Hello guys! I am trying to migrate my traefik-forward-auth container to oauth2-proxy and I am stuck.
I am trying to follow this: Integration | OAuth2 Proxy
I think the problem is in my configured forwardauth.address.
- When I set it to http://forward-auth:4180/oauth2/auth, I can reach my service when already authenticated, but when I visit the page unauthenticated, I just get "Unauthorized" error instead of offering me to log-in.
- When I set it to http://forward-auth:4180, I can log in, but after logging, I just get 404 instead of reaching my service.
My current setup:
version: "3"
networks:
traefik_proxy:
external: true
services:
repository:
image: containous/whoami
deploy:
labels:
- "traefik.enable=true"
# Oauth connector
- "traefik.http.routers.nexus.rule=Host(`${NEXUS_HOSTNAME}`)"
- "traefik.http.routers.nexus.entrypoints=websecure"
- "traefik.http.routers.nexus.tls=true"
- "traefik.http.routers.nexus.service=nexus"
- "traefik.http.routers.nexus.priority=10"
- "traefik.http.services.nexus.loadbalancer.server.port=80"
- "traefik.http.routers.nexus.middlewares=nexus-forward-auth"
- "traefik.http.middlewares.nexus-forward-auth.forwardauth.address=http://forward-auth:4180/oauth2/auth"
- "traefik.http.middlewares.nexus-forward-auth.forwardauth.authResponseHeaders=X-Forwarded-User,X-Forwarded-Email,X-Forwarded-Preferred-Username,X-Forwarded-Groups,X-Auth-Request-Access-Token,Authorization"
- "traefik.http.middlewares.nexus-forward-auth.forwardauth.trustForwardHeader=true"
networks:
- traefik_proxy
forward-auth:
image: quay.io/oauth2-proxy/oauth2-proxy:latest
environment:
- OAUTH2_PROXY_PROVIDER=oidc
- OAUTH2_PROXY_OIDC_ISSUER_URL=${OIDC_ISSUER}
- OAUTH2_PROXY_CLIENT_ID=${OIDC_CLIENT_ID}
- OAUTH2_PROXY_CLIENT_SECRET=${OIDC_CLIENT_SECRET}
- OAUTH2_PROXY_COOKIE_SECRET=${OIDC_COOKIE_SECRET}
- OAUTH2_PROXY_EMAIL_DOMAINS=*
- OAUTH2_PROXY_REVERSE_PROXY=true
- OAUTH2_PROXY_UPSTREAM=static://202
- OAUTH2_PROXY_HTTP_ADDRESS=0.0.0.0:4180
- OAUTH2_PROXY_SET_AUTHORIZATION_HEADER=true
- OAUTH2_PROXY_SET_XAUTHREQUEST=true
- OAUTH2_PROXY_PASS_ACCESS_TOKEN=true
- OAUTH2_PROXY_SHOW_DEBUG_ON_ERROR=true
- LOG_LEVEL=debug
networks:
- traefik_proxy
deploy:
labels:
- "traefik.enable=true"
- "traefik.http.routers.nexus-forward-auth.rule=Host(`${NEXUS_HOSTNAME}`) && PathPrefix(`/oauth2`)"
- "traefik.http.routers.nexus-forward-auth.entrypoints=websecure"
- "traefik.http.routers.nexus-forward-auth.tls=true"
- "traefik.http.routers.nexus-forward-auth.service=nexus-forward-auth"
- "traefik.http.routers.nexus-forward-auth.priority=100"
- "traefik.http.services.nexus-forward-auth.loadbalancer.server.port=4180"
Any clues please?