routerino
commented
2 years ago You can secure any unauthenticated platform using an OIDC provider (like keycloak) and oauth2-proxy.
Here is an old docker compose I did doing just that with vscode server.
services:
vscode:
container_name: vscode
build: .
image: openvscode-server-cb:latest
restart: always
privileged: true
volumes:
- containers:/mnt/containers
- ./container-data/data:/home/workspace:Z
- /var/run/docker.sock:/var/run/docker.sock:Z
user: root
environment:
- CONNECTION_TOKEN=${CONNECTION_TOKEN}
# ports:
# - 3000:3000
networks:
- vscode-nw
redis:
image: redis
restart: always
container_name: vscode-redis
networks:
- vscode-nw
oauth2-proxy:
container_name: vscode-proxy
image: quay.io/oauth2-proxy/oauth2-proxy
# ports:
# - 4180:4180
environment:
- OAUTH2_PROXY_UPSTREAMS=http://vscode:3000
- OAUTH2_PROXY_HTTP_ADDRESS=0.0.0.0:4180
- OAUTH2_PROXY_EMAIL_DOMAINS=my-domain.com.au
- OAUTH2_PROXY_REVERSE_PROXY=true
- OAUTH2_PROXY_PROVIDER=keycloak-oidc
- OAUTH2_PROXY_CLIENT_ID=dev
- OAUTH2_PROXY_CLIENT_SECRET=${OIDC_SECRET}
- OAUTH2_PROXY_COOKIE_SECRET=${COOKIE_SECRET}
- OAUTH2_PROXY_REDIRECT_URL=https://dev.my-domain.com.au/oauth2/callback
- OAUTH2_PROXY_OIDC_ISSUER_URL=https://auth.my-domain.com.au/auth/realms/master
- OAUTH2_PROXY_SESSION_STORE_TYPE=redis
- OAUTH2_PROXY_REDIS_CONNECTION_URL=redis://vscode-redis:6379
restart: always
networks:
- vscode-nw
- reverseproxy-nw
volumes:
containers:
driver_opts:
type: "nfs"
o: "addr=127.0.0.1,nolock,soft,rw"
device: ":/mnt/containers"
networks:
reverseproxy-nw:
external: true
vscode-nw:
github-actions[bot]
I want to run the container in my own domain but i want to secure it with a username and password. Is there a way on how to do that?