kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-08-29 15:06:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

refactored oauth2-proxy

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach
2025-01-26 16:14:30 +01:00
parent a53ea09da6
commit 08b56ec7cd
9 changed files with 46 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
roles/docker-oauth2-proxy/templates/container.yml.j2
View File

@@ -1,24 +1,11 @@
oauth2-proxy:
image: quay.io/oauth2-proxy/oauth2-proxy:v7.8.1
#image: quay.io/oauth2-proxy/oauth2-proxy:{{oauth2_version}}
#image: quay.io/oauth2-proxy/oauth2-proxy:v7.8.1
image: quay.io/oauth2-proxy/oauth2-proxy:{{oauth2_version}}
restart: {{docker_restart_policy}}
command: --config /oauth2-proxy.cfg
hostname: oauth2-proxy
#environment:
# OAUTH2_PROXY_PROVIDER: "keycloak" # The OAuth2 provider, in this case, Keycloak. Change based on your provider (e.g., Google, GitHub).
# OAUTH2_PROXY_OIDC_ISSUER_URL: "https://auth.veen.world/auth/realms/veen.world"
# OAUTH2_PROXY_CLIENT_ID: "{{domain}}" # The client ID configured in Keycloak for the application.
# OAUTH2_PROXY_CLIENT_SECRET: "{{oauth2_proxy_client_secret}}" # The client secret configured in Keycloak for the application.
# OAUTH2_PROXY_COOKIE_SECRET: "{{oauth2_proxy_cookie_secret}}" # A random 32-character string used to sign cookies for session management. Generate with `openssl rand -base64 32`.
# #OAUTH2_PROXY_EMAIL_DOMAINS: "{{primary_domain}}" # The allowed email domain(s) for authentication. Example: "example.com".
# OAUTH2_PROXY_REDIRECT_URL: "{{oauth2_proxy_redirect_url}}" # The redirect URL for the OAuth2 flow. It should match the redirect URL configured in Keycloak.
# OAUTH2_PROXY_UPSTREAMS: "http://127.0.0.1:{{http_port}}" # The internal upstream service (your application) that OAuth2-Proxy protects.
ports:
# - "127.0.0.1:{{oauth2_proxy_port}}:4180"
- 4180:4180/tcp
- {{oauth2_proxy_port}}:4180/tcp
volumes:
- "./oauth2-proxy-keycloak.cfg:/oauth2-proxy.cfg"
{% include 'templates/docker/container/networks.yml.j2' %}
# keycloak: {}
# httpbin: {}
# oauth2-proxy: {}
- "./{{oauth2_configuration_file}}:/oauth2-proxy.cfg"
{% include 'templates/docker/container/networks.yml.j2' %}

7
roles/docker-oauth2-proxy/templates/oauth2-proxy-keycloak.cfg.j2
View File

@@ -2,14 +2,13 @@ http_address="0.0.0.0:4180"
cookie_secret="{{oauth2_proxy_cookie_secret}}"
email_domains="{{primary_domain}}"
cookie_secure="false"
upstreams="http://proxy:80"
cookie_domains=["{{domain}}", "{{domain_keycloak}}"] # Required so cookie can be read on all subdomains.
whitelist_domains=[".{{primary_domain}}"] # Required to allow redirection back to original requested target.
upstreams="http://{{oauth2_proxy_upstream_application_and_port}}"
cookie_domains=["{{domain}}", "{{domain_keycloak}}"] # Required so cookie can be read on all subdomains.
whitelist_domains=[".{{primary_domain}}"] # Required to allow redirection back to original requested target.
# keycloak provider
client_secret="{{oauth2_proxy_client_secret}}"
client_id="{{domain}}"
#redirect_url="http://oauth2-proxy.localtest.me:4180/oauth2/callback"
redirect_url="https://{{domain}}/oauth2/callback"
# in this case oauth2-proxy is going to visit