dc7ac3a1ec
Support separate auth domain (e.g. auth.cameleer.io) for Logto while
keeping the SaaS app on PUBLIC_HOST (e.g. app.cameleer.io). AUTH_HOST
defaults to PUBLIC_HOST for backward-compatible single-domain setups.
- Logto routing: Host(AUTH_HOST) replaces PathPrefix('/') catch-all
- Root redirect moved from traefik-dynamic.yml to Docker labels with
Host(PUBLIC_HOST) scope so it doesn't intercept auth domain
- Self-signed cert generates SANs for both domains
- Bootstrap Host header uses AUTH_HOST for Logto endpoint validation
- Spring issuer-uri and oidcissueruri use new authhost property
- Both installers (sh + ps1) prompt for AUTH_HOST in expert mode
Local dev: AUTH_HOST=auth.localhost (resolves to 127.0.0.1, no hosts file)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
65 lines
3.1 KiB
YAML
65 lines
3.1 KiB
YAML
server:
|
|
servlet:
|
|
context-path: /platform
|
|
|
|
spring:
|
|
application:
|
|
name: cameleer-saas
|
|
datasource:
|
|
url: ${SPRING_DATASOURCE_URL:jdbc:postgresql://cameleer-postgres:5432/cameleer_saas}
|
|
username: ${SPRING_DATASOURCE_USERNAME:cameleer}
|
|
password: ${SPRING_DATASOURCE_PASSWORD:cameleer_dev}
|
|
jpa:
|
|
open-in-view: false
|
|
hibernate:
|
|
ddl-auto: validate
|
|
flyway:
|
|
enabled: true
|
|
locations: classpath:db/migration
|
|
security:
|
|
oauth2:
|
|
resourceserver:
|
|
jwt:
|
|
issuer-uri: ${cameleer.saas.provisioning.publicprotocol:https}://${cameleer.saas.identity.authhost:localhost}/oidc
|
|
jwk-set-uri: ${cameleer.saas.identity.logtoendpoint:http://cameleer-logto:3001}/oidc/jwks
|
|
|
|
management:
|
|
endpoints:
|
|
web:
|
|
exposure:
|
|
include: health,info
|
|
endpoint:
|
|
health:
|
|
show-details: when-authorized
|
|
|
|
cameleer:
|
|
saas:
|
|
identity:
|
|
authhost: ${CAMELEER_SAAS_IDENTITY_AUTHHOST:${cameleer.saas.provisioning.publichost:localhost}}
|
|
logtoendpoint: ${CAMELEER_SAAS_IDENTITY_LOGTOENDPOINT:}
|
|
logtopublicendpoint: ${CAMELEER_SAAS_IDENTITY_LOGTOPUBLICENDPOINT:}
|
|
m2mclientid: ${CAMELEER_SAAS_IDENTITY_M2MCLIENTID:}
|
|
m2mclientsecret: ${CAMELEER_SAAS_IDENTITY_M2MCLIENTSECRET:}
|
|
spaclientid: ${CAMELEER_SAAS_IDENTITY_SPACLIENTID:}
|
|
audience: ${CAMELEER_SAAS_IDENTITY_AUDIENCE:https://api.cameleer.local}
|
|
serverendpoint: ${CAMELEER_SAAS_IDENTITY_SERVERENDPOINT:http://cameleer-server:8081}
|
|
provisioning:
|
|
serverimage: ${CAMELEER_SAAS_PROVISIONING_SERVERIMAGE:gitea.siegeln.net/cameleer/cameleer-server:latest}
|
|
serveruiimage: ${CAMELEER_SAAS_PROVISIONING_SERVERUIIMAGE:gitea.siegeln.net/cameleer/cameleer-server-ui:latest}
|
|
runtimebaseimage: ${CAMELEER_SAAS_PROVISIONING_RUNTIMEBASEIMAGE:gitea.siegeln.net/cameleer/cameleer-runtime-base:latest}
|
|
networkname: ${CAMELEER_SAAS_PROVISIONING_NETWORKNAME:cameleer-saas_cameleer}
|
|
traefiknetwork: ${CAMELEER_SAAS_PROVISIONING_TRAEFIKNETWORK:cameleer-traefik}
|
|
publichost: ${CAMELEER_SAAS_PROVISIONING_PUBLICHOST:localhost}
|
|
publicprotocol: ${CAMELEER_SAAS_PROVISIONING_PUBLICPROTOCOL:https}
|
|
datasourceurl: ${CAMELEER_SAAS_PROVISIONING_DATASOURCEURL:jdbc:postgresql://cameleer-postgres:5432/cameleer}
|
|
datasourceusername: ${CAMELEER_SAAS_PROVISIONING_DATASOURCEUSERNAME:${POSTGRES_USER:cameleer}}
|
|
datasourcepassword: ${CAMELEER_SAAS_PROVISIONING_DATASOURCEPASSWORD:${POSTGRES_PASSWORD:cameleer_dev}}
|
|
clickhouseurl: ${CAMELEER_SAAS_PROVISIONING_CLICKHOUSEURL:jdbc:clickhouse://cameleer-clickhouse:8123/cameleer}
|
|
clickhouseuser: ${CAMELEER_SAAS_PROVISIONING_CLICKHOUSEUSER:default}
|
|
clickhousepassword: ${CAMELEER_SAAS_PROVISIONING_CLICKHOUSEPASSWORD:${CLICKHOUSE_PASSWORD:cameleer_ch}}
|
|
oidcissueruri: ${cameleer.saas.provisioning.publicprotocol}://${cameleer.saas.identity.authhost}/oidc
|
|
oidcjwkseturi: http://cameleer-logto:3001/oidc/jwks
|
|
corsorigins: ${cameleer.saas.provisioning.publicprotocol}://${cameleer.saas.provisioning.publichost}
|
|
certs:
|
|
path: ${CAMELEER_SAAS_CERTS_PATH:/certs}
|