From ca51f775d1ade1773cb230e464778ca085be2045 Mon Sep 17 00:00:00 2001 From: staffadmin Date: Sun, 28 Jul 2024 19:02:36 +0200 Subject: [PATCH] [forward auth] --- swarm.yml | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/swarm.yml b/swarm.yml index 936e795..b2609d7 100644 --- a/swarm.yml +++ b/swarm.yml @@ -268,6 +268,40 @@ - "traefik.http.routers.dozzle-https.middlewares=privatevpn" networks: - public + forward-auth: + container_name: forward-auth + image: thomseddon/traefik-forward-auth:2.2.0 + environment: + - DEFAULT_PROVIDER=oidc + - PROVIDERS_OIDC_CLIENT_ID=X8mqPTQZV0 + - PROVIDERS_OIDC_CLIENT_SECRET=Oov5ooTh!u0wee2 + - PROVIDERS_OIDC_ISSUER_URL=https://dex.jingoh.fr + - SECRET=phuob8ihuJooC + - AUTH_HOST=auth.jingoh.private + - COOKIE_DOMAIN=jingoh.private + - INSECURE_COOKIE=true + volumes: + - /var/run/docker.sock:/var/run/docker.sock + deploy: + mode: replicated + replicas: 1 + labels: + - "traefik.enable=true" + - "traefik.http.routers.auth.rule=Host(`auth.jingoh.private`)" + - "traefik.http.routers.auth.entrypoints=websecure" + - "traefik.http.services.auth.loadbalancer.server.port=8080" + - "traefik.http.routers.auth.tls=true" + - "traefik.http.routers.auth-https.middlewares=privatevpn" + - "traefik.http.routers.auth.service=auth@docker" + - "traefik.http.services.auth.loadbalancer.server.port=4181" + - "traefik.http.middlewares.forward-auth.forwardauth.address=http://forward-auth:4181" + - "traefik.http.middlewares.forward-auth.forwardauth.trustForwardHeader=true" + - "traefik.http.middlewares.forward-auth.forwardauth.authResponseHeaders=X-Forwarded-User" + placement: + constraints: + - node.role == manager + networks: + - public networks: public: external: true @@ -280,6 +314,8 @@ configs: traefik-dynamic-configuration: external: true + traefik-forward-auth: + external: true secrets: wildcard-jingoh-private.crt: external: true