This commit is contained in:
David Juarez
2025-07-09 11:06:03 +02:00
parent a852b315e0
commit 7572d81dfe

View File

@ -77,9 +77,9 @@ services:
- OAUTH2_PROXY_COOKIE_SECRET=${IDMANAGER_AUTH_COOKIE_SECRET}
- OAUTH2_PROXY_COOKIE_NAME=_BRIDGEHEAD_oauth2_idm
- OAUTH2_PROXY_COOKIE_DOMAINS=.${HOST}
- OAUTH2_PROXY_COOKIE_EXPIRE=12h
- OAUTH2_PROXY_COOKIE_SECURE=true
- OAUTH2_PROXY_COOKIE_HTTPONLY=true
#- OAUTH2_PROXY_COOKIE_EXPIRE=12h
#- OAUTH2_PROXY_COOKIE_SECURE=true
#- OAUTH2_PROXY_COOKIE_HTTPONLY=true
- OAUTH2_PROXY_HTTP_ADDRESS=:4180
- OAUTH2_PROXY_REVERSE_PROXY=true
- OAUTH2_PROXY_WHITELIST_DOMAINS=.${HOST}
@ -92,15 +92,15 @@ services:
# Keycloak has an expiration time of 60s therefore oauth2-proxy needs to refresh after that
- OAUTH2_PROXY_COOKIE_REFRESH=60s
- OAUTH2_PROXY_ALLOWED_GROUPS=app-dktk-ccp-ppsn
- OAUTH2_PROXY_OIDC_GROUPS_CLAIM=${OIDC_GROUP_CLAIM}
#- OAUTH2_PROXY_OIDC_GROUPS_CLAIM=${OIDC_GROUP_CLAIM}
- OAUTH2_PROXY_PROXY_PREFIX=/oauth2-idm
- OAUTH2_PROXY_AUTH_LOGGING=true
- OAUTH2_PROXY_CHALLENGE_METHOD=S256
- OAUTH2_PROXY_SKIP_PROVIDER_BUTTON=true
- OAUTH2_PROXY_PASS_BASIC_AUTH=true
- OAUTH2_PROXY_USER_HEADERS=false
- OAUTH2_PASS_ACCESS_TOKEN=false
- OAUTH2_PROVIDER_DISPLAY_NAME="VerbIS Login"
#- OAUTH2_PROXY_AUTH_LOGGING=true
#- OAUTH2_PROXY_CHALLENGE_METHOD=S256
#- OAUTH2_PROXY_SKIP_PROVIDER_BUTTON=true
#- OAUTH2_PROXY_PASS_BASIC_AUTH=true
#- OAUTH2_PROXY_USER_HEADERS=false
#- OAUTH2_PASS_ACCESS_TOKEN=false
#- OAUTH2_PROVIDER_DISPLAY_NAME="VerbIS Login"
labels:
- "traefik.enable=true"
- "traefik.http.services.traefik-forward-auth.loadbalancer.server.port=4180"