SSO wired up! Insanity overcome

Closes autonomic-cooperative/traefik#2.
2020-05-05 12:51:02 +02:00
parent 4b0550d0a6
commit 749adf6a58
7 changed files with 69 additions and 6 deletions
--- a/configs/prod/file-provider.yml
+++ b/configs/prod/file-provider.yml
@ -0,0 +1,9 @@
+---
+http:
+  middlewares:
+    keycloak:
+      forwardAuth:
+        address: "http://traefik-forward-auth:4181"
+        trustForwardHeader: true
+        authResponseHeaders:
+          - "X-Forwarded-User"
--- a/configs/prod/forward.ini.tmpl
+++ b/configs/prod/forward.ini.tmpl
@ -0,0 +1,13 @@
+secret = {{ secret "secret-nonce-v1" }}
+
+default-provider = oidc
+
+providers.oidc.issuer-url = {{ secret "oidc-issuer-url-v1" }}
+providers.oidc.client-id = {{ secret "oidc-client-id-v1" }}
+providers.oidc.client-secret = {{ secret "oidc-client-secret-v1" }}
+
+log-level = error
+
+cookie-domain = swarm.autonomic.zone
+
+auth-host = auth.swarm.autonomic.zone
--- a/configs/prod/traefik.yml
+++ b/configs/prod/traefik.yml
@ -8,6 +8,8 @@ providers:
    exposedByDefault: false
    network: "proxy"
    swarmMode: true
+  file:
+    filename: /etc/traefik/file-provider.yml

 api:
  dashboard: true