Docker compose file for oauth2-proxy.
version: "3"
services:
oauth-proxy:
image: quay.io/oauth2-proxy/oauth2-proxy:v7.6.0
restart: always
environment:
OAUTH2_PROXY_CLIENT_ID: <clientid>
OAUTH2_PROXY_CLIENT_SECRET: <secret>
OAUTH2_PROXY_COOKIE_SECRET: agklqlf3hp577gan4dwcqhkdxymoxi8m
OAUTH2_PROXY_OIDC_ISSUER_URL: <url>
OAUTH2_PROXY_AUTH_LOGGING: true
OAUTH2_PROXY_UPSTREAMS: static://202
OAUTH2_PROXY_EMAIL_DOMAINS: <domain>
OAUTH2_PROXY_WHITELIST_DOMAINS: <domain>
OAUTH2_PROXY_COOKIE_DOMAINS: <domain>
OAUTH2_PROXY_COOKIE_SECURE: false
OAUTH2_PROXY_SCOPE: 'openid profile email'
OAUTH2_PROXY_PROVIDER: oidc
OAUTH2_PROXY_HTTP_ADDRESS: 0.0.0.0:4180
OAUTH2_PROXY_PROVIDER_DISPLAY_NAME: "Oauth 2 Proxy"
OAUTH2_PROXY_REVERSE_PROXY: true
OAUTH2_PROXY_SHOW_DEBUG_ON_ERROR: true
OAUTH2_PROXY_PASS_AUTHORIZATION_HEADER: true
OAUTH2_PROXY_SET_AUTHORIZATION_HEADER: true
ports:
- "4180:4180"
dns: 8.8.8.8
Traefik Middleware:
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: traefik-oauth2-auth-redirect
spec:
forwardAuth:
address: http://oauth2-proxy-service.namespace.svc.cluster.local:4180/
trustForwardHeader: true
authResponseHeaders:
- X-Auth-Request-User
- X-Auth-Request-Email
- X-Auth-Request-Access-Token
- Authorization
- X-Auth-Request-Redirect