荒岛
Logto项目介绍(摘自官方项目页面)
Logto is the open-source auth alternative to Auth0, Cognito, and Firebase Auth. It offers a complete identity solution with pre-built UI, modern protocols for authentication and authorization (OIDC/OAuth 2.0/SAML), and enterprise-grade security. Perfect for multi-device apps, SaaS products, and API services.
安装好Docker和需要用到的包:
apt -y update apt -y install curl nginx python3-certbot-nginx curl -fsSL https://get.docker.com -o get-docker.sh sh get-docker.sh
创建目录和compose文件:
mkdir -p /opt/logto && cd /opt/logto && nano docker-compose.yml
写入如下内容:
name: logto.io
services:
app:
image: svhd/logto:latest
container_name: logto-server
restart: unless-stopped
depends_on:
postgres:
condition: service_healthy
environment:
- TRUST_PROXY_HEADER=1
- DB_URL=postgres://imlala:pgpassword@postgres:5432/logto
- ENDPOINT=https://logto-api.example.com
- ADMIN_ENDPOINT=https://logto-admin.example.com
ports:
- "127.0.0.1:3001:3001"
- "127.0.0.1:3002:3002"
entrypoint: ["sh", "-c", "npm run cli db seed -- --swe && npm start"]
postgres:
image: postgres:17-alpine
container_name: logto-postgres
restart: unless-stopped
environment:
POSTGRES_USER: imlala
POSTGRES_PASSWORD: pgpassword
POSTGRES_DB: logto
volumes:
- ./db-data:/var/lib/postgresql/data
healthcheck:
test: ["CMD-SHELL", "pg_isready"]
interval: 10s
timeout: 5s
retries: 5
启动:
docker compose up -d
配置NGINX反向代理,需要反代API和管理面板。
新建反代API的NGINX配置文件:
nano /etc/nginx/sites-available/logto
写入如下配置:
server {
listen 80;
server_name logto-api.example.com;
client_max_body_size 0;
location / {
proxy_pass http://127.0.0.1:3001;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
新建反代管理面板的NGINX配置文件:
nano /etc/nginx/sites-available/logto-admin
写入如下配置:
server {
listen 80;
server_name logto-admin.example.com;
client_max_body_size 0;
location / {
proxy_pass http://127.0.0.1:3002;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
启用站点:
ln -s /etc/nginx/sites-available/logto /etc/nginx/sites-enabled/logto ln -s /etc/nginx/sites-available/logto-admin /etc/nginx/sites-enabled/logto-admin
签发SSL证书:
certbot --nginx
访问logto-admin.example.com,创建管理员账号:
