Merge branch 'main' into dev

Author: danc094codetogether

charts/intel/templates/ai-config.yaml

@@ -9,6 +9,4 @@ metadata:
 data:
   ai_provider: {{ .Values.ai.provider | quote }}
   ai_url: {{ .Values.ai.url | quote }}
-{{- end }}
-
-
+{{- end }}

compose/cthq.properties

@@ -6,19 +6,40 @@ hq.collab.secret=${INTEL_SECRET}
 # Fill in values specific to your deployment
 
 # If you want to run with multiple SSO providers, add their names separated with commas
-hq.sso.tenants=github
+# hq.sso.tenants=github
 
 # GitHub SSO
-hq.sso.github.provider=github
-hq.sso.github.label=GitHub
-hq.sso.github.client.id=<github_client_id>
-hq.sso.github.client.secret=<github_client_secret>
-hq.sso.github.redirect.uri=https://${INTEL_FQDN}/api/v1/auth/sso/success/insights
-hq.sso.github.auth.uri=https://github.com/login/oauth/authorize
-hq.sso.github.token.uri=https://github.com/login/oauth/access_token
-hq.sso.github.info.uri=https://api.github.com/user
-hq.sso.github.jwt.set.uri=https://token.actions.githubusercontent.com/.well-known/jwks
-hq.sso.github.logout.uri=https://github.com/logout
+# hq.sso.github.provider=github
+# hq.sso.github.label=GitHub
+# hq.sso.github.client.id=Iv1.45b9336a78ce2476
+# hq.sso.github.client.secret=c4446ad126ec65b3d926e37de3fe880246aff371
+# hq.sso.github.redirect.uri=https://${INTEL_FQDN}/api/v1/auth/sso/success/insights
+# hq.sso.github.auth.uri=https://github.com/login/oauth/authorize
+# hq.sso.github.token.uri=https://github.com/login/oauth/access_token
+# hq.sso.github.info.uri=https://api.github.com/user
+# hq.sso.github.jwt.set.uri=https://token.actions.githubusercontent.com/.well-known/jwks
+# hq.sso.github.logout.uri=https://github.com/logout
+
+hq.sso.provider=keycloak
+hq.sso.client.id=codetogether
+hq.sso.client.secret=eFl6XSKwMMsEW1yRTY9pHjBrCTHDEY64
+hq.sso.client.issuer.url=http://codetogether-keycloak:8080/realms/codetogether
+hq.sso.redirect.uri=https://${INTEL_FQDN}/api/v1/auth/sso/success/insights
+hq.sso.client.authentication.method=client_secret_post
+
+# hq.sso.provider=keycloak
+# hq.sso.client.id=YOUR_CLIENT_ID
+# hq.sso.client.secret=YOUR_CLIENT_SECRET
+# hq.sso.client.issuer.url=http://codetogether-keycloak:8080/realms/codetogether
+# hq.sso.redirect.uri=https://${INTEL_FQDN}/api/v1/auth/sso/success/insights
+# hq.sso.client.authentication.method=client_secret_post
+
+# hq.sso.provider=keycloak
+# hq.sso.client.id=YOUR_CLIENT_ID
+# hq.sso.client.secret=YOUR_CLIENT_SECRET
+# hq.sso.client.issuer.url=http://codetogether-keycloak:8080/realms/codetogether
+# hq.sso.redirect.uri=https://${INTEL_FQDN}/api/v1/auth/sso/success/insights
+# hq.sso.client.authentication.method=client_secret_post
 
 # These values do not need to be changed, though secrets can be updated
 hq.db.type=CASSANDRA

compose/keycloak/.env-template

@@ -6,4 +6,4 @@ KEYCLOAK_DB_USERNAME=keycloak
 KEYCLOAK_DB_PASSWORD=keycloak
 
 KC_BOOTSTRAP_ADMIN_PASSWORD=keycloak
-KC_BOOTSTRAP_ADMIN_USERNAME=admin
+KC_BOOTSTRAP_ADMIN_USERNAME=admin

compose/nginx/ssl/nginx-with-keycloak.conf.template

@@ -0,0 +1,143 @@
+### To use this file rename it to nginx.conf.template so it is picked up by the compose.yml file.
+events {
+    worker_connections  1024;
+}
+
+http {
+    include       mime.types;
+    default_type  application/octet-stream;
+    sendfile        on;
+    keepalive_timeout  65;
+    server {
+        listen       443 ssl http2;
+        server_name  ${COLLAB_FQDN};
+        proxy_buffer_size 128k;
+        proxy_buffers 4 256k;
+        ssl_certificate /etc/nginx/ssl/${SSL_COLLAB_CERT};
+        ssl_certificate_key /etc/nginx/ssl/${SSL_COLLAB_KEY};
+        ssl_dhparam /etc/nginx/ssl/${DHPARAM_PEM};
+        ssl_prefer_server_ciphers on;
+        ssl_protocols TLSv1.2;
+        ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+        location / {
+            # Similar proxy logic for headers
+            set $realIP $remote_addr;
+            set $forwardTo $proxy_add_x_forwarded_for;
+            set $reqHost $http_host;
+            if ($http_x_real_ip != '') {
+                set $realIP $http_x_real_ip;
+            }
+            if ($http_x_forwarded_for != '') {
+                set $forwardTo $http_x_forwarded_for;
+            }
+            add_header C-Real-IP $realIP;
+            add_header C-Forwarded-For $forwardTo;
+            add_header C-Request-Host $reqHost;
+            proxy_set_header X-Real-IP $realIP;
+            proxy_set_header X-Forwarded-For $forwardTo;
+            proxy_set_header Host $reqHost;
+            proxy_set_header X-NginX-Proxy true;
+            proxy_http_version 1.1;
+            proxy_redirect off;
+            proxy_pass http://codetogether-collab:1080;
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection "upgrade";
+            proxy_read_timeout 360;
+            proxy_connect_timeout 360;
+            proxy_send_timeout 360;
+        }
+    }
+    server {
+        server_name          ${INTEL_FQDN};
+        listen               443 ssl http2;
+
+        # configure proxy buffer sizes
+        proxy_buffer_size    128k;
+        proxy_buffers        4 256k;
+
+        # setup the SSL certificate
+        ssl_certificate /etc/nginx/ssl/${SSL_INTEL_CERT};
+        ssl_certificate_key /etc/nginx/ssl/${SSL_INTEL_KEY};
+        ssl_dhparam /etc/nginx/ssl/${DHPARAM_PEM};
+        ssl_prefer_server_ciphers on;
+        ssl_protocols        TLSv1.2;
+        ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+
+        # create the passthrough to the CodeTogether Intel container
+        location / {
+
+            # set passthru parameters for the CodeTogether Intel container
+            set $realIP      $remote_addr;
+            set $forwardTo   $proxy_add_x_forwarded_for;
+            set $reqHost     $http_host;
+            client_max_body_size 32M;
+            if ($http_x_real_ip != '') {
+                set $realIP  $http_x_real_ip;
+            }
+            if ($http_x_forwarded_for != '') {
+                set $forwardTo $http_x_forwarded_for;
+            }
+            proxy_set_header X-Real-IP $realIP;
+            proxy_set_header X-Forwarded-For $forwardTo;
+            proxy_set_header Host $reqHost;
+
+            # setup the backend to service the HQ requests
+            proxy_pass            http://codetogether-intel:1080;
+            proxy_set_header      X-NginX-Proxy true;
+            proxy_http_version    1.1;
+            proxy_redirect        off;
+            proxy_set_header      Upgrade $http_upgrade;
+            proxy_set_header      Connection "upgrade";
+            proxy_read_timeout    360;
+            proxy_connect_timeout 360;
+            proxy_send_timeout    360;
+        }
+    }
+    server {
+        server_name          ${KEYCLOAK_FQDN};
+        listen               443 ssl http2;
+
+        # configure proxy buffer sizes
+        proxy_buffer_size    128k;
+        proxy_buffers        4 256k;
+
+        # setup the SSL certificate
+        ssl_certificate /etc/nginx/ssl/${SSL_KEYCLOAK_CERT};
+        ssl_certificate_key /etc/nginx/ssl/${SSL_KEYCLOAK_KEY};
+        # ssl_dhparam /etc/nginx/ssl/${DHPARAM_PEM};
+        ssl_prefer_server_ciphers on;
+        ssl_protocols        TLSv1.2;
+        ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+
+        # create the passthrough to the CodeTogether Intel container
+        location / {
+
+            # set passthru parameters for the CodeTogether Intel container
+            set $realIP      $remote_addr;
+            set $forwardTo   $proxy_add_x_forwarded_for;
+            set $reqHost     $http_host;
+            client_max_body_size 32M;
+            if ($http_x_real_ip != '') {
+                set $realIP  $http_x_real_ip;
+            }
+            if ($http_x_forwarded_for != '') {
+                set $forwardTo $http_x_forwarded_for;
+            }
+            proxy_set_header X-Real-IP $realIP;
+            proxy_set_header X-Forwarded-For $forwardTo;
+            proxy_set_header Host $reqHost;
+            proxy_set_header X-Forwarded-Proto https;
+
+            # setup the backend to service the HQ requests
+            proxy_pass            http://codetogether-keycloak:8080;
+            proxy_set_header      X-NginX-Proxy true;
+            proxy_http_version    1.1;
+            proxy_redirect        off;
+            proxy_set_header      Upgrade $http_upgrade;
+            proxy_set_header      Connection "upgrade";
+            proxy_read_timeout    360;
+            proxy_connect_timeout 360;
+            proxy_send_timeout    360;
+        }
+    }
+}