Fix local-environment ports (#3136)

* Change Dex port in local-environment from 4190 to 5556 Port 4190 is blocked by standards-compliant browsers (e.g. Firefox), as per https://fetch.spec.whatwg.org/#port-blocking. Port 5556 is used by Dex in its example config files: 745e1114f3/examples/config-dev.yaml (L50) * Fix upstream in local-environment/oauth2-proxy.cfg http://httpbin.localtest.me:8080 is only exposed to the host, not to httpbin Docker network. Causes Bad Gateway before. * Do not expose unauthenticated httpbin service in local-environment This defeats the point of having oauth2-proxy. It has already been misleading by causing the bug fixed in cafc6af48fc38f6fe4395fb0c7e2638bc84e6091. It serves as a bad example: users might accidentally expose the service they're trying to protect in the first place. * Remove unnecessary httpbin.localtest.me alias from local-environment
2025-08-06 22:42:56 +02:00 · 2025-07-20 21:32:50 +03:00
parent 5e7f14bdcb
commit 3ac834dbcf
12 changed files with 22 additions and 34 deletions
--- a/contrib/local-environment/dex.yaml
+++ b/contrib/local-environment/dex.yaml
@ -1,7 +1,7 @@
 # This configuration is intended to be used with the docker-compose testing
 # environment.
-# This should configure Dex to run on port 4190 and provides a static login
-issuer: http://dex.localtest.me:4190/dex
+# This should configure Dex to run on port 5556 and provides a static login
+issuer: http://dex.localtest.me:5556/dex
 storage:
  type: etcd
  config:
@ -9,7 +9,7 @@ storage:
    - http://etcd:2379
    namespace: dex/
 web:
-  http: 0.0.0.0:4190
+  http: 0.0.0.0:5556
 oauth2:
  skipApprovalScreen: true
 expiry:
--- a/contrib/local-environment/docker-compose-gitea.yaml
+++ b/contrib/local-environment/docker-compose-gitea.yaml
@ -34,12 +34,9 @@ services:
    container_name: httpbin
    image: kennethreitz/httpbin:latest
    hostname: httpbin
-    ports:
-      - 8080:80
+    ports: []
    networks:
-      httpbin:
-        aliases:
-          - httpbin.localtest.me
+      httpbin: {}

  gitea:
    image: gitea/gitea:1.24.3
--- a/contrib/local-environment/docker-compose-keycloak.yaml
+++ b/contrib/local-environment/docker-compose-keycloak.yaml
@ -34,12 +34,9 @@ services:
    container_name: httpbin
    image: kennethreitz/httpbin:latest
    hostname: httpbin
-    ports:
-      - 8080:80/tcp
+    ports: []
    networks:
-      httpbin:
-        aliases:
-          - httpbin.localtest.me
+      httpbin: {}

  keycloak:
    container_name: keycloak
--- a/contrib/local-environment/docker-compose-nginx.yaml
+++ b/contrib/local-environment/docker-compose-nginx.yaml
@ -62,7 +62,7 @@ services:
      - "./dex.yaml:/dex.yaml"
    restart: unless-stopped
    ports:
-      - 4190:4190/tcp
+      - 5556:4181/tcp
    networks:
      dex:
        aliases:
@ -73,12 +73,9 @@ services:
  httpbin:
    container_name: httpbin
    image: kennethreitz/httpbin
-    ports:
-      - 8080:80/tcp
+    ports: []
    networks:
-      httpbin:
-        aliases:
-          - httpbin.localtest.me
+      httpbin: {}
  etcd:
    container_name: etcd
    image: gcr.io/etcd-development/etcd:v3.6.2
--- a/contrib/local-environment/docker-compose.yaml
+++ b/contrib/local-environment/docker-compose.yaml
@ -36,7 +36,7 @@ services:
      - "./dex.yaml:/dex.yaml"
    restart: unless-stopped
    ports:
-      - 4190:4190/tcp
+      - 5556:4181/tcp
    networks:
      dex:
        aliases:
@ -47,12 +47,9 @@ services:
  httpbin:
    container_name: httpbin
    image: kennethreitz/httpbin
-    ports:
-      - 8080:80/tcp
+    ports: []
    networks:
-      httpbin:
-        aliases:
-          - httpbin.localtest.me
+      httpbin: {}
  etcd:
    container_name: etcd
    image: gcr.io/etcd-development/etcd:v3.6.2
--- a/contrib/local-environment/oauth2-proxy-alpha-config.yaml
+++ b/contrib/local-environment/oauth2-proxy-alpha-config.yaml
@ -20,4 +20,4 @@ providers:
  clientSecret: b2F1dGgyLXByb3h5LWNsaWVudC1zZWNyZXQK
  clientID: oauth2-proxy
  oidcConfig:
-    issuerURL: http://dex.localhost:4190/dex
+    issuerURL: http://dex.localhost:5556/dex
--- a/contrib/local-environment/oauth2-proxy-keycloak.cfg
+++ b/contrib/local-environment/oauth2-proxy-keycloak.cfg
@ -3,7 +3,7 @@ cookie_secret="OQINaROshtE9TcZkNAm-5Zs2Pv3xaWytBmc5W7sPX7w="
 email_domains="example.com"
 cookie_secure="false"
 upstreams="http://httpbin"
-cookie_domains=["oauth2-proxy.localtest.me:4080", "httpbin.localtest.me:8080", "keycloak.localtest.me:9080"] # Required so cookie can be read on all subdomains.
+cookie_domains=["oauth2-proxy.localtest.me:4080", "keycloak.localtest.me:9080"] # Required so cookie can be read on all subdomains.
 whitelist_domains=[".localtest.me"] # Required to allow redirection back to original requested target.

 # keycloak provider
--- a/contrib/local-environment/oauth2-proxy-nginx.cfg
+++ b/contrib/local-environment/oauth2-proxy-nginx.cfg
@ -2,7 +2,7 @@ http_address="0.0.0.0:4180"
 cookie_secret="OQINaROshtE9TcZkNAm-5Zs2Pv3xaWytBmc5W7sPX7w="
 provider="oidc"
 email_domains="example.com"
-oidc_issuer_url="http://dex.localtest.me:4190/dex"
+oidc_issuer_url="http://dex.localtest.me:5556/dex"
 client_secret="b2F1dGgyLXByb3h5LWNsaWVudC1zZWNyZXQK"
 client_id="oauth2-proxy"
 cookie_secure="false"
--- a/contrib/local-environment/oauth2-proxy-traefik.cfg
+++ b/contrib/local-environment/oauth2-proxy-traefik.cfg
@ -2,7 +2,7 @@ http_address="0.0.0.0:4180"
 cookie_secret="OQINaROshtE9TcZkNAm-5Zs2Pv3xaWytBmc5W7sPX7w="
 provider="oidc"
 email_domains=["example.com"]
-oidc_issuer_url="http://dex.localhost:4190/dex"
+oidc_issuer_url="http://dex.localhost:5556/dex"
 client_secret="b2F1dGgyLXByb3h5LWNsaWVudC1zZWNyZXQK"
 client_id="oauth2-proxy"
 cookie_secure="false"
--- a/contrib/local-environment/oauth2-proxy.cfg
+++ b/contrib/local-environment/oauth2-proxy.cfg
@ -2,7 +2,7 @@ http_address="0.0.0.0:4180"
 cookie_secret="OQINaROshtE9TcZkNAm-5Zs2Pv3xaWytBmc5W7sPX7w="
 email_domains="example.com"
 cookie_secure="false"
-upstreams="http://httpbin.localtest.me:8080"
+upstreams="http://httpbin"
 cookie_domains=[".localtest.me"] # Required so cookie can be read on all subdomains.
 whitelist_domains=[".localtest.me"] # Required to allow redirection back to original requested target.

@ -11,6 +11,6 @@ client_secret="b2F1dGgyLXByb3h5LWNsaWVudC1zZWNyZXQK"
 client_id="oauth2-proxy"
 redirect_url="http://oauth2-proxy.localtest.me:4180/oauth2/callback"

-oidc_issuer_url="http://dex.localtest.me:4190/dex"
+oidc_issuer_url="http://dex.localtest.me:5556/dex"
 provider="oidc"
 provider_display_name="Dex"
--- a/docs/docs/community/contribution.md
+++ b/docs/docs/community/contribution.md
@ -85,5 +85,5 @@ The docker compose setups expose the services with a dynamic reverse DNS resolve

 - OAuth2-Proxy: http://oauth2-proxy.localtest.me:4180
 - Upstream: http://httpbin.localtest.me:8080
- Dex: http://dex.localtest.me:4190
+- Dex: http://dex.localtest.me:5556

--- a/docs/versioned_docs/version-7.10.x/community/contribution.md
+++ b/docs/versioned_docs/version-7.10.x/community/contribution.md
@ -85,5 +85,5 @@ The docker compose setups expose the services with a dynamic reverse DNS resolve

 - OAuth2-Proxy: http://oauth2-proxy.localtest.me:4180
 - Upstream: http://httpbin.localtest.me:8080
- Dex: http://dex.localtest.me:4190
+- Dex: http://dex.localtest.me:5556