Ansible role for configuring oauth2_proxy Docker container https://github.com/pusher/oauth2_proxy

Go to file

Alexis Pentori 6e9a3bc34c migration docker compose v2 Signed-off-by: Alexis Pentori <alexis@status.im>		2024-06-27 16:57:03 +02:00
defaults	migration docker compose v2	2024-06-27 16:57:03 +02:00
meta	meta: use full names of Ansible roles	2024-03-10 13:40:17 +01:00
tasks	migration docker compose v2	2024-06-27 16:57:03 +02:00
templates	add support for Keycloak provider	2024-02-13 17:36:17 +01:00
README.md	add support for Keycloak provider	2024-02-13 17:36:17 +01:00

README.md

Description

This role configures an oauth2_proxy container for GitHub based OAuth.

Configuration

These settings are all mandatory:

oauth_service_name: 'example-oauth'
oauth_service_path: '/docker/example/oauth'
oauth_domain: 'oauth.example.org'
oauth_upstream_port: 4321
oauth_local_port: 1234
oauth_cookie_secret: '123qweASD'
oauth_provider: 'github'
oauth_id: 'some-id'
oauth_secret: 'some-secret'

Some options are optional:

oauth_local_addr: '0.0.0.0'
oauth_cont_volumes: ['/docker/example/www:/www']
oauth_upstream_url: 'file:///www#/'
oauth_cont_networks: ['other-container-network']

Different providers have different mandatory settings.

GitHub

oauth_github_org: 'example-org'
oauth_github_teams: ['devops', 'security']

Google

oauth_google_domain: 'example.org'

Keycloak

oauth_keycloak_url: 'https://keycloak.example.org'
oauth_keycloak_realm: 'example-org'
oauth_keycloak_domain: 'example.org'
oauth_keycloak_groups: ['admins', 'security']
oauth_keycloak_roles: ['admin']
oauth_scope: 'openid'

Management

The container is reated using Docker Compose:

admin@host.example.org:/docker/example % dc ps
       Name                Command               State           Ports         
-------------------------------------------------------------------------------
example-oauth   /bin/oauth2-proxy --provid ...   Up      0.0.0.0:9292->9292/tcp