静看光阴荏苒
不管不顾不问不说也不念

Docker部署开源身份验证服务:Logto

Logto项目介绍(摘自官方项目页面)

Logto is the open-source auth alternative to Auth0, Cognito, and Firebase Auth. It offers a complete identity solution with pre-built UI, modern protocols for authentication and authorization (OIDC/OAuth 2.0/SAML), and enterprise-grade security. Perfect for multi-device apps, SaaS products, and API services.

安装好Docker和需要用到的包:

apt -y update
apt -y install curl nginx python3-certbot-nginx
curl -fsSL https://get.docker.com -o get-docker.sh
sh get-docker.sh

创建目录和compose文件:

mkdir -p /opt/logto && cd /opt/logto && nano docker-compose.yml

写入如下内容:

name: logto.io
services:
  app:
    image: svhd/logto:latest
    container_name: logto-server
    restart: unless-stopped
    depends_on:
      postgres:
        condition: service_healthy
    environment:
      - TRUST_PROXY_HEADER=1
      - DB_URL=postgres://imlala:pgpassword@postgres:5432/logto
      - ENDPOINT=https://logto-api.example.com
      - ADMIN_ENDPOINT=https://logto-admin.example.com
    ports:
      - "127.0.0.1:3001:3001"
      - "127.0.0.1:3002:3002"
    entrypoint: ["sh", "-c", "npm run cli db seed -- --swe && npm start"]

  postgres:
    image: postgres:17-alpine
    container_name: logto-postgres
    restart: unless-stopped
    environment:
      POSTGRES_USER: imlala
      POSTGRES_PASSWORD: pgpassword
      POSTGRES_DB: logto
    volumes:
      - ./db-data:/var/lib/postgresql/data
    healthcheck:
      test: ["CMD-SHELL", "pg_isready"]
      interval: 10s
      timeout: 5s
      retries: 5

启动:

docker compose up -d

配置NGINX反向代理,需要反代API和管理面板。

新建反代API的NGINX配置文件:

nano /etc/nginx/sites-available/logto

写入如下配置:

server {
    listen 80;
    server_name logto-api.example.com;
    client_max_body_size 0;

    location / {
        proxy_pass http://127.0.0.1:3001;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

新建反代管理面板的NGINX配置文件:

nano /etc/nginx/sites-available/logto-admin

写入如下配置:

server {
    listen 80;
    server_name logto-admin.example.com;
    client_max_body_size 0;

    location / {
        proxy_pass http://127.0.0.1:3002;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

启用站点:

ln -s /etc/nginx/sites-available/logto /etc/nginx/sites-enabled/logto
ln -s /etc/nginx/sites-available/logto-admin /etc/nginx/sites-enabled/logto-admin

签发SSL证书:

certbot --nginx

访问logto-admin.example.com,创建管理员账号:

赞(0)
未经允许不得转载:荒岛 » Docker部署开源身份验证服务:Logto
分享到: 更多 (0)

评论 抢沙发

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址

分享创造快乐

广告合作资源投稿