mirror of https://github.com/samply/bridgehead.git
refactor: use environment variables for oauth2-proxy config
This commit is contained in:
Torben Brenner
parent
f328e40963
commit
b741d931ae
|
|
@ -121,42 +121,38 @@ services:
|
||||||
oauth2-proxy:
|
oauth2-proxy:
|
||||||
image: docker.verbis.dkfz.de/cache/oauth2-proxy/oauth2-proxy:latest
|
image: docker.verbis.dkfz.de/cache/oauth2-proxy/oauth2-proxy:latest
|
||||||
container_name: bridgehead-oauth2proxy
|
container_name: bridgehead-oauth2proxy
|
||||||
command: >-
|
environment:
|
||||||
--allowed-group=DataSHIELD
|
- http_proxy=http://forward_proxy:3128
|
||||||
--oidc-groups-claim=${OIDC_GROUP_CLAIM}
|
- https_proxy=http://forward_proxy:3128
|
||||||
--auth-logging=true
|
- OAUTH2_PROXY_ALLOWED_GROUPS=DataSHIELD
|
||||||
--whitelist-domain=${HOST}
|
- OAUTH2_PROXY_OIDC_GROUPS_CLAIM=${OIDC_GROUP_CLAIM}
|
||||||
--http-address="0.0.0.0:4180"
|
- OAUTH2_PROXY_WHITELIST_DOMAIN=${HOST}
|
||||||
--reverse-proxy=true
|
- OAUTH2_PROXY_HTTP_ADDRESS=:4180
|
||||||
--upstream="static://202"
|
- OAUTH2_PROXY_REVERSE_PROXY=true
|
||||||
--email-domain="*"
|
- OAUTH2_PROXY_UPSTREAMS=static://202
|
||||||
--cookie-name="_BRIDGEHEAD_oauth2"
|
- OAUTH2_PROXY_EMAIL_DOMAINS=*
|
||||||
--cookie-secret="${OAUTH2_PROXY_SECRET}"
|
- OAUTH2_PROXY_COOKIE_NAME=_BRIDGEHEAD_oauth2
|
||||||
--cookie-expire="12h"
|
- OAUTH2_PROXY_COOKIE_SECRET=${OAUTH2_PROXY_SECRET}
|
||||||
--cookie-secure="true"
|
- OAUTH2_PROXY_COOKIE_EXPIRE=12h
|
||||||
--cookie-httponly="true"
|
|
||||||
#OIDC settings
|
#OIDC settings
|
||||||
--provider="keycloak-oidc"
|
- OAUTH2_PROXY_PROVIDER=keycloak-oidc
|
||||||
--provider-display-name="VerbIS Login"
|
- OAUTH2_PROXY_PROVIDER_DISPLAY_NAME="VerbIS Login"
|
||||||
--client-id="${OIDC_PRIVATE_CLIENT_ID}"
|
- OAUTH2_PROXY_CLIENT_ID=${OIDC_PRIVATE_CLIENT_ID}
|
||||||
--client-secret="${OIDC_CLIENT_SECRET}"
|
- OAUTH2_PROXY_CLIENT_SECRET=${OIDC_CLIENT_SECRET}
|
||||||
--redirect-url="https://${HOST}${OAUTH2_CALLBACK}"
|
- OAUTH2_PROXY_REDIRECT_URL="https://${HOST}${OAUTH2_CALLBACK}"
|
||||||
--oidc-issuer-url="${OIDC_ISSUER_URL}"
|
- OAUTH2_PROXY_OIDC_ISSUER_URL=${OIDC_ISSUER_URL}
|
||||||
--scope="openid email profile"
|
- OAUTH2_PROXY_SCOPE=openid profile email
|
||||||
--code-challenge-method="S256"
|
- OAUTH2_PROXY_CODE_CHALLENGE_METHOD=true
|
||||||
--skip-provider-button=true
|
- OAUTH2_PROXY_SKIP_PROVIDER_BUTTON=true
|
||||||
#X-Forwarded-Header settings - true/false depending on your needs
|
#X-Forwarded-Header settings - true/false depending on your needs
|
||||||
--pass-basic-auth=true
|
- OAUTH2_PROXY_PASS_BASIC_AUTH=true
|
||||||
--pass-user-headers=false
|
- OAUTH2_PROXY_PASS_USER_HEADERS=false
|
||||||
--pass-access-token=false
|
- OAUTH2_PROXY_ACCESS_TOKEN=false
|
||||||
labels:
|
labels:
|
||||||
- "traefik.enable=true"
|
- "traefik.enable=true"
|
||||||
- "traefik.http.routers.oauth2_proxy.rule=PathPrefix(`/oauth2`)"
|
- "traefik.http.routers.oauth2_proxy.rule=PathPrefix(`/oauth2`)"
|
||||||
- "traefik.http.services.oauth2_proxy.loadbalancer.server.port=4180"
|
- "traefik.http.services.oauth2_proxy.loadbalancer.server.port=4180"
|
||||||
- "traefik.http.routers.oauth2_proxy.tls=true"
|
- "traefik.http.routers.oauth2_proxy.tls=true"
|
||||||
environment:
|
|
||||||
http_proxy: "http://forward_proxy:3128"
|
|
||||||
https_proxy: "http://forward_proxy:3128"
|
|
||||||
depends_on:
|
depends_on:
|
||||||
forward_proxy:
|
forward_proxy:
|
||||||
condition: service_healthy
|
condition: service_healthy
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue