From de18da08d0aed5c68c42e44958d1f93ccd154c0a Mon Sep 17 00:00:00 2001
From: DingYongliang <1521323439@qq.com>
Date: Sat, 7 Dec 2024 14:22:03 +0800
Subject: [PATCH] update: add optional initialization function switch, add one
 troubleshooting case

---
 Dockerfile          |  2 +-
 README.md           | 41 +++++++++++++++++++++++++++++-
 README_en.md        | 62 +++++++++++++++++++++++++++++++++++++--------
 docker-compose.yaml | 10 +++++---
 start-services.sh   | 38 ++++++---------------------
 5 files changed, 106 insertions(+), 47 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 9f87418..d29ee16 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -43,7 +43,7 @@ ENV PATH_ROOT=/app
 
 # 安装必要的运行 / 调试工具
 RUN apk update && \
-    apk add --no-cache sudo bash lsof jq curl iproute2 net-tools procps ca-certificates git iputils
+    apk add --no-cache sudo bash vim lsof jq curl iproute2 net-tools procps ca-certificates git iputils
 
 COPY --from=frontend-builder /app/Open-OAuth2Playground/front-standalone/dist /app/front-standalone/dist
 COPY --from=backend-builder /app/Open-OAuth2Playground/oauth2playground .
diff --git a/README.md b/README.md
index e888fd2..7857401 100644
--- a/README.md
+++ b/README.md
@@ -66,6 +66,7 @@ docker-compose -p oauth-server-lite up -d
 **注意事项**
 
 - 此方式启动时，由于容器内无法直接通过 `localhost` 访问其它服务，因此需要通过访问 service name 的方式 ( `redis:6379` ) 连接 redis 。其它配置见文件。
+- 普通用户无需配置任何环境变量和卷挂载，直接拉起即可。如需自定义配置，请认真阅读注意事项。
 - `cas.db` 默认写入用户信息：
     - `username`: `cas`，可通过配置 `${CAS_USERNAME}` 修改
     - `password`: `123456`，可通过配置 `${CAS_PASSWORD}` 修改
@@ -75,7 +76,45 @@ docker-compose -p oauth-server-lite up -d
     - `domains`: `open-oauth2playground`，可通过配置 `${PLAYGROUND_HOST}` 修改
     - `grant_types`: `password`,`authorization_code`,`urn:ietf:params:oauth:grant-type:device_code`,`client_credentials`
 
-- 可在 `Open-OAuth2Playground/apereo-cas/etc/services` 目录下自行添加新的service
+- 可在 `Open-OAuth2Playground/apereo-cas/etc/services` 目录下自行添加新的 service 。
+- 默认开启自动初始化脚本，此时不允许挂载 `cfg.json` 文件。若需要外部挂载文件，可通过 `CFG_INIT_ENABLE` 进行控制。
+
+**TroubleShooting**
+
+- 公网部署 `oauth-server-lite` 容器无法正常启动，表现为容器内部无法通过公网访问容器服务：
+  - docker proxy 会影响容器路由。如果容器通过内网访问，代理服务器可能无法访问宿主机的公网 IP。
+  - 解决方案：
+    ```shell
+    # 清除代理
+    
+    ## 检查 /etc/docker/daemon.json  内核配置
+    cat /etc/docker/daemon.json
+    
+    ## 检查 ~/.docker/config.json 用户配置文件
+    cat /etc/docker/daemon.json
+    
+    ## 检查 系统范围的代理设置
+    ## cat /etc/systemd/system/docker.service.d/http-proxy.conf
+    systemctl show --property=Environment docker
+    ## 如果出现以下内容，需要手动删除 /etc/systemd/system/docker.service.d/http-proxy.conf 中的变量
+    ## >> [Service]
+    ## >> Environment="HTTP_PROXY=http://127.0.0.1:7890"
+    ## >> Environment="HTTPS_PROXY=http://127.0.0.1:7890"
+    ## >> Environment="NO_PROXY=localhost,127.0.0.1"
+    
+    ## 清除运行时的代理
+    unset HTTP_PROXY
+    unset HTTPS_PROXY
+    unset NO_PROXY
+    
+    # 重启服务
+    sudo systemctl daemon-reload
+    sudo systemctl restart docker
+    
+    # 检查代理是否被清除
+    systemctl show --property=Environment docker
+    docker info | grep -i proxy
+    ```
 
 ### 方式二、源码编译运行
 
diff --git a/README_en.md b/README_en.md
index 5bb6bc0..01e0902 100644
--- a/README_en.md
+++ b/README_en.md
@@ -64,17 +64,57 @@ docker-compose -p oauth-server-lite up -d
 
 **Notes**
 
-- When starting in this way, since containers cannot directly access other services via `localhost`, you need to connect to redis via the service name (e.g., `redis:6379`). See the file for other configurations.
-- `cas.db` writes default user information:
-	- `username`: `cas`, can be modified via `${CAS_USERNAME}`
-	- `password`: `123456`, can be modified via `${CAS_PASSWORD}`
-- `sqlite.db` writes default oauth client information:
-	- `client_id`: `oauth`, can be modified via `${OAUTH_CLIENT_ID}`
-	- `client_secret`: `123456`, can be modified via `${OAUTH_CLIENT_SECRET}`
-	- `domains`: `open-oauth2playground`, can be modified via `${PLAYGROUND_HOST}`
-	- `grant_types`: `password`,`authorization_code`,`urn:ietf:params:oauth:grant-type:device_code`,`client_credentials`
-
-- You can add new services in the `Open-OAuth2Playground/apereo-cas/etc/services` directory as needed.
+- When starting in this way, services within the container cannot directly access other services via `localhost`. Instead, use the service name (e.g., `redis:6379`) to connect to Redis. For additional configurations, see the related files.
+- Regular users do not need to configure any environment variables or mount volumes. Simply start the container. For custom configurations, carefully read these notes.
+- The `cas.db` file includes default user information:
+	- `username`: `cas` (modifiable via `${CAS_USERNAME}`)
+	- `password`: `123456` (modifiable via `${CAS_PASSWORD}`)
+- The `sqlite.db` file includes default OAuth client information:
+	- `client_id`: `oauth` (modifiable via `${OAUTH_CLIENT_ID}`)
+	- `client_secret`: `123456` (modifiable via `${OAUTH_CLIENT_SECRET}`)
+	- `domains`: `open-oauth2playground` (modifiable via `${PLAYGROUND_HOST}`)
+	- `grant_types`: `password`, `authorization_code`, `urn:ietf:params:oauth:grant-type:device_code`, `client_credentials`
+- You can add new services in the `Open-OAuth2Playground/apereo-cas/etc/services` directory.
+- The auto-initialization script is enabled by default. In this case, mounting the `cfg.json` file externally is not allowed. To enable external file mounting, control it via the `CFG_INIT_ENABLE` variable.
+
+**Troubleshooting**
+
+- Public Deployment of `oauth-server-lite` Fails to Start
+  - Symptom: The container cannot access container services via the public network.
+  - Cause: Docker's proxy can interfere with container routing. If the container communicates through an internal network, the proxy server may not access the host's public IP.
+  - Solution:
+    ```bash
+    # Clear Proxy Settings
+
+    ## Check kernel configuration in /etc/docker/daemon.json
+    cat /etc/docker/daemon.json
+
+    ## Check user configuration in ~/.docker/config.json
+    cat ~/.docker/config.json
+
+    ## Check system-wide proxy settings
+    ## cat /etc/systemd/system/docker.service.d/http-proxy.conf
+    systemctl show --property=Environment docker
+    
+    ## If the following entries are found, manually remove the variables from /etc/systemd/system/docker.service.d/http-proxy.conf
+    ## >> [Service]
+    ## >> Environment="HTTP_PROXY=http://127.0.0.1:7890"
+    ## >> Environment="HTTPS_PROXY=http://127.0.0.1:7890"
+    ## >> Environment="NO_PROXY=localhost,127.0.0.1"
+
+    ## Clear runtime proxy settings
+    unset HTTP_PROXY
+    unset HTTPS_PROXY
+    unset NO_PROXY
+
+    # Restart Docker
+    sudo systemctl daemon-reload
+    sudo systemctl restart docker
+
+    # Verify the proxy settings have been cleared
+    systemctl show --property=Environment docker
+    docker info | grep -i proxy
+    ```
 
 ### Method Two: Source Code Compilation and Operation
 
diff --git a/docker-compose.yaml b/docker-compose.yaml
index 7ac55bf..bbd2c0d 100644
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -10,15 +10,14 @@ services:
     image: ecnunic/open-oauth2playground:v0.2.0
     container_name: open-oauth2playground
     environment:
+      - CFG_INIT_ENABLE=1                       # 是否初始化 cfg.json 配置文件
       - PLAYGROUND_PORT=80                      # oauth2playground 服务端口号
-      - PLAYGROUND_HOST=localhost               # oauth2playground 服务地址/域名 (用于配置域名解析)
-      - CAS_SERVER_HOST=localhost               # apereo-cas 服务地址/域名 (用于配置域名解析)
       - OAUTH_SERVER_PORT=8081                  # oauth-server-lite 服务端口号
-      - OAUTH_SERVER_HOST=localhost             # oauth-server-lite 服务地址/域名 (用于服务通信 && 配置域名解析)
+      - OAUTH_SERVER_HOST=localhost             # oauth-server-lite 服务地址/域名
       - OAUTH_SERVER_URL=http://localhost:8081  # oauth-server-lite 服务 URL
     ports:
       - "80:80"       # open-oauth2playground 端口
-      # - "6379:6379"   # redis 端口
+#      - "6379:6379"   # redis 端口
 #      - "8080:8080"   # apereo-cas 后端服务占用
       - "8081:8081"   # oauth-server-lite 前端服务
       - "8444:8444"   # apereo-cas 前端服务占用
@@ -41,6 +40,9 @@ services:
     image: ecnunic/oauth-server-lite:v0.3.0
     container_name: oauth-server-lite
     environment:
+      - INIT_ENABLE=1                         # 是否通过环境变量配置全部文件 （与挂载配置文件冲突）
+      - CFG_INIT_ENABLE=1                     # 是否通过环境变量配置 cfg.json 配置文件 （与挂载配置文件冲突）
+      - CAS_PROPERTIES_INIT_ENABLE=1          # 是否通过环境变量配置 cas_properties 配置文件 （与挂载配置文件冲突）
       - OAUTH_CLIENT_ID=oauth                 # OAuth2 Client ID
       - OAUTH_CLIENT_SECRET=123456            # OAuth2 Client Secret
       - CAS_USERNAME=cas                      # CAS 用户名
diff --git a/start-services.sh b/start-services.sh
index 570b290..7d8769b 100644
--- a/start-services.sh
+++ b/start-services.sh
@@ -10,6 +10,9 @@ set -e  # 监测到错误立即退出
 # 变量定义
 # ========================
 
+# 通过环境变量初始化配置文件功能开关
+CFG_INIT_ENABLE=${CFG_INIT_ENABLE:-1}
+
 # docker 容器中各（配置）文件以及目录的路径
 PATH_ROOT=${PATH_ROOT:-"/oauth2playground"}
 PLAYGROUND_PATH="${PATH_ROOT}/oauth2playground"
@@ -17,8 +20,6 @@ PLAYGROUND_CONFIG_FILE="${PATH_ROOT}/cfg.json"
 
 # 可对外暴露的环境变量
 PLAYGROUND_PORT=${PLAYGROUND_PORT:-"80"}  # oauth2playground 服务端口号
-PLAYGROUND_HOST=${PLAYGROUND_HOST:-"localhost"}  # oauth2playground 服务地址/域名
-CAS_SERVER_HOST=${CAS_SERVER_HOST:-"localhost"}  # apereo-cas 服务地址/域名
 OAUTH_SERVER_PORT=${OAUTH_SERVER_PORT:-"8081"}  # oauth-server-lite 服务端口号
 OAUTH_SERVER_HOST=${OAUTH_SERVER_HOST:-"localhost"}  # oauth-server-lite 服务地址/域名
 OAUTH_SERVER_URL=${OAUTH_SERVER_URL:-"http://${OAUTH_SERVER_HOST}:${OAUTH_SERVER_PORT}"}  # oauth-server-lite 服务 URL
@@ -33,6 +34,7 @@ configure_oauth2_playground() {
 
   # 更新 .endpoints 中的指定字段
   jq --arg url "$OAUTH_SERVER_URL" '
+    .endpoints.authorization = "\($url)/oauth2/authorize" |
     .endpoints.device_authorization = "\($url)/oauth2/device/authorize" |
     .endpoints.token = "\($url)/oauth2/token" |
     .endpoints.userinfo = "\($url)/oauth2/userinfo"
@@ -55,32 +57,6 @@ configure_oauth2_playground() {
   echo "OAuth2 Playground configured successfully!"
 }
 
-configure_domain_parser() {
-  echo "Configuring domain parser..."
-
-  # 检查并添加 PLAYGROUND_DOMAIN 的解析
-  if [ "${PLAYGROUND_HOST}" != "localhost" ] && [ "${PLAYGROUND_HOST}" != "127.0.0.1" ]; then
-    if ! grep -q "${PLAYGROUND_HOST}" /etc/hosts; then
-      echo "127.0.0.1 ${PLAYGROUND_HOST}" >> /etc/hosts
-      echo "Added DNS resolution for PLAYGROUND_HOST: ${PLAYGROUND_HOST}"
-    else
-      echo "DNS resolution for PLAYGROUND_HOST already exists: ${PLAYGROUND_HOST}"
-    fi
-  fi
-
-  # 检查并添加 OAUTH_SERVER_DOMAIN 的解析
-  if [ "${OAUTH_SERVER_HOST}" != "localhost" ] && [ "${OAUTH_SERVER_HOST}" != "127.0.0.1" ]; then
-    if ! grep -q "${OAUTH_SERVER_HOST}" /etc/hosts; then
-      echo "127.0.0.1 ${OAUTH_SERVER_HOST}" >> /etc/hosts
-      echo "Added DNS resolution for OAUTH_SERVER_HOST: ${OAUTH_SERVER_HOST}"
-    else
-      echo "DNS resolution for OAUTH_SERVER_HOST already exists: ${OAUTH_SERVER_HOST}"
-    fi
-  fi
-
-  echo "Domain parser configuration completed!"
-}
-
 # 启动 OAuth2 Playground 服务
 start_oauth2_playground() {
   echo "Starting OAuth2 Playground..."
@@ -91,8 +67,10 @@ start_oauth2_playground() {
 # ========================
 # 主执行流程
 # ========================
-configure_oauth2_playground
-configure_domain_parser
+# 判断 CFG_INIT_ENABLE 是否为 1
+if [ "$CFG_INIT_ENABLE" -eq 1 ]; then
+    configure_oauth2_playground
+fi
 start_oauth2_playground
 
 # 保持脚本运行