Refactor app instance to Keycloak SSO
This commit is contained in:
64
.env.example
64
.env.example
@ -1,56 +1,24 @@
|
||||
# Shared values used by the root deployment flow in README.md
|
||||
# Standalone app-instance defaults
|
||||
|
||||
PROJECT_ROOT=/home/ivan/xuan/beaver_project
|
||||
BEAVER_NET=beaver-instance-edge
|
||||
BEAVER_PROXY_CONTAINER_NAME=beaver-router-proxy
|
||||
BEAVER_PUBLIC_URL=http://172.19.0.245:18080
|
||||
BEAVER_HOST_IP=172.19.0.245
|
||||
BEAVER_HOST_PORT=18080
|
||||
|
||||
BEAVER_DEPLOY_TOKEN=change-me
|
||||
BEAVER_AUTHZ_INTERNAL_TOKEN=change-me
|
||||
|
||||
BEAVER_SERVER_IP=127.0.0.1
|
||||
BEAVER_BASE_DOMAIN=localhost
|
||||
|
||||
BEAVER_PROVIDER=openai
|
||||
BEAVER_MODEL=openai/gpt-5
|
||||
BEAVER_API_KEY=sk-xxxxxxxx
|
||||
BEAVER_API_BASE=
|
||||
|
||||
# Per-instance Beaver backend config. In Docker app-instance this should point
|
||||
# to the mounted single-user sandbox config, not to frontend env.
|
||||
BEAVER_HOME=/root/.beaver
|
||||
BEAVER_CONFIG_PATH=/root/.beaver/config.json
|
||||
BEAVER_WORKSPACE=/root/.beaver/workspace
|
||||
|
||||
# Must be reachable from app-instance containers.
|
||||
BEAVER_AUTHZ_URL=http://beaver-authz-service:19090
|
||||
BEAVER_OUTLOOK_MCP_URL=
|
||||
BEAVER_OUTLOOK_MCP_SERVER_ID=outlook_mcp
|
||||
# Keycloak SSO
|
||||
BEAVER_KEYCLOAK_ISSUER=https://keycloak.bwgdi.com/realms/beaver
|
||||
BEAVER_KEYCLOAK_CLIENT_ID=beaver-agnet
|
||||
BEAVER_KEYCLOAK_REDIRECT_URI=http://172.19.0.245:18080/auth/callback
|
||||
BEAVER_KEYCLOAK_POST_LOGOUT_REDIRECT_URI=http://172.19.0.245:18080/logout/callback
|
||||
|
||||
# User file system backed by MinIO/S3.
|
||||
BEAVER_MINIO_ROOT_USER=
|
||||
BEAVER_MINIO_ROOT_PASSWORD=
|
||||
BEAVER_USER_FILES_BUCKET=beaver-user-files
|
||||
BEAVER_USER_FILES_MINIO_ENDPOINT=
|
||||
# Model provider settings used when generating config.json with run-standalone.sh
|
||||
BEAVER_PROVIDER=openai
|
||||
BEAVER_MODEL=openai/gpt-5
|
||||
BEAVER_API_KEY=
|
||||
BEAVER_API_BASE=
|
||||
|
||||
# Optional runtime limits
|
||||
BEAVER_USER_FILES_MAX_UPLOAD_BYTES=5368709120
|
||||
|
||||
# Must be reachable from auth-portal and authz-service containers.
|
||||
BEAVER_DEPLOY_URL=http://beaver-deploy-control:8090
|
||||
|
||||
# External connector sidecar
|
||||
EXTERNAL_CONNECTOR_BASE_URL=http://external-connector:8787
|
||||
# Required for connector management API authentication.
|
||||
EXTERNAL_CONNECTOR_TOKEN=change-me-connector-token
|
||||
# Required for sidecar -> Beaver bridge authentication.
|
||||
BEAVER_BRIDGE_TOKEN=change-me-bridge-token
|
||||
BEAVER_BRIDGE_BASE_URL=http://app-instance:8080
|
||||
EXTERNAL_CONNECTOR_PORT=8787
|
||||
CONNECTOR_PUBLIC_BASE_URL=http://localhost:8787
|
||||
# fake | official | vendor_cli | weixin_ilink | feishu_bot
|
||||
CONNECTOR_PROVIDER=official
|
||||
CONNECTOR_COMMAND_TIMEOUT_SECONDS=120
|
||||
WEIXIN_CONNECT_COMMAND=
|
||||
WEIXIN_STATUS_COMMAND=
|
||||
WEIXIN_SEND_COMMAND=
|
||||
FEISHU_CONNECT_COMMAND=
|
||||
FEISHU_STATUS_COMMAND=
|
||||
FEISHU_SEND_COMMAND=
|
||||
|
||||
Reference in New Issue
Block a user