[57500] Moved Docker DevStack to .internal TLD

opf · Aug 27, 2024 · 2561aba · 2561aba
1 parent 4606dcf
commit 2561aba
Show file tree

Hide file tree

Showing 8 changed files with 36 additions and 36 deletions.
diff --git a/.env.test.local.example b/.env.test.local.example
@@ -33,7 +33,7 @@ NEXTCLOUD_LOCAL_OAUTH_CLIENT_SECRET=
 
 NEXTCLOUD_LOCAL_OPENPROJECT_UID=
 NEXTCLOUD_LOCAL_OPENPROJECT_SECRET=
-NEXTCLOUD_LOCAL_OPENPROJECT_REDIRECT_URI=https://nextcloud.local/index.php/apps/integration_openproject/oauth-redirect
+NEXTCLOUD_LOCAL_OPENPROJECT_REDIRECT_URI=https://nextcloud.internal/index.php/apps/integration_openproject/oauth-redirect
 
 NEXTCLOUD_LOCAL_OAUTH_CLIENT_ACCESS_TOKEN=
 NEXTCLOUD_LOCAL_OAUTH_CLIENT_REFRESH_TOKEN=

diff --git a/docs/api/apiv3/components/examples/storage-nextcloud-unauthorized-response.yml b/docs/api/apiv3/components/examples/storage-nextcloud-unauthorized-response.yml
@@ -59,7 +59,7 @@ value:
       href: urn:openproject-org:api:v3:storages:authorization:FailedAuthorization
       title: Authorization failed
     authorize:
-      href: https://nextcloud25.local/index.php/apps/oauth2/authorize?client_id=fnrIeJZqqAKGQlejuDaGhSQfCAVtoayHLACWCYcPJ0w17Pp6daPPUktkM9QaGxca&redirect_uri=https://openproject.local/oauth_clients/fnrIeJZqqAKGQlejuDaGhSQfCAVtoayHLACWCYcPJ0w17Pp6daPPUktkM9QaGxca/callback&response_type=code
+      href: https://nextcloud25.internal/index.php/apps/oauth2/authorize?client_id=fnrIeJZqqAKGQlejuDaGhSQfCAVtoayHLACWCYcPJ0w17Pp6daPPUktkM9QaGxca&redirect_uri=https://openproject.internal/oauth_clients/fnrIeJZqqAKGQlejuDaGhSQfCAVtoayHLACWCYcPJ0w17Pp6daPPUktkM9QaGxca/callback&response_type=code
       title: Authorize
     projectStorages:
       href: /api/v3/project_storages?filters=[{"storageId":{"operator":"=","values":["1337"]}}]

diff --git a/docs/api/apiv3/components/schemas/project_storage_model.yml b/docs/api/apiv3/components/schemas/project_storage_model.yml
@@ -113,4 +113,4 @@ example:
     open:
       href: '/api/v3/storages/81/open'
     openWithConnectionEnsured:
-      href: '/oauth_clients/123/ensure_connection?destination_url=https%3A%2F%2Fopenproject.local%2Fprojects%2Fdeath-star%2Fproject_storages%2F23%2Fopen&storage_id=81'
+      href: '/oauth_clients/123/ensure_connection?destination_url=https%3A%2F%2Fopenproject.internal%2Fprojects%2Fdeath-star%2Fproject_storages%2F23%2Fopen&storage_id=81'
diff --git a/docs/development/development-environment-docker/README.md b/docs/development/development-environment-docker/README.md
@@ -235,7 +235,7 @@ At the end you will be running two separate docker-compose stacks:
 2. the stack defined in `docker/dev/tls` that runs the CA and reverse proxy.
 
 If the setup is successful, you will be able to access the local OpenProject application
-under `https://openproject.local`. Of course, the host name is replaceable.
+under `https://openproject.internal`. Of course, the host name is replaceable.
 
 ### Resolving host names
 
@@ -245,8 +245,8 @@ and `443` and redirect those requests to the specific container. To make it happ
 define for your services to your `/etc/hosts`.
 
 ```shell
-127.0.0.1   openproject.local traefik.local
-::1         openproject.local traefik.local
+127.0.0.1   openproject.internal traefik.internal
+::1         openproject.internal traefik.internal
 ```
 
 #### DNS? Where are you?
@@ -374,7 +374,7 @@ In addition, we need to alter the environmental variables used in the new overri
 like that:
 
 ```shell
-OPENPROJECT_DEV_HOST=openproject.local
+OPENPROJECT_DEV_HOST=openproject.internal
 OPENPROJECT_DEV_URL=https://${OPENPROJECT_DEV_HOST}
 ```
 
@@ -396,7 +396,7 @@ to have Nextcloud running to test the Nextcloud-OpenProject integration. To do t
 
 ### Troubleshooting
 
-After this setup you should be able to access your OpenProject development instance at `https://openproject.local`. If
+After this setup you should be able to access your OpenProject development instance at `https://openproject.internal`. If
 something went wrong, check if your problem is listed here.
 
 #### Certificate invalid
@@ -414,7 +414,7 @@ docker compose --project-directory docker/dev/tls up -d
 
 Within `docker/dev/gitlab` a compose file is provided for running local Gitlab instance with TLS support. This provides
 a production like environment for testing the OpenProject GitLab integration against a community edition GitLab instance
-accessible on `https://gitlab.local`.
+accessible on `https://gitlab.internal`.
 
 > NOTE: Configure [TLS Support](#tls-support) first before starting the GitLab service
 
@@ -445,10 +445,10 @@ docker compose --project-directory docker/dev/gitlab exec -it gitlab gitlab-rake
 
 ## Keycloak Service
 
-> NOTE: OpenID connect is an enterprise feature in OpenProject. So, to be able to use this feature for development setup, we need to have an `Enterprise Edition Token` which is restricted to the domain `openproject.local`
+> NOTE: OpenID connect is an enterprise feature in OpenProject. So, to be able to use this feature for development setup, we need to have an `Enterprise Edition Token` which is restricted to the domain `openproject.internal`
 
 Within `docker/dev/keycloak` a compose file is provided for running local keycloak instance with TLS support. This provides
-a production like environment for testing the OpenProject Keycloak integration against a keycloak instance accessible on `https://keycloak.local`.
+a production like environment for testing the OpenProject Keycloak integration against a keycloak instance accessible on `https://keycloak.internal`.
 
 > NOTE: Configure [TLS Support](#tls-support) first before starting the Keycloak service
 
@@ -460,7 +460,7 @@ Start up the docker compose service for Keycloak as follows:
 docker compose --project-directory docker/dev/keycloak up -d
 ```
 
-Once the keycloak service is started and running, you can access the keycloak instance on `https://keycloak.local` 
+Once the keycloak service is started and running, you can access the keycloak instance on `https://keycloak.internal` 
 and login with initial username and password as `admin`.
 
 Keycloak being an OpenID connect provider, we need to setup an OIDC integration for OpenProject.

diff --git a/docs/development/kerberos/README.md b/docs/development/kerberos/README.md
@@ -15,7 +15,7 @@ To test Kerberos, you'll need to setup a local kerberos admin and kdc server. Th
 
 - A debian / ubuntu VM or local machine
 
-- A local packaged installation installed using the hostname `openproject.local`
+- A local packaged installation installed using the hostname `openproject.internal`
 
 ## Installing kerberos server
 
@@ -25,22 +25,22 @@ First, install kdc and admin server:
 apt install krb5-kdc krb5-admin-server krb5-config -y
 ```
 
-During that installation, you'll be asked to enter the default realm. We'll use `TEST.LOCAL` in the course of this guide.
+During that installation, you'll be asked to enter the default realm. We'll use `TEST.INTERNAL` in the course of this guide.
 
 ![Defining the default realm](realm.png)
 
 Next, you'll have to enter the hostnames used for your server. We'll assume this setup:
 
-- The development server is running under `openproject.local`
-- The KDC and admin server will be running under `kerberos.local`
+- The development server is running under `openproject.internal`
+- The KDC and admin server will be running under `kerberos.internal`
 
 You can simply add both of these hostnames to localhost in your `/etc/hosts` file.
 
-Then, in the following screen, enter `openproject.local kerberos.local`
+Then, in the following screen, enter `openproject.internal kerberos.internal`
 
 ![image-20220622162300570](image-20220622162300570.png)
 
-For the administrative server, also enter `kerberos.local`
+For the administrative server, also enter `kerberos.internal`
 
 ![Add the admin server](admin-server.png)
 
@@ -50,15 +50,15 @@ The next dialog, you can simply continue with OK. The configuration will continu
 
 Next, add the realm with the command `krb5_newrealm`. You'll be prompted for a password. Double-check that it prints this line or similar:
 
-`Initializing database '/var/lib/krb5kdc/principal' for realm 'TEST.LOCAL',`
+`Initializing database '/var/lib/krb5kdc/principal' for realm 'TEST.INTERNAL',`
 
 Enter a password and continue with enter. The realm is now setup.
 
 Next,  you'll restart the kdc server with `systemctl restart krb5-kdc` and confirm it's running with `systemctl status krb5-kdc`
 
 ### Adding your principal
 
-You can now run `kadmin.local`  to access the admin CLI for adding principals to kerberos. In that prompt, enter a new user for testing:
+You can now run `kadmin.internal`  to access the admin CLI for adding principals to kerberos. In that prompt, enter a new user for testing:
 
 `addprinc user1`
 
@@ -67,14 +67,14 @@ This will prompt for a password for user1, which you have to confirm afterwards.
 To check that the user was created successfully, run this command `get_principal`:
 
 ```text
-> kadmin.local: get_principal user1
-Principal: user1@TEST.LOCAL
+> kadmin.internal: get_principal user1
+Principal: user1@TEST.INTERNAL
 Expiration date: [never]
 Last password change: Mi Jun 22 16:28:58 CEST 2022
 Password expiration date: [never]
 Maximum ticket life: 0 days 10:00:00
 Maximum renewable life: 7 days 00:00:00
-Last modified: Mi Jun 22 16:28:58 CEST 2022 (HTTP/admin@TEST.LOCAL)
+Last modified: Mi Jun 22 16:28:58 CEST 2022 (HTTP/admin@TEST.INTERNAL)
 Last successful authentication: [never]
 Last failed authentication: [never]
 Failed password attempts: 0
@@ -90,21 +90,21 @@ Policy: [none]
 
 The OpenProject Apache module for kerberos will call the kerberos with its own service principal. That we will have to create and add a keytab for, so that the password can be access by Apache.
 
-In the `kadmin.local` prompt, run this:
+In the `kadmin.internal` prompt, run this:
 
 ```shell
-addprinc -randkey HTTP/openproject.local
+addprinc -randkey HTTP/openproject.internal
 ```
 
 Note that this will not require a password prompt.
 
-This adds a principal for the HTTP/openproject.local service. Next, add it to a keyfile at `/etc/apache2/openproject.keytab`:
+This adds a principal for the HTTP/openproject.internal service. Next, add it to a keyfile at `/etc/apache2/openproject.keytab`:
 
 ```shell
-ktadd -k /etc/apache2/openproject.keytab HTTP/openproject.local
+ktadd -k /etc/apache2/openproject.keytab HTTP/openproject.internal
 ```
 
-Exit the `kadmin.local` console. Make sure the file is readable by apache2:
+Exit the `kadmin.internal` console. Make sure the file is readable by apache2:
 
 ```shell
 chown www-data:www-data /etc/apache2/openproject.keytab
@@ -128,14 +128,14 @@ Add the following contents:
   AuthType GSSAPI
   # The Basic Auth dialog name shown to the user
   # change this freely
-  AuthName "TEST.LOCAL realm login"
+  AuthName "TEST.INTERNAL realm login"
 
   # The realm used for Kerberos, you will want to
   # change this to your actual domain
   GssapiCredStore keytab:/etc/apache2/openproject.keytab
   # You can also try to set the explicit name instead of the keytab,
   # this will lookup the keytab from its default location /etc/kr5b.keytab
-  #GssapiCredStore HTTP/openproject.local@TEST.LOCAL
+  #GssapiCredStore HTTP/openproject.internal@TEST.INTERNAL
   # Disable SSL
   GssapiSSLonly           Off
   # Enable sending username without REALM
@@ -154,7 +154,7 @@ Add the following contents:
 
 Save the file and check the config with `apache2ctl configtest`. If this works fine, restart apache with `systemctl restart apache2`.
 
-If your OpenProject installation isn't yet running under `openproject.local`, run `openproject reconfigure` to change the hostname.
+If your OpenProject installation isn't yet running under `openproject.internal`, run `openproject reconfigure` to change the hostname.
 
 ## Configure OpenProject
 

diff --git a/docs/development/localhost-ssl/README.md b/docs/development/localhost-ssl/README.md
@@ -121,14 +121,14 @@ setup a reverse proxy in docker, like [traefik](https://traefik.io/). Then follo
 
   ```yaml
   labels:
-    - "traefik.http.routers.op-backend.rule=Host(`op-backend.local`)"
+    - "traefik.http.routers.op-backend.rule=Host(`op-backend.internal`)"
   ```
 
 - add the extra hosts to your `/etc/hosts` to redirect to `localhost`
 - add the extra hosts to your `backend` service with
 
   ```yaml
-  OPENPROJECT_DEV_EXTRA_HOSTS: 'op-backend.local,op-backend.local'
+  OPENPROJECT_DEV_EXTRA_HOSTS: 'op-backend.internal,op-backend.internal'
   ```
 
 > **Reminder**:

diff --git a/docs/system-admin-guide/authentication/kerberos/README.md b/docs/system-admin-guide/authentication/kerberos/README.md
@@ -22,7 +22,7 @@ Assuming you have Kerberos set up with a realm, you need to create a Kerberos se
 Create the service principal (e.g. using `kadmin`) and a keytab for OpenProject used for Apache with the following commands:
 
 ```shell
-# Assuming you're in the `kadmin.local` interactive command
+# Assuming you're in the `kadmin.internal` interactive command
 
 addprinc -randkey HTTP/openproject.example.com
 ktadd -k /etc/apache2/openproject.keytab HTTP/openproject.example.com

diff --git a/modules/storages/spec/factories/storage_factory.rb b/modules/storages/spec/factories/storage_factory.rb
@@ -115,7 +115,7 @@
     end
 
     name { "Nextcloud Local" }
-    host { "https://nextcloud.local/" }
+    host { "https://nextcloud.internal/" }
 
     initialize_with do
       Storages::NextcloudStorage.create_or_find_by(attributes.except(:oauth_client, :oauth_application))
@@ -131,7 +131,7 @@
              uid: ENV.fetch("NEXTCLOUD_LOCAL_OPENPROJECT_UID", "MISSING_NEXTCLOUD_LOCAL_OPENPROJECT_UID"),
              secret: ENV.fetch("NEXTCLOUD_LOCAL_OPENPROJECT_SECRET", "MISSING_NEXTCLOUD_LOCAL_OPENPROJECT_SECRET"),
              redirect_uri: ENV.fetch("NEXTCLOUD_LOCAL_OPENPROJECT_REDIRECT_URI",
-                                     "https://nextcloud.local/index.php/apps/integration_openproject/oauth-redirect"),
+                                     "https://nextcloud.internal/index.php/apps/integration_openproject/oauth-redirect"),
              scopes: "api_v3",
              integration: storage)