From 4c1874b786861b03aae32d385949de06695b1ab3 Mon Sep 17 00:00:00 2001 From: Thom Seddon Date: Tue, 6 Nov 2018 14:44:12 +0000 Subject: [PATCH] add auth host example + update examples --- README.md | 2 +- example/docker-compose-auth-host.yml | 44 ++++++++++++++++++++++++++++ example/docker-compose-dev.yml | 2 +- example/docker-compose.yml | 2 +- 4 files changed, 47 insertions(+), 3 deletions(-) create mode 100644 example/docker-compose-auth-host.yml diff --git a/README.md b/README.md index 68e24ef..c451dab 100644 --- a/README.md +++ b/README.md @@ -78,7 +78,7 @@ As the hostname in the `redirect_uri` is dynamically generated based on the orig #### Auth Host -This is an optional mode of operation that is useful when dealing with a large number of subdomains, it is activated by using the `-auth-host` config option. +This is an optional mode of operation that is useful when dealing with a large number of subdomains, it is activated by using the `-auth-host` config option (see [this example docker-compose.yml](https://github.com/thomseddon/traefik-forward-auth/blob/master/example/docker-compose-auth-host.yml)). For example, if you have a few applications: `app1.test.com`, `app2.test.com`, `appN.test.com`, adding every domain to Google's console can become laborious. To utilise an auth host, permit domain level cookies by setting the cookie domain to `test.com` then set the `auth-host` to: `auth.test.com`. diff --git a/example/docker-compose-auth-host.yml b/example/docker-compose-auth-host.yml new file mode 100644 index 0000000..aef333a --- /dev/null +++ b/example/docker-compose-auth-host.yml @@ -0,0 +1,44 @@ +version: '3' + +services: + traefik: + image: traefik + command: -c /traefik.toml --logLevel=DEBUG + ports: + - "8085:80" + - "8086:8080" + networks: + - traefik + volumes: + - ./traefik.toml:/traefik.toml + - /var/run/docker.sock:/var/run/docker.sock + + whoami1: + image: emilevauge/whoami + networks: + - traefik + labels: + - "traefik.backend=whoami" + - "traefik.enable=true" + - "traefik.frontend.rule=Host:whoami.yourdomain.com" + + traefik-forward-auth: + image: thomseddon/traefik-forward-auth + environment: + - CLIENT_ID=your-client-id + - CLIENT_SECRET=your-client-secret + - SECRET=something-random + - COOKIE_SECURE=false + - DOMAIN=yourcompany.com + - AUTH_HOST=auth.yourdomain.com + networks: + - traefik + # When using an auth host, adding it here prompts traefik to generate certs + labels: + - traefik.enable=true + - traefik.port=4181 + - traefik.backend=traefik-forward-auth + - traefik.frontend.rule=Host:auth.yourdomain.com + +networks: + traefik: diff --git a/example/docker-compose-dev.yml b/example/docker-compose-dev.yml index 7bd4592..b708265 100644 --- a/example/docker-compose-dev.yml +++ b/example/docker-compose-dev.yml @@ -32,7 +32,7 @@ services: - "traefik.enable=true" - "traefik.frontend.rule=Host:whoami.localhost.org" - forward-oauth: + traefik-forward-auth: build: ../ environment: - CLIENT_ID=test diff --git a/example/docker-compose.yml b/example/docker-compose.yml index e5eb84d..66b4593 100644 --- a/example/docker-compose.yml +++ b/example/docker-compose.yml @@ -22,7 +22,7 @@ services: - "traefik.enable=true" - "traefik.frontend.rule=Host:whoami.localhost.com" - forward-oauth: + traefik-forward-auth: image: thomseddon/traefik-forward-auth environment: - CLIENT_ID=your-client-id