crowetic/Qortal-Nextcloud-Integration
1
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
Qortal-Nextcloud-Integration/docs/devprod-ssl.md
T

143 lines
3.0 KiB
Markdown
Raw Permalink Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# Dev-Production SSL Stack
This stack mirrors the local dev environment, but adds HTTPS via Caddy.
## Files
- `docker-compose.devprod.yml`
- `docker-compose.devprod.nossl.yml`
- `.env.devprod.example`
- `deploy/Caddyfile.devprod`
## Setup
1. Copy env and edit:
```bash
cp .env.devprod.example .env.devprod
```
Or run the helper script:
```bash
./start-devprod.sh
```
The script can also set the Nextcloud trusted domain for you. If you skip it, run:
```bash
make trust-domain-devprod-nossl domain=cloud.example.com
```
The helper scripts also ensure:
- `BROKER_INTERNAL_API_TOKEN` is present (auto-generated if missing)
- `BROKER_CORS_ALLOWED_ORIGINS` defaults to `NEXTCLOUD_PUBLIC_URL` when empty
2. Set domains:
```
NEXTCLOUD_DOMAIN=cloud.example.com
BROKER_DOMAIN=qortalbroker.example.com
```
3. Start the stack:
```bash
make up-devprod
```
4. Install the OIDC app (if needed):
```bash
make install-oidc-devprod
```
5. Configure `user_oidc` provider (example):
```bash
make occ-devprod cmd="user_oidc:provider qortal -c nextcloud-local -s dev-secret -d https://qortalbroker.example.com/.well-known/openid-configuration --scope='openid profile email' --mapping-uid=sub --mapping-display-name=name --mapping-email=email"
```
6. Rebuild/recreate after env changes:
```bash
./recreate-devprod.sh
```
This script now also disables/enables the `qortal_integration` app to refresh assets.
## Notes
- For **public domains**, leave `CADDY_TLS` empty so Caddy uses Let's Encrypt.
- For **local testing**, set:
```
CADDY_TLS=tls internal
```
- To avoid port conflicts (e.g. local Caddy already on 443), override:
```
CADDY_HTTP_PORT=8081
CADDY_HTTPS_PORT=8443
```
- For local TLS, you must trust the Caddy local CA cert.
- If you have an external proxy handling TLS, use the **no-SSL** stack:
```
make up-devprod-nossl
```
Then proxy to:
- Nextcloud: `http://127.0.0.1:${DEVPROD_HTTP_PORT}`
- Broker: `http://127.0.0.1:${DEVPROD_BROKER_PORT}`
- Optional Qortal node API/gateway: `http://127.0.0.1:${QORTAL_NODE_API_HOST_PORT}` and internal gateway on `8080` via template configs in `deploy/templates/proxy/`
Make sure your proxy sets `X-Forwarded-Proto: https` to avoid redirect loops.
## External Auth container (optional)
To run the External Auth container alongside the stack, set the profile:
```bash
COMPOSE_PROFILES=external-auth make up-devprod-nossl
```
Then set:
```
QORTAL_EXTERNAL_AUTH_BASE_URL=http://external_auth:3191
```
When using the no-SSL stack, update:
```
PUBLIC_HTTPS_PORT=443
```
- If `app:install user_oidc` fails with a permissions error, run:
```bash
make fix-apps-perms-devprod
```
- If you created `.env.devprod` before we added optional OIDC env keys, add:
```
OIDC_LOGIN_LOGO_URL=
OIDC_PRIVATE_KEY_PEM=
OIDC_KEY_ID=
```
## Trusted domain helper
If you see "untrusted domain" errors in Nextcloud, run:
```bash
make trust-domain-devprod-nossl
```
- Broker should be reachable by both Nextcloud and the users browser.
- If `user_oidc` refuses HTTP, ensure `NEXTCLOUD_TRUSTED_DOMAINS` includes your domain.
Reference in New Issue View Git Blame Copy Permalink