Traefik-forward-auth needs step-ca vars in config-hook

EnigmaCurry / d.rymcg.tech

A collection of self-hosted docker-compose projects with Traefik reverse proxy, integrated auth, and administrative Makefiles for easy maintainance

MIT License

49 stars 8 forks source link

Traefik-forward-auth needs step-ca vars in config-hook #238

Open mcmikemn opened 3 months ago

mcmikemn commented 3 months ago

Traefik-forward-auth uses step-ca vars in .env-dist, but you can only configure them by manually editing your instance's .env file. We should add them to Makefile's config-hook.

Or perhaps instead of asking user to enter them, Makefile can pull the step-ca values from the traefik .env file of the same context-instance, since traefik-forward-auth is being installed on that traefik.

EnigmaCurry commented 3 months ago

Having an external step-ca server should be the common scenario, so I don't think it should pull it from the context. Example questions:

? Does the authentication provider require a custom Certificate Authoriy (Step-CA)? (y/N)

TRAEFIK_FORWARD_AUTH_STEP_CA_ENDPOINT: Enter the Step-CA endpoint:
: ca.example.com

TRAEFIK_FORWARD_AUTH_STEP_CA_FINGERPRINT: Enter the Step-CA fingerprint:
: xxxxx

? Should the default Certificate Authority list (system provided) be cleared? (y/N)