diff options
| author |  pando85 <pando855@gmail.com>
| 2024-08-25 19:57:30 +0200 |
|---|---|---|
| committer |  GitHub <noreply@github.com>
| 2024-08-25 19:57:30 +0200 |
| commit | 82593f59684aa143bc02053aaa891496a8739861 (patch) | |
| tree | f2605680938b83917742a9c069418ea4b079fb64 /Docker | |
| parent | 19e1cb470e9cc531ab68681ecf1b33c3146e5934 (diff) | |
Fix OIDC session params definition (#6730)
* Fix OIDC session params definition
- standardize environment variable names
- group all in the same configuration file
- use mod_auth_openidc default values
- fix `OIDCSessionMaxDuration` because it was not set with the previous
code
- add documentation
* Add double quoting to prevent globbing and word splitting
* Revert line deleted by mistake
Diffstat (limited to 'Docker')
| -rw-r--r-- | Docker/FreshRSS.Apache.conf | 6 | ||||
| -rwxr-xr-x | Docker/entrypoint.sh | 7 |
2 files changed, 10 insertions, 3 deletions
diff --git a/Docker/FreshRSS.Apache.conf b/Docker/FreshRSS.Apache.conf index 253f53614..86ea27915 100644 --- a/Docker/FreshRSS.Apache.conf +++ b/Docker/FreshRSS.Apache.conf @@ -31,6 +31,10 @@ CustomLog "|/var/www/FreshRSS/cli/sensitive-log.sh" combined_proxy OIDCClientID ${OIDC_CLIENT_ID} OIDCClientSecret ${OIDC_CLIENT_SECRET} + OIDCSessionInactivityTimeout ${OIDC_SESSION_INACTIVITY_TIMEOUT} + OIDCSessionMaxDuration ${OIDC_SESSION_MAX_DURATION} + OIDCSessionType ${OIDC_SESSION_TYPE} + OIDCRedirectURI /i/oidc/ OIDCCryptoPassphrase ${OIDC_CLIENT_CRYPTO_KEY} @@ -53,7 +57,7 @@ CustomLog "|/var/www/FreshRSS/cli/sensitive-log.sh" combined_proxy OIDCXForwardedHeaders ${OIDC_X_FORWARDED_HEADERS} </IfDefine> - # Can be overridden e.g. in /var/www/FreshRSS/p/i/.htaccess + # Can be overridden e.g. in /var/www/FreshRSS/p/i/.htaccess OIDCRefreshAccessTokenBeforeExpiry 30 </IfDefine> diff --git a/Docker/entrypoint.sh b/Docker/entrypoint.sh index 8784247cd..bf250840a 100755 --- a/Docker/entrypoint.sh +++ b/Docker/entrypoint.sh @@ -22,6 +22,11 @@ if [ -n "$TRUSTED_PROXY" ]; then fi if [ -n "$OIDC_ENABLED" ] && [ "$OIDC_ENABLED" -ne 0 ]; then + # Default values + export OIDC_SESSION_INACTIVITY_TIMEOUT="${OIDC_SESSION_INACTIVITY_TIMEOUT:-300}" + export OIDC_SESSION_MAX_DURATION="${OIDC_SESSION_MAX_DURATION:-27200}" + export OIDC_SESSION_TYPE="${OIDC_SESSION_TYPE:-server-cache}" + # Debian (which a2enmod >/dev/null && a2enmod -q auth_openidc) || # Alpine @@ -31,8 +36,6 @@ if [ -n "$OIDC_ENABLED" ] && [ "$OIDC_ENABLED" -ne 0 ]; then OIDC_SCOPES=$(echo "$OIDC_SCOPES" | tr ':' ' ') export OIDC_SCOPES fi - find /etc/apache2/*/ -type f -name '*openidc.conf' -exec sed -r -i "/^#?OIDCSessionInactivityTimeout/s/^.*/OIDCSessionInactivityTimeout ${OIDCSessionInactivityTimeout:-86400}/" {} \; - find /etc/apache2/*/ -type f -name '*openidc.conf' -exec sed -r -i "/^#?OIDCSessionMaxDuration/s/^.*/OIDCSessionMaxDuration ${OIDCSessionMaxDuration:-2592000}/" {} \; fi if [ -n "$CRON_MIN" ]; then |