OpenWebUI/docs
1
0
Fork 0
mirror of https://github.com/open-webui/docs synced 2025-06-14 10:32:33 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #60 from cheahjs/feat/simpler-oauth2-proxy

Browse Source 
feat: update oauth2-proxy config to simplify
This commit is contained in:
Timothy Jaeryang Baek 2024-05-07 22:45:49 -07:00 committed by GitHub
commit e607daf7ff
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 12 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
docs/tutorial/sso.md
View File

@ -125,8 +125,8 @@ volumes:
[oauth2-proxy](https://oauth2-proxy.github.io/oauth2-proxy/) is an authenticating reverse proxy that implements social OAuth providers and OIDC support. [oauth2-proxy](https://oauth2-proxy.github.io/oauth2-proxy/) is an authenticating reverse proxy that implements social OAuth providers and OIDC support.
Given the large number of potential configurations, below is only an toy example and should not be used in production. Given the large number of potential configurations, below is an example of a potential setup with Google OAuth.
Please refer to `oauth2-proxy`'s documentation for detailed setup. Please refer to `oauth2-proxy`'s documentation for detailed setup and any potential security gotchas.
```yaml title="docker-compose.yaml" ```yaml title="docker-compose.yaml"
services: services:
@ -140,38 +140,21 @@ services:
restart: unless-stopped restart: unless-stopped
oauth2-proxy: oauth2-proxy:
image: quay.io/oauth2-proxy/oauth2-proxy:v7.6.0 image: quay.io/oauth2-proxy/oauth2-proxy:v7.6.0
command: --config /oauth2-proxy.cfg --alpha-config /oauth2-proxy.yaml environment:
hostname: oauth2-proxy OAUTH2_PROXY_HTTP_ADDRESS: 0.0.0.0:4180
volumes: OAUTH2_PROXY_UPSTREAMS: http://open-webui:8080/
- "./oauth2-proxy.yaml:/oauth2-proxy.yaml" OAUTH2_PROXY_PROVIDER: google
- "./oauth2-proxy.cfg:/oauth2-proxy.cfg" OAUTH2_PROXY_CLIENT_ID: REPLACEME_OAUTH_CLIENT_ID
OAUTH2_PROXY_CLIENT_SECRET: REPLACEME_OAUTH_CLIENT_ID
OAUTH2_PROXY_EMAIL_DOMAINS: REPLACEME_ALLOWED_EMAIL_DOMAINS
OAUTH2_PROXY_REDIRECT_URL: REPLACEME_OAUTH_CALLBACK_URL
OAUTH2_PROXY_COOKIE_SECRET: REPLACEME_COOKIE_SECRET
OAUTH2_PROXY_COOKIE_SECURE: "false"
restart: unless-stopped restart: unless-stopped
ports: ports:
- 4180:4180/tcp - 4180:4180/tcp
``` ```
```yaml title="oauth2-proxy.yaml"
upstreams:
- id: open-webui
path: /
uri: http://open-webui:8080
injectRequestHeaders:
- name: X-Forwarded-Email
values:
- claim: email
providers:
# Provide a list of providers to use for authentication
# https://oauth2-proxy.github.io/oauth2-proxy/configuration/providers/
```
```cfg title="oauth2-proxy.cfg"
http_address="0.0.0.0:4180"
cookie_secret="REPLACE_ME_WITH_A_REAL_SECRET"
email_domains="example.com"
cookie_secure="false"
redirect_url="http://localhost:4180/oauth2/callback"
```
## Authelia ## Authelia
[Authelia](https://www.authelia.com/) can be configured to return a header for use with trusted header authentication. [Authelia](https://www.authelia.com/) can be configured to return a header for use with trusted header authentication.