averri
commented
3 years ago I have noticed that the environment variable LOGINSRV_REDIRECT_HOST_FILE is mandatory for the dynamic redirect to work, and this is a great security feature.
After changing to the following configuration, the dynamic redirects are working fine.
auth:
image: tarent/loginsrv
container_name: auth
volumes:
- ./config/auth/:/config/
environment:
- COOKIE_SECURE=true
- LOGINSRV_COOKIE_DOMAIN=${DOMAIN}
- LOGINSRV_JWT_SECRET=${LOGINSRV_JWT_SECRET}
- LOGINSRV_GOOGLE=client_id=${GOOGLE_CLIENT_ID},client_secret=${GOOGLE_CLIENT_SECRET}
- LOGINSRV_USER_FILE=/config/users.yml
- LOGINSRV_REDIRECT=true
- LOGINSRV_REDIRECT_QUERY_PARAMETER=redirect_url
- LOGINSRV_REDIRECT_HOST_FILE=/config/allowed_redirects.txt
- LOGINSRV_SUCCESS_URL=${LOGINSRV_SUCCESS_URL}
- LOGINSRV_REDIRECT_CHECK_REFERER=false
restart: unless-stopped
network_mode: service:gluetun
depends_on:
- gluetun
I have the following configuration as part of my
docker-compose.yml:This is the sequence of operations:
board.mydomain.com, the webserver redirects to the login page with the query parameterredirect_urlin order to go back to the original page. The login page is correctly presented from the URLhttps://auth.mydomain.com/login?redirect_url=https%3A%2F%2Fboard.mydomain.com%2F.https://home.mydomain.cominstead of thehttps://board.mydomain.com.The following URIs are authorized in Google developer console: