refactored oauth2-proxy

2025-12-13 20:54:16 +00:00 · 2025-01-26 16:14:30 +01:00
parent a53ea09da6
commit 08b56ec7cd
9 changed files with 46 additions and 46 deletions
--- a/roles/docker-oauth2-proxy/templates/oauth2-proxy-keycloak.cfg.j2
+++ b/roles/docker-oauth2-proxy/templates/oauth2-proxy-keycloak.cfg.j2
@@ -2,14 +2,13 @@ http_address="0.0.0.0:4180"
 cookie_secret="{{oauth2_proxy_cookie_secret}}"
 email_domains="{{primary_domain}}"
 cookie_secure="false"
-upstreams="http://proxy:80"
-cookie_domains=["{{domain}}", "{{domain_keycloak}}"]    # Required so cookie can be read on all subdomains.
-whitelist_domains=[".{{primary_domain}}"]               # Required to allow redirection back to original requested target.
+upstreams="http://{{oauth2_proxy_upstream_application_and_port}}"
+cookie_domains=["{{domain}}", "{{domain_keycloak}}"]                # Required so cookie can be read on all subdomains.
+whitelist_domains=[".{{primary_domain}}"]                           # Required to allow redirection back to original requested target.

 # keycloak provider
 client_secret="{{oauth2_proxy_client_secret}}"
 client_id="{{domain}}"
-#redirect_url="http://oauth2-proxy.localtest.me:4180/oauth2/callback"
 redirect_url="https://{{domain}}/oauth2/callback"

 # in this case oauth2-proxy is going to visit