oauth2-proxy
oauth2-proxy copied to clipboard
[Support]: Running into issues with multiple sub-domains on nginx proxy manager
OAuth2-Proxy Version
7.5.1
Provider
keycloak
Current Behaviour of your Problem
I'm attempting to have oauth2-proxy act as an auth proxy for a few of my services that don't have authentication built into them. Currently the flow goes nginx proxy manager -> oauth2-proxy -> service.
I have it working with a single upstream, but am struggling to get it to work with multiple upstreams. I've found some old posts mentioning fixes, but these all seem to be for k8s.
Configuration details or additional information
http_address="0.0.0.0:4180" cookie_secret="" email_domains=["", "", ""] cookie_secure="true" upstreams=["https://subdomain1.local", "https://subdomain2.local"] cookie_domains=["", "", ""] whitelist_domains=["", "", "*"] insecure_oidc_allow_unverified_email="true"
keycloak provider
client_secret="" client_id="" redirect_url="*****"
oidc_issuer_url="*****" provider="oidc" provider_display_name="Keycloak"
cookie_csrf_per_request="true" cookie_csrf_expire="5m" reverse_proxy="true"
Steps To Reproduce
- docker-compose up
Expected output:
oauth2-proxy | [2024/01/12 22:54:18] [main.go:54] invalid configuration:
oauth2-proxy | multiple upstreams found with id "/": upstream ids must be unique
oauth2-proxy | multiple upstreams found with path "/": upstream paths must be unique
Regarding your setup, which of the following are you trying to accomplish:
- upstream behind oauth2-proxy
user -> nginx -> oauth2-proxy -> upstream
- upstream behind nginx with auth_request
auth
user -> nginx <----> oauth-proxy
|
v
upstream
Furthermore you cannot protect two upstreams using the same path. https://oauth2-proxy.github.io/oauth2-proxy/docs/next/configuration/overview#upstreams-configuration
Multiple upstreams can either be configured by supplying a comma separated list to the --upstream parameter, supplying the parameter multiple times or providing a list in the config file.
When multiple upstreams are used routing to them will be based on the path they are set up with.
If you want to protect multiple upstreams through the same oauth2-proxy instance you will have to use the auth_request module in nginx. As described here: https://oauth2-proxy.github.io/oauth2-proxy/docs/next/configuration/overview#configuring-for-use-with-the-nginx-auth_request-directive
Hi, did you succeed to make Oauth2-proxy work with nginx's auth_request
? I am trying to do the same thing with Caddy's equivalent, forward_auth. I think that the Oauth2-proxy configuration would even be the same. What happens when you try to go to a protected app with your setup ? I am having "Unauthorized" with the configuration described here : https://github.com/oauth2-proxy/oauth2-proxy/issues/2380. I am very interested if you solve your issue
I did not get this working and honestly, have no idea what to do. Attempted to implement the fix above to no joy.
auth_request module in nginx
update of the docs link : https://oauth2-proxy.github.io/oauth2-proxy/configuration/overview#configuring-for-use-with-the-nginx-auth_request-directive
This issue has been inactive for 60 days. If the issue is still relevant please comment to re-activate the issue. If no action is taken within 7 days, the issue will be marked closed.