replace MYDOMAIN, MYHOST
version: '2'
services:
oauth2-proxy-4181:
image: 'a5huynh/oauth2_proxy:2.2'
network_mode: "host"
volumes:
- /etc/localtime:/etc/localtime:ro
command: >
'--cookie-secure=true'
'--cookie-expire=720h'
'--cookie-httponly=true'
'--cookie-domain=MYDOMAIN'
'--upstream=http://192.168.0.1:8080'
'--http-address=0.0.0.0:4181'
'--redirect-url=https://MYHOST/oauth2/callback'
'--email-domain=MYDOMAIN'
'--pass-user-headers=true'
'--pass-host-header=true'
'--set-xauthrequest=true'
restart: unless-stopped
env_file:
- env
OAUTH2_PROXY_COOKIE_SECRET=xxxxxxxxxxxxxxxxx
OAUTH2_PROXY_CLIENT_ID=793xxxxxx.apps.googleusercontent.com
OAUTH2_PROXY_CLIENT_SECRET=U2sxxxxxxxxxxxxxxxx
auth_request_set $user $upstream_http_x_auth_request_user;
proxy_set_header REMOTE_USER $user;
location ~ ^/oauth2/(?:auth|start)$ {
internal;
proxy_pass http://127.0.0.1:4182;
proxy_set_header Host $host;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
}
location = /oauth2/callback {
auth_request off;
proxy_pass http://127.0.0.1:4182;
proxy_set_header Host $host;
}
location / {
auth_request /oauth2/auth;
error_page 401 = /oauth2/start?rd=$uri;
proxy_pass http://192.168.0.1:8080;
proxy_redirect http:// https://;
}
[desktop]
[[auth]]
backend=desktop.auth.backend.RemoteUserDjangoBackend
remote_user_header=HTTP_REMOTE_USER