You've already forked oauth2-proxy
mirror of
https://github.com/oauth2-proxy/oauth2-proxy.git
synced 2025-08-08 22:46:33 +02:00
3ac834dbcf
* Change Dex port in local-environment from 4190 to 5556
Port 4190 is blocked by standards-compliant browsers (e.g. Firefox), as per https://fetch.spec.whatwg.org/#port-blocking.
Port 5556 is used by Dex in its example config files: 745e1114f3/examples/config-dev.yaml (L50)
* Fix upstream in local-environment/oauth2-proxy.cfg
http://httpbin.localtest.me:8080 is only exposed to the host, not to httpbin Docker network.
Causes Bad Gateway before.
* Do not expose unauthenticated httpbin service in local-environment
This defeats the point of having oauth2-proxy.
It has already been misleading by causing the bug fixed in cafc6af48fc38f6fe4395fb0c7e2638bc84e6091.
It serves as a bad example: users might accidentally expose the service they're trying to protect in the first place.
* Remove unnecessary httpbin.localtest.me alias from local-environment
15 lines
660 B
INI
15 lines
660 B
INI
http_address="0.0.0.0:4180"
|
|
cookie_secret="OQINaROshtE9TcZkNAm-5Zs2Pv3xaWytBmc5W7sPX7w="
|
|
provider="oidc"
|
|
email_domains="example.com"
|
|
oidc_issuer_url="http://dex.localtest.me:5556/dex"
|
|
client_secret="b2F1dGgyLXByb3h5LWNsaWVudC1zZWNyZXQK"
|
|
client_id="oauth2-proxy"
|
|
cookie_secure="false"
|
|
|
|
redirect_url="http://oauth2-proxy.oauth2-proxy.localhost/oauth2/callback"
|
|
cookie_domains=".oauth2-proxy.localhost" # Required so cookie can be read on all subdomains.
|
|
whitelist_domains=".oauth2-proxy.localhost" # Required to allow redirection back to original requested target.
|
|
# Enables the use of `X-Forwarded-*` headers to determine request correctly
|
|
reverse_proxy="true"
|