deploy code
This commit is contained in:
NishantRajputRN
@@ -0,0 +1,118 @@
|
||||
# Deploy on Ubuntu Server
|
||||
|
||||
Docker setup for **Authentik** (OIDC) + **React frontend** + **Node API**.
|
||||
|
||||
Docker host IP: `172.237.44.156`
|
||||
|
||||
## Architecture
|
||||
|
||||
```
|
||||
Browser
|
||||
├─► :80 web (React + nginx)
|
||||
├─► :3001 api (optional direct access)
|
||||
└─► :9000 Authentik (login / OIDC)
|
||||
```
|
||||
|
||||
## 1. Install Docker on Ubuntu
|
||||
|
||||
Copy the project to the server, then:
|
||||
|
||||
```bash
|
||||
cd deploy
|
||||
chmod +x install-ubuntu.sh start-authentik.sh
|
||||
sudo ./install-ubuntu.sh
|
||||
sudo usermod -aG docker $USER
|
||||
# Log out and SSH back in so docker runs without sudo
|
||||
```
|
||||
|
||||
## 2. Configure environment
|
||||
|
||||
```bash
|
||||
cd deploy
|
||||
cp .env.example .env
|
||||
nano .env
|
||||
```
|
||||
|
||||
Set at minimum:
|
||||
|
||||
| Variable | Example |
|
||||
|----------|---------|
|
||||
| `SERVER_HOST` | `172.237.44.156` |
|
||||
| `AUTHENTIK_HOST` | `http://172.237.44.156:9000` |
|
||||
| `PUBLIC_WEB_URL` | `http://172.237.44.156` |
|
||||
| `PUBLIC_API_URL` | `http://172.237.44.156` |
|
||||
| `OIDC_CLIENT_ID` | from Authentik provider (after step 4) |
|
||||
|
||||
## 3. Start Authentik
|
||||
|
||||
```bash
|
||||
chmod +x start-authentik.sh
|
||||
./start-authentik.sh
|
||||
```
|
||||
|
||||
Or manually:
|
||||
|
||||
```bash
|
||||
cp .env.authentik.example .env
|
||||
nano .env # set AUTHENTIK_HOST=http://YOUR_SERVER_IP:9000
|
||||
mkdir -p data certs custom-templates
|
||||
docker compose -f docker-compose.authentik.yml --env-file .env up -d
|
||||
```
|
||||
|
||||
Open `http://YOUR_SERVER_IP:9000` and create the admin account.
|
||||
|
||||
**Ubuntu firewall** (if UFW is enabled):
|
||||
|
||||
```bash
|
||||
sudo ufw allow 9000/tcp
|
||||
sudo ufw allow 80/tcp
|
||||
sudo ufw allow 3001/tcp
|
||||
```
|
||||
|
||||
**Azure / cloud:** open inbound ports 80, 9000 (and 3001 if needed) in the network security group.
|
||||
|
||||
## 4. Create OAuth app in Authentik
|
||||
|
||||
1. **Providers** → **OAuth2/OpenID Provider**
|
||||
- Client type: **Public**
|
||||
- Redirect URIs: `http://YOUR_SERVER_IP` (and `http://YOUR_SERVER_IP/`)
|
||||
- Scopes: `openid`, `profile`, `email`
|
||||
2. **Applications** → slug `oidc-demo`, link provider
|
||||
3. Copy **Client ID** → `OIDC_CLIENT_ID` in `deploy/.env`
|
||||
|
||||
## 5. Build and start the demo app
|
||||
|
||||
```bash
|
||||
docker compose --env-file .env up -d --build
|
||||
```
|
||||
|
||||
Verify:
|
||||
|
||||
```bash
|
||||
curl http://localhost/health # via nginx → api
|
||||
curl http://localhost:3001/health # api direct
|
||||
curl http://localhost:9000/if/flow/initial-setup/ # authentik (after setup)
|
||||
```
|
||||
|
||||
Open **http://YOUR_SERVER_IP** in a browser and sign in.
|
||||
|
||||
## Useful commands
|
||||
|
||||
```bash
|
||||
# Logs
|
||||
docker compose --env-file .env logs -f
|
||||
docker compose -f docker-compose.authentik.yml --env-file .env logs -f
|
||||
|
||||
# Stop
|
||||
docker compose --env-file .env down
|
||||
docker compose -f docker-compose.authentik.yml --env-file .env down
|
||||
|
||||
# Rebuild frontend after .env URL changes
|
||||
docker compose --env-file .env up -d --build web
|
||||
```
|
||||
|
||||
## Production notes
|
||||
|
||||
- Put **HTTPS** in front (Caddy, nginx, or Traefik) and set `AUTHENTIK_HOST` / `PUBLIC_WEB_URL` to `https://…`
|
||||
- Set Authentik redirect URIs to your HTTPS frontend URL
|
||||
- Do not commit `deploy/.env` (secrets)
|
||||
Reference in New Issue
Block a user