move to oauth login [skip ci]

This commit is contained in:
Sebastian Hugentobler 2022-03-14 10:02:16 +01:00
parent a28393fde1
commit ed3c1ff7c1
Signed by: shu
GPG Key ID: BB32CF3CA052C2F0
3 changed files with 35 additions and 21 deletions

View File

@ -1,4 +1,4 @@
[Roundcube](https://roundcube.net/) webmail interface with postgres backend.
[Roundcube](https://roundcube.net/) webmail interface with postgres backend and oauth login.
# Environment Variables
## DOMAINS
@ -39,29 +39,30 @@ Secret key for session secrets.
Encryption algorithm for session secrets.
## CARDDAV_PRESETS
Configured preset addressbooks are created for a user as they log in.
## OAUTH_PROVIDER_NAME
Name of the oauth provider on the roundcube login page.
For example:
```$prefs['Personal'] = array(
// required attributes
'name' => 'Personal',
// will be substituted for the roundcube username
'username' => '%u',
// will be substituted for the roundcube password
'password' => '%p',
// %u will be substituted for the CardDAV username
'url' => 'https://my.nextcloud.org/remote.php/dav/addressbooks/users/%u/contacts/',
## OAUTH_CLIENT_ID
Client id for oauth login.
'active' => true,
'readonly' => false,
'refresh_time' => '02:00:00',
## OAUTH_CLIENT_SECRET
Client secret for oauth login.
'fixed' => array( 'username' ),
'hide' => false,
);
## OAUTH_AUTH_URI
Auth uri for oauth login.
Example for keycloak: `https://example.com/realms/master/protocol/openid-connect/auth`
## OAUTH_TOKEN_URI
Token uri for oauth login.
Example for keycloak: `https://example.com/realms/master/protocol/openid-connect/token`
## OAUTH_IDENTITY_URI
Userinfo uri for oauth login.
Example for keycloak: `https://example.com/realms/master/protocol/openid-connect/userinfo`
```
# Ports
- 80

View File

@ -39,3 +39,15 @@ $config['plugins'] = array('archive', 'managesieve', 'zipdownload');
$config['spellcheck_engine'] = 'pspell';
$config['default_charset'] = 'UTF-8';
$config['oauth_provider'] = 'generic';
$config['oauth_provider_name'] = '{{getenv "OAUTH_PROVIDER_NAME"}}';
$config['oauth_client_id'] = '{{getenv "OAUTH_CLIENT_ID"}}';
$config['oauth_client_secret'] = '{{getenv "OAUTH_CLIENT_SECRET"}}';
$config['oauth_auth_uri'] = '{{getenv "OAUTH_AUTH_URI"}}';
$config['oauth_token_uri'] = '{{getenv "OAUTH_TOKEN_URI"}}';
$config['oauth_identity_uri'] = '{{getenv "OAUTH_IDENTITY_URI"}}';
$config['oauth_scope'] = 'email profile openid';
$config['oauth_auth_parameters'] = [];
$config['oauth_identity_fields'] = ['preferred_username'];
$config['oauth_login_redirect'] = true;

View File

@ -22,7 +22,7 @@ http {
{{range $domain := split (getenv "DOMAINS") ";"}}
server {
listen 8080;
listen 8080;
server_name {{ $domain }};
@ -48,6 +48,7 @@ http {
fastcgi_param PATH_INFO $path_info;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param HTTPS on;
fastcgi_param SERVER_PORT 443;
fastcgi_read_timeout 300;
fastcgi_pass php;
}