From 23057702ae3daf024c4a074e26b31d145a0c719d Mon Sep 17 00:00:00 2001
From: admin <fakc445@gmail.com>
Date: Fri, 25 Jul 2025 02:43:29 +0300
Subject: [PATCH] basic config

---
 back                    |  2 +-
 config/hydra/hydra.yml  | 22 +++++++++++++++
 config/nginx/nginx.conf | 58 ++++++++++++++++++++++++++++++++++++++++
 docker-compose.yml      | 59 +++++++++++++++++++++++++++++++++++++++++
 4 files changed, 140 insertions(+), 1 deletion(-)
 create mode 100644 config/hydra/hydra.yml
 create mode 100644 config/nginx/nginx.conf
 create mode 100644 docker-compose.yml

diff --git a/back b/back
index 76151d2..61f3a53 160000
--- a/back
+++ b/back
@@ -1 +1 @@
-Subproject commit 76151d2ebcb678ee3ab44e15f1a5f306c3685c94
+Subproject commit 61f3a532ebbb72ba11280d3aca914aa321e661a9
diff --git a/config/hydra/hydra.yml b/config/hydra/hydra.yml
new file mode 100644
index 0000000..954027a
--- /dev/null
+++ b/config/hydra/hydra.yml
@@ -0,0 +1,22 @@
+serve:
+  cookies:
+    same_site_mode: Lax
+
+urls:
+  self:
+    issuer: http://127.0.0.1:4444
+  consent: http://id.logidex.ru/consent
+  login: http://id.logidex.ru/login
+  logout: http://id.logidex.ru/logout
+
+secrets:
+  system:
+    - youReallyNeedToChangeThis
+
+oidc:
+  subject_identifiers:
+    supported_types:
+      - pairwise
+      - public
+    pairwise:
+      salt: youReallyNeedToChangeThis
\ No newline at end of file
diff --git a/config/nginx/nginx.conf b/config/nginx/nginx.conf
new file mode 100644
index 0000000..441e2a9
--- /dev/null
+++ b/config/nginx/nginx.conf
@@ -0,0 +1,58 @@
+upstream hydra_public_api {
+        server hydra:4444;
+        server hydra:4444;
+}
+upstream hydra_admin_api {
+        server hydra:4445;
+        server hydra:4445;
+}
+upstream frontend {
+    server front:3000;
+    server front:3000;
+}
+
+server {
+    listen 80;
+    server_name oauth2.logidex.ru;
+    location ~ ^/(admin|clients|keys|health|metrics|version|oauth2/auth/requests|oauth2/introspect|oauth2/flush)/? {
+      set $allow 0;
+      if ($remote_addr ~* "172.28.0.*") {
+        set $allow 1;
+      }
+      if ($arg_secret = "CHANGE-ME-INSECURE-PASSWORD") {
+        set $allow 1;
+      }
+      if ($allow = 0) {
+        return 403;
+      }
+
+      proxy_pass http://hydra_admin_api;
+      proxy_redirect    off;
+      proxy_set_header  Host               $host;
+      proxy_set_header  X-Real-IP          $remote_addr;
+      proxy_set_header  X-Forwarded-For    $proxy_add_x_forwarded_for;
+      proxy_set_header  X-Forwarded-Proto  $http_x_forwarded_proto;
+    }
+
+    location ~ ^/(.well-known|oauth2/auth|oauth2/token|oauth2/sessions|oauth2/revoke|oauth2/fallbacks/consent|oauth2/fallbacks/error|userinfo)/? {
+          proxy_pass http://hydra_public_api;
+          proxy_redirect    off;
+          proxy_set_header  Host              $host;
+          proxy_set_header  X-Real-IP         $remote_addr;
+          proxy_set_header  X-Forwarded-For   $proxy_add_x_forwarded_for;
+          proxy_set_header  X-Forwarded-Proto $http_x_forwarded_proto;
+    }
+}
+
+server {
+    listen 80;
+    server_name id.logidex.ru;
+
+    location / {
+        proxy_pass http://frontend;
+        proxy_set_header Host $http_host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+}
\ No newline at end of file
diff --git a/docker-compose.yml b/docker-compose.yml
new file mode 100644
index 0000000..ea61563
--- /dev/null
+++ b/docker-compose.yml
@@ -0,0 +1,59 @@
+services:
+  hydra:
+    image: oryd/hydra:v2.3.0
+    command: serve -c /etc/config/hydra/hydra.yml all --dev
+    depends_on:
+      - hydra-migrate
+      - postgres
+    volumes:
+      - type: bind
+        source: ./config/hydra
+        target: /etc/config/hydra
+    networks:
+      - appnet
+    environment:
+      - DSN=postgres://hydra:secret@postgres:5432/hydra?sslmode=disable&max_conns=20&max_idle_conns=4
+  hydra-migrate:
+    image: oryd/hydra:v2.3.0
+    command: migrate -c /etc/config/hydra/hydra.yml sql up -e --yes
+    volumes:
+      - type: bind
+        source: ./config/hydra
+        target: /etc/config/hydra
+    networks:
+      - appnet
+    environment:
+      - DSN=postgres://hydra:secret@postgres:5432/hydra?sslmode=disable&max_conns=20&max_idle_conns=4
+    depends_on:
+      - postgres
+  nginx:
+    image: nginx:latest
+    volumes:
+      - type: bind
+        source: ./config/nginx/nginx.conf
+        target: /etc/nginx/conf.d/default.conf
+        read_only: true
+    ports:
+      - "80:80"
+      - "443:443"
+    depends_on:
+      - hydra
+      - front
+    networks:
+      - appnet
+  postgres:
+    image: postgres:17
+    environment:
+      - POSTGRES_USER=hydra
+      - POSTGRES_PASSWORD=secret
+      - POSTGRES_DB=hydra
+    networks:
+      - appnet
+  front:
+    image: git.logidex.ru/aserbin/logidex-id-frontend:latest
+    environment:
+      - NODE_ENV=production
+    networks:
+      - appnet
+networks:
+  appnet:
\ No newline at end of file