Docker compose file for oauth2-proxy.

version: "3"

services:
  oauth-proxy:
    image: quay.io/oauth2-proxy/oauth2-proxy:v7.6.0
    restart: always
    environment:
      OAUTH2_PROXY_CLIENT_ID: <clientid>
      OAUTH2_PROXY_CLIENT_SECRET: <secret>
      OAUTH2_PROXY_COOKIE_SECRET: agklqlf3hp577gan4dwcqhkdxymoxi8m
      OAUTH2_PROXY_OIDC_ISSUER_URL: <url>
      OAUTH2_PROXY_AUTH_LOGGING: true
      OAUTH2_PROXY_UPSTREAMS: static://202
      OAUTH2_PROXY_EMAIL_DOMAINS: <domain>
      OAUTH2_PROXY_WHITELIST_DOMAINS: <domain>
      OAUTH2_PROXY_COOKIE_DOMAINS: <domain>
      OAUTH2_PROXY_COOKIE_SECURE: false
      OAUTH2_PROXY_SCOPE: 'openid profile email'
      OAUTH2_PROXY_PROVIDER: oidc
      OAUTH2_PROXY_HTTP_ADDRESS: 0.0.0.0:4180
      OAUTH2_PROXY_PROVIDER_DISPLAY_NAME: "Oauth 2 Proxy"
      OAUTH2_PROXY_REVERSE_PROXY: true
      OAUTH2_PROXY_SHOW_DEBUG_ON_ERROR: true
      OAUTH2_PROXY_PASS_AUTHORIZATION_HEADER: true
      OAUTH2_PROXY_SET_AUTHORIZATION_HEADER: true
    ports:
      - "4180:4180"
    dns: 8.8.8.8

Traefik Middleware:

apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: traefik-oauth2-auth-redirect
spec:
  forwardAuth:
    address: http://oauth2-proxy-service.namespace.svc.cluster.local:4180/
    trustForwardHeader: true
    authResponseHeaders:
      - X-Auth-Request-User
      - X-Auth-Request-Email
      - X-Auth-Request-Access-Token
      - Authorization
      - X-Auth-Request-Redirect