CodeTogether-Inc · nmorenor · Mar 10, 2025 · Mar 10, 2025 · Mar 10, 2025
diff --git a/compose/codetogether.nginx b/compose/codetogether.nginx
diff --git a/compose/compose.yaml b/compose/compose.yaml
@@ -3,8 +3,9 @@ services:
     image: registry.digitalocean.com/codetogether-registry/codetogether-collab:latest
     container_name: codetogether-collab
     environment:
-      - CT_LICENSE_URL=http://codetogether-intel:1080
+      # your collab/pair programming server URL
       - CT_SERVER_URL=https://your-collab-server-fqdn
+      - CT_INTEL_URL=http://codetogether-intel:1080
       - CT_INTEL_SECRET=your-collab-intel-secret
       - CT_AV_ENABLED=false
       - CT_AV_LAN_IP=auto

diff --git a/compose/cthq.properties b/compose/cthq.properties
@@ -1,26 +1,26 @@
 # Fill in values specific to your deployment
 hq.base.url=https://<server-fqdn>
-hq.sso.redirect.uri=https://<server-fqdn>/api/v1/auth/sso/success/insights
-hq.sso.client.id=<clientid>
-hq.sso.client.secret=<clientsecret>
 hq.collab.url=https://your-collab-server-fqdn
 hq.collab.secret=<your-collab-intel-secret>
 
-# Generic single sign-on configuration
-hq.sso.client.issuer.url=https://<sso-fqdn>/<path>/.well-known/openid-configuration
-# hq.sso.name.attr=[preferred_username|name]
+# GitHub SSO
+hq.sso.github.provider=github
+hq.sso.github.label=GitHub
+hq.sso.github.client.id=<github_client_id>
+hq.sso.github.client.secret=<github_client_secret>
+hq.sso.github.redirect.uri=https://<server-fqdn>/api/v1/auth/sso/success/insights
+hq.sso.github.auth.uri=https://github.com/login/oauth/authorize
+hq.sso.github.token.uri=https://github.com/login/oauth/access_token
+hq.sso.github.info.uri=https://api.github.com/user
+hq.sso.github.jwt.set.uri=https://token.actions.githubusercontent.com/.well-known/jwks
+hq.sso.github.logout.uri=https://github.com/logout
 
-# Example for connecting with Keycloak
-# hq.sso.client.issuer.url=https://<keycloak-fqdn>/realms/<realm>
-
-# Example for connecting to GitHub
-# hq.sso.provider=github
-# hq.sso.auth.uri=https://github.com/login/oauth/authorize
-# hq.sso.token.uri=https://github.com/login/oauth/access_token
-# hq.sso.info.uri=https://api.github.com/user
-# hq.sso.jwt.set.uri=https://token.actions.githubusercontent.com/.well-known/jwks
-# hq.sso.logout.uri=https://github.com/logout
-# hq.sso.name.attr=name
+# hq.sso.gitlab.provider=gitlab
+# hq.sso.gitlab.label=Gitlab test
+# hq.sso.gitlab.client.id=<gitlab_client_id>
+# hq.sso.gitlab.client.secret=<gitlab_client_secret>
+# hq.sso.gitlab.client.issuer.url=https://gitlab.com
+# hq.sso.gitlab.azure.redirect.uri=https://<server-fqdn>/api/v1/auth/sso/success/insights
 
 # These values do not need to be changed, though secrets can be updated
 hq.db.type=CASSANDRA

diff --git a/compose/nginx/log/placholder.txt b/compose/nginx/log/placholder.txt
diff --git a/compose/nginx/nginx.conf b/compose/nginx/nginx.conf
@@ -0,0 +1,94 @@
+events {
+    worker_connections  1024;
+}
+http {
+    include       mime.types;
+    default_type  application/octet-stream;
+    sendfile        on;
+    keepalive_timeout  65;
+    server {
+        listen       443 ssl http2;
+        server_name  <collab-server-fqdn>;
+        proxy_buffer_size 128k;
+        proxy_buffers 4 256k;
+        ssl_certificate      <path-to-ssl-bundle.crt>;
+        ssl_certificate_key  <path-to-ssl.key>;
+        ssl_dhparam          <path-to-dhparam.pem>;
+        ssl_prefer_server_ciphers on;
+        ssl_protocols TLSv1.2;
+        ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+        location / {
+            # Similar proxy logic for headers
+            set $realIP $remote_addr;
+            set $forwardTo $proxy_add_x_forwarded_for;
+            set $reqHost $http_host;
+            client_max_body_size 32M;
+            if ($http_x_real_ip != '') {
+                set $realIP $http_x_real_ip;
+            }
+            if ($http_x_forwarded_for != '') {
+                set $forwardTo $http_x_forwarded_for;
+            }
+            add_header C-Real-IP $realIP;
+            add_header C-Forwarded-For $forwardTo;
+            add_header C-Request-Host $reqHost;
+            proxy_set_header X-Real-IP $realIP;
+            proxy_set_header X-Forwarded-For $forwardTo;
+            proxy_set_header Host $reqHost;
+            proxy_set_header X-NginX-Proxy true;
+            proxy_http_version 1.1;
+            proxy_redirect off;
+            proxy_pass http://codetogether-collab:1080;
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection "upgrade";
+            proxy_read_timeout 360;
+            proxy_connect_timeout 360;
+            proxy_send_timeout 360;
+        }
+    }
+    server {
+        server_name          <server-fqdn>;
+        listen               443 ssl http2;
+
+        # configure proxy buffer sizes
+        proxy_buffer_size    128k;
+        proxy_buffers        4 256k;
+
+        # setup the SSL certificate
+        ssl_certificate      <path-to-ssl-bundle.crt>;
+        ssl_certificate_key  <path-to-ssl.key>;
+        ssl_dhparam          <path-to-dhparam.pem>;
+        ssl_prefer_server_ciphers on;
+        ssl_protocols        TLSv1.2;
+        ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+
+        # create the passthrough to the CodeTogether Intel container
+        location / {
+
+            # set passthru parameters for the CodeTogether Intel container
+            set $realIP      $remote_addr;
+            set $forwardTo   $proxy_add_x_forwarded_for;
+            set $reqHost     $http_host;
+            if ($http_x_real_ip != '') {
+                set $realIP  $http_x_real_ip;
+            }
+            if ($http_x_forwarded_for != '') {
+                set $forwardTo $http_x_forwarded_for;
+            }
+            proxy_set_header X-Real-IP $realIP;
+            proxy_set_header X-Forwarded-For $forwardTo;
+            proxy_set_header Host $reqHost;
+
+            # setup the backend to service the HQ requests
+            proxy_pass            http://codetogether-intel:1080;
+            proxy_set_header      X-NginX-Proxy true;
+            proxy_http_version    1.1;
+            proxy_redirect        off;
+            proxy_set_header      Upgrade $http_upgrade;
+            proxy_set_header      Connection "upgrade";
+            proxy_read_timeout    360;
+            proxy_connect_timeout 360;
+            proxy_send_timeout    360;
+        }
+    }
+}
diff --git a/compose/nginx/ssl/placeholder.txt b/compose/nginx/ssl/placeholder.txt
@@ -0,0 +1 @@
+Certificate files should be sibling to this file.
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		Certificate files should be sibling to this file.