diff --git a/config/traefik/dynamic/tls.yml b/config/traefik/dynamic/tls.yml index 42fcfd4..4c17c69 100644 --- a/config/traefik/dynamic/tls.yml +++ b/config/traefik/dynamic/tls.yml @@ -1,2 +1,11 @@ -# TLS-Konfiguration deaktiviert fuer Alpha/Dev (IP-basierter HTTP-Zugang). -# Wird reaktiviert wenn DNS + HTTPS eingerichtet wird. +# TLS-Konfiguration fuer HTTPS (Self-Signed fuer Dev/Alpha) +# Benötigt fuer Microsoft Entra ID SSO Callback (Azure erfordert HTTPS Redirect URIs) +tls: + stores: + default: + defaultCertificate: + certFile: /certs/server.crt + keyFile: /certs/server.key + certificates: + - certFile: /certs/server.crt + keyFile: /certs/server.key diff --git a/docker-compose.yml b/docker-compose.yml index 60ebf4d..6444cf0 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -45,8 +45,9 @@ services: # API & Dashboard - "--api.dashboard=true" - "--api.insecure=true" - # Entrypoints (nur HTTP fuer Alpha/Dev mit IP-Zugang) + # Entrypoints - "--entrypoints.web.address=:80" + - "--entrypoints.websecure.address=:443" # Docker Provider - "--providers.docker=true" - "--providers.docker.exposedbydefault=false" @@ -66,6 +67,7 @@ services: - "--entrypoints.metrics.address=:8082" ports: - "80:80" + - "443:443" # HTTPS (benötigt für SSO Callback) - "8080:8080" # Dashboard (nur intern) volumes: - /var/run/docker.sock:/var/run/docker.sock:ro @@ -266,6 +268,12 @@ services: - "traefik.http.routers.core-api.rule=Host(`172.20.10.59`) && PathPrefix(`/api`)" - "traefik.http.routers.core-api.entrypoints=web" - "traefik.http.routers.core-api.service=core-api" + # HTTPS Router fuer SSO Callback + - "traefik.http.routers.core-api-secure.rule=Host(`172.20.10.59`) && PathPrefix(`/api`)" + - "traefik.http.routers.core-api-secure.entrypoints=websecure" + - "traefik.http.routers.core-api-secure.service=core-api" + - "traefik.http.routers.core-api-secure.tls=true" + - "traefik.http.routers.core-api-secure.middlewares=api-ratelimit" - "traefik.http.services.core-api.loadbalancer.server.port=3000" # Health-Endpunkt (ohne Auth) - "traefik.http.routers.core-health.rule=Host(`172.20.10.59`) && Path(`/health`)" @@ -301,6 +309,12 @@ services: - "traefik.http.routers.frontend.entrypoints=web" - "traefik.http.routers.frontend.service=frontend" - "traefik.http.routers.frontend.priority=1" + # HTTPS Frontend Router + - "traefik.http.routers.frontend-secure.rule=Host(`172.20.10.59`)" + - "traefik.http.routers.frontend-secure.entrypoints=websecure" + - "traefik.http.routers.frontend-secure.service=frontend" + - "traefik.http.routers.frontend-secure.tls=true" + - "traefik.http.routers.frontend-secure.priority=1" - "traefik.http.services.frontend.loadbalancer.server.port=8080" healthcheck: test: ["CMD-SHELL", "wget -qO- http://localhost:8080/ || exit 1"] diff --git a/docs/Stand.md b/docs/Stand.md new file mode 100644 index 0000000..e69de29 diff --git a/docs/lexware_office.md b/docs/lexware_office.md new file mode 100644 index 0000000..2ff9376 --- /dev/null +++ b/docs/lexware_office.md @@ -0,0 +1 @@ +API Key: jRDQJzRkDy896VabAjpougl3evlrAtV5ZFJZeBJY.J2doohK \ No newline at end of file diff --git a/packages/core-service/src/core/auth/sso/entra-id.service.ts b/packages/core-service/src/core/auth/sso/entra-id.service.ts index 26606f5..b105c70 100644 --- a/packages/core-service/src/core/auth/sso/entra-id.service.ts +++ b/packages/core-service/src/core/auth/sso/entra-id.service.ts @@ -90,7 +90,7 @@ export class EntraIdService implements OnModuleInit { clientSecret, redirectUri: redirectUri || - 'http://localhost/api/v1/auth/sso/microsoft/callback', + 'https://localhost/api/v1/auth/sso/microsoft/callback', }); this.logger.log( 'Microsoft Entra ID SSO aus Umgebungsvariablen initialisiert', @@ -190,7 +190,7 @@ export class EntraIdService implements OnModuleInit { clientId, redirectUri: redirectUri || - 'http://localhost/api/v1/auth/sso/microsoft/callback', + 'https://localhost/api/v1/auth/sso/microsoft/callback', clientSecretMasked: this.maskSecret(clientSecret), }; }