From 3947537018de9058023031f96472039d8a368f33 Mon Sep 17 00:00:00 2001 From: Luke Murphy Date: Tue, 27 Oct 2020 09:30:47 +0100 Subject: [PATCH] Finalise this app setup --- README.md | 4 +--- compose.yml | 46 +++++++++++++++++++++++++++++++++++++++++ docker-compose.prod.yml | 45 ---------------------------------------- forward.ini.tmpl | 12 +++++------ 4 files changed, 53 insertions(+), 54 deletions(-) create mode 100644 compose.yml delete mode 100644 docker-compose.prod.yml diff --git a/README.md b/README.md index c098adf..440126e 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,3 @@ # traefik-forward-auth -> https://github.com/thomseddon/traefik-forward-auth - -**Work In Progress.** +[![Build Status](https://drone.autonomic.zone/api/badges/coop-cloud/traefik-forward-auth/status.svg)](https://drone.autonomic.zone/coop-cloud/traefik-forward-auth) diff --git a/compose.yml b/compose.yml new file mode 100644 index 0000000..5e5587a --- /dev/null +++ b/compose.yml @@ -0,0 +1,46 @@ +--- +version: "3.8" + +services: + app: + image: "thomseddon/traefik-forward-auth:2" + configs: + - source: forward_ini + target: /etc/forward.ini + networks: + - proxy + environment: + - CONFIG=/etc/forward.ini + - OIDC_CLIENT_ID + - OIDC_ISSUER_URL + - COOKIE_DOMAIN + - AUTH_HOST + secrets: + - oidc_client_secret + - secret_nonce + deploy: + labels: + - "traefik.enable=true" + - "traefik.http.services.tfa.loadBalancer.server.port=4181" + - "traefik.http.routers.tfa.rule=Host(`${DOMAIN}`)" + - "traefik.http.routers.tfa.entrypoints=web-secure" + - "traefik.http.routers.tfa.tls.certresolver=production" + - "traefik.http.routers.tfa.middlewares=keycloak@file" + +networks: + proxy: + external: true + +configs: + forward_ini: + name: ${STACK_NAME}_forward_ini_${FORWARD_INI_VERSION} + file: forward.ini.tmpl + template_driver: golang + +secrets: + secret_nonce: + name: ${STACK_NAME}_secret_nonce_${SERCRET_NONCE_VERSION} + external: true + oidc_client_secret: + name: ${STACK_NAME}_oidc_client_secret_${OIDC_CLIENT_SECRET_VERSION} + external: true diff --git a/docker-compose.prod.yml b/docker-compose.prod.yml deleted file mode 100644 index fad1214..0000000 --- a/docker-compose.prod.yml +++ /dev/null @@ -1,45 +0,0 @@ ---- -version: "3.8" - -services: - traefik-forward-auth: - image: thomseddon/traefik-forward-auth:2 - configs: - - source: forward-ini-prod-v1 - target: /etc/forward.ini - networks: - - proxy - environment: - - CONFIG=/etc/forward.ini - secrets: - - oidc-client-id-v1 - - oidc-client-secret-v1 - - oidc-issuer-url-v1 - - secret-nonce-v1 - deploy: - labels: - - "traefik.enable=true" - - "traefik.http.services.tfa.loadBalancer.server.port=4181" - - "traefik.http.routers.tfa.rule=Host(`auth.swarm.autonomic.zone`)" - - "traefik.http.routers.tfa.entrypoints=web-secure" - - "traefik.http.routers.tfa.tls.certresolver=staging" - - "traefik.http.routers.tfa.middlewares=keycloak@file" - -networks: - proxy: - external: true - -configs: - forward-ini-prod-v1: - file: forward.ini.tmpl - template_driver: golang - -secrets: - secret-nonce-v1: - external: true - oidc-issuer-url-v1: - external: true - oidc-client-id-v1: - external: true - oidc-client-secret-v1: - external: true diff --git a/forward.ini.tmpl b/forward.ini.tmpl index 602408d..dd2a890 100644 --- a/forward.ini.tmpl +++ b/forward.ini.tmpl @@ -1,9 +1,9 @@ -secret = {{ secret "secret-nonce-v1" }} +secret = {{ secret "secret_nonce" }} log-level = info -cookie-domain = swarm.autonomic.zone -auth-host = auth.swarm.autonomic.zone +cookie-domain = {{ env "COOKIE_DOMAIN" }} +auth-host = {{ env "AUTH_HOST" }} default-provider = oidc -providers.oidc.issuer-url = {{ secret "oidc-issuer-url-v1" }} -providers.oidc.client-id = {{ secret "oidc-client-id-v1" }} -providers.oidc.client-secret = {{ secret "oidc-client-secret-v1" }} +providers.oidc.issuer-url = {{ env "OIDC_ISSUER_URL" }} +providers.oidc.client-id = {{ env "OIDC_CLIENT_ID" }} +providers.oidc.client-secret = {{ secret "oidc_client_secret" }}