search

casdoor / casdoor

An open-source UI-first Identity and Access Management (IAM) / Single-Sign-On (SSO) platform with web UI supporting OAuth 2.0, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, RADIUS, Google Workspace, Active Directory and Kerberos
https://casdoor.org
Apache License 2.0
9.2k stars 1.09k forks source link

Passing docker password stored in a secret as File #2970

Closed yashodhank closed 4 weeks ago

yashodhank commented 1 month ago
  1. How can I pass a Docker password stored in a secret in this situation?
  2. Do we need to match the env vars exactly as mentioned in conf/app.conf to work as The conf/app.conf file is the configuration file for Casdoor, and it contains all the necessary environment variables that are required for Casdoor to run.

Example:

CASDOOR_DB_PASS_FILE=/run/secrets/mariadb_root_password

compose.yml I am working with as follows

services:
  casdoor:
    container_name: casdoor
    image: casbin/casdoor:latest
    user: root
    # security_opt:
    #   - no-new-privileges:true
    restart: unless-stopped
    profiles: ["core", "idp", "all"]
    networks:
      t3_proxy:
        ipv4_address: 192.168.90.245 # You can specify a static IP
    volumes:
      # - $DOCKERDIR/appdata/casdoor/conf:/conf
      # - $DOCKERDIR/appdata/casdoor/conf/app.conf:/conf/app.conf
      - $DOCKERDIR/logs/$HOSTNAME/casdoor/casdoor.log:/logs/casdoor.log
      - /etc/localtime:/etc/localtime:ro
      - /etc/timezone:/etc/timezone:ro
    environment:
      - TZ=$TZ
      # - driverName=sqlite
      # - dataSourceName="file:casdoor.db?cache=shared"
      # - dbName=casdoor
      # - runmode=prod
      # - httpport=8000
      - origin="https://idp.$DOMAINNAME_HS"
      - driverName=mysql
      - dataSourceName="root:123456@tcp(localhost:3306)/"
      - CASDOOR_DB_PORT=3306
      - CASDOOR_DB_NAME=casdoordb
      - CASDOOR_DB_USER=casdooruser
      - CASDOOR_DB_PASS_FILE=/run/secrets/mariadb_root_password
      - CASDOOR_PORT=8000
      - CASDOOR_LOG_FILE=/logs/casdoor.log
    secrets:
      - mariadb_root_password
    labels:
      - "traefik.enable=true"
      ## HTTP Routers
      - "traefik.http.routers.casdoor-rtr.entrypoints=websecure"
      - "traefik.http.routers.casdoor-rtr.rule=Host(`idp.$DOMAINNAME_HS`)"
      ## Middlewares
      - "traefik.http.routers.casdoor-rtr.middlewares=chain-no-auth@file"
      ## HTTP Services
      - "traefik.http.routers.casdoor-rtr.service=casdoor-svc"
      - "traefik.http.services.casdoor-svc.loadbalancer.server.port=8000"
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:8000/api/health"]
      interval: 30s
      timeout: 10s
      retries: 5
casbin-bot commented 1 month ago

@tangyang9464 @JalinWang @imp2002

hsluoyz commented 1 month ago

@yashodhank I don't know what you mean. The DB password should be contained in the DB conn string, specified in dataSourceName of the app.conf file