kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-08-29 15:06:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

Updated security for OAuth2 and optimized CSS

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach
2025-02-24 21:00:22 +01:00
parent bc455a4344
commit 6d5113b6ea
4 changed files with 30 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
roles/docker-oauth2-proxy/templates/oauth2-proxy-keycloak.cfg.j2
View File

@@ -1,7 +1,7 @@
http_address = "0.0.0.0:4180"
cookie_secret = "{{applications.oauth2_proxy.cookie_secret}}"
cookie_secret = "{{applications[application_id].oauth2_proxy.cookie_secret}}"
email_domains = "{{primary_domain}}"
cookie_secure = "false"
cookie_secure = "true" # True is necessary to force the cookie set via https
upstreams = "http://{{applications[application_id].oauth2_proxy.application}}:{{applications[application_id].oauth2_proxy.port}}"
cookie_domains = ["{{domain}}", "{{domains.keycloak}}"] # Required so cookie can be read on all subdomains.
whitelist_domains = [".{{primary_domain}}"] # Required to allow redirection back to original requested target.
@@ -15,5 +15,5 @@ provider = "oidc"
provider_display_name = "Keycloak"
# role restrictions
#cookie_roles = "realm_access.roles"
allowed_roles = "{{applications.oauth2_proxy.allowed_roles}}"
#cookie_roles = "realm_access.roles"
allowed_roles = "{{applications.oauth2_proxy.allowed_roles}}" # This is not correct here. needs to be placed in applications @todo move there when implementing