dsfg

docker-compose/traefik/docker-compose.yml.j2

@@ -52,6 +52,8 @@ services:
 networks:
   traefik:
     external: true
+  whoami: {}
+  oauth2-proxy: {}
 ######## Volumes ########
 volumes:
   acme_data:

docker-compose/whoami/docker-compose.yml.j2

@@ -6,3 +6,73 @@ services:
     restart: always
     ports:
       - "4421:80"
+    networks:
+      whoami:
+        aliases:
+          - whoami.localtest.me
+      keycloak: {}
+      oauth2-proxy: {}
+
+# This docker-compose file can be used to bring up an example instance of oauth2-proxy
+# for manual testing and exploration of features.
+# Alongside OAuth2-Proxy, this file also starts Keycloak to act as the identity provider,
+# whoami as an example upstream.
+#
+# This can either be created using docker-compose
+#    docker-compose -f docker-compose-keycloak.yaml <command>
+# Or:
+#    make keycloak-<command> (eg. make keycloak-up, make keycloak-down)
+#
+# Access http://oauth2-proxy.localtest.me:4180 to initiate a login cycle using user=admin@example.com, password=password
+# Access http://keycloak.localtest.me:9080 with the same credentials to check out the settings
+  oauth2-proxy:
+    container_name: oauth2-proxy
+    image: quay.io/oauth2-proxy/oauth2-proxy:v7.6.0
+    command: --config /oauth2-proxy.cfg
+    hostname: oauth2-proxy
+    volumes:
+      - "./oauth2-proxy-keycloak.cfg:/oauth2-proxy.cfg"
+    restart: unless-stopped
+    ports:
+      - 4180:4180/tcp
+    networks:
+      keycloak: {}
+      whoami: {}
+      oauth2-proxy: {}
+    depends_on:
+      - whoami
+      - keycloak
+
+  keycloak:
+    container_name: keycloak
+    image: jboss/keycloak:10.0.0
+    hostname: keycloak
+    command:
+      [
+        '-b',
+        '0.0.0.0',
+        '-Djboss.socket.binding.port-offset=1000',
+        '-Dkeycloak.migration.action=import',
+        '-Dkeycloak.migration.provider=dir',
+        '-Dkeycloak.migration.dir=/realm-config',
+        '-Dkeycloak.migration.strategy=IGNORE_EXISTING'
+      ]
+    volumes:
+      - ./keycloak:/realm-config
+    environment:
+      KEYCLOAK_USER: admin@example.com
+      KEYCLOAK_PASSWORD: password
+    ports:
+      - 9080:9080/tcp
+    networks:
+      keycloak:
+        aliases:
+          - keycloak.localtest.me
+
+networks:
+  whoami: {}
+  keycloak: {}
+  oauth2-proxy: {}
+
+# todo
+# prufen ob dier uzielcontsainer alle netwzwerke rbaucht

docker-compose/whoami/oauth2-proxy-keycloak.cfg

@@ -0,0 +1,18 @@
+http_address="0.0.0.0:4180"
+cookie_secret="OQINaROshtE9TcZkNAm-5Zs2Pv3xaWytBmc5W7sPX7w="
+email_domains="example.com"
+cookie_secure="false"
+upstreams="http://whoami.localtest.me:8080"
+cookie_domains=[".localtest.me"] # Required so cookie can be read on all subdomains.
+whitelist_domains=[".localtest.me"] # Required to allow redirection back to original requested target.
+
+# keycloak provider
+client_secret="72341b6d-7065-4518-a0e4-50ee15025608"
+client_id="oauth2-proxy"
+redirect_url="http://oauth2-proxy.localtest.me:4180/oauth2/callback"
+
+# in this case oauth2-proxy is going to visit
+# http://keycloak.localtest.me:9080/auth/realms/master/.well-known/openid-configuration for configuration
+oidc_issuer_url="http://keycloak.localtest.me:9080/auth/realms/master"
+provider="oidc"
+provider_display_name="Keycloak"