Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/technologiestiftung/grist-docker-compose

Docker-compose for grist
https://github.com/technologiestiftung/grist-docker-compose

Last synced: 30 days ago
JSON representation

Docker-compose for grist

Awesome Lists containing this project

README

        

![](https://img.shields.io/badge/Built%20with%20%E2%9D%A4%EF%B8%8F-at%20Technologiestiftung%20Berlin-blue)

[![All Contributors](https://img.shields.io/badge/all_contributors-2-orange.svg?style=flat-square)](#contributors-)

# grist-docker-compose

Docker-compose for grist

Instructions for integration with keycloak

## Prerequisites

Docker, Docker-compose

## Keycloak integration

After creating a Realm

1. Go to > Clients > Create
2. The **Client ID** in Keycloak should be `https:///saml/metadata.xml`. The type should be SAML
3. Save the new client
4. Set **Valid Redirect URIs** to `https:///*` and `https:///`
5. Go to **Fine Grain SAML Endpoint Configuration** and set **Logout Service Redirect Binding URL** to `https:///`
6. Save the settings
7. Switch to the tab "Mappers"
8. Click on **Add Builtin**
9. Add `X500 givenName`, `X500 email` and `X500 surname`

### How to copy keys and certificates

This part will require you to put together the key and cert files. Basically a copy/paste into the docker volume.

1. Go to the tab **Keys** and copy the contents into files called _key.pem_ and _cert.pem_
2. Go to **Realm Settings** > **General** tab and click on **SAML 2.0 Identity Provider Metadata**
3. Copy the contents of content of **ds:X509Certificate** into a file called idp.pem
4. Add to each file the PEM headers/footers:
- `-----BEGIN RSA PRIVATE KEY-----`/`-----END RSA PRIVATE KEY-----`
- `-----BEGIN CERTIFICATE-----`/`-----END CERTIFICATE-----`
5. Copy the files into the docker volume "saml". How you do that depends on your set up.
6. You should have key.pem, cert.pem and ipm.pem in the folder

## Example apache configuration

This configuration can be used to proxy grist through an apache server.

#
RewriteEngine on
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
RewriteRule ^/?(.*) "ws://localhost:11082/$1" [P,L]
#
ProxyPreserveHost On
ProxyRequests off
ProxyPass / http://localhost:11082/
ProxyPassReverse / http://localhost:11082/
RequestHeader set X-Forwarded-Proto https
Header set Access-Control-Allow-Origin "*"
#

## Credits



Made by








A project by








Supported by