[forward auth]

This commit is contained in:
2024-07-28 19:02:36 +02:00
parent 1cdb006509
commit ca51f775d1

View File

@@ -268,6 +268,40 @@
- "traefik.http.routers.dozzle-https.middlewares=privatevpn"
networks:
- public
forward-auth:
container_name: forward-auth
image: thomseddon/traefik-forward-auth:2.2.0
environment:
- DEFAULT_PROVIDER=oidc
- PROVIDERS_OIDC_CLIENT_ID=X8mqPTQZV0
- PROVIDERS_OIDC_CLIENT_SECRET=Oov5ooTh!u0wee2
- PROVIDERS_OIDC_ISSUER_URL=https://dex.jingoh.fr
- SECRET=phuob8ihuJooC
- AUTH_HOST=auth.jingoh.private
- COOKIE_DOMAIN=jingoh.private
- INSECURE_COOKIE=true
volumes:
- /var/run/docker.sock:/var/run/docker.sock
deploy:
mode: replicated
replicas: 1
labels:
- "traefik.enable=true"
- "traefik.http.routers.auth.rule=Host(`auth.jingoh.private`)"
- "traefik.http.routers.auth.entrypoints=websecure"
- "traefik.http.services.auth.loadbalancer.server.port=8080"
- "traefik.http.routers.auth.tls=true"
- "traefik.http.routers.auth-https.middlewares=privatevpn"
- "traefik.http.routers.auth.service=auth@docker"
- "traefik.http.services.auth.loadbalancer.server.port=4181"
- "traefik.http.middlewares.forward-auth.forwardauth.address=http://forward-auth:4181"
- "traefik.http.middlewares.forward-auth.forwardauth.trustForwardHeader=true"
- "traefik.http.middlewares.forward-auth.forwardauth.authResponseHeaders=X-Forwarded-User"
placement:
constraints:
- node.role == manager
networks:
- public
networks:
public:
external: true
@@ -280,6 +314,8 @@
configs:
traefik-dynamic-configuration:
external: true
traefik-forward-auth:
external: true
secrets:
wildcard-jingoh-private.crt:
external: true