dsfg
This commit is contained in:
parent
878899c644
commit
53f38b332c
|
@ -52,6 +52,8 @@ services:
|
|||
networks:
|
||||
traefik:
|
||||
external: true
|
||||
whoami: {}
|
||||
oauth2-proxy: {}
|
||||
######## Volumes ########
|
||||
volumes:
|
||||
acme_data:
|
||||
|
|
|
@ -6,3 +6,73 @@ services:
|
|||
restart: always
|
||||
ports:
|
||||
- "4421:80"
|
||||
networks:
|
||||
whoami:
|
||||
aliases:
|
||||
- whoami.localtest.me
|
||||
keycloak: {}
|
||||
oauth2-proxy: {}
|
||||
|
||||
# This docker-compose file can be used to bring up an example instance of oauth2-proxy
|
||||
# for manual testing and exploration of features.
|
||||
# Alongside OAuth2-Proxy, this file also starts Keycloak to act as the identity provider,
|
||||
# whoami as an example upstream.
|
||||
#
|
||||
# This can either be created using docker-compose
|
||||
# docker-compose -f docker-compose-keycloak.yaml <command>
|
||||
# Or:
|
||||
# make keycloak-<command> (eg. make keycloak-up, make keycloak-down)
|
||||
#
|
||||
# Access http://oauth2-proxy.localtest.me:4180 to initiate a login cycle using user=admin@example.com, password=password
|
||||
# Access http://keycloak.localtest.me:9080 with the same credentials to check out the settings
|
||||
oauth2-proxy:
|
||||
container_name: oauth2-proxy
|
||||
image: quay.io/oauth2-proxy/oauth2-proxy:v7.6.0
|
||||
command: --config /oauth2-proxy.cfg
|
||||
hostname: oauth2-proxy
|
||||
volumes:
|
||||
- "./oauth2-proxy-keycloak.cfg:/oauth2-proxy.cfg"
|
||||
restart: unless-stopped
|
||||
ports:
|
||||
- 4180:4180/tcp
|
||||
networks:
|
||||
keycloak: {}
|
||||
whoami: {}
|
||||
oauth2-proxy: {}
|
||||
depends_on:
|
||||
- whoami
|
||||
- keycloak
|
||||
|
||||
keycloak:
|
||||
container_name: keycloak
|
||||
image: jboss/keycloak:10.0.0
|
||||
hostname: keycloak
|
||||
command:
|
||||
[
|
||||
'-b',
|
||||
'0.0.0.0',
|
||||
'-Djboss.socket.binding.port-offset=1000',
|
||||
'-Dkeycloak.migration.action=import',
|
||||
'-Dkeycloak.migration.provider=dir',
|
||||
'-Dkeycloak.migration.dir=/realm-config',
|
||||
'-Dkeycloak.migration.strategy=IGNORE_EXISTING'
|
||||
]
|
||||
volumes:
|
||||
- ./keycloak:/realm-config
|
||||
environment:
|
||||
KEYCLOAK_USER: admin@example.com
|
||||
KEYCLOAK_PASSWORD: password
|
||||
ports:
|
||||
- 9080:9080/tcp
|
||||
networks:
|
||||
keycloak:
|
||||
aliases:
|
||||
- keycloak.localtest.me
|
||||
|
||||
networks:
|
||||
whoami: {}
|
||||
keycloak: {}
|
||||
oauth2-proxy: {}
|
||||
|
||||
# todo
|
||||
# prufen ob dier uzielcontsainer alle netwzwerke rbaucht
|
||||
|
|
|
@ -0,0 +1,18 @@
|
|||
http_address="0.0.0.0:4180"
|
||||
cookie_secret="OQINaROshtE9TcZkNAm-5Zs2Pv3xaWytBmc5W7sPX7w="
|
||||
email_domains="example.com"
|
||||
cookie_secure="false"
|
||||
upstreams="http://whoami.localtest.me:8080"
|
||||
cookie_domains=[".localtest.me"] # Required so cookie can be read on all subdomains.
|
||||
whitelist_domains=[".localtest.me"] # Required to allow redirection back to original requested target.
|
||||
|
||||
# keycloak provider
|
||||
client_secret="72341b6d-7065-4518-a0e4-50ee15025608"
|
||||
client_id="oauth2-proxy"
|
||||
redirect_url="http://oauth2-proxy.localtest.me:4180/oauth2/callback"
|
||||
|
||||
# in this case oauth2-proxy is going to visit
|
||||
# http://keycloak.localtest.me:9080/auth/realms/master/.well-known/openid-configuration for configuration
|
||||
oidc_issuer_url="http://keycloak.localtest.me:9080/auth/realms/master"
|
||||
provider="oidc"
|
||||
provider_display_name="Keycloak"
|
Loading…
Reference in New Issue