gitadmin/INSIGHT-MVP
1
0
Fork 0
mirror of http://172.20.10.11:3000/gitadmin/INSIGHT-MVP.git synced 2026-06-25 00:16:41 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Update

Browse source
This commit is contained in:
Thomas Reitz 2026-03-11 10:21:14 +01:00
parent 5bc9aebf64
commit 833bc44acd
5 changed files with 29 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
config/traefik/dynamic/tls.yml
View file

@ -1,2 +1,11 @@
# TLS-Konfiguration deaktiviert fuer Alpha/Dev (IP-basierter HTTP-Zugang).
# Wird reaktiviert wenn DNS + HTTPS eingerichtet wird.
# TLS-Konfiguration fuer HTTPS (Self-Signed fuer Dev/Alpha)
# Benötigt fuer Microsoft Entra ID SSO Callback (Azure erfordert HTTPS Redirect URIs)
tls:
stores:
default:
defaultCertificate:
certFile: /certs/server.crt
keyFile: /certs/server.key
certificates:
- certFile: /certs/server.crt
keyFile: /certs/server.key

16
docker-compose.yml
View file

@ -45,8 +45,9 @@ services:
# API & Dashboard
- "--api.dashboard=true"
- "--api.insecure=true"
# Entrypoints (nur HTTP fuer Alpha/Dev mit IP-Zugang)
# Entrypoints
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
# Docker Provider
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
@ -66,6 +67,7 @@ services:
- "--entrypoints.metrics.address=:8082"
ports:
- "80:80"
- "443:443" # HTTPS (benötigt für SSO Callback)
- "8080:8080" # Dashboard (nur intern)
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
@ -266,6 +268,12 @@ services:
- "traefik.http.routers.core-api.rule=Host(`172.20.10.59`) && PathPrefix(`/api`)"
- "traefik.http.routers.core-api.entrypoints=web"
- "traefik.http.routers.core-api.service=core-api"
# HTTPS Router fuer SSO Callback
- "traefik.http.routers.core-api-secure.rule=Host(`172.20.10.59`) && PathPrefix(`/api`)"
- "traefik.http.routers.core-api-secure.entrypoints=websecure"
- "traefik.http.routers.core-api-secure.service=core-api"
- "traefik.http.routers.core-api-secure.tls=true"
- "traefik.http.routers.core-api-secure.middlewares=api-ratelimit"
- "traefik.http.services.core-api.loadbalancer.server.port=3000"
# Health-Endpunkt (ohne Auth)
- "traefik.http.routers.core-health.rule=Host(`172.20.10.59`) && Path(`/health`)"
@ -301,6 +309,12 @@ services:
- "traefik.http.routers.frontend.entrypoints=web"
- "traefik.http.routers.frontend.service=frontend"
- "traefik.http.routers.frontend.priority=1"
# HTTPS Frontend Router
- "traefik.http.routers.frontend-secure.rule=Host(`172.20.10.59`)"
- "traefik.http.routers.frontend-secure.entrypoints=websecure"
- "traefik.http.routers.frontend-secure.service=frontend"
- "traefik.http.routers.frontend-secure.tls=true"
- "traefik.http.routers.frontend-secure.priority=1"
- "traefik.http.services.frontend.loadbalancer.server.port=8080"
healthcheck:
test: ["CMD-SHELL", "wget -qO- http://localhost:8080/ || exit 1"]

0
docs/Stand.md Normal file
View file

1
docs/lexware_office.md Normal file
View file

@ -0,0 +1 @@
API Key: jRDQJzRkDy896VabAjpougl3evlrAtV5ZFJZeBJY.J2doohK

4
packages/core-service/src/core/auth/sso/entra-id.service.ts
View file

@ -90,7 +90,7 @@ export class EntraIdService implements OnModuleInit {
clientSecret,
redirectUri:
redirectUri ||
'http://localhost/api/v1/auth/sso/microsoft/callback',
'https://localhost/api/v1/auth/sso/microsoft/callback',
});
this.logger.log(
'Microsoft Entra ID SSO aus Umgebungsvariablen initialisiert',
@ -190,7 +190,7 @@ export class EntraIdService implements OnModuleInit {
clientId,
redirectUri:
redirectUri ||
'http://localhost/api/v1/auth/sso/microsoft/callback',
'https://localhost/api/v1/auth/sso/microsoft/callback',
clientSecretMasked: this.maskSecret(clientSecret),
};
}