mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-09-08 19:27:18 +02:00

Files

Kevin Veen-Birkenbach 7ca8b7c71d feat(nextcloud): integrate Talk & Whiteboard; refactor to NEXTCLOUD_* vars; full-stack setup

config(ports): add Nextcloud websocket port (4003); canonical domains (nextcloud/talk/whiteboard)

refactor: unify get_app_conf usage & Jinja spacing; migrate paths/handlers to new NEXTCLOUD_* vars

feat(plugins): split plugin routines; configure Whiteboard via occ (URL + JWT)

fix(oidc): use NEXTCLOUD_URL for logout; correct LDAP attribute mappings; add OIDC flavor switch

feat: Whiteboard container & reverse-proxy location; Talk STUN/WS ports; Redis URL for Whiteboard

chore: drop obsolete TODO; minor cleanups in oauth2-proxy, matrix, peertube, pgadmin, phpldapadmin, pixelfed, phpmyadmin

security(schema): Bluesky jwt_secret now base64_prefixed_32; add Nextcloud whiteboard_jwt_secret

db: normalize postgres image tag templating; central DB host checks spacing fixes

ops: add full-stack bootstrap (certs, proxy, volumes); internal nginx config reload handler update

refs: https://chatgpt.com/share/68b5f5b7-8d64-800f-b001-1241f818dc0e

2025-09-01 21:37:02 +02:00

config

replaced port-ui-desktop with desktop to make it more speakable

2025-08-14 11:45:08 +02:00

README.md

Docker OAuth2 Proxy Role

Welcome to the Docker OAuth2 Proxy Role! 🌟 This role contains helper functions to set up an OAuth2 proxy using OAuth2 Proxy, a tool designed to secure applications by protecting them with OAuth2 authentication. 💡

Overview

The OAuth2 Proxy is used to shield specific web applications from unauthorized access by requiring users to authenticate via an external identity provider, such as Keycloak. This role simplifies the setup process by providing templated configurations and tasks to integrate the OAuth2 Proxy with Docker Compose and Keycloak.

Features

🚀 Automated configuration transfer to your Docker Compose instance.
🔧 Template files for a fully customizable proxy setup.
🔐 Integration with Keycloak as an OpenID Connect (OIDC) provider.
🛡️ Configurations to secure applications and allow cookie-based authentication across subdomains.

How It Works

The role includes the following key components:

Templates:
- oauth2-proxy-keycloak.cfg.j2: A configuration file for the OAuth2 Proxy, pre-integrated with Keycloak as an identity provider.
- container.yml.j2: A container definition for the OAuth2 Proxy, specifying the image, ports, volumes, and restart policies.
Tasks:
- A task to transfer the templated configuration to the Docker Compose instance directory.
- A notifier to trigger the setup of the Docker Compose project after transferring the configuration.
Integration:
- Keycloak is configured as the OIDC provider, enabling seamless authentication and authorization.
- Upstream application support ensures traffic is securely proxied to the correct destination.

Why Use This Proxy?

Using this proxy ensures that only authenticated users can access your protected applications. By leveraging OAuth2, you can:

✅ Secure applications with minimal configuration.
✅ Enable single sign-on (SSO) and centralized user management.
✅ Restrict access to specific domains and subdomains.

Dependencies

Before using this role, ensure you have the following:

Docker and Docker Compose installed on your system.
A running Keycloak instance configured with the appropriate realm and clients.

Learn More

To learn more about OAuth2 Proxy, check out the official documentation.

Author

This role was created and maintained by Kevin Veen-Birkenbach. 🌍 You can learn more about Kevin and his projects at veen.world.

Protect your web applications with ease and confidence! ✨