homeserver/opt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

configure sso in seafile

Browse Source
This commit is contained in:
Rik Veenboer
2024-12-01 17:51:36 +01:00
parent 3dab583d01
commit b99c70072c
4 changed files with 38 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
caddy/Caddyfile
View File

@@ -36,7 +36,6 @@
import unprotected jellyfin host:8097 import unprotected jellyfin host:8097
import unprotected authentik host:19000 import unprotected authentik host:19000
import unprotected jupyter host:9999
import unprotected grafana host:3333 import unprotected grafana host:3333
import unprotected pgadmin host:5050 import unprotected pgadmin host:5050
import unprotected homarr host:17575 import unprotected homarr host:17575
@@ -90,5 +89,6 @@ import protected dsmr host:8888
import protected transmission host:9091 import protected transmission host:9091
import protected droppy host:8989 import protected droppy host:8989
import protected filebrowser host:8002 import protected filebrowser host:8002
import protected jupyter host:9999
import sites/*.caddy import sites/*.caddy

1
caddy/sites/seafile.caddy
View File

@@ -4,4 +4,3 @@ seafile.rik.veenboer.xyz {
} }
reverse_proxy host:8082 reverse_proxy host:8082
} }

1
docker-compose.caddy.yml
View File

@@ -15,6 +15,7 @@ services:
restart: unless-stopped restart: unless-stopped
volumes: volumes:
- /opt/caddy/Caddyfile:/etc/caddy/Caddyfile - /opt/caddy/Caddyfile:/etc/caddy/Caddyfile
- /opt/caddy/sites:/etc/caddy/sites
- /opt/caddy/data:/data/caddy - /opt/caddy/data:/data/caddy
- /opt/caddy/logs:/var/log - /opt/caddy/logs:/var/log
extra_hosts: extra_hosts:

38
seafile/server/seafile/conf/seahub_settings.py
View File

@@ -1,7 +1,9 @@
SECRET_KEY = "e$3$hp7u@1ba25kxxa46a7q+bc*3dfulsxhyq+nmap1f@me78$" SECRET_KEY = "e$3$hp7u@1ba25kxxa46a7q+bc*3dfulsxhyq+nmap1f@me78$"
SERVICE_URL = "https://seafile.rik.veenboer.xyz"
DOMAIN = "seafile.rik.veenboer.xyz"
SERVICE_URL = f"https://{DOMAIN}"
CSRF_TRUSTED_ORIGINS = [SERVICE_URL] CSRF_TRUSTED_ORIGINS = [SERVICE_URL]
DEBUG = False DEBUG = True
TIME_ZONE = 'Europe/Amsterdam' TIME_ZONE = 'Europe/Amsterdam'
DATABASES = { DATABASES = {
'default': { 'default': {
@@ -14,3 +16,35 @@ DATABASES = {
'OPTIONS': {'charset': 'utf8mb4'}, 'OPTIONS': {'charset': 'utf8mb4'},
} }
} }
ENABLE_OAUTH = True
# If create new user when he/she logs in Seafile for the first time, defalut `True`.
OAUTH_CREATE_UNKNOWN_USER = True
# If active new user when he/she logs in Seafile for the first time, defalut `True`.
OAUTH_ACTIVATE_USER_AFTER_CREATION = True
# Usually OAuth works through SSL layer. If your server is not parametrized to allow HTTPS, some method will raise an "oauthlib.oauth2.rfc6749.errors.InsecureTransportError". Set this to `True` to avoid this error.
OAUTH_ENABLE_INSECURE_TRANSPORT = False
# Client id/secret generated by authorization server when you register your client application.
OAUTH_CLIENT_ID = "ppPkXbiyxpYKOlHdKHNM69HlzrKBz1DB9eTgvfgh"
OAUTH_CLIENT_SECRET = "G1F5UwQyMDFSZpo8OjMLdU7TbMniWzNDJqjGHsGo1Yr03MOMM5uAw4gHLRMdxM72DLZUWWgSllEOkHk8ifBH7FVhlNw9zwc5LNOFIoXzMNZAuaJhLDlWPjWrfMCiosNT"
# Callback url when user authentication succeeded. Note, the redirect url you input when you register your client application MUST be exactly the same as this value.
OAUTH_REDIRECT_URL = f"{SERVICE_URL}/oauth/callback/"
# The following should NOT be changed if you are using Github as OAuth provider.
OAUTH_PROVIDER_DOMAIN = 'authentik.rik.veenboer.xyz'
OAUTH_AUTHORIZATION_URL = f'https://{OAUTH_PROVIDER_DOMAIN}/application/o/authorize/'
OAUTH_TOKEN_URL = f'https://{OAUTH_PROVIDER_DOMAIN}/application/o/token/'
OAUTH_USER_INFO_URL = f'https://{OAUTH_PROVIDER_DOMAIN}/application/o/userinfo/'
# OAUTH_SCOPE = ["openid", "profile", "email", "seafile"]
OAUTH_SCOPE = ["profile", "seafile"]
OAUTH_ATTRIBUTE_MAP = {
"seafile_id": (True, "email"),
"seafile_email": (False, "contact_email"),
"name": (False, "name"),
}