implemented functioning oauth2-proxy

2025-12-13 20:54:16 +00:00 · 2025-01-26 15:15:23 +01:00
parent 7b9959af21
commit c35eb10343
7 changed files with 66 additions and 20 deletions
--- a/roles/docker-oauth2-proxy/templates/oauth2-proxy-keycloak.cfg.j2
+++ b/roles/docker-oauth2-proxy/templates/oauth2-proxy-keycloak.cfg.j2
@@ -0,0 +1,18 @@
+http_address="0.0.0.0:4180"
+cookie_secret="{{oauth2_proxy_cookie_secret}}"
+email_domains="{{primary_domain}}"
+cookie_secure="false"
+upstreams="http://proxy:80"
+cookie_domains=["{{domain}}", "{{domain_keycloak}}"]    # Required so cookie can be read on all subdomains.
+whitelist_domains=[".{{primary_domain}}"]               # Required to allow redirection back to original requested target.
+
+# keycloak provider
+client_secret="{{oauth2_proxy_client_secret}}"
+client_id="{{domain}}"
+#redirect_url="http://oauth2-proxy.localtest.me:4180/oauth2/callback"
+redirect_url="https://{{domain}}/oauth2/callback"
+
+# in this case oauth2-proxy is going to visit
+oidc_issuer_url="https://{{domain_keycloak}}/realms/{{primary_domain}}"
+provider="oidc"
+provider_display_name="Keycloak"