBLIC_ENDPOINT: ${LOGTO_PUBLIC_ENDPOINT:-http://localhost:3001}
|
||||
LOGTO_PUBLIC_ENDPOINT: http://${PUBLIC_HOST:-localhost}:3001
|
||||
PUBLIC_HOST: ${PUBLIC_HOST:-localhost}
|
||||
PG_HOST: postgres
|
||||
PG_USER: ${POSTGRES_USER:-cameleer}
|
||||
PG_PASSWORD: ${POSTGRES_PASSWORD:-cameleer_dev}
|
||||
@@ -103,9 +104,9 @@ services:
|
||||
SPRING_DATASOURCE_USERNAME: ${POSTGRES_USER:-cameleer}
|
||||
SPRING_DATASOURCE_PASSWORD: ${POSTGRES_PASSWORD:-cameleer_dev}
|
||||
LOGTO_ENDPOINT: ${LOGTO_ENDPOINT:-http://logto:3001}
|
||||
LOGTO_PUBLIC_ENDPOINT: ${LOGTO_PUBLIC_ENDPOINT:-http://localhost:3001}
|
||||
LOGTO_ISSUER_URI: ${LOGTO_ISSUER_URI:-http://logto:3001/oidc}
|
||||
LOGTO_JWK_SET_URI: ${LOGTO_JWK_SET_URI:-http://logto:3001/oidc/jwks}
|
||||
LOGTO_PUBLIC_ENDPOINT: http://${PUBLIC_HOST:-localhost}:3001
|
||||
LOGTO_ISSUER_URI: http://${PUBLIC_HOST:-localhost}:3001/oidc
|
||||
LOGTO_JWK_SET_URI: http://${PUBLIC_HOST:-localhost}:3001/oidc/jwks
|
||||
LOGTO_M2M_CLIENT_ID: ${LOGTO_M2M_CLIENT_ID:-}
|
||||
LOGTO_M2M_CLIENT_SECRET: ${LOGTO_M2M_CLIENT_SECRET:-}
|
||||
CAMELEER3_SERVER_ENDPOINT: http://cameleer3-server:8081
|
||||
@@ -138,7 +139,7 @@ services:
|
||||
CAMELEER_AUTH_TOKEN: ${CAMELEER_AUTH_TOKEN:-default-bootstrap-token}
|
||||
CAMELEER_JWT_SECRET: ${CAMELEER_JWT_SECRET:-cameleer-dev-jwt-secret-change-in-production}
|
||||
CAMELEER_TENANT_ID: ${CAMELEER_TENANT_SLUG:-default}
|
||||
CAMELEER_OIDC_ISSUER_URI: ${LOGTO_ISSUER_URI:-http://logto:3001/oidc}
|
||||
CAMELEER_OIDC_ISSUER_URI: http://${PUBLIC_HOST:-localhost}:3001/oidc
|
||||
CAMELEER_OIDC_AUDIENCE: ${CAMELEER_OIDC_AUDIENCE:-https://api.cameleer.local}
|
||||
healthcheck:
|
||||
test: ["CMD-SHELL", "curl -sf http://localhost:8081/api/v1/health || exit 1"]
|
||||
|
||||
@@ -40,11 +40,12 @@ SERVER_ENDPOINT="${SERVER_ENDPOINT:-http://cameleer3-server:8081}"
|
||||
SERVER_UI_USER="${SERVER_UI_USER:-admin}"
|
||||
SERVER_UI_PASS="${SERVER_UI_PASS:-admin}"
|
||||
|
||||
# Redirect URIs
|
||||
SPA_REDIRECT_URIS='["http://localhost/callback","http://localhost:8080/callback","http://localhost:5173/callback"]'
|
||||
SPA_POST_LOGOUT_URIS='["http://localhost/login","http://localhost:8080/login","http://localhost:5173/login"]'
|
||||
TRAD_REDIRECT_URIS='["http://localhost:8081/oidc/callback"]'
|
||||
TRAD_POST_LOGOUT_URIS='["http://localhost:8081"]'
|
||||
# Redirect URIs (derived from PUBLIC_HOST)
|
||||
HOST="${PUBLIC_HOST:-localhost}"
|
||||
SPA_REDIRECT_URIS="[\"http://${HOST}/callback\",\"http://${HOST}:8080/callback\",\"http://${HOST}:5173/callback\"]"
|
||||
SPA_POST_LOGOUT_URIS="[\"http://${HOST}/login\",\"http://${HOST}:8080/login\",\"http://${HOST}:5173/login\"]"
|
||||
TRAD_REDIRECT_URIS="[\"http://${HOST}:8081/oidc/callback\"]"
|
||||
TRAD_POST_LOGOUT_URIS="[\"http://${HOST}:8081\"]"
|
||||
|
||||
log() { echo "[bootstrap] $1"; }
|
||||
pgpass() { PGPASSWORD="${PG_PASSWORD:-cameleer_dev}"; export PGPASSWORD; }
|
||||
@@ -96,14 +97,14 @@ M_DEFAULT_SECRET=$(psql -h "$PG_HOST" -U "$PG_USER" -d "$PG_DB_LOGTO" -t -A -c \
|
||||
get_admin_token() {
|
||||
curl -s -X POST "${LOGTO_ADMIN_ENDPOINT}/oidc/token" \
|
||||
-H "Content-Type: application/x-www-form-urlencoded" \
|
||||
-H "Host: localhost:3002" \
|
||||
-H "Host: ${HOST}:3002" \
|
||||
-d "grant_type=client_credentials&client_id=${1}&client_secret=${2}&resource=${MGMT_API_RESOURCE}&scope=all"
|
||||
}
|
||||
|
||||
get_default_token() {
|
||||
curl -s -X POST "${LOGTO_ENDPOINT}/oidc/token" \
|
||||
-H "Content-Type: application/x-www-form-urlencoded" \
|
||||
-H "Host: localhost:3001" \
|
||||
-H "Host: ${HOST}:3001" \
|
||||
-d "grant_type=client_credentials&client_id=${1}&client_secret=${2}&resource=${MGMT_API_RESOURCE}&scope=all"
|
||||
}
|
||||
|
||||
@@ -115,18 +116,18 @@ log "Got Management API token."
|
||||
|
||||
# --- Helper: Logto API calls ---
|
||||
api_get() {
|
||||
curl -s -H "Authorization: Bearer $TOKEN" -H "Host: localhost:3001" "${LOGTO_ENDPOINT}${1}" 2>/dev/null || echo "[]"
|
||||
curl -s -H "Authorization: Bearer $TOKEN" -H "Host: ${HOST}:3001" "${LOGTO_ENDPOINT}${1}" 2>/dev/null || echo "[]"
|
||||
}
|
||||
api_post() {
|
||||
curl -s -X POST -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" -H "Host: localhost:3001" \
|
||||
curl -s -X POST -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" -H "Host: ${HOST}:3001" \
|
||||
-d "$2" "${LOGTO_ENDPOINT}${1}" 2>/dev/null || true
|
||||
}
|
||||
api_put() {
|
||||
curl -s -X PUT -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" -H "Host: localhost:3001" \
|
||||
curl -s -X PUT -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" -H "Host: ${HOST}:3001" \
|
||||
-d "$2" "${LOGTO_ENDPOINT}${1}" 2>/dev/null || true
|
||||
}
|
||||
api_delete() {
|
||||
curl -s -X DELETE -H "Authorization: Bearer $TOKEN" -H "Host: localhost:3001" "${LOGTO_ENDPOINT}${1}" 2>/dev/null || true
|
||||
curl -s -X DELETE -H "Authorization: Bearer $TOKEN" -H "Host: ${HOST}:3001" "${LOGTO_ENDPOINT}${1}" 2>/dev/null || true
|
||||
}
|
||||
|
||||
# ============================================================
|
||||
@@ -442,7 +443,7 @@ if [ "$SERVER_HEALTHY" = "yes" ] && [ -n "$TRAD_SECRET" ]; then
|
||||
-H "Content-Type: application/json" \
|
||||
-d "{
|
||||
\"enabled\": true,
|
||||
\"issuerUri\": \"$LOGTO_ENDPOINT/oidc\",
|
||||
\"issuerUri\": \"$LOGTO_PUBLIC_ENDPOINT/oidc\",
|
||||
\"clientId\": \"$TRAD_ID\",
|
||||
\"clientSecret\": \"$TRAD_SECRET\",
|
||||
\"autoSignup\": true,
|
||||
|
||||
@@ -162,7 +162,7 @@ export function Layout() {
|
||||
<Sidebar.FooterLink
|
||||
icon={<ObsIcon />}
|
||||
label="View Dashboard"
|
||||
onClick={() => window.open('http://localhost:8082', '_blank', 'noopener')}
|
||||
onClick={() => window.open(`http://${window.location.hostname}:8082`, '_blank', 'noopener')}
|
||||
/>
|
||||
|
||||
{/* User info + logout */}
|
||||
|
||||
@@ -22,7 +22,7 @@ export async function fetchConfig(): Promise<AppConfig> {
|
||||
|
||||
// Fallback to env vars (Vite dev mode)
|
||||
cached = {
|
||||
logtoEndpoint: import.meta.env.VITE_LOGTO_ENDPOINT || 'http://localhost:3001',
|
||||
logtoEndpoint: import.meta.env.VITE_LOGTO_ENDPOINT || `http://${window.location.hostname}:3001`,
|
||||
logtoClientId: import.meta.env.VITE_LOGTO_CLIENT_ID || '',
|
||||
logtoResource: import.meta.env.VITE_LOGTO_RESOURCE || '',
|
||||
scopes: [
|
||||
|
||||
Reference in New Issue
Block a user