|
|
|
#!/bin/bash
|
|
|
|
die() { echo >&2 "$@" ; exit 1 ; }
|
|
|
|
|
|
|
|
DIRNAME="$(dirname $0)"
|
|
|
|
cd "$DIRNAME"
|
|
|
|
source ../env.production || die "no top levle env?"
|
|
|
|
source env.production || die "no local env?"
|
|
|
|
|
|
|
|
docker-compose down
|
|
|
|
|
|
|
|
# regenerate the client secrets
|
|
|
|
CLIENT_SECRET="$(openssl rand -hex 20)"
|
|
|
|
SESSION_SECRET="$(openssl rand -hex 20)"
|
|
|
|
|
|
|
|
rm -f env.secrets
|
|
|
|
cat <<EOF > env.secrets
|
|
|
|
CMD_OAUTH2_CLIENT_SECRET=$CLIENT_SECRET
|
|
|
|
CMD_SESSION_SECRET=$SESSION_SECRET
|
|
|
|
EOF
|
|
|
|
|
|
|
|
../keycloak/client-delete hedgedoc
|
|
|
|
|
|
|
|
../keycloak/client-create <<EOF || die "unable to create hedgedoc client"
|
|
|
|
{
|
|
|
|
"clientId": "hedgedoc",
|
|
|
|
"rootUrl": "https://$HEDGEDOC_HOSTNAME",
|
|
|
|
"adminUrl": "https://$HEDGEDOC_HOSTNAME",
|
|
|
|
"redirectUris": [ "https://$HEDGEDOC_HOSTNAME/*" ],
|
|
|
|
"webOrigins": [ "https://$HEDGEDOC_HOSTNAME" ],
|
|
|
|
"clientAuthenticatorType": "client-secret",
|
|
|
|
"secret": "$CLIENT_SECRET",
|
|
|
|
"defaultClientScopes": [
|
|
|
|
"web-origins",
|
|
|
|
"acr",
|
|
|
|
"profile",
|
|
|
|
"roles",
|
|
|
|
"id",
|
|
|
|
"email"
|
|
|
|
],
|
|
|
|
"optionalClientScopes": [
|
|
|
|
"address",
|
|
|
|
"phone",
|
|
|
|
"offline_access",
|
|
|
|
"microprofile-jwt"
|
|
|
|
]
|
|
|
|
}
|
|
|
|
EOF
|
|
|
|
|
|
|
|
|
|
|
|
docker-compose up -d || die "unable to start container"
|