mirror of
https://github.com/oauth2-proxy/oauth2-proxy.git
synced 2025-01-10 04:18:14 +02:00
5788bebfee
* Add example with traefik and keycloak * Switch to dex * Remove unneeded change in keycloak settings * Taken into account review comments * Add changelog entry Co-authored-by: Frédéric Collonval <frederic.collonval@ariadnext.com> Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
58 lines
1.6 KiB
YAML
58 lines
1.6 KiB
YAML
http:
|
|
routers:
|
|
oauth2-proxy-route:
|
|
rule: "Host(`oauth2-proxy.oauth2-proxy.localhost`)"
|
|
middlewares:
|
|
- auth-headers
|
|
service: oauth-backend
|
|
httpbin-route:
|
|
rule: "Host(`httpbin.oauth2-proxy.localhost`)"
|
|
service: httpbin-service
|
|
middlewares:
|
|
- oauth-auth-redirect # redirects all unauthenticated to oauth2 signin
|
|
httpbin-route-2:
|
|
rule: "Host(`httpbin.oauth2-proxy.localhost`) && PathPrefix(`/no-auto-redirect`)"
|
|
service: httpbin-service
|
|
middlewares:
|
|
- oauth-auth-wo-redirect # unauthenticated session will return a 401
|
|
services-oauth2-route:
|
|
rule: "Host(`httpbin.oauth2-proxy.localhost`) && PathPrefix(`/oauth2/`)"
|
|
middlewares:
|
|
- auth-headers
|
|
service: oauth-backend
|
|
|
|
services:
|
|
httpbin-service:
|
|
loadBalancer:
|
|
servers:
|
|
- url: http://httpbin
|
|
oauth-backend:
|
|
loadBalancer:
|
|
servers:
|
|
- url: http://oauth2-proxy:4180
|
|
|
|
middlewares:
|
|
auth-headers:
|
|
headers:
|
|
stsSeconds: 315360000
|
|
browserXssFilter: true
|
|
contentTypeNosniff: true
|
|
forceSTSHeader: true
|
|
stsIncludeSubdomains: true
|
|
stsPreload: true
|
|
frameDeny: true
|
|
oauth-auth-redirect:
|
|
forwardAuth:
|
|
address: http://oauth2-proxy:4180
|
|
trustForwardHeader: true
|
|
authResponseHeaders:
|
|
- X-Auth-Request-Access-Token
|
|
- Authorization
|
|
oauth-auth-wo-redirect:
|
|
forwardAuth:
|
|
address: http://oauth2-proxy:4180/oauth2/auth
|
|
trustForwardHeader: true
|
|
authResponseHeaders:
|
|
- X-Auth-Request-Access-Token
|
|
- Authorization
|