traefik-forward-auth icon indicating copy to clipboard operation
traefik-forward-auth copied to clipboard
verified publisher icon thomseddon

Can anyone provide an OIDC docker-compose configuration file? thank you thank you thank you

Open zhou1591 opened this issue 4 years ago • 1 comments

Can anyone provide an OIDC docker-compose configuration file? thank you
thank you
thank you
Can someone help me?

My configuration does not redirect to the OIDC login page when I visit my Traefik panel

version: '3'

networks:
  traefik:
    external: true
    
services:
  traefik-forward-auth:
    ports:
      - "4181:4181"
    image: thomseddon/traefik-forward-auth:v2.2.0
    restart: always
    environment:
      - LOG_LEVEL=trace
      - DEFAULT_PROVIDER=oidc
      - AUTH_HOST=asa.xxx.com
      - URL_PATH=oidc/token
      - LOGOUT_REDIRECT=http://123.xxx.com/oidc/session/end
      - PROVIDERS_OIDC_ISSUER_URL=http://123.xxx.com/oidc
      - PROVIDERS_OIDC_CLIENT_ID=xxx
      - PROVIDERS_OIDC_CLIENT_SECRET=xxx
      - PROVIDERS_GENERIC_OAUTH_SCOPE=*
      - PROVIDERS_GENERIC_OAUTH_TOKEN_STYLE=header
      - SECRET=something-random
      - INSECURE_COOKIE=true
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=traefik"
        
      - "traefik.http.routers.traefik-forward-auth.entrypoints=http"
      - "traefik.http.routers.traefik-forward-auth.rule=Host(`sso.xxx.com`)"

      - "traefik.http.middlewares.traefik-forward-auth.forwardauth.address=http://console.xxx.com"
      - "traefik.http.middlewares.traefik-forward-auth.forwardauth.authResponseHeaders=X-Forwarded-User"
      - "traefik.http.services.traefik-forward-auth.loadbalancer.server.port=4181"
    networks:
      - traefik
  reverse-proxy:
    image: traefik:v2.0
    command: --api.insecure=true --providers.docker
    ports:
      - "3007:80"
      - "3006:8080"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=traefik"
      - "traefik.http.routers.reverse-proxy.entrypoints=http"
      - "traefik.http.routers.reverse-proxy.rule=Host(`asa.xxx.com`)"
      - "traefik.http.routers.reverse-proxy.middlewares=traefik-forward-auth"
  whoami:
    image: containous/whoami
    ports:
      - "3005:80"
    networks:
      - traefik
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=traefik"
      - "traefik.http.routers.whoami.entrypoints=http"
      - "traefik.http.routers.whoami.rule=Host(`asa2.xxx.com`)"
      - "traefik.http.routers.whoami.middlewares=traefik-forward-auth"

zhou1591 avatar Apr 14 '22 08:04 zhou1591

I believe there is an oidc config in /examples

a few things: Sounds silly, but make an incognito or guest browser window and try again- it's possible you already have a session

I'm going to check my own config and get back to you

mstr3336 avatar May 05 '22 09:05 mstr3336