go/oauth2-proxy
1
0
Fork 0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2025-08-06 22:42:56 +02:00
Code Issues Releases Activity

Fix local-environment ports (#3136)

Browse Source 
* Change Dex port in local-environment from 4190 to 5556

Port 4190 is blocked by standards-compliant browsers (e.g. Firefox), as per https://fetch.spec.whatwg.org/#port-blocking.
Port 5556 is used by Dex in its example config files: 745e1114f3/examples/config-dev.yaml (L50)

* Fix upstream in local-environment/oauth2-proxy.cfg

http://httpbin.localtest.me:8080 is only exposed to the host, not to httpbin Docker network.
Causes Bad Gateway before.

* Do not expose unauthenticated httpbin service in local-environment

This defeats the point of having oauth2-proxy.
It has already been misleading by causing the bug fixed in cafc6af48fc38f6fe4395fb0c7e2638bc84e6091.
It serves as a bad example: users might accidentally expose the service they're trying to protect in the first place.

* Remove unnecessary httpbin.localtest.me alias from local-environment
This commit is contained in:
Simmo Saan
2025-07-20 21:32:50 +03:00
committed by GitHub
parent 5e7f14bdcb
commit 3ac834dbcf
12 changed files with 22 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
contrib/local-environment/dex.yaml
View File

@ -1,7 +1,7 @@
# This configuration is intended to be used with the docker-compose testing # This configuration is intended to be used with the docker-compose testing
# environment. # environment.
# This should configure Dex to run on port 4190 and provides a static login # This should configure Dex to run on port 5556 and provides a static login
issuer: http://dex.localtest.me:4190/dex issuer: http://dex.localtest.me:5556/dex
storage: storage:
type: etcd type: etcd
config: config:
@ -9,7 +9,7 @@ storage:
- http://etcd:2379 - http://etcd:2379
namespace: dex/ namespace: dex/
web: web:
http: 0.0.0.0:4190 http: 0.0.0.0:5556
oauth2: oauth2:
skipApprovalScreen: true skipApprovalScreen: true
expiry: expiry:

7
contrib/local-environment/docker-compose-gitea.yaml
View File

@ -34,12 +34,9 @@ services:
container_name: httpbin container_name: httpbin
image: kennethreitz/httpbin:latest image: kennethreitz/httpbin:latest
hostname: httpbin hostname: httpbin
ports: ports: []
- 8080:80
networks: networks:
httpbin: httpbin: {}
aliases:
- httpbin.localtest.me
gitea: gitea:
image: gitea/gitea:1.24.3 image: gitea/gitea:1.24.3

7
contrib/local-environment/docker-compose-keycloak.yaml
View File

@ -34,12 +34,9 @@ services:
container_name: httpbin container_name: httpbin
image: kennethreitz/httpbin:latest image: kennethreitz/httpbin:latest
hostname: httpbin hostname: httpbin
ports: ports: []
- 8080:80/tcp
networks: networks:
httpbin: httpbin: {}
aliases:
- httpbin.localtest.me
keycloak: keycloak:
container_name: keycloak container_name: keycloak

9
contrib/local-environment/docker-compose-nginx.yaml
View File

@ -62,7 +62,7 @@ services:
- "./dex.yaml:/dex.yaml" - "./dex.yaml:/dex.yaml"
restart: unless-stopped restart: unless-stopped
ports: ports:
- 4190:4190/tcp - 5556:4181/tcp
networks: networks:
dex: dex:
aliases: aliases:
@ -73,12 +73,9 @@ services:
httpbin: httpbin:
container_name: httpbin container_name: httpbin
image: kennethreitz/httpbin image: kennethreitz/httpbin
ports: ports: []
- 8080:80/tcp
networks: networks:
httpbin: httpbin: {}
aliases:
- httpbin.localtest.me
etcd: etcd:
container_name: etcd container_name: etcd
image: gcr.io/etcd-development/etcd:v3.6.2 image: gcr.io/etcd-development/etcd:v3.6.2

9
contrib/local-environment/docker-compose.yaml
View File

@ -36,7 +36,7 @@ services:
- "./dex.yaml:/dex.yaml" - "./dex.yaml:/dex.yaml"
restart: unless-stopped restart: unless-stopped
ports: ports:
- 4190:4190/tcp - 5556:4181/tcp
networks: networks:
dex: dex:
aliases: aliases:
@ -47,12 +47,9 @@ services:
httpbin: httpbin:
container_name: httpbin container_name: httpbin
image: kennethreitz/httpbin image: kennethreitz/httpbin
ports: ports: []
- 8080:80/tcp
networks: networks:
httpbin: httpbin: {}
aliases:
- httpbin.localtest.me
etcd: etcd:
container_name: etcd container_name: etcd
image: gcr.io/etcd-development/etcd:v3.6.2 image: gcr.io/etcd-development/etcd:v3.6.2

2
contrib/local-environment/oauth2-proxy-alpha-config.yaml
View File

@ -20,4 +20,4 @@ providers:
clientSecret: b2F1dGgyLXByb3h5LWNsaWVudC1zZWNyZXQK clientSecret: b2F1dGgyLXByb3h5LWNsaWVudC1zZWNyZXQK
clientID: oauth2-proxy clientID: oauth2-proxy
oidcConfig: oidcConfig:
issuerURL: http://dex.localhost:4190/dex issuerURL: http://dex.localhost:5556/dex

2
contrib/local-environment/oauth2-proxy-keycloak.cfg
View File

@ -3,7 +3,7 @@ cookie_secret="OQINaROshtE9TcZkNAm-5Zs2Pv3xaWytBmc5W7sPX7w="
email_domains="example.com" email_domains="example.com"
cookie_secure="false" cookie_secure="false"
upstreams="http://httpbin" upstreams="http://httpbin"
cookie_domains=["oauth2-proxy.localtest.me:4080", "httpbin.localtest.me:8080", "keycloak.localtest.me:9080"] # Required so cookie can be read on all subdomains. cookie_domains=["oauth2-proxy.localtest.me:4080", "keycloak.localtest.me:9080"] # Required so cookie can be read on all subdomains.
whitelist_domains=[".localtest.me"] # Required to allow redirection back to original requested target. whitelist_domains=[".localtest.me"] # Required to allow redirection back to original requested target.
# keycloak provider # keycloak provider

2
contrib/local-environment/oauth2-proxy-nginx.cfg
View File

@ -2,7 +2,7 @@ http_address="0.0.0.0:4180"
cookie_secret="OQINaROshtE9TcZkNAm-5Zs2Pv3xaWytBmc5W7sPX7w=" cookie_secret="OQINaROshtE9TcZkNAm-5Zs2Pv3xaWytBmc5W7sPX7w="
provider="oidc" provider="oidc"
email_domains="example.com" email_domains="example.com"
oidc_issuer_url="http://dex.localtest.me:4190/dex" oidc_issuer_url="http://dex.localtest.me:5556/dex"
client_secret="b2F1dGgyLXByb3h5LWNsaWVudC1zZWNyZXQK" client_secret="b2F1dGgyLXByb3h5LWNsaWVudC1zZWNyZXQK"
client_id="oauth2-proxy" client_id="oauth2-proxy"
cookie_secure="false" cookie_secure="false"

2
contrib/local-environment/oauth2-proxy-traefik.cfg
View File

@ -2,7 +2,7 @@ http_address="0.0.0.0:4180"
cookie_secret="OQINaROshtE9TcZkNAm-5Zs2Pv3xaWytBmc5W7sPX7w=" cookie_secret="OQINaROshtE9TcZkNAm-5Zs2Pv3xaWytBmc5W7sPX7w="
provider="oidc" provider="oidc"
email_domains=["example.com"] email_domains=["example.com"]
oidc_issuer_url="http://dex.localhost:4190/dex" oidc_issuer_url="http://dex.localhost:5556/dex"
client_secret="b2F1dGgyLXByb3h5LWNsaWVudC1zZWNyZXQK" client_secret="b2F1dGgyLXByb3h5LWNsaWVudC1zZWNyZXQK"
client_id="oauth2-proxy" client_id="oauth2-proxy"
cookie_secure="false" cookie_secure="false"

4
contrib/local-environment/oauth2-proxy.cfg
View File

@ -2,7 +2,7 @@ http_address="0.0.0.0:4180"
cookie_secret="OQINaROshtE9TcZkNAm-5Zs2Pv3xaWytBmc5W7sPX7w=" cookie_secret="OQINaROshtE9TcZkNAm-5Zs2Pv3xaWytBmc5W7sPX7w="
email_domains="example.com" email_domains="example.com"
cookie_secure="false" cookie_secure="false"
upstreams="http://httpbin.localtest.me:8080" upstreams="http://httpbin"
cookie_domains=[".localtest.me"] # Required so cookie can be read on all subdomains. cookie_domains=[".localtest.me"] # Required so cookie can be read on all subdomains.
whitelist_domains=[".localtest.me"] # Required to allow redirection back to original requested target. whitelist_domains=[".localtest.me"] # Required to allow redirection back to original requested target.
@ -11,6 +11,6 @@ client_secret="b2F1dGgyLXByb3h5LWNsaWVudC1zZWNyZXQK"
client_id="oauth2-proxy" client_id="oauth2-proxy"
redirect_url="http://oauth2-proxy.localtest.me:4180/oauth2/callback" redirect_url="http://oauth2-proxy.localtest.me:4180/oauth2/callback"
oidc_issuer_url="http://dex.localtest.me:4190/dex" oidc_issuer_url="http://dex.localtest.me:5556/dex"
provider="oidc" provider="oidc"
provider_display_name="Dex" provider_display_name="Dex"

2
docs/docs/community/contribution.md
View File

@ -85,5 +85,5 @@ The docker compose setups expose the services with a dynamic reverse DNS resolve
- OAuth2-Proxy: http://oauth2-proxy.localtest.me:4180 - OAuth2-Proxy: http://oauth2-proxy.localtest.me:4180
- Upstream: http://httpbin.localtest.me:8080 - Upstream: http://httpbin.localtest.me:8080
- Dex: http://dex.localtest.me:4190 - Dex: http://dex.localtest.me:5556

2
docs/versioned_docs/version-7.10.x/community/contribution.md
View File

@ -85,5 +85,5 @@ The docker compose setups expose the services with a dynamic reverse DNS resolve
- OAuth2-Proxy: http://oauth2-proxy.localtest.me:4180 - OAuth2-Proxy: http://oauth2-proxy.localtest.me:4180
- Upstream: http://httpbin.localtest.me:8080 - Upstream: http://httpbin.localtest.me:8080
- Dex: http://dex.localtest.me:4190 - Dex: http://dex.localtest.me:5556