Giter Site home page Giter Site logo

docker-oidc-proxy's Introduction

Docker OIDC Proxy

This is a OIDC proxy server that is designed to be used with Traefik as the HTTPS entry point and uses Apache HTTP with mod-auth-openidc to handle the OIDC management then forwards everything to an internal service.

Environment variables

Most of the text are from from https://github.com/zmartzone/mod_auth_openidc/blob/master/auth_openidc.conf

OIDC_PROVIDER_METADATA_URL URL where OpenID Connect Provider metadata can be found.

Google: https://accounts.google.com/.well-known/openid-configuration

OIDC_CLIENT_ID Client identifier used in calls to the statically configured OpenID Connect Provider.

e.g. a0tdkv2u4oiebsztd6i46urvorkspqptu.apps.googleusercontent.com

OIDC_CLIENT_SECRET Client secret used in calls to the statically configured OpenID Connect Provider.

e.g. 042db405cb8ef3f5e32445992db5d25231538946

OIDC_REDIRECT_URI The redirect_uri for this OpenID Connect client; this is a vanity URL that must ONLY point to a path on your server protected by this module AND must NOT point to any actual content that needs to be served.

The combination of this value and SERVER_NAME will form the redirect_uri that has to be set on the OpenID Provider.

e.g. /cb with a SERVER_NAME of trajano.net would yield https://trajano.net/cb

OIDC_CRYPTO_PASSPHRASE Set a password for crypto purposes. If the value begins with exec: the resulting command will be executed and the first line returned to standard output by the program will be used as the password.

For convenience, the image provides /random_password that generates a random password value. However, if running with multiple replicas, this environment variable must be set.

OIDC_SESSION_INACTIVITY_TIMEOUT Interval in seconds after which the session will be invalidated when no interaction has occurred.

e.g. 2592000 for 30 days.

OIDC_SESSION_MAX_DURATION Maximum duration of the application session in seconds. When set to 0, the session duration will be set equal to the expiry time of the ID token.

SERVER_NAME Hostname and port that the server uses to identify itself. This must

SERVICE_NAME The name of the backend service that is being proxied.

SERVICE_PORT The port number of the backend service that is being proxied.

docker-oidc-proxy's People

Contributors

trajano avatar

Stargazers

avatar

Watchers

avatar avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.