parent
6d3cf7a4d6
commit
84edb86a34
@ -1,9 +1,9 @@ |
||||
# gitea |
||||
|
||||
OpenID setup doesn't work out of the box. The open id provider must be configured: |
||||
After the `setup` script has run, the website *still* requires a click to finish the installation. |
||||
Once that is done it will break since the OpenID login has not yet been configured. Run this to |
||||
fix it. |
||||
|
||||
* Authentication name: `keycloak` |
||||
* OAuth2 Provider: `OpenID Connect` |
||||
* Client key: `gitea` |
||||
* Client secret: (copy from `../data/gitea/env.secrets`) |
||||
* Discovery URL: https://login.hackerspace.zone/realms/hackerspace/.well-known/openid-configuration |
||||
``` |
||||
./add-auth |
||||
``` |
||||
|
@ -0,0 +1,66 @@ |
||||
#!/bin/bash |
||||
# run this *after* initializing the database by clicking on the ok |
||||
# issue filed https://github.com/go-gitea/gitea/issues/19616 |
||||
source ../env.production |
||||
source ./env.production |
||||
source ../data/gitea/env.secrets |
||||
|
||||
|
||||
true || curl "https://${GITEA_HOSTNAME}/" \ |
||||
-v \ |
||||
-X POST \ |
||||
-H 'Origin: null' \ |
||||
-H 'Connection: keep-alive' \ |
||||
-H 'Upgrade-Insecure-Requests: 1' \ |
||||
-H 'Sec-Fetch-Dest: document' \ |
||||
-H 'Sec-Fetch-Mode: navigate' \ |
||||
-H 'Sec-Fetch-Site: same-origin' \ |
||||
-H 'Sec-Fetch-User: ?1' \ |
||||
-H 'TE: trailers' \ |
||||
-H 'Cookie: i_like_gitea=ac81483e536b3641' \ |
||||
-F "db_type=postgres" \ |
||||
-F "db_host=db:5432" \ |
||||
-F "db_user=gitea" \ |
||||
-F "db_passwd=gitea" \ |
||||
-F "db_name=gitea" \ |
||||
-F "ssl_mode=disable" \ |
||||
-F "db_schema=" \ |
||||
-F "charset=utf8" \ |
||||
-F "db_path=/data/gitea/gitea.db" \ |
||||
-F "app_name=${REALM} Gitea" \ |
||||
-F "repo_root_path=/data/git/repositories" \ |
||||
-F "lfs_root_path=/data/git/lfs" \ |
||||
-F "run_user=git" \ |
||||
-F "domain=${GITEA_HOSTNAME}" \ |
||||
-F "ssh_port=22" \ |
||||
-F "http_port=3000" \ |
||||
-F "app_url=https://${GITEA_HOSTNAME}/" \ |
||||
-F "log_root_path=/data/gitea/log" \ |
||||
-F "smtp_host=" \ |
||||
-F "smtp_from=" \ |
||||
-F "smtp_user=" \ |
||||
-F "smtp_passwd=" \ |
||||
-F "enable_federated_avatar=on" \ |
||||
-F "enable_open_id_sign_in=on" \ |
||||
-F "allow_only_external_registration=on" \ |
||||
-F "default_allow_create_organization=on" \ |
||||
-F "default_enable_timetracking=on" \ |
||||
-F "no_reply_address=noreply.${GITEA_HOSTNAME}" \ |
||||
-F "password_algorithm=pbkdf2" \ |
||||
-F "admin_name=root" \ |
||||
-F "admin_passwd=${GITEA_ADMIN_PASSWORD}" \ |
||||
-F "admin_confirm_passwd=${GITEA_ADMIN_PASSWORD}" \ |
||||
-F "admin_email=" \ |
||||
|| die "unable to initiate install" |
||||
|
||||
|
||||
docker-compose exec -u git gitea \ |
||||
gitea admin auth add-oauth \ |
||||
--name "keycloak" \ |
||||
--provider "openidConnect" \ |
||||
--key "gitea" \ |
||||
--secret "$GITEA_CLIENT_SECRET" \ |
||||
--auto-discover-url "https://${KEYCLOAK_HOSTNAME}/realms/${REALM}/.well-known/openid-configuration" \ |
||||
--group-claim-name "groups" \ |
||||
--admin-group "admin" \ |
||||
|| die "unable to add oauth interface" |
Loading…
Reference in new issue