Closed casperdcl closed 2 weeks ago
/CC @0x2b3bfa0 found the fix: https://www.civo.com/learn/fixing-networking-for-docker
ip a | grep
to find the max mtu
:
networks:
default:
driver: bridge
driver_opts:
com.docker.network.driver.mtu: 1450
probably worth documenting somewhere.
When trying to authenticate with GitHub at
https://sub.mydomain.com/github
:https://github.com/login/oauth/authorize?client_id=...&redirect_uri=https%3A%2F%2Fauth.sub.mydomain.com%2Foauth2%2Fgithub%2Fauthorization-code-callback&scope=read%3Auser&state=...
https://auth.sub.mydomain.com/oauth2/github/authorization-code-callback?code=...&state=...
which says UnauthorizedI've also tried Discord OAuth2:
and
Configuration
```caddy { order authenticate before respond order authorize before basicauth security { oauth identity provider github {env.GITHUB_CLIENT_ID} {env.GITHUB_CLIENT_SECRET} oauth identity provider discord { realm discord driver discord client_id {env.DISCORD_CLIENT_ID} client_secret {env.DISCORD_CLIENT_SECRET} scopes identify guilds user_group_filters {env.DISCORD_GUILD_ID} } authentication portal myportal { crypto default token lifetime 3600 crypto key sign-verify {env.JWT_SHARED_KEY} cookie domain sub.mydomain.com enable identity provider github enable identity provider discord ui { links { "My Identity" "/whoami" icon "las la-user" } } transform user { match realm github action add role authp/user ui link "File Server" https://sub.mydomain.com/github icon "las la-star" } transform user { match realm discord action add role authp/user ui link "File Server" https://sub.mydomain.com/discord icon "las la-star" } transform user { match realm github match sub github.com/casperdcl action add role authp/admin } transform user { match realm discord match role discord.com/{env.DISCORD_GUILD_ID}/members action add role authp/admin } } authorization policy githubpolicy { set auth url https://auth.sub.mydomain.com/oauth2/github crypto key verify {env.JWT_SHARED_KEY} allow roles authp/admin authp/user validate bearer header inject headers with claims } authorization policy discordpolicy { set auth url https://auth.sub.mydomain.com/oauth2/discord crypto key verify {env.JWT_SHARED_KEY} allow roles authp/admin authp/user validate bearer header inject headers with claims } } } auth.sub.mydomain.com { tls casperdcl@mydomain.com authenticate with myportal } sub.mydomain.com { tls casperdcl@mydomain.com handle_path /discord* { authorize with discordpolicy root * /share/mydomain.com file_server browse } handle_path /github* { authorize with githubpolicy root * /share/mydomain.com file_server browse } encode zstd gzip log { output stdout } } ```Version Information
Expected behaviour
https://sub.mydomain.com/{github,discord}
should:https://github.com/login/oauth/authorize?client_id=...&redirect_uri=https%3A%2F%2Fauth.sub.mydomain.com%2Foauth2%2Fgithub%2Fauthorization-code-callback&scope=read%3Auser&state=...
orhttps://discord.com/oauth2/authorize?client_id=...&redirect_uri=https%3A%2F%2Fauth.sub.mydomain.com%2Foauth2%2Fdiscord%2Fauthorization-code-callback&response_type=code&scope=identify+guilds&state=...
https://sub.mydomain.com/{github,discord}
and list files