SILVER
/
NODEDC_PLATFORM
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
NODEDC_PLATFORM/infra
History
Codex 4a10726b2e АРХ - NODEDC PLATFORM: bootstrap Authentik applications 2026-05-04 11:07:09 +03:00
..
authentik АРХ - NODEDC PLATFORM: bootstrap Authentik applications 2026-05-04 11:07:09 +03:00
reverse-proxy АРХ - NODEDC PLATFORM: запуск локального proxy/Authentik стенда 2026-05-04 10:31:59 +03:00
scripts АРХ - NODEDC PLATFORM: bootstrap Authentik applications 2026-05-04 11:07:09 +03:00
.env.example АРХ - NODEDC PLATFORM: bootstrap Authentik applications 2026-05-04 11:07:09 +03:00
README.md АРХ - NODEDC PLATFORM: bootstrap Authentik applications 2026-05-04 11:07:09 +03:00
docker-compose.dev.yml АРХ - NODEDC PLATFORM: запуск локального proxy/Authentik стенда 2026-05-04 10:31:59 +03:00

README.md

NODE.DC Platform Infra

Эта папка предназначена для локального и staging infra слоя:

  • Authentik;
  • reverse proxy;
  • локальные домены;
  • shared env examples;
  • будущие docker compose файлы.

Первый local dev слой проксирует текущие локальные приложения без физического переноса репозиториев:

  • auth.local.nodedc -> authentik-server:9000;
  • launcher.local.nodedc -> host.docker.internal:5173;
  • task.local.nodedc -> host.docker.internal:8090.

Authentik построен по актуальной официальной Docker Compose схеме 2026.2: PostgreSQL 16, server и worker. Redis для Authentik в этой версии официального compose не используется.

Reverse proxy использует PLATFORM_PROXY_IMAGE=nodedc/plane-proxy:ru, потому что этот локальный образ уже содержит Caddy и не требует отдельного pull с Docker Hub. На чистой машине можно заменить значение на caddy:2-alpine.

Expected files

infra/
  .env.example
  scripts/init-dev-env.sh
  docker-compose.dev.yml
  docker-compose.staging.yml
  reverse-proxy/
  authentik/

Local start

  1. Add local domains to /etc/hosts:
127.0.0.1 auth.local.nodedc
127.0.0.1 launcher.local.nodedc
127.0.0.1 task.local.nodedc

This requires admin rights on macOS.

  1. Generate local secrets:
./infra/scripts/init-dev-env.sh
  1. Start infra:
docker compose --env-file infra/.env -f infra/docker-compose.dev.yml up -d
  1. Check services:
docker compose --env-file infra/.env -f infra/docker-compose.dev.yml ps
curl -I -H 'Host: auth.local.nodedc' http://127.0.0.1/
curl -I -H 'Host: launcher.local.nodedc' http://127.0.0.1/
curl -I -H 'Host: task.local.nodedc' http://127.0.0.1/

Generated Authentik bootstrap credentials are stored only in infra/.env.

  1. Bootstrap local Authentik groups and OIDC applications:
NODEDC_BOOTSTRAP_ADMIN_EMAIL=dcctouch@gmail.com infra/scripts/bootstrap-authentik-dev.sh

The script is idempotent. It creates NODE.DC groups, Launcher and Task Manager OAuth2 providers, application tiles, group access bindings and local OIDC client secrets in infra/.env.

Current local status

This stack was verified locally with PLATFORM_PROXY_IMAGE=nodedc/plane-proxy:ru:

  • auth.local.nodedc returns 302 to the Authentik authentication flow through Caddy;
  • launcher.local.nodedc returns 200 from the current Vite launcher through Caddy;
  • task.local.nodedc returns 200 from the current Plane runtime through Caddy;
  • Authentik server, Authentik worker and PostgreSQL report healthy in Docker Compose.
  • Authentik login via auth.local.nodedc has been verified manually with the local admin user.

Browser testing still requires /etc/hosts entries on the host machine.

Troubleshooting

If Docker Hub pulls hang on caddy:2-alpine, keep PLATFORM_PROXY_IMAGE=nodedc/plane-proxy:ru on this workstation. If the local Plane proxy image is unavailable on a clean machine, set:

PLATFORM_PROXY_IMAGE=caddy:2-alpine

Current decision

Текущий Plane runtime не переносится в compose платформы до backup и отдельного шага миграции.