oauth2-proxy-works-with-issues

2024-11-18 21:08:52 +00:00 · 2024-11-18 21:08:52 +00:00 · aec6786be7
parent ffd55e5427
commit aec6786be7
4 changed files with 51 additions and 12 deletions
--- a/services/ingress/auth.conf
+++ b/services/ingress/auth.conf
@ -2,11 +2,12 @@ server {
 	server_name auth.maksim-pankov.ru;
 	location / {
 		proxy_pass http://127.0.0.1:8000/;
-                proxy_set_header Host $proxy_host;
+        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 		client_max_body_size 0;
 	}
+    large_client_header_buffers 4 32k;

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/auth.maksim-pankov.ru/fullchain.pem; # managed by Certbot
--- a/services/ingress/blog.conf
+++ b/services/ingress/blog.conf
@ -1,9 +1,20 @@
 server {
    server_name blog.maksim-pankov.ru;
+    
    location / {
-                root /opt/blog_content/;
+        proxy_pass http://localhost:9988;
+        proxy_set_header Host $http_host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_buffer_size 8k;
    }        

+    # location /styles/ {
+        # try_files $uri $uri/ $uri.html =404;
+        # root /opt/blog_content/;
+    # }
+    large_client_header_buffers 4 32k;
+
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/blog.maksim-pankov.ru/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/blog.maksim-pankov.ru/privkey.pem; # managed by Certbot
@ -11,6 +22,15 @@ server {
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

 }
+
+server {
+    listen localhost:7788;
+    location / {
+        root /opt/blog_content/;
+        try_files $uri $uri/ $uri.html =404;
+    }  
+}
+
 server {
    if ($host = blog.maksim-pankov.ru) {
        return 301 https://$host$request_uri;
@ -20,6 +40,4 @@ server {
    server_name blog.maksim-pankov.ru;
    listen 80;
    return 404; # managed by Certbot
-
-
 }
--- a/services/oauth-proxy/docker-compose.yml
+++ b/services/oauth-proxy/docker-compose.yml
@ -0,0 +1,20 @@
+services:
+  keeper:
+    image: quay.io/oauth2-proxy/oauth2-proxy
+    environment:
+      - OAUTH2_PROXY_PROVIDER=oidc
+      - OAUTH2_PROXY_HTTP_ADDRESS=http://0.0.0.0:9988
+      - OAUTH2_PROXY_REDIRECT_URL=https://blog.maksim-pankov.ru/oauth2/callback
+      - OAUTH2_PROXY_REVERSE_PROXY=true
+      - OAUTH2_PROXY_SKIP_PROVIDER_BUTTON=true
+      - OAUTH2_PROXY_UPSTREAMS=http://localhost:7788/
+      # - OAUTH2_PROXY_UPSTREAMS=file:///opt/blog_content/#/
+      - OAUTH2_PROXY_UPSTREAMS=static://200
+      - OAUTH2_PROXY_CLIENT_ID=jigran_blog
+      - OAUTH2_PROXY_CLIENT_SECRET=c72ba7c0d489e020e0b5875729186ac4fb6872d7
+      - OAUTH2_PROXY_OIDC_ISSUER_URL=https://auth.maksim-pankov.ru
+      - OAUTH2_PROXY_COOKIE_SECRET=N9PrzHtfF4ZEbdvy24CvRAL7MbMA57Q3
+      - OAUTH2_PROXY_EMAIL_DOMAINS=*
+      - OAUTH2_PROXY_WHITELIST_DOMAINS=*.maksim-pankov.ru
+    ports:
+      - 9988:9988