davrot/HajTex_living_with_keycloak
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
HajTex_living_with_keycloak/docker/compose/scp_git_bridge/README.md

157 lines
2.8 KiB
Markdown
Raw Permalink Normal View History

Backup 30.12.2024
2024-12-30 02:50:43 +01:00
If the user logs in via git (in the moment on port 993, please don't forget to allow port 993 via ufw allow 993), the projects for that user are automatically updated.
Every 5 minutes, cron checks the userdata base of overleaf and new user from the database are created.
## Get the ssh keys for a user
```
git clone ssh://[USERNAME]@[FQDN]:[PORT]/sshkey.git
```
e.g.
```
git clone ssh://davrot@uni-bremen.de@psintern.neuro.uni-bremen.de:993/sshkey.git
```
## Get the project list for a user
```
git clone ssh://[USERNAME]@[FQDN]:[PORT]/projects.git
```
e.g.
```
git clone ssh://davrot@uni-bremen.de@psintern.neuro.uni-bremen.de:993/projects.git
```
## Get a project
```
git clone ssh://[USERNAME]@[FQDN]:[PORT]/[PROJECT_ID].git
```
e.g.
```
git clone ssh://davrot@uni-bremen.de@psintern.neuro.uni-bremen.de:993/6759fdf66ca7b8bc5b81b184.git
```
On the one side this backup container communicates with the user via git and with the overleaf server via docker socket.
Don't forget the crontab entry for host:
```
# m h dom mon dow command
*/5 * * * * sh /docker/compose/hajtex_sshd/exec_update_userlist.sh
```
Otherwise, login will fail without the user directories. You can also run it manually:
```
sh /docker/compose/hajtex_sshd/exec_update_userlist.sh
```
# Port 993
If you don't like port 993 you can change the compose.yaml
```
ports:
- 993:22
```
accordingly. But don't forget you firewall:
```
ufw allow 993:22
```
# ssh / scp / git-shell authentification against KeyCloak
## Create the client in keycloak:
```
urn:ietf:wg:oauth:2.0:oob
```
![A](01.png)
---
![B](02.png)
---
![C](03.png)
---
## Update files/config.toml
Change clientsecret and the endpoint.
```
realm = "master"
endpoint = "https://psintern.neuro.uni-bremen.de/sso/"
clientid = "linux-ssh"
clientsecret = "REDACTED"
clientscope = "openid"
```
## Create image:
```
>> make_image.sh
```
## Change the name of the HajTex server container:
Default is "/overleafserver"
If your installation is different then change in the files download_files.py, auth_against_docker.py and update_userlist.py modifiy the line accordingly:
```
container_name: str = "/overleafserver",
```
# Files
* Dockerfile
Dockerfile for creating the container image
* compose.yaml
Compose file to start the container
* crontab_host.txt
This needs to be placed into the crontab of the host
* down.sh
For stoping the container
* exec.sh
For entering the container for an interactive session
* init.sh
Init script that is ran during starting the container. The make_image.sh places it into the container.
* logs.sh
Shows the logs of the running container
* make_image.sh
Needs to be run for generating the container image
* exec_update_userlist.sh
Is run by the cron to update the user basis in the container based on the overleaf user database
Reference in a new issue Copy permalink