public/geek-cookbook
1
0
Fork 0
mirror of https://github.com/funkypenguin/geek-cookbook/ synced 2025-12-13 01:36:23 +00:00
Code Issues Releases Wiki Activity

Split keycloak in to mini-recipes in preparation for traefik-forward-auth example

Browse Source
This commit is contained in:
David Young
2019-05-16 12:32:20 +12:00
parent cb10789a71
commit 4259dc5e22
16 changed files with 179 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
manuscript/ha-docker-swarm/traefik-forward-auth.md
View File

@@ -28,7 +28,7 @@ Store your client ID and secret safely - you'll need them for the next step.
### Prepare environment
Create `traefik-forward-auth.env` as follows:
Create `/var/data/config/traefik/traefik-forward-auth.env` as follows:
```
CLIENT_ID=<your client id>
@@ -47,7 +47,7 @@ This is a small container, you can simply add the following content to the exist
```
traefik-forward-auth:
image: thomseddon/traefik-forward-auth
env_file: /var/data/config/keycloak/traefik-forward-auth.env
env_file: /var/data/config/traefik/traefik-forward-auth.env
networks:
- traefik_public
# Uncomment these lines if you're using auth host mode
@@ -101,10 +101,4 @@ What have we achieved? By adding an additional three simple labels to any servic
1. Traefik forward auth replaces the use of [oauth_proxy containers](/reference/oauth_proxy/) found in some of the existing recipes
2. [@thomaseddon's original version](https://github.com/thomseddon/traefik-forward-auth) of traefik-forward-auth only works with Google currently, but I've created a [fork](https://www.github.com/funkypenguin/traefik-forward-auth) of a [fork](https://github.com/noelcatt/traefik-forward-auth), which implements generic OIDC providers.
3. I reviewed several implementations of forward authenticators for Traefik, but found most to be rather heavy-handed, or specific to a single auth provider. @thomaseddon's go-based docker image is 7MB in size, and with the generic OIDC patch (above), it can be extended to work with any OIDC provider.
4. No, not github natively, but you can ferderate GitHub into KeyCloak, and then use KeyCloak as the OIDC provider.
### Tip your waiter (support me) 👏
Did you receive excellent service? Want to make your waiter happy? (_..and support development of current and future recipes!_) See the [support](/support/) page for (_free or paid)_ ways to say thank you! 👏
### Your comments? 💬
4. No, not github natively, but you can ferderate GitHub into KeyCloak, and then use KeyCloak as the OIDC provider.