mirror of
https://github.com/open-webui/docs
synced 2025-06-10 16:47:13 +00:00
feat: update oauth2-proxy config to simplify
This commit is contained in:
parent
9e34a3bc11
commit
57d2b13bb2
@ -125,8 +125,8 @@ volumes:
|
||||
|
||||
[oauth2-proxy](https://oauth2-proxy.github.io/oauth2-proxy/) is an authenticating reverse proxy that implements social OAuth providers and OIDC support.
|
||||
|
||||
Given the large number of potential configurations, below is only an toy example and should not be used in production.
|
||||
Please refer to `oauth2-proxy`'s documentation for detailed setup.
|
||||
Given the large number of potential configurations, below is an example of a potential setup with Google OAuth.
|
||||
Please refer to `oauth2-proxy`'s documentation for detailed setup and any potential security gotchas.
|
||||
|
||||
```yaml title="docker-compose.yaml"
|
||||
services:
|
||||
@ -140,38 +140,21 @@ services:
|
||||
restart: unless-stopped
|
||||
oauth2-proxy:
|
||||
image: quay.io/oauth2-proxy/oauth2-proxy:v7.6.0
|
||||
command: --config /oauth2-proxy.cfg --alpha-config /oauth2-proxy.yaml
|
||||
hostname: oauth2-proxy
|
||||
volumes:
|
||||
- "./oauth2-proxy.yaml:/oauth2-proxy.yaml"
|
||||
- "./oauth2-proxy.cfg:/oauth2-proxy.cfg"
|
||||
environment:
|
||||
OAUTH2_PROXY_HTTP_ADDRESS: 0.0.0.0:4180
|
||||
OAUTH2_PROXY_UPSTREAMS: http://open-webui:8080/
|
||||
OAUTH2_PROXY_PROVIDER: google
|
||||
OAUTH2_PROXY_CLIENT_ID: REPLACEME_OAUTH_CLIENT_ID
|
||||
OAUTH2_PROXY_CLIENT_SECRET: REPLACEME_OAUTH_CLIENT_ID
|
||||
OAUTH2_PROXY_EMAIL_DOMAINS: REPLACEME_ALLOWED_EMAIL_DOMAINS
|
||||
OAUTH2_PROXY_REDIRECT_URL: REPLACEME_OAUTH_CALLBACK_URL
|
||||
OAUTH2_PROXY_COOKIE_SECRET: REPLACEME_COOKIE_SECRET
|
||||
OAUTH2_PROXY_COOKIE_SECURE: "false"
|
||||
restart: unless-stopped
|
||||
ports:
|
||||
- 4180:4180/tcp
|
||||
```
|
||||
|
||||
```yaml title="oauth2-proxy.yaml"
|
||||
upstreams:
|
||||
- id: open-webui
|
||||
path: /
|
||||
uri: http://open-webui:8080
|
||||
injectRequestHeaders:
|
||||
- name: X-Forwarded-Email
|
||||
values:
|
||||
- claim: email
|
||||
providers:
|
||||
# Provide a list of providers to use for authentication
|
||||
# https://oauth2-proxy.github.io/oauth2-proxy/configuration/providers/
|
||||
```
|
||||
|
||||
```cfg title="oauth2-proxy.cfg"
|
||||
http_address="0.0.0.0:4180"
|
||||
cookie_secret="REPLACE_ME_WITH_A_REAL_SECRET"
|
||||
email_domains="example.com"
|
||||
cookie_secure="false"
|
||||
redirect_url="http://localhost:4180/oauth2/callback"
|
||||
```
|
||||
|
||||
## Authelia
|
||||
|
||||
[Authelia](https://www.authelia.com/) can be configured to return a header for use with trusted header authentication.
|
||||
|
Loading…
Reference in New Issue
Block a user