adds pseudo.cortex.consider-funding.de upstream, adds snippet for easy oauth2-proxy protect, moves oauth2-proxy secrets to .env file

2025-08-12 11:22:18 +02:00
parent 51b8fa2b8c
commit 786a581d2f
6 changed files with 45 additions and 20 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -1,7 +1,6 @@
 .DS_Store

 .env
-oauth2-proxy.cfg

 CLAUDE.md
 GEMINI.md
--- a/docker_compose_applications/oauth2-proxy/.env.example
+++ b/docker_compose_applications/oauth2-proxy/.env.example
@@ -0,0 +1,4 @@
+OAUTH2_PROXY_CLIENT_ID = ""
+OAUTH2_PROXY_CLIENT_SECRET = ""
+OAUTH2_PROXY_COOKIE_SECRET = ""
+OAUTH2_PROXY_OIDC_ISSUER_URL = ""
--- a/docker_compose_applications/oauth2-proxy/compose.yaml
+++ b/docker_compose_applications/oauth2-proxy/compose.yaml
@@ -5,6 +5,7 @@ services:
    restart: unless-stopped
    command:
      - --config=/etc/oauth2-proxy/oauth2-proxy.cfg
+    env_file: .env
    volumes:
      - ./oauth2-proxy.cfg:/etc/oauth2-proxy/oauth2-proxy.cfg:ro
    networks:
--- a/docker_compose_applications/oauth2-proxy/oauth2-proxy.cfg
+++ b/docker_compose_applications/oauth2-proxy/oauth2-proxy.cfg
@@ -0,0 +1,9 @@
+provider = "entra-id"
+upstreams = ["file:///dev/null"]
+http_address = "0.0.0.0:4180"
+whitelist_domains = [".consider-it.de", ".consider-funding.de"]
+cookie_secure = true
+email_domains = [ "*" ]
+scope = "openid"
+skip_provider_button = true
+set_xauthrequest = true
--- a/docker_compose_applications/oauth2-proxy/oauth2-proxy.cfg.example
+++ b/docker_compose_applications/oauth2-proxy/oauth2-proxy.cfg.example
@@ -1,12 +0,0 @@
-provider = "entra-id"
-oidc_issuer_url = "https://login.microsoftonline.com/xxx-x-x-x-xxxx/v2.0"
-client_id = ""
-client_secret = ""
-cookie_secret = ""
-upstreams = [ "http://stirling-pdf:8080" ]
-http_address = "0.0.0.0:4180"
-redirect_url = "https://pdf.consider-it.de/oauth2/callback"
-cookie_secure = true
-email_domains = [ "*" ]
-scope = "openid"
-skip_provider_button = true
--- a/docker_compose_applications/reverse-proxy/Caddyfile
+++ b/docker_compose_applications/reverse-proxy/Caddyfile
@@ -1,9 +1,29 @@
-pdf.consider-it.de {
+(oauth2_protect) {
+	handle /oauth2/* {
 		reverse_proxy oauth2-proxy:4180
+	}
+
+	handle {
+		forward_auth oauth2-proxy:4180 {
+			uri /oauth2/auth
+			copy_headers Authorization
+
+			@bad status 4xx
+			handle_response @bad {
+				redir https://{args.0}/oauth2/start
+			}
+		}
+
+		reverse_proxy {args.1}
+	}
 }

-metabase.consider-it.de {
-    reverse_proxy metabase:3000
+pseudo.cortex.consider-funding.de {
+	import oauth2_protect pseudo.cortex.consider-funding.de http://10.20.0.2:5000
+}
+
+pdf.consider-it.de {
+	import oauth2_protect pdf.consider-it.de http://stirling-pdf:8080
 }

 n8n.consider-funding.de {
@@ -11,3 +31,7 @@ n8n.consider-funding.de {
 		flush_interval -1
 	}
 }
+
+metabase.consider-it.de {
+	reverse_proxy metabase:3000
+}