search

thomseddon / traefik-forward-auth

Minimal forward authentication service that provides Google/OpenID oauth based login and authentication for the traefik reverse proxy
MIT License
2.09k stars 402 forks source link

Can anyone provide an OIDC docker-compose configuration file? thank you thank you thank you #310

Open zhou1591 opened 2 years ago

zhou1591 commented 2 years ago

Can anyone provide an OIDC docker-compose configuration file? thank you
thank you
thank you
Can someone help me?

My configuration does not redirect to the OIDC login page when I visit my Traefik panel 

version: '3'

networks:
  traefik:
    external: true

services:
  traefik-forward-auth:
    ports:
      - "4181:4181"
    image: thomseddon/traefik-forward-auth:v2.2.0
    restart: always
    environment:
      - LOG_LEVEL=trace
      - DEFAULT_PROVIDER=oidc
      - AUTH_HOST=asa.xxx.com
      - URL_PATH=oidc/token
      - LOGOUT_REDIRECT=http://123.xxx.com/oidc/session/end
      - PROVIDERS_OIDC_ISSUER_URL=http://123.xxx.com/oidc
      - PROVIDERS_OIDC_CLIENT_ID=xxx
      - PROVIDERS_OIDC_CLIENT_SECRET=xxx
      - PROVIDERS_GENERIC_OAUTH_SCOPE=*
      - PROVIDERS_GENERIC_OAUTH_TOKEN_STYLE=header
      - SECRET=something-random
      - INSECURE_COOKIE=true
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=traefik"

      - "traefik.http.routers.traefik-forward-auth.entrypoints=http"
      - "traefik.http.routers.traefik-forward-auth.rule=Host(`sso.xxx.com`)"

      - "traefik.http.middlewares.traefik-forward-auth.forwardauth.address=http://console.xxx.com"
      - "traefik.http.middlewares.traefik-forward-auth.forwardauth.authResponseHeaders=X-Forwarded-User"
      - "traefik.http.services.traefik-forward-auth.loadbalancer.server.port=4181"
    networks:
      - traefik
  reverse-proxy:
    image: traefik:v2.0
    command: --api.insecure=true --providers.docker
    ports:
      - "3007:80"
      - "3006:8080"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=traefik"
      - "traefik.http.routers.reverse-proxy.entrypoints=http"
      - "traefik.http.routers.reverse-proxy.rule=Host(`asa.xxx.com`)"
      - "traefik.http.routers.reverse-proxy.middlewares=traefik-forward-auth"
  whoami:
    image: containous/whoami
    ports:
      - "3005:80"
    networks:
      - traefik
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=traefik"
      - "traefik.http.routers.whoami.entrypoints=http"
      - "traefik.http.routers.whoami.rule=Host(`asa2.xxx.com`)"
      - "traefik.http.routers.whoami.middlewares=traefik-forward-auth"
mstr3336 commented 2 years ago

I believe there is an oidc config in /examples

a few things: Sounds silly, but make an incognito or guest browser window and try again- it's possible you already have a session

I'm going to check my own config and get back to you