Closed wiebereu closed 3 weeks ago
You can secure any unauthenticated platform using an OIDC provider (like keycloak) and oauth2-proxy.
Here is an old docker compose I did doing just that with vscode server.
services:
vscode:
container_name: vscode
build: .
image: openvscode-server-cb:latest
restart: always
privileged: true
volumes:
- containers:/mnt/containers
- ./container-data/data:/home/workspace:Z
- /var/run/docker.sock:/var/run/docker.sock:Z
user: root
environment:
- CONNECTION_TOKEN=${CONNECTION_TOKEN}
# ports:
# - 3000:3000
networks:
- vscode-nw
redis:
image: redis
restart: always
container_name: vscode-redis
networks:
- vscode-nw
oauth2-proxy:
container_name: vscode-proxy
image: quay.io/oauth2-proxy/oauth2-proxy
# ports:
# - 4180:4180
environment:
- OAUTH2_PROXY_UPSTREAMS=http://vscode:3000
- OAUTH2_PROXY_HTTP_ADDRESS=0.0.0.0:4180
- OAUTH2_PROXY_EMAIL_DOMAINS=my-domain.com.au
- OAUTH2_PROXY_REVERSE_PROXY=true
- OAUTH2_PROXY_PROVIDER=keycloak-oidc
- OAUTH2_PROXY_CLIENT_ID=dev
- OAUTH2_PROXY_CLIENT_SECRET=${OIDC_SECRET}
- OAUTH2_PROXY_COOKIE_SECRET=${COOKIE_SECRET}
- OAUTH2_PROXY_REDIRECT_URL=https://dev.my-domain.com.au/oauth2/callback
- OAUTH2_PROXY_OIDC_ISSUER_URL=https://auth.my-domain.com.au/auth/realms/master
- OAUTH2_PROXY_SESSION_STORE_TYPE=redis
- OAUTH2_PROXY_REDIS_CONNECTION_URL=redis://vscode-redis:6379
restart: always
networks:
- vscode-nw
- reverseproxy-nw
volumes:
containers:
driver_opts:
type: "nfs"
o: "addr=127.0.0.1,nolock,soft,rw"
device: ":/mnt/containers"
networks:
reverseproxy-nw:
external: true
vscode-nw:
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. See the FAQ for more information.
I want to run the container in my own domain but i want to secure it with a username and password. Is there a way on how to do that?