maksim
/
Gipat
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

oauth2-proxy-works-with-issues

This commit is contained in:
Maksim Pankov 2024-11-18 21:08:52 +00:00
parent ffd55e5427
commit aec6786be7
4 changed files with 51 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
services/ingress/auth.conf
View File

@ -2,11 +2,12 @@ server {
server_name auth.maksim-pankov.ru;
location / {
proxy_pass http://127.0.0.1:8000/;
proxy_set_header Host $proxy_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 0;
}
large_client_header_buffers 4 32k;
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/auth.maksim-pankov.ru/fullchain.pem; # managed by Certbot

34
services/ingress/blog.conf
View File

@ -1,8 +1,19 @@
server {
server_name blog.maksim-pankov.ru;
location / {
root /opt/blog_content/;
}
server_name blog.maksim-pankov.ru;
location / {
proxy_pass http://localhost:9988;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_buffer_size 8k;
}
# location /styles/ {
# try_files $uri $uri/ $uri.html =404;
# root /opt/blog_content/;
# }
large_client_header_buffers 4 32k;
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/blog.maksim-pankov.ru/fullchain.pem; # managed by Certbot
@ -11,15 +22,22 @@ server {
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
listen localhost:7788;
location / {
root /opt/blog_content/;
try_files $uri $uri/ $uri.html =404;
}
}
server {
if ($host = blog.maksim-pankov.ru) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name blog.maksim-pankov.ru;
listen 80;
server_name blog.maksim-pankov.ru;
listen 80;
return 404; # managed by Certbot
}

2
services/ingress/nextcloud.conf
View File

@ -3,7 +3,7 @@ server {
server_name maksim-pankov.ru skazochnik.spb.ru gipat;
location / {
proxy_pass http://gipat:5002/;
sub_filter "http://gipat:5002/" "https://skazochnik.spb.ru/";
sub_filter "http://gipat:5002/" "https://skazochnik.spb.ru/";
client_max_body_size 0;
}
ssl_certificate /etc/letsencrypt/live/maksim-pankov.ru/fullchain.pem; # managed by Certbot

20
services/oauth-proxy/docker-compose.yml Normal file
View File

@ -0,0 +1,20 @@
services:
keeper:
image: quay.io/oauth2-proxy/oauth2-proxy
environment:
- OAUTH2_PROXY_PROVIDER=oidc
- OAUTH2_PROXY_HTTP_ADDRESS=http://0.0.0.0:9988
- OAUTH2_PROXY_REDIRECT_URL=https://blog.maksim-pankov.ru/oauth2/callback
- OAUTH2_PROXY_REVERSE_PROXY=true
- OAUTH2_PROXY_SKIP_PROVIDER_BUTTON=true
- OAUTH2_PROXY_UPSTREAMS=http://localhost:7788/
# - OAUTH2_PROXY_UPSTREAMS=file:///opt/blog_content/#/
- OAUTH2_PROXY_UPSTREAMS=static://200
- OAUTH2_PROXY_CLIENT_ID=jigran_blog
- OAUTH2_PROXY_CLIENT_SECRET=c72ba7c0d489e020e0b5875729186ac4fb6872d7
- OAUTH2_PROXY_OIDC_ISSUER_URL=https://auth.maksim-pankov.ru
- OAUTH2_PROXY_COOKIE_SECRET=N9PrzHtfF4ZEbdvy24CvRAL7MbMA57Q3
- OAUTH2_PROXY_EMAIL_DOMAINS=*
- OAUTH2_PROXY_WHITELIST_DOMAINS=*.maksim-pankov.ru
ports:
- 9988:9988