kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-02-22 12:29:39 +01:00
Code Issues Packages Projects Releases Wiki Activity

Refactored OAuth2 Proxy Configuration

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach 2025-02-19 03:58:21 +01:00
parent 74d8dad94c
commit 1d360dfa95
4 changed files with 27 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
roles/docker-oauth2-proxy/templates/endpoint.conf.j2 Normal file
View File

@ -0,0 +1,16 @@
# Include OAuth2 Proxy
# Raise the maximal header size.
# Keycloak uses huge headers for authentification
proxy_buffer_size 16k;
proxy_buffers 8 16k;
proxy_busy_buffers_size 16k;
large_client_header_buffers 4 16k;
# OAuth2-Proxy-Endpoint
location /oauth2/ {
proxy_pass http://127.0.0.1:{{ports.localhost.oauth2_proxy[application_id]}};
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}

9
roles/docker-oauth2-proxy/templates/following_directives.conf.j2 Normal file
View File

@ -0,0 +1,9 @@
# The following directives enforce OAuth2 authentication:
auth_request /oauth2/auth;
# This directive issues an internal sub-request to '/oauth2/auth' for every incoming request.
# The sub-request checks if the client is authenticated.
error_page 401 = /oauth2/start;
# If the authentication check fails (i.e., a 401 Unauthorized is returned),
# this directive redirects the client to '/oauth2/start', which typically initiates the OAuth2 login process.

17
roles/nginx-docker-reverse-proxy/templates/domain.conf.j2
View File

@ -3,22 +3,7 @@ server
server_name {{domain}}; server_name {{domain}};
{% if oauth2_proxy_active | bool %} {% if oauth2_proxy_active | bool %}
# Include OAuth2 Proxy {% include 'roles/docker-oauth2-proxy/templates/endpoint.conf.j2'%}
# Raise the maximal header size.
# Keycloak uses huge headers for authentification
proxy_buffer_size 16k;
proxy_buffers 8 16k;
proxy_busy_buffers_size 16k;
large_client_header_buffers 4 16k;
# OAuth2-Proxy-Endpoint
location /oauth2/ {
proxy_pass http://127.0.0.1:{{ports.localhost.oauth2_proxy[application_id]}};
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
{% endif %} {% endif %}
{% include 'roles/nginx-modifier-all/templates/global.includes.conf.j2'%} {% include 'roles/nginx-modifier-all/templates/global.includes.conf.j2'%}

3
roles/nginx-docker-reverse-proxy/templates/proxy_pass.conf.j2
View File

@ -1,8 +1,7 @@
location / location /
{ {
{% if oauth2_proxy_active | bool %} {% if oauth2_proxy_active | bool %}
auth_request /oauth2/auth; {% include 'roles/docker-oauth2-proxy/templates/following_directives.conf.j2'%}
error_page 401 = /oauth2/start;
{% endif %} {% endif %}
proxy_pass http://127.0.0.1:{{http_port}}/; proxy_pass http://127.0.0.1:{{http_port}}/;