apt update
apt install -y docker.io docker-compose
systemctl start docker
systemctl enable docker
Test with:
docker --version
docker-compose --version
apt install nginx -y
docker pull casbin/casdoor-all-in-one
docker run -d --name casdoor -p 8000:8000 casbin/casdoor-all-in-one
Verify with:
docker ps
nano /etc/nginx/sites-available/casdoor
You can use the default nginx config, or make another new one. I will make a new one. Make sure to relet the symlink to default and the default config.
server {
listen 80;
server_name auth.deine_domaion.com;
location / {
proxy_pass http://127.0.0.1:8000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
wir legen ein workingdirectory an in dem alle wichtigen dteien ligen und der persistente speicher sein wird.
mkdir -p /opt/casdoor
cd /opt/casdoor
nano docker-compose.yml
version: "3.8"
services:
mysql:
image: mysql:8.0
container_name: casdoor-db
environment:
MYSQL_ROOT_PASSWORD: root_password
MYSQL_DATABASE: casdoor_db
MYSQL_USER: casdoor_user
MYSQL_PASSWORD: casdoor_password
ports:
- "3306:3306" # Port, auf dem MySQL verfügbar ist
volumes:
- /opt/casdoor/mysql:/var/lib/mysql # Persistenter Speicherort für MySQL-Daten
healthcheck: # Healthcheck für MySQL
test: ["CMD-SHELL", "mysqladmin ping -h localhost -u root -proot_password || exit 1"]
interval: 10s
timeout: 5s
retries: 3
casdoor:
image: casbin/casdoor:latest
container_name: casdoor
ports:
- "8000:8000" # Port, auf dem Casdoor verfügbar ist
volumes:
- /opt/casdoor/conf/app.conf:/conf/app.conf # Casdoor-Konfigurationsdatei
environment:
- RUNNING_IN_DOCKER=true
depends_on: # Casdoor startet erst, wenn MySQL bereit ist
mysql:
condition: service_healthy
mkdir -p /opt/casdoor/conf
nano conf/app.conf
appname = casdoor
httpport = 8000
runmode = prod
# Session und CORS
SessionOn = true
copyrequestbody = true
origin = "https://auth.deine_domain.com" # Ersetze durch deine tatsächliche Domain
# Datenbank
driverName = mysql
dataSourceName = casdoor_user:casdoor_password@tcp(casdoor-db:3306)/casdoor_db?charset=utf8mb4&parseTime=True
# Log- und Debug-Einstellungen
showSql = false
logPostOnly = true
# Weitere Einstellungen
verificationCodeTimeout = 10
staticBaseUrl = "https://cdn.casbin.org"
enableGzip = true
docker-compose up -d
sudo nano /etc/nginx/sites-available/casdoor
server {
listen 80;
server_name auth.deine_domain.com;
# Weiterleitung von HTTP zu HTTPS
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name auth.deine_domain.com;
# Weiterleitung an den Casdoor-Service
location / {
proxy_pass http://127.0.0.1:8000; # Casdoor läuft auf Port 8000
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
# Optionale Sicherheitseinstellungen
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
}
alle persistenten daten liegen in einem ordner in /opt/casdoor/mysql
ln -s /etc/nginx/sites-available/casdoor /etc/nginx/sites-enabled/
reload trennt aktive verbindungen nicht
systemctl restart nginx
systemctl reload nginx
nginx -t
apt install certbot python3-certbot-nginx -y
certbot --nginx -d casdoor.your_domain.com
certbot renew --dry-run
