dooris(host): use new dooris software

Also fix DNS record not properly working anymore.
2026-05-18 18:00:30 +02:00 · 2026-05-18 18:00:30 +02:00 · 1275d50bdf
commit 1275d50bdf
parent 1757c36605
3 changed files with 14 additions and 18 deletions
--- a/resources/chaosknoten/auth-dns/zones/ccchh.net.zone
+++ b/resources/chaosknoten/auth-dns/zones/ccchh.net.zone
@ -52,7 +52,7 @@ hmdooris-ccu		A	10.31.208.202
 buba			A	10.31.211.137
 buba.z9			A	10.31.211.137
 dooris			AAAA	2a07:c481:1:d0::1c
-_acme-challenge.dooris	CNAME	37caae1f-b77f-4eb1-aa71-dc3f7ed24360.auth.acmedns.hamburg.ccc.de
+_acme-challenge.dooris	CNAME	37caae1f-b77f-4eb1-aa71-dc3f7ed24360.auth.acmedns.hamburg.ccc.de.
 waybackproxy		A	10.31.208.99
 yate			A	10.31.208.12
 staubiv2		A	10.31.210.233
--- a/resources/z9/dooris/docker_compose/compose.yaml.j2
+++ b/resources/z9/dooris/docker_compose/compose.yaml.j2
@ -2,21 +2,13 @@

 services:
  dooris:
-    image: git.hamburg.ccc.de/ccchh/hmdooris/hmdooris:latest
+    image: git.hamburg.ccc.de/ccchh/dooris:latest
    environment:
-      HMDOORIS_ALLOWED_IPS: "2a07:c481:1:c8::/64 2a01:170:118b::/56 172.31.200.0/23 172.31.202.0/27"
-      HMDOORIS_CCUJACK_CERTIFICATE_PATH: false
-      HMDOORIS_CCUJACK_PASSWORD: "{{ secret__dooris_ccujack_password }}"
-      HMDOORIS_CCUJACK_URL: https://hmdooris-ccu.ccchh.net:2122
-      HMDOORIS_CCUJACK_USERNAME: dooris
-      HMDOORIS_CLIENT_ID: dooris
-      HMDOORIS_CLIENT_SECRET: "{{ secret__dooris_client_secret }}"
-      HMDOORIS_DISCOVERY_URL: https://id.hamburg.ccc.de/realms/ccchh/.well-known/openid-configuration
-      HMDOORIS_LISTEN: '0.0.0.0:3000'
-      HMDOORIS_REQUIRES_GROUP: /intern
-      HMDOORIS_URL: https://dooris.ccchh.net
-      PYTHONWARNINGS: "ignore:Unverified HTTPS request"
-      #DEBUG: true
-    ports:
-      - "127.0.0.1:3000:3000"
+      DOORIS_OPENID_ISSUER: https://id.hamburg.ccc.de/realms/ccchh/
+      DOORIS_OPENID_CLIENT_ID: dooris
+      DOORIS_OPENID_CLIENT_SECRET: "{{ secret__dooris_client_secret }}"
+      DOORIS_BASE_URL: https://dooris.ccchh.net
+      DOORIS_CCUJACK_USER: "dooris"
+      DOORIS_CCUJACK_PASSWORD: "{{ secret__dooris_ccujack_password }}"
+    network_mode: host
    restart: unless-stopped
--- a/resources/z9/dooris/nginx/dooris.ccchh.net.conf
+++ b/resources/z9/dooris/nginx/dooris.ccchh.net.conf
@ -32,6 +32,10 @@ server {
    proxy_set_header Connection "upgrade";

    location / {
-        proxy_pass http://127.0.0.1:3000/;
+        proxy_pass http://127.0.0.1:8000/;
+        # Increase size to fix nginx error: "upstream sent too big header while reading response header from upstream"
+        proxy_buffer_size 64k;
+        proxy_busy_buffers_size 64k;
+        proxy_buffers 20 4k;
    }
 }