Traefik reverse proxy authentication that supports Keycloak SSO https://auth.autonomic.zone
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
This repo is archived. You can view files and clone it, but cannot push or open issues/pull-requests.

44 lines
1.1 KiB

---
version: "3.8"
services:
traefik-forward-auth:
image: "thomseddon/traefik-forward-auth:2"
configs:
- source: forward_ini
target: /etc/forward.ini
networks:
- proxy
environment:
- CONFIG=/etc/forward.ini
- OIDC_CLIENT_ID=traefik-forward-auth
- OIDC_ISSUER_URL=https://id.autonomic.zone/auth/realms/autonomic
secrets:
- oidc_client_secret
- secret_nonce
deploy:
labels:
- "traefik.enable=true"
- "traefik.http.services.tfa.loadBalancer.server.port=4181"
- "traefik.http.routers.tfa.rule=Host(`auth.autonomic.zone`)"
- "traefik.http.routers.tfa.entrypoints=web-secure"
- "traefik.http.routers.tfa.tls.certresolver=production"
- "traefik.http.routers.tfa.middlewares=keycloak@file"
networks:
proxy:
external: true
configs:
forward_ini:
name: auth_forward_ini_v1
file: forward.ini.tmpl
template_driver: golang
secrets:
secret_nonce:
name: auth_secret_nonce_v1
external: true
oidc_client_secret:
name: auth_oidc_client_secret_v1
external: true