todo
Closed this issue · 2 comments
knutole commented
Docker Compose
Floating License server, stand-alone container
- Floating Server not part of compose. Will run stand-alone, since it shouldn't be restarted often.
- Create Docker network:
shiny-network
Containers
- use Docker network:
shiny-network - nginx container, for reverse-proxying: Auth0, public- and private access.
- create
mapic/shiny-nginximage which includes certbot - configure for certbot, shiny, auth0
- create
- Shiny Server Pro container
- create
mapic/shiny-server-pro - use config file
- configure SSL certbot
- create
- Auth0 nodejs proxy https://github.com/mapic/shiny-auth0.docker
- create
mapic/shiny-auth0 - add config to docker-compose environment
- create account @ auth0.com
- create account @ twilio
- create apps and connect
- add password-less login: email magic link, SMS or TOTP with Auth0 (guide)
- create
Docker Hub, Travis, SSLLabs
- add images to Docker Hub
- mapic/shiny-auth0
- mapic/shiny-floating-license-server
- mapic/shiny-server-pro
- mapic/shiny-nginx (todo!)
- Add Travis/Docker Build tests for builds
- add build repos to Docker Hub (with Dockerfile)
- SSLLabs server test (results here)
Uploading
- define way to add data to shiny
- implement
- sftp docker container with shared volume
- next iteration: automatically
chownshiny:www-data
Cleanup
- remove stale docker images & containers
- close unused ports
Other
- gdpr
- shiny/editor access
- add guest accounts to auth0.com and twilio.com
- write documentation
- write delivery report
-
t3.medium
MFA
- email/user + sms (OR -> seems to remember email login now, so only sms necessary after first time. good enough?)
knutole commented
Passswordless Login
Hosted Pages -> Login Page
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
<title>Sign In with Auth0</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
</head>
<body>
<!--[if IE 8]>
<script src="//cdnjs.cloudflare.com/ajax/libs/ie8/0.2.5/ie8.js"></script>
<![endif]-->
<!--[if lte IE 9]>
<script src="https://cdn.auth0.com/js/base64.js"></script>
<script src="https://cdn.auth0.com/js/es5-shim.min.js"></script>
<![endif]-->
<script src="https://cdn.auth0.com/js/lock/11.3/lock.min.js"></script>
<script>
// Decode utf8 characters properly
var config = JSON.parse(decodeURIComponent(escape(window.atob('@@config@@'))));
config.extraParams = config.extraParams || {};
var connection = config.connection;
var prompt = config.prompt;
var languageDictionary;
var language;
if (config.dict && config.dict.signin && config.dict.signin.title) {
languageDictionary = { title: config.dict.signin.title };
} else if (typeof config.dict === 'string') {
language = config.dict;
}
var loginHint = config.extraParams.login_hint;
// Available Lock configuration options: https://auth0.com/docs/libraries/lock/v11/configuration
var lock = new Auth0LockPasswordless(config.clientID, config.auth0Domain, {
auth: {
redirectUrl: config.callbackURL,
responseType: (config.internalOptions || {}).response_type ||
(config.callbackOnLocationHash ? 'token' : 'code'),
params: config.internalOptions
},
// additional configuration needed for custom domains
/*
configurationBaseUrl: config.clientConfigurationBaseUrl,
overrides: {
__tenant: config.auth0Tenant,
__token_issuer: 'auth.cloud.ngi.no'
},
*/
assetsUrl: config.assetsUrl,
//allowedConnections: connection ? [connection] : null,
allowedConnections: ['email'],
passwordlessMethod: 'link',
rememberLastLogin: !prompt,
language: language,
languageDictionary: languageDictionary,
theme: {
logo: 'https://i.imgur.com/0gXMoc9.png',
//primaryColor: 'green'
},
prefill: loginHint ? { email: loginHint, username: loginHint } : null,
closable: false,
defaultADUsernameFromEmailPrefix: false,
// uncomment if you want small buttons for social providers
// socialButtonStyle: 'small'
});
lock.show();
console.log('test sms!');
</script>
</body>
</html>knutole commented
Email/password login
Hosted Pages -> Login Page
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
<title>Sign In with Auth0</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
</head>
<body>
<!--[if IE 8]>
<script src="//cdnjs.cloudflare.com/ajax/libs/ie8/0.2.5/ie8.js"></script>
<![endif]-->
<!--[if lte IE 9]>
<script src="https://cdn.auth0.com/js/base64.js"></script>
<script src="https://cdn.auth0.com/js/es5-shim.min.js"></script>
<![endif]-->
<script src="https://cdn.auth0.com/js/lock/11.3/lock.min.js"></script>
<script>
// Decode utf8 characters properly
var config = JSON.parse(decodeURIComponent(escape(window.atob('@@config@@'))));
config.extraParams = config.extraParams || {};
var connection = config.connection;
var prompt = config.prompt;
var languageDictionary;
var language;
if (config.dict && config.dict.signin && config.dict.signin.title) {
languageDictionary = { title: config.dict.signin.title };
} else if (typeof config.dict === 'string') {
language = config.dict;
}
var loginHint = config.extraParams.login_hint;
// Available Lock configuration options: https://auth0.com/docs/libraries/lock/v11/configuration
var lock = new Auth0Lock(config.clientID, config.auth0Domain, {
auth: {
redirectUrl: config.callbackURL,
responseType: (config.internalOptions || {}).response_type ||
(config.callbackOnLocationHash ? 'token' : 'code'),
params: config.internalOptions
},
/* additional configuration needed for custom domains
configurationBaseUrl: config.clientConfigurationBaseUrl,
overrides: {
__tenant: config.auth0Tenant,
__token_issuer: 'YOUR_CUSTOM_DOMAIN'
}, */
assetsUrl: config.assetsUrl,
allowedConnections: connection ? [connection] : null,
rememberLastLogin: !prompt,
language: language,
languageDictionary: languageDictionary,
theme: {
logo: 'https://i.imgur.com/0gXMoc9.png',
//primaryColor: 'green'
},
prefill: loginHint ? { email: loginHint, username: loginHint } : null,
closable: false,
defaultADUsernameFromEmailPrefix: false,
// uncomment if you want small buttons for social providers
// socialButtonStyle: 'small'
});
lock.show();
</script>
</body>
</html>