[forward auth]

2024-07-28 19:02:36 +02:00
parent 1cdb006509
commit ca51f775d1
1 changed files with 36 additions and 0 deletions
--- a/swarm.yml
+++ b/swarm.yml
@@ -268,6 +268,40 @@
                    - "traefik.http.routers.dozzle-https.middlewares=privatevpn"
                networks:
                  - public
              forward-auth:
                container_name: forward-auth
                image: thomseddon/traefik-forward-auth:2.2.0
                environment:
                  - DEFAULT_PROVIDER=oidc
                  - PROVIDERS_OIDC_CLIENT_ID=X8mqPTQZV0 
                  - PROVIDERS_OIDC_CLIENT_SECRET=Oov5ooTh!u0wee2 
                  - PROVIDERS_OIDC_ISSUER_URL=https://dex.jingoh.fr
                  - SECRET=phuob8ihuJooC
                  - AUTH_HOST=auth.jingoh.private
                  - COOKIE_DOMAIN=jingoh.private
                  - INSECURE_COOKIE=true
                volumes:
                  - /var/run/docker.sock:/var/run/docker.sock
                deploy:
                  mode: replicated
                  replicas: 1
                  labels:
                    - "traefik.enable=true"
                    - "traefik.http.routers.auth.rule=Host(`auth.jingoh.private`)"
                    - "traefik.http.routers.auth.entrypoints=websecure"
                    - "traefik.http.services.auth.loadbalancer.server.port=8080"
                    - "traefik.http.routers.auth.tls=true"
                    - "traefik.http.routers.auth-https.middlewares=privatevpn"
                    - "traefik.http.routers.auth.service=auth@docker"
                    - "traefik.http.services.auth.loadbalancer.server.port=4181"
                    - "traefik.http.middlewares.forward-auth.forwardauth.address=http://forward-auth:4181"
                    - "traefik.http.middlewares.forward-auth.forwardauth.trustForwardHeader=true"
                    - "traefik.http.middlewares.forward-auth.forwardauth.authResponseHeaders=X-Forwarded-User"
                  placement:
                    constraints:
                      - node.role == manager
                networks:
                  - public
            networks:
              public:
                external: true
@@ -280,6 +314,8 @@
            configs:
              traefik-dynamic-configuration:
                external: true
              traefik-forward-auth:
                external: true
            secrets:
              wildcard-jingoh-private.crt:
                external: true