This commit is contained in:
David Juarez
2025-07-09 09:38:49 +02:00
parent 192ceb90ee
commit a852b315e0

View File

@ -77,6 +77,9 @@ services:
- OAUTH2_PROXY_COOKIE_SECRET=${IDMANAGER_AUTH_COOKIE_SECRET}
- OAUTH2_PROXY_COOKIE_NAME=_BRIDGEHEAD_oauth2_idm
- OAUTH2_PROXY_COOKIE_DOMAINS=.${HOST}
- OAUTH2_PROXY_COOKIE_EXPIRE=12h
- OAUTH2_PROXY_COOKIE_SECURE=true
- OAUTH2_PROXY_COOKIE_HTTPONLY=true
- OAUTH2_PROXY_HTTP_ADDRESS=:4180
- OAUTH2_PROXY_REVERSE_PROXY=true
- OAUTH2_PROXY_WHITELIST_DOMAINS=.${HOST}
@ -89,7 +92,15 @@ services:
# Keycloak has an expiration time of 60s therefore oauth2-proxy needs to refresh after that
- OAUTH2_PROXY_COOKIE_REFRESH=60s
- OAUTH2_PROXY_ALLOWED_GROUPS=app-dktk-ccp-ppsn
- OAUTH2_PROXY_OIDC_GROUPS_CLAIM=${OIDC_GROUP_CLAIM}
- OAUTH2_PROXY_PROXY_PREFIX=/oauth2-idm
- OAUTH2_PROXY_AUTH_LOGGING=true
- OAUTH2_PROXY_CHALLENGE_METHOD=S256
- OAUTH2_PROXY_SKIP_PROVIDER_BUTTON=true
- OAUTH2_PROXY_PASS_BASIC_AUTH=true
- OAUTH2_PROXY_USER_HEADERS=false
- OAUTH2_PASS_ACCESS_TOKEN=false
- OAUTH2_PROVIDER_DISPLAY_NAME="VerbIS Login"
labels:
- "traefik.enable=true"
- "traefik.http.services.traefik-forward-auth.loadbalancer.server.port=4180"