cameleer-saas/docker/cameleer-logto/logto-entrypoint.sh

#!/bin/sh
set -e

# Save the real public endpoints for after bootstrap
REAL_ENDPOINT="$ENDPOINT"
REAL_ADMIN_ENDPOINT="$ADMIN_ENDPOINT"

echo "[entrypoint] Seeding Logto database..."
npm run cli db seed -- --swe 2>/dev/null || true

echo "[entrypoint] Deploying database alterations..."
npm run cli db alteration deploy 2>/dev/null || true

# Start Logto with localhost endpoints so it can reach itself without Traefik
export ENDPOINT="http://localhost:3001"
export ADMIN_ENDPOINT="http://localhost:3002"

echo "[entrypoint] Starting Logto (bootstrap mode)..."
npm start &
LOGTO_PID=$!

echo "[entrypoint] Waiting for Logto to be ready..."
for i in $(seq 1 120); do
  if node -e "require('http').get('http://localhost:3001/oidc/.well-known/openid-configuration', r => process.exit(r.statusCode === 200 ? 0 : 1)).on('error', () => process.exit(1))" 2>/dev/null; then
    echo "[entrypoint] Logto is ready."
    break
  fi
  if [ "$i" -eq 120 ]; then
    echo "[entrypoint] ERROR: Logto not ready after 120s"
    exit 1
  fi
  sleep 1
done

# Run bootstrap — use localhost endpoints, skip Host headers (BOOTSTRAP_LOCAL flag)
# PUBLIC_HOST and PUBLIC_PROTOCOL stay real for redirect URI generation
BOOTSTRAP_FILE="/data/logto-bootstrap.json"
export LOGTO_ENDPOINT="http://localhost:3001"
export LOGTO_ADMIN_ENDPOINT="http://localhost:3002"
export BOOTSTRAP_LOCAL="true"

if [ -f "$BOOTSTRAP_FILE" ]; then
  CACHED_SECRET=$(jq -r '.m2mClientSecret // empty' "$BOOTSTRAP_FILE" 2>/dev/null)
  CACHED_SPA=$(jq -r '.spaClientId // empty' "$BOOTSTRAP_FILE" 2>/dev/null)
  if [ -n "$CACHED_SECRET" ] && [ -n "$CACHED_SPA" ]; then
    echo "[entrypoint] Bootstrap already complete."
  else
    echo "[entrypoint] Incomplete bootstrap found, re-running..."
    /scripts/logto-bootstrap.sh
  fi
else
  echo "[entrypoint] Running bootstrap..."
  /scripts/logto-bootstrap.sh
fi

# Restart Logto with real public endpoints
echo "[entrypoint] Bootstrap done. Restarting Logto with public endpoints..."
kill $LOGTO_PID 2>/dev/null || true
wait $LOGTO_PID 2>/dev/null || true

export ENDPOINT="$REAL_ENDPOINT"
export ADMIN_ENDPOINT="$REAL_ADMIN_ENDPOINT"

echo "[entrypoint] Starting Logto (production mode)..."
exec npm start