Open evgnblkn opened 2 years ago
In the Traefik log when accessing whoami:
level=debug msg="Remote error http://auth:4181. StatusCode: 307" middlewareName=oauth@docker middlewareType=ForwardedAuthType
Did you figure it out? Here is what worked for me:
# - 'traefik.enable=true'
# - 'traefik.port=xxx'
# - "traefik.http.middlewares.whoami.redirectscheme.scheme=https"
# - "traefik.http.routers.whoami.middlewares=auth"
# - "traefik.http.routers.whoami-insecure.rule=Host(`domain.com`)"
# - "traefik.http.routers.whoami-insecure.middlewares= whoami"
# - "traefik.http.routers.whoami.rule=Host(`domain.com`)"
# - "traefik.http.routers.whoami.entrypoints=websecure"
# - "traefik.http.routers.whoami.tls.certresolver=myresolver"
# - "traefik.http.services.whoami.loadBalancer.server.port=xxx"
I do use a different OIDC though.
@thomseddon great work btw, several years after the service still going strong. Are you still using this or moved away?
Same problem with gitea. @evgnblkn, did you manage to fix it?
I don't know if this is the cause but:
- "PROVIDERS_GENERIC_OAUTH_AUTH_URL=gitia.example2.com/login/oauth/authorize"
------------------------------------> gitia 👆🏼
You configure traefik.http.middlewares.auth.basicauth
, shouldn't it be of type traefik.http.middlewares.auth.forwardauth
instead? That way you can also correctly configure address
, authResponseHeaders
and trustForwardHeader
.
UPDATE: Nevermind, just saw that you configure both middleware-types and apply the oauth middleware as needed.
When I try to open the service, for some reason I am redirected to
http://auth:4181/gitea.example2.com/login/oauth/authorize?client_id=df33b482-149c-4cfc-be4b-&redirect_uri=https%3A%2F%2Fauth.example.com%2F_oauth&response_type=code&scope=profile+email&state=3ed5cfbf7dbb05bd8a1070%3Ageneric-oauth%3Ahttps%3A%2F%2Fwhoami.example.com%2F
instead of redirecting to Gitea. I've already blown up the whole brain, I can't understand what's the matter.auth container logs:
Service config:
Traefik && auth: