You've already forked oauth2-proxy
mirror of
https://github.com/oauth2-proxy/oauth2-proxy.git
synced 2025-08-06 22:42:56 +02:00
3ac834dbcf
* Change Dex port in local-environment from 4190 to 5556
Port 4190 is blocked by standards-compliant browsers (e.g. Firefox), as per https://fetch.spec.whatwg.org/#port-blocking.
Port 5556 is used by Dex in its example config files: 745e1114f3/examples/config-dev.yaml (L50)
* Fix upstream in local-environment/oauth2-proxy.cfg
http://httpbin.localtest.me:8080 is only exposed to the host, not to httpbin Docker network.
Causes Bad Gateway before.
* Do not expose unauthenticated httpbin service in local-environment
This defeats the point of having oauth2-proxy.
It has already been misleading by causing the bug fixed in cafc6af48fc38f6fe4395fb0c7e2638bc84e6091.
It serves as a bad example: users might accidentally expose the service they're trying to protect in the first place.
* Remove unnecessary httpbin.localtest.me alias from local-environment
23 lines
1003 B
INI
23 lines
1003 B
INI
http_address="0.0.0.0:4180"
|
|
cookie_secret="OQINaROshtE9TcZkNAm-5Zs2Pv3xaWytBmc5W7sPX7w="
|
|
provider="oidc"
|
|
email_domains=["example.com"]
|
|
oidc_issuer_url="http://dex.localhost:5556/dex"
|
|
client_secret="b2F1dGgyLXByb3h5LWNsaWVudC1zZWNyZXQK"
|
|
client_id="oauth2-proxy"
|
|
cookie_secure="false"
|
|
|
|
redirect_url="http://oauth2-proxy.oauth2-proxy.localhost/oauth2/callback"
|
|
cookie_domains=".oauth2-proxy.localhost" # Required so cookie can be read on all subdomains.
|
|
whitelist_domains=".oauth2-proxy.localhost" # Required to allow redirection back to original requested target.
|
|
|
|
# Mandatory option when using oauth2-proxy with traefik
|
|
reverse_proxy="true"
|
|
# Required for traefik with ForwardAuth and static upstream configuration
|
|
upstreams="static://202"
|
|
# The following option skip the page requesting the user
|
|
# to click on a button to be redirected to the identity provider
|
|
# It can be activated only when traefik is not configure with
|
|
# the error redirection middleware as this example.
|
|
skip_provider_button="true"
|