kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-08-26 21:45:20 +02:00
Code Issues Packages Projects Releases Wiki Activity

Set default buffer level for proxy basic conf, which are necessary for OIDC login

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach 2025-08-20 15:56:32 +02:00
parent fa46523433
commit ad7e61e8b1
No known key found for this signature in database
GPG Key ID: 44D8F11FD62F878E
5 changed files with 17 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
roles/srv-proxy-core/templates/headers/buffers.conf.j2 Normal file
View File

@ -0,0 +1,6 @@
# Raise the maximal header size to allow huge headers Keycloak for authentification
proxy_buffer_size 16k;
proxy_buffers 8 16k;
proxy_busy_buffers_size 16k;
client_header_buffer_size 8k;
large_client_header_buffers 8 32k;

1
roles/srv-proxy-core/templates/location/html.conf.j2
View File

@ -1,5 +1,4 @@
{% set location = location | default("/")%} {% set location = location | default("/")%}
location {{location}} location {{location}}
{ {
{% if oauth2_proxy_enabled | default(false) | bool %} {% if oauth2_proxy_enabled | default(false) | bool %}

3
roles/srv-proxy-core/templates/vhost/basic.conf.j2
View File

@ -1,7 +1,8 @@
server server
{ {
server_name {{ domain }}; server_name {{ domain }};
{% include 'roles/srv-proxy-core/templates/headers/buffers.conf.j2' %}
{% if applications | get_app_conf(application_id, 'features.oauth2', False) %} {% if applications | get_app_conf(application_id, 'features.oauth2', False) %}
{% include 'roles/web-app-oauth2-proxy/templates/endpoint.conf.j2'%} {% include 'roles/web-app-oauth2-proxy/templates/endpoint.conf.j2'%}
{% endif %} {% endif %}

2
roles/web-app-oauth2-proxy/templates/container.yml.j2
View File

@ -5,7 +5,7 @@
command: --config /oauth2-proxy.cfg command: --config /oauth2-proxy.cfg
hostname: oauth2-proxy hostname: oauth2-proxy
ports: ports:
- {{ports.localhost.oauth2_proxy[application_id]}}:4180/tcp - {{ ports.localhost.oauth2_proxy[application_id] }}:4180/tcp
volumes: volumes:
- "{{ docker_compose.directories.volumes }}{{applications | get_app_conf('web-app-oauth2-proxy','configuration_file')}}:/oauth2-proxy.cfg" - "{{ docker_compose.directories.volumes }}{{applications | get_app_conf('web-app-oauth2-proxy','configuration_file')}}:/oauth2-proxy.cfg"
{% endif %} {% endif %}

24
roles/web-app-oauth2-proxy/templates/endpoint.conf.j2
View File

@ -1,16 +1,8 @@
{# Include OAuth2 Proxy #} # OAuth2-Proxy-Endpoint
{# Raise the maximal header size. #} location /oauth2/ {
{# Keycloak uses huge headers for authentification #} proxy_pass http://127.0.0.1:{{ ports.localhost.oauth2_proxy[application_id] }};
proxy_buffer_size 16k; proxy_set_header Host $host;
proxy_buffers 8 16k; proxy_set_header X-Real-IP $remote_addr;
proxy_busy_buffers_size 16k; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
large_client_header_buffers 4 16k; proxy_set_header X-Forwarded-Proto $scheme;
}
# OAuth2-Proxy-Endpoint
location /oauth2/ {
proxy_pass http://127.0.0.1:{{ports.localhost.oauth2_proxy[application_id]}};
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}