1
0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2024-11-28 09:08:44 +02:00
Commit Graph

31 Commits

Author SHA1 Message Date
Anders Kiel Hovgaard
c00d36159e
Update Alpine image version to 3.14 (#1244)
* Update Alpine image version to 3.14.

* Update changelog.
2021-06-18 13:12:11 +01:00
Ian Roberts
3fc194ee72
Minor change to the Dockerfile to improve build speed (#1139)
"go mod download" does not depend on the VERSION env var, so moving the ARG directive after the RUN will allow better use of the Docker build cache - subsequent builds on the same machine need only re-run the "go mod download" if go.mod or go.sum has changed, rather than re-running it any time the VERSION value passed from the Makefile has changed

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2021-03-29 19:08:40 +01:00
Joel Speed
5fe947eb07
Update go version to 1.16
This includes a fix for our samesite cookie parsing. The behaviour
changed in 1.16 so that the default value now leaves it empty, so it's
equivalent to not setting it (as per spec)
2021-02-19 11:30:58 +00:00
Nishanth Reddy
48b1658e5d
Update alpine version to 3.13 (#1013)
* Update alpine version to 3.13 

alpine 3.12 has a CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28928 which got fixed in recent version

* address review comments
2021-01-30 15:33:28 +00:00
Mitsuo Heijo
f705d2b5d3
Improve CI (#819)
* simplify github actions workflow

no more GOPATH, update Go to 1.15.x

* add script to install golangci-lint

* drop support for Go 1.14

* check docker build in ci

* update alpine linux to 3.12

* update CHANGELOG

* fix golangci-lint installation

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2020-10-07 18:46:41 +01:00
Mitsuo Heijo
e64322b070 Update Go to 1.15 2020-09-30 09:54:43 +09:00
Joel Speed
7ffe9b7620
Reduce docker context to improve build times 2020-07-07 20:51:43 +01:00
Joel Speed
07df29db37
Drop configure script in favour of native Makefile env and checks (#515)
Co-authored-by: Henry Jenkins <henry@henryjenkins.name>
2020-05-09 16:07:46 +01:00
Joel Speed
802754caad
Migrate to oauth2-proxy/oauth2-proxy 2020-03-29 15:40:10 +01:00
Joel Speed
8d69d55de4
Update Go and GolangCI-Lint 2020-03-29 13:17:54 +01:00
Mitsuo Heijo
81b9a63e51
Support Go 1.14 (#419)
* Upgrade base image tags and golangci-lint

* Upgrade golang and golangci-lint in travis-ci

* fix:  tests, pointed out by golangci-lint and format files

* Upgrade dependencies

* update changelog

* fix: tests related to https://github.com/pusher/oauth2_proxy/pull/418

* Separate tests using go version build tags

* Update CHANGELOG

* Revert "Separate tests using go version build tags"

This reverts commit 9b7e65eb90cae954dc7b6316345d3207205d488a.

* fix test to support go1.14 and go1.13

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2020-03-14 10:14:15 +00:00
Luke Tainton
4f553bcfc8
Add nsswitch.conf to Docker image (#400)
* Add nsswitch.conf to Docker image

Created nsswitch.conf to use locally defined translations before DNS. Copied to /etc/nsswitch.conf in the image.

* Add new line

* Updated Changelog

Co-authored-by: Dan Bond <danbond@protonmail.com>
2020-02-23 18:16:18 +00:00
Dan Bond
e270dd0066 docker: build from debian buster 2019-10-07 17:03:15 -07:00
Dhi Aurrahman
de16df232d Support Go 1.13.x and allow to override REGISTRY (#273)
Signed-off-by: Dhi Aurrahman <dio@tetrate.io>
2019-10-07 13:53:46 -07:00
Henry Jenkins
03f218a63c Ensure gomodules are used when downloading 2019-07-15 21:49:38 +01:00
Henry Jenkins
bc81a0f6e4 Merge branch 'master' into go-mod
* master:
  Move docker dep commands to earlier in the build
2019-07-15 21:38:55 +01:00
Henry Jenkins
56f51417ae
Merge branch 'master' into go-mod 2019-07-15 16:08:21 +01:00
Daniel Kimsey
816c2a6da9 Move docker dep commands to earlier in the build
This will let Docker cache the results of the vendor dependencies.
Making re-builds during testing faster.

Also clean-up spurious test & rm in ./configure
2019-07-15 10:00:34 -05:00
Henry Jenkins
27bdb194b1 Update to Alpine 3.10 2019-07-13 22:14:05 +01:00
Henry Jenkins
e245ef4854 Switch from dep to go mod
Update modules to avoid issues with golangci-lint
2019-07-13 21:54:45 +01:00
Henry Jenkins
411adf6f21 Switch linter to golangci-lint 2019-06-23 20:44:16 +01:00
Karl Skewes
d3f0cb43ca Update Alpine to 3.9 2019-05-31 18:54:20 +12:00
Karl Skewes
308bcc06a4 fix Docker user on arm
Use simple USER directive.
Using `addgroup` in final `arm` image when building on amd64 doesn't work.
I must have made a mistake during cross build verification.

Alternative is to use qemu-static but it's not worth it for this.
2019-05-03 20:54:21 +12:00
timothy-spencer
1ae62a3343
added jwt-key-file option, update docs 2019-04-15 09:49:05 -07:00
Dan Bond
bf9fedb3cf
build: use go 1.12 (#124)
* build: use go 1.12

* Update CHANGELOG.md
2019-04-12 11:15:29 +01:00
Karl Skewes
80b5873a26 Potentially breaking change: docker user & group
Run as non-root user and group

In the unlikely event that you are currently persisting data to disk then this
change may break file read/write access due to a change in the UID/GID that the
oauth2_proxy process runs as.

Run as non-root system user and group `oauth2proxy` with UID/GID `2000` to avoid clashing with typical local users.
An alternative to creating a separate user is to ~~chown binary and~~ run as `USER nobody`, which also works, can amend this PR if required.

Least access privileges.
Close: https://github.com/pusher/oauth2_proxy/issues/78

Locally with Docker (`-version`):
```
$ ps aux | grep oauth2
2000     25192  6.0  0.0      0     0 ?        Ds   15:53   0:00 [oauth2_proxy]
```

Running in Kubernetes 1.13 with the following also specified:
```
        securityContext:
          readOnlyRootFilesystem: true
          runAsNonRoot: true
          runAsUser: 10001
```
```
$ kubectl exec -it -n oauth2-proxy oauth2-proxy-85c9f58ffc-dz9lr sh
/opt $ whoami
whoami: unknown uid 10001
/opt $ ps aux
PID   USER     TIME  COMMAND
    1 10001     0:00 /opt/oauth2_proxy --whitelist-domain=.example.com --cookie-domain=example.com --email-domain=example.com --upstream=file:///dev/null --http-address=0.0.0.0:4180
   11 10001     0:00 sh
   17 10001     0:00 ps aux
```

<!--- Go over all the following points, and put an `x` in all the boxes that apply. -->
<!--- If you're unsure about any of these, don't hesitate to ask. We're here to help! -->

- [x] My change requires a change to the documentation or CHANGELOG.
- [x] I have updated the documentation/CHANGELOG accordingly.
- [x] I have created a feature (non-master) branch for my PR.
2019-03-05 21:37:04 +13:00
Karl Skewes
f289543dc6 fix(docker): simplify build by copying ca-certificates.crt 2019-02-02 20:01:27 +13:00
YAEGASHI Takeshi
cb41a91a65 Docker build optimization
Update Dockefile to get a much smaller footprint with alpine image.

Optimize ordering of build steps to avoid needless downloads.

Include CA certificates needed for practical use.
2019-01-22 02:55:39 +09:00
Dan Bond
f35efd1e9c build: use go 1.11 2019-01-15 15:57:53 +00:00
Joel Speed
372ecd0cf8
Introduce Makefile 2019-01-04 10:58:30 +00:00
Joel Speed
7fa913e51c
Add Dockerfile 2018-12-20 11:06:26 +00:00