Add files via upload

sso_test_server/authentik/add_key.sh

@@ -0,0 +1,2 @@
+echo "AUTHENTIK_SECRET_KEY=$(openssl rand 60 | base64 -w 0)" >> .env
+

sso_test_server/authentik/compose.yaml

@@ -0,0 +1,78 @@
+services:
+  authentikserver:
+    image: "ghcr.io/goauthentik/server:2024.6.1"
+    container_name: authentikserver
+    hostname: authentikserver
+    restart: always
+
+    command: server
+
+    volumes:
+      - authentik_media:/media
+      - authentik_custom_templates:/templates
+      - /var/run/docker.sock:/var/run/docker.sock
+
+    ports:
+      - 9000:9000
+      - 9443:9443
+
+    environment:
+      AUTHENTIK_REDIS__HOST: authentikredis
+      AUTHENTIK_POSTGRESQL__HOST: authentikpostgres
+      AUTHENTIK_POSTGRESQL__USER: authentik
+      AUTHENTIK_POSTGRESQL__NAME: authentik
+      AUTHENTIK_POSTGRESQL__PASSWORD: ${ROOT_PASSWORD}
+      AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY}
+      AUTHENTIK_EMAIL__HOST: "overleafsmtpd"
+      AUTHENTIK_EMAIL__PORT: "25"
+      AUTHENTIK_EMAIL__USE_TLS: "false"
+      AUTHENTIK_EMAIL__USE_SSL: "false"
+      # AUTHENTIK_EMAIL__TIMEOUT: 10
+      AUTHENTIK_EMAIL__FROM: "overleaf@neuro.uni-bremen.de"
+      AUTHENTIK_ERROR_REPORTING__ENABLED: "true"
+    networks:
+      - overleaf-network
+
+  authentikworker:
+    image: "ghcr.io/goauthentik/server:2024.6.1"
+    container_name: authentikworker
+    hostname: authentikworker
+    restart: always
+
+    command: worker
+
+    volumes:
+      - authentik_media:/media
+      - authentik_custom_templates:/templates
+      - authentik_certs:/certs
+      - /var/run/docker.sock:/var/run/docker.sock
+
+    environment:
+      AUTHENTIK_REDIS__HOST: authentikredis
+      AUTHENTIK_POSTGRESQL__HOST: authentikpostgres
+      AUTHENTIK_POSTGRESQL__USER: authentik
+      AUTHENTIK_POSTGRESQL__NAME: authentik
+      AUTHENTIK_POSTGRESQL__PASSWORD: ${ROOT_PASSWORD}
+      AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY}
+      AUTHENTIK_EMAIL__HOST: "overleafsmtpd"
+      AUTHENTIK_EMAIL__PORT: "25"
+      AUTHENTIK_EMAIL__USE_TLS: "false"
+      AUTHENTIK_EMAIL__USE_SSL: "false"
+      # AUTHENTIK_EMAIL__TIMEOUT: 10
+      AUTHENTIK_EMAIL__FROM: "overleaf@neuro.uni-bremen.de"
+      AUTHENTIK_ERROR_REPORTING__ENABLED: "true"
+
+    networks:
+      - overleaf-network
+
+    user: root
+
+volumes:
+  authentik_media:
+  authentik_custom_templates:
+  authentik_certs:
+
+networks:
+  overleaf-network:
+    external: true
+

sso_test_server/authentik/down.sh

@@ -0,0 +1,2 @@
+docker compose down
+

sso_test_server/authentik/logs.sh

@@ -0,0 +1,2 @@
+docker compose logs -f
+

sso_test_server/authentik/test_email.txt

@@ -0,0 +1,3 @@
+docker exec -it authentikworker bash
+ak test_email <to address>
+

sso_test_server/authentik/up.sh

@@ -0,0 +1,2 @@
+docker compose up -d
+

sso_test_server/authentiknginx/compose.yaml

@@ -0,0 +1,23 @@
+services:
+  authentiknginx:
+    image: nginx:stable-alpine
+    container_name: authentiknginx
+    hostname: authentiknginx
+    restart: always
+    volumes:
+      - "/root/overleafnginx/key.pem:/certs/nginx_key.pem:ro"
+      - "/root/overleafnginx/ca.pem:/certs/nginx_certificate.pem:ro"
+      - "/root/sso_test_server/authentiknginx/nginx.conf:/etc/nginx/nginx.conf:ro"
+    ports:
+      - "0.0.0.0:444:444"
+      - "0.0.0.0:81:81"
+    environment:
+      NGINX_WORKER_PROCESSES: "4"
+      NGINX_WORKER_CONNECTIONS: "768"
+    networks:
+      - overleaf-network
+
+networks:
+  overleaf-network:
+    external: true
+

sso_test_server/authentiknginx/dont_forget_firewall.sh

@@ -0,0 +1 @@
+ufw allow 444

sso_test_server/authentiknginx/down.sh

@@ -0,0 +1,2 @@
+docker compose down
+

sso_test_server/authentiknginx/logs.sh

@@ -0,0 +1,2 @@
+docker compose logs -f
+

sso_test_server/authentiknginx/nginx.conf

@@ -0,0 +1,33 @@
+          events {}
+          http {
+            server {
+              listen 81 default_server;
+              server_name _;
+              return 301 https://$host$request_uri;
+            }
+            server {
+              listen 444 ssl;
+              ssl_certificate      /certs/nginx_certificate.pem;
+              ssl_certificate_key  /certs/nginx_key.pem;
+              ssl_protocols               TLSv1 TLSv1.1 TLSv1.2;
+              ssl_prefer_server_ciphers   on;
+              ssl_ciphers                 EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
+              add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
+              server_tokens off;
+              client_max_body_size 50M;
+	      server_name overleaf.neuro.uni-bremen.de;
+
+              location / {
+                proxy_pass https://authentikserver:9443;
+                proxy_set_header X-Forwarded-Proto $scheme;
+                proxy_http_version 1.1;
+                proxy_set_header Upgrade $http_upgrade;
+                proxy_set_header Connection "upgrade";
+                proxy_set_header Host $http_host;
+                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+                proxy_read_timeout 3m;
+                proxy_send_timeout 3m;
+              }
+            }
+          }
+

sso_test_server/authentiknginx/up.sh

@@ -0,0 +1,2 @@
+docker compose up -d
+

sso_test_server/authentikpostgresql/compose.yaml

@@ -0,0 +1,32 @@
+services:
+  authentikpostgres:
+    image: "postgres:12-alpine"
+    container_name: "authentikpostgres"
+    hostname: "authentikpostgres"
+    restart: always
+    shm_size: 128mb
+    volumes:
+      - authentik_database:/var/lib/postgresql/data
+    ports:
+      - 6381:5432
+    environment:
+      POSTGRES_PASSWORD: ${ROOT_PASSWORD}
+      POSTGRES_USER: authentik
+      POSTGRES_DB: authentik
+    healthcheck:
+      test: ["CMD-SHELL", "sh -c 'pg_isready -U authentik -d authentik'"]
+      interval: 10s
+      timeout: 3s
+      retries: 3
+
+    networks:
+      - overleaf-network
+
+volumes:
+  authentik_database:
+
+
+networks:
+  overleaf-network:
+    external: true
+

sso_test_server/authentikpostgresql/down.sh

@@ -0,0 +1,2 @@
+docker compose down
+

sso_test_server/authentikpostgresql/logs.sh

@@ -0,0 +1,2 @@
+docker compose logs -f
+

sso_test_server/authentikpostgresql/up.sh

@@ -0,0 +1,2 @@
+docker compose up -d
+

sso_test_server/authentikredis/compose.yaml

@@ -0,0 +1,27 @@
+# docker network create overleaf-network
+services:
+  authentikredis:
+    image: "redis:alpine"
+    container_name: "authentikredis"
+    hostname: "authentikredis"
+    restart: always
+    healthcheck:
+      test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
+      start_period: 20s
+      interval: 30s
+      retries: 5
+      timeout: 3s
+    volumes:
+      - authentik_redis:/data
+    ports:
+      - 6380:6379
+    networks:
+      - overleaf-network
+
+volumes:
+  authentik_redis:
+
+networks:
+  overleaf-network:
+    external: true
+

sso_test_server/authentikredis/down.sh

@@ -0,0 +1,2 @@
+docker compose down
+

sso_test_server/authentikredis/logs.sh

@@ -0,0 +1,2 @@
+docker compose logs -f
+

sso_test_server/authentikredis/up.sh

@@ -0,0 +1,2 @@
+docker compose up -d
+

sso_test_server/nodejsdev/compose.yaml

@@ -0,0 +1,26 @@
+services:
+  nodejsdev:
+    image: "node:current-alpine"
+    container_name: nodejsdev
+    hostname: nodejsdev
+    restart: always
+    command: sleep infinity
+
+    ports:
+    - 3000:3000
+
+    volumes:
+      - nodejsdev_data:/data
+      - "/root/overleafnginx/key.pem:/certs/key.pem:ro"
+      - "/root/overleafnginx/ca.pem:/certs/certificate.pem:ro"
+
+    networks:
+      - overleaf-network
+
+volumes:
+  nodejsdev_data:
+
+networks:
+  overleaf-network:
+    external: true
+

sso_test_server/nodejsdev/down.sh

@@ -0,0 +1,2 @@
+docker compose down
+

sso_test_server/nodejsdev/logs.sh

@@ -0,0 +1,2 @@
+docker compose logs -f
+

sso_test_server/nodejsdev/up.sh

@@ -0,0 +1,2 @@
+docker compose up -d
+

sso_test_server/overleafsmtpd/compose.yaml

@@ -0,0 +1,30 @@
+# docker network create overleaf-network
+services:
+  overleafsmtpd:
+    image: wodby/opensmtpd
+    container_name: overleafsmtpd
+    hostname: overleafsmtpd
+    restart: always
+    volumes:
+      - /root/sso_test_server/overleafsmtpd/smtpd_pre.conf:/etc/gotpl/smtpd.conf.tmpl
+      - overleaf_smtpd:/var/spool/smtpd
+      - /var/run/docker.sock:/var/run/docker.sock
+    ports:
+      - 25:25
+    environment:
+      RELAY_HOST: "XXX"
+      RELAY_PROTO: "smtps"
+      RELAY_PORT: "XXX"
+      RELAY_USER: ${MAIL_USERNAME}
+      RELAY_PASSWORD: ${MAIL_PASSWORD}
+
+    networks:
+      - overleaf-network
+
+volumes:
+  overleaf_smtpd:
+
+networks:
+  overleaf-network:
+    external: true
+

sso_test_server/overleafsmtpd/down.sh

@@ -0,0 +1,2 @@
+docker compose down
+

sso_test_server/overleafsmtpd/logs.sh

@@ -0,0 +1,2 @@
+docker compose logs -f
+

sso_test_server/overleafsmtpd/smtpd_pre.conf

@@ -0,0 +1,14 @@
+listen on 0.0.0.0
+listen on ::
+
+table aliases file:/etc/smtpd/aliases
+
+queue ttl 4d
+bounce warn-interval 1h, 6h, 2d
+
+smtp max-message-size 35M
+
+table authinfo db:/etc/smtpd/authinfo.db
+action default relay host "smtps://user@mailhost.neurotec.uni-bremen.de:465" auth <authinfo> tls no-verify
+match from any for any action default
+

sso_test_server/overleafsmtpd/up.sh

@@ -0,0 +1,2 @@
+docker compose up -d
+