litecharms/security
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
21 Commits 2 Branches 0 Tags
28616de2405e0300fdf206cd93500b18f62b3447
T
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
khwezi 28616de240 Merge pull request 'Removed nexus source' (#9) from setup into master 
Reviewed-on: #9
2026-06-06 00:10:12 +02:00
shared
Add project files.
2026-06-05 22:07:25 +02:00
src
Removed nexus source
2026-06-06 00:09:48 +02:00
.dockerignore
Add project files.
2026-06-05 22:07:25 +02:00
.gitattributes
Add .gitattributes, .gitignore, and README.md.
2026-06-05 22:07:14 +02:00
.gitignore
Refactored project paths in docker files
2026-06-05 23:35:46 +02:00
docker-compose.dcproj
Add project files.
2026-06-05 22:07:25 +02:00
docker-compose.yml
Added host resolution fix to build steps
2026-06-06 00:03:18 +02:00
LiteCharmsSecurity.AdminUI.sln
Add project files.
2026-06-05 22:07:25 +02:00
README.md
Refactored Readme
2026-06-05 23:06:38 +02:00

README.md

LiteCharmsSecurity

An enterprise-grade Identity and Access Management (IAM) solution built on top of Skoruba Duende IdentityServer. This repository houses the entire security architecture for the Lite Charms ecosystem, providing Single Sign-On (SSO), OAuth 2.0, and OpenID Connect (OIDC) capabilities.

🌐 Infrastructure Architecture

This solution is optimized for production-grade self-hosting behind a secure reverse-proxy tunnel.

  • Identity Provider (STS): sts.security.khongisa.co.za (Port 8083)
  • Management Console (Admin UI): admin.security.khongisa.co.za (Port 8081)
  • Management Backend (Admin API): api.security.khongisa.co.za (Port 8082)

Deployment Stack

  • Reverse Proxy / Edge Router: Pangolin (Handles full external SSL termination).
  • Container Orchestrator: Dockhand VM (Automated GitOps deployments pulled directly from Gitea).
  • Database Layer: Dedicated PostgreSQL running in an isolated Proxmox LXC Container (192.168.1.170).

🛠️ Environment Variables Configuration

Do not check production secrets into Git. Define the following environment variables within the Dockhand UI before launching or updating the stack:

Variable Description Example / Default
DB_PASSWORD Master password for the Postgres LXC container database instance. [Secure Sensitive Value]
SMTP_PASSWORD Password for the outbox notification transactional mail provider. [Secure Sensitive Value]
SMTP_HOST Outbound mail relay server domain. mail.litecharms.co.za
SMTP_LOGIN Corporate security transactional system email account. security@litecharms.co.za
APPLY_MIGRATIONS Toggles automatic Entity Framework database migrations on startup. true (First Run Only)
APPLY_SEED Seeds baseline system roles, client configurations, and default admin users. true (First Run Only)

🚀 Deployment Instructions via Dockhand

1. First-Time Setup (Initialization Mode)

When deploying this stack for the absolute first time onto a blank database instance, ensure both flags are explicitly enabled in the Dockhand dashboard:

APPLY_MIGRATIONS=true
APPLY_SEED=true
Reference in New Issue View Git Blame Copy Permalink
S
Description
Security and Identity management
Readme 628 KiB
Languages
C# 50.5%
TypeScript 32.8%
HTML 8.3%
CSS 4.2%
JavaScript 4%
Other 0.2%