Support generic-openid provider (for Nextcloud)
This commit is contained in:
parent
e924fd6a23
commit
1c7ed323f2
22
.env.sample
22
.env.sample
|
@ -6,8 +6,22 @@ LETS_ENCRYPT_ENV=production
|
|||
COOKIE_DOMAIN=example.com
|
||||
AUTH_HOST=auth.example.com
|
||||
|
||||
OIDC_ISSUER_URL=https://id.example.com/auth/realms/yourrealm
|
||||
OIDC_CLIENT_ID=traefik-forward-auth
|
||||
SECRET_SECRET_NONCE_VERSION=v1
|
||||
|
||||
SERCRET_NONCE_VERSION=v1
|
||||
OIDC_CLIENT_SECRET_VERSION=v1
|
||||
COMPOSE_FILE=compose.yml
|
||||
|
||||
#COMPOSE_FILE=$COMPOSE_FILE:compose.oidc.yml
|
||||
#OIDC_ENABLED=1
|
||||
#OIDC_CLIENT_SECRET_VERSION=v1
|
||||
#OIDC_ISSUER_URL=https://id.example.com/auth/realms/yourrealm
|
||||
#OIDC_CLIENT_ID=traefik-forward-auth
|
||||
#SECRET_OIDC_CLIENT_SECRET_VERSION=v1
|
||||
|
||||
#COMPOSE_FILE=$COMPOSE_FILE:compose.oauth.yml
|
||||
#OAUTH_ENABLED=1
|
||||
#OAUTH_CLIENT_SECRET_VERSION=v1
|
||||
#OAUTH_CLIENT_ID=traefik-forward-auth
|
||||
#OAUTH_USER_URL
|
||||
#OAUTH_TOKEN_URL
|
||||
#OAUTH_AUTH_URL
|
||||
#SECRET_OAUTH_CLIENT_SECRET_VERSION=v1
|
||||
|
|
|
@ -0,0 +1,18 @@
|
|||
---
|
||||
version: "3.8"
|
||||
|
||||
services:
|
||||
traefik-forward-auth:
|
||||
environment:
|
||||
- OAUTH_CLIENT_ID
|
||||
- OAUTH_AUTH_URL
|
||||
- OAUTH_TOKEN_URL
|
||||
- OAUTH_USER_URL
|
||||
- OAUTH_ENABLED
|
||||
secrets:
|
||||
- oauth_client_secret
|
||||
|
||||
secrets:
|
||||
oauth_client_secret:
|
||||
name: ${STACK_NAME}_oauth_client_secret_${SECRET_OAUTH_CLIENT_SECRET_VERSION}
|
||||
external: true
|
|
@ -0,0 +1,16 @@
|
|||
---
|
||||
version: "3.8"
|
||||
|
||||
services:
|
||||
traefik-forward-auth:
|
||||
environment:
|
||||
- OIDC_CLIENT_ID
|
||||
- OIDC_ISSUER_URL
|
||||
- OIDC_ENABLED
|
||||
secrets:
|
||||
- oidc_client_secret
|
||||
|
||||
secrets:
|
||||
oidc_client_secret:
|
||||
name: ${STACK_NAME}_oidc_client_secret_${OIDC_CLIENT_SECRET_VERSION}
|
||||
external: true
|
|
@ -11,12 +11,9 @@ services:
|
|||
- proxy
|
||||
environment:
|
||||
- CONFIG=/etc/forward.ini
|
||||
- OIDC_CLIENT_ID=${OIDC_CLIENT_ID}
|
||||
- OIDC_ISSUER_URL=${OIDC_ISSUER_URL}
|
||||
- COOKIE_DOMAIN=${COOKIE_DOMAIN}
|
||||
- AUTH_HOST=${AUTH_HOST}
|
||||
secrets:
|
||||
- oidc_client_secret
|
||||
- secret_nonce
|
||||
deploy:
|
||||
labels:
|
||||
|
@ -40,8 +37,5 @@ configs:
|
|||
|
||||
secrets:
|
||||
secret_nonce:
|
||||
name: ${STACK_NAME}_secret_nonce_${SERCRET_NONCE_VERSION}
|
||||
external: true
|
||||
oidc_client_secret:
|
||||
name: ${STACK_NAME}_oidc_client_secret_${OIDC_CLIENT_SECRET_VERSION}
|
||||
name: ${STACK_NAME}_secret_nonce_${SECRET_SECRET_NONCE_VERSION}
|
||||
external: true
|
||||
|
|
|
@ -3,7 +3,18 @@ log-level = info
|
|||
cookie-domain = {{ env "COOKIE_DOMAIN" }}
|
||||
auth-host = {{ env "AUTH_HOST" }}
|
||||
|
||||
{{ if eq (env "OIDC_ENABLED") "1" }}
|
||||
default-provider = oidc
|
||||
providers.oidc.issuer-url = {{ env "OIDC_ISSUER_URL" }}
|
||||
providers.oidc.client-id = {{ env "OIDC_CLIENT_ID" }}
|
||||
providers.oidc.client-secret = {{ secret "oidc_client_secret" }}
|
||||
{{ end }}
|
||||
|
||||
{{ if eq (env "OAUTH_ENABLED") "1" }}
|
||||
default-provider = generic-oauth
|
||||
providers.generic-oauth.client-id = {{ env "OAUTH_CLIENT_ID" }}
|
||||
providers.generic-oauth.auth-url = {{ env "OAUTH_AUTH_URL" }}
|
||||
providers.generic-oauth.token-url = {{ env "OAUTH_TOKEN_URL" }}
|
||||
providers.generic-oauth.user-url = {{ env "OAUTH_USER_URL" }}
|
||||
providers.generic-oauth.client-secret = {{ secret "oauth_client_secret" }}
|
||||
{{ end }}
|
||||
|
|
Loading…
Reference in New Issue