-
Notifications
You must be signed in to change notification settings - Fork 1.6k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add nginx test environment to demonstrate protecting multiple subdomains
- Loading branch information
Showing
6 changed files
with
113 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,26 @@ | ||
| # This docker-compose file can be used to bring up an example instance of oauth2-proxy | ||
| # for manual testing and exploration of features. | ||
| # Alongside OAuth2-Proxy, this file also starts Dex to act as the identity provider, | ||
| # etcd for storage for Dex, nginx as a reverse proxy and other http services for upstreams | ||
| version: '3.0' | ||
| services: | ||
| oauth2-proxy: | ||
| ports: [] | ||
| hostname: oauth2-proxy | ||
| volumes: | ||
| - "./oauth2-proxy-nginx.cfg:/oauth2-proxy.cfg" | ||
| networks: | ||
| oauth2-proxy: {} | ||
| nginx: | ||
| container_name: nginx | ||
| image: nginx:1.18 | ||
| ports: | ||
| - 80:80/tcp | ||
| hostname: nginx | ||
| volumes: | ||
| - "./nginx.conf:/etc/nginx/conf.d/default.conf" | ||
| networks: | ||
| oauth2-proxy: {} | ||
| httpbin: {} | ||
| networks: | ||
| oauth2-proxy: {} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,63 @@ | ||
| # Reverse proxy to oauth2-proxy | ||
| server { | ||
| listen 80; | ||
| server_name oauth2-proxy.oauth2-proxy.localhost; | ||
|
|
||
| location / { | ||
| proxy_set_header Host $host; | ||
| proxy_set_header X-Real-IP $remote_addr; | ||
|
|
||
| proxy_pass http://oauth2-proxy:4180/; | ||
| } | ||
| } | ||
|
|
||
| # Reverse proxy to httpbin | ||
| server { | ||
| listen 80; | ||
| server_name httpbin.oauth2-proxy.localhost; | ||
|
|
||
| auth_request /internal-auth/oauth2/auth; | ||
| error_page 401 = http://oauth2-proxy.oauth2-proxy.localhost/oauth2/sign_in?rd=$scheme://$host$request_uri; | ||
|
|
||
| location / { | ||
| proxy_pass http://httpbin/; | ||
| } | ||
|
|
||
| location /internal-auth/ { | ||
| internal; | ||
|
|
||
| proxy_set_header Host $host; | ||
| proxy_set_header X-Real-IP $remote_addr; | ||
|
|
||
| proxy_pass http://oauth2-proxy:4180/; | ||
| } | ||
| } | ||
|
|
||
| # Statically serve the nginx welcome | ||
| server { | ||
| listen 80; | ||
| server_name oauth2-proxy.localhost; | ||
|
|
||
| location / { | ||
| auth_request /internal-auth/oauth2/auth; | ||
| error_page 401 = http://oauth2-proxy.oauth2-proxy.localhost/oauth2/sign_in?rd=$scheme://$host$request_uri; | ||
|
|
||
| root /usr/share/nginx/html; | ||
| index index.html index.htm; | ||
| } | ||
|
|
||
| # redirect server error pages to the static page /50x.html | ||
| error_page 500 502 503 504 /50x.html; | ||
| location = /50x.html { | ||
| root /usr/share/nginx/html; | ||
| } | ||
|
|
||
| location /internal-auth/ { | ||
| internal; | ||
|
|
||
| proxy_set_header Host $host; | ||
| proxy_set_header X-Real-IP $remote_addr; | ||
|
|
||
| proxy_pass http://oauth2-proxy:4180/; | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,12 @@ | ||
| http_address="0.0.0.0:4180" | ||
| cookie_secret="OQINaROshtE9TcZkNAm-5Zs2Pv3xaWytBmc5W7sPX7w=" | ||
| provider="oidc" | ||
| email_domains="example.com" | ||
| oidc_issuer_url="http://dex.localhost:4190/dex" | ||
| client_secret="b2F1dGgyLXByb3h5LWNsaWVudC1zZWNyZXQK" | ||
| client_id="oauth2-proxy" | ||
| cookie_secure="false" | ||
|
|
||
| redirect_url="http://oauth2-proxy.oauth2-proxy.localhost/oauth2/callback" | ||
| cookie_domain=".oauth2-proxy.localhost" # Required so cookie can be read on all subdomains | ||
| whitelist_domains=".oauth2-proxy.localhost" # Required to allow redirection back to original targets. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,10 +1,11 @@ | ||
| http_address="0.0.0.0:4180" | ||
| redirect_url="http://localhost:4180/oauth2/callback" | ||
| cookie_secret="OQINaROshtE9TcZkNAm-5Zs2Pv3xaWytBmc5W7sPX7w=" | ||
| provider="oidc" | ||
| email_domains="example.com" | ||
| oidc_issuer_url="http://dex.localhost:4190/dex" | ||
| client_secret="b2F1dGgyLXByb3h5LWNsaWVudC1zZWNyZXQK" | ||
| client_id="oauth2-proxy" | ||
| cookie_secure="false" | ||
|
|
||
| redirect_url="http://localhost:4180/oauth2/callback" | ||
| upstreams="http://httpbin" |