Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?

oauth2-proxy

docker-compose.yml

replace MYDOMAIN, MYHOST

version: '2'
services:
  oauth2-proxy-4181:
    image: 'a5huynh/oauth2_proxy:2.2'
    network_mode: "host"
    volumes:
      - /etc/localtime:/etc/localtime:ro
    command: >
      '--cookie-secure=true'
      '--cookie-expire=720h'
      '--cookie-httponly=true'
      '--cookie-domain=MYDOMAIN'
      '--upstream=http://192.168.0.1:8080'
      '--http-address=0.0.0.0:4181'
      '--redirect-url=https://MYHOST/oauth2/callback'
      '--email-domain=MYDOMAIN'
      '--pass-user-headers=true'
      '--pass-host-header=true'
      '--set-xauthrequest=true'
    restart: unless-stopped
    env_file:
     - env

env

OAUTH2_PROXY_COOKIE_SECRET=xxxxxxxxxxxxxxxxx
OAUTH2_PROXY_CLIENT_ID=793xxxxxx.apps.googleusercontent.com
OAUTH2_PROXY_CLIENT_SECRET=U2sxxxxxxxxxxxxxxxx

nginx

  auth_request_set $user $upstream_http_x_auth_request_user;
  proxy_set_header REMOTE_USER $user;

  location ~ ^/oauth2/(?:auth|start)$ {
    internal;
    proxy_pass http://127.0.0.1:4182;
    proxy_set_header Host $host;
    proxy_pass_request_body off;
    proxy_set_header Content-Length "";
  }

  location = /oauth2/callback {
    auth_request off;
    proxy_pass http://127.0.0.1:4182;
    proxy_set_header Host $host;
  }

  location / {
    auth_request /oauth2/auth;
    error_page 401 = /oauth2/start?rd=$uri;
    proxy_pass http://192.168.0.1:8080;
    proxy_redirect http:// https://;
  }

hue.ini

[desktop]
  [[auth]]
     backend=desktop.auth.backend.RemoteUserDjangoBackend
     remote_user_header=HTTP_REMOTE_USER
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.