kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-08-29 15:06:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

implemented functioning oauth2-proxy

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach
2025-01-26 15:15:23 +01:00
parent 7b9959af21
commit c35eb10343
7 changed files with 66 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
roles/docker-oauth2-proxy/templates/container.yml.j2 Normal file
View File

@@ -0,0 +1,24 @@
oauth2-proxy:
image: quay.io/oauth2-proxy/oauth2-proxy:v7.8.1
#image: quay.io/oauth2-proxy/oauth2-proxy:{{oauth2_version}}
restart: {{docker_restart_policy}}
command: --config /oauth2-proxy.cfg
hostname: oauth2-proxy
#environment:
# OAUTH2_PROXY_PROVIDER: "keycloak" # The OAuth2 provider, in this case, Keycloak. Change based on your provider (e.g., Google, GitHub).
# OAUTH2_PROXY_OIDC_ISSUER_URL: "https://auth.veen.world/auth/realms/veen.world"
# OAUTH2_PROXY_CLIENT_ID: "{{domain}}" # The client ID configured in Keycloak for the application.
# OAUTH2_PROXY_CLIENT_SECRET: "{{oauth2_proxy_client_secret}}" # The client secret configured in Keycloak for the application.
# OAUTH2_PROXY_COOKIE_SECRET: "{{oauth2_proxy_cookie_secret}}" # A random 32-character string used to sign cookies for session management. Generate with `openssl rand -base64 32`.
# #OAUTH2_PROXY_EMAIL_DOMAINS: "{{primary_domain}}" # The allowed email domain(s) for authentication. Example: "example.com".
# OAUTH2_PROXY_REDIRECT_URL: "{{oauth2_proxy_redirect_url}}" # The redirect URL for the OAuth2 flow. It should match the redirect URL configured in Keycloak.
# OAUTH2_PROXY_UPSTREAMS: "http://127.0.0.1:{{http_port}}" # The internal upstream service (your application) that OAuth2-Proxy protects.
ports:
# - "127.0.0.1:{{oauth2_proxy_port}}:4180"
- 4180:4180/tcp
volumes:
- "./oauth2-proxy-keycloak.cfg:/oauth2-proxy.cfg"
{% include 'templates/docker/container/networks.yml.j2' %}
# keycloak: {}
# httpbin: {}
# oauth2-proxy: {}

18
roles/docker-oauth2-proxy/templates/oauth2-proxy-keycloak.cfg.j2 Normal file
View File

@@ -0,0 +1,18 @@
http_address="0.0.0.0:4180"
cookie_secret="{{oauth2_proxy_cookie_secret}}"
email_domains="{{primary_domain}}"
cookie_secure="false"
upstreams="http://proxy:80"
cookie_domains=["{{domain}}", "{{domain_keycloak}}"] # Required so cookie can be read on all subdomains.
whitelist_domains=[".{{primary_domain}}"] # Required to allow redirection back to original requested target.
# keycloak provider
client_secret="{{oauth2_proxy_client_secret}}"
client_id="{{domain}}"
#redirect_url="http://oauth2-proxy.localtest.me:4180/oauth2/callback"
redirect_url="https://{{domain}}/oauth2/callback"
# in this case oauth2-proxy is going to visit
oidc_issuer_url="https://{{domain_keycloak}}/realms/{{primary_domain}}"
provider="oidc"
provider_display_name="Keycloak"