mirror of
https://github.com/kanidm/kanidm.git
synced 2025-02-23 04:27:02 +01:00
e02328ae8b
* doing some work for enumerating how the accounts work together * fixing up build scripts and removing extra things * making JavaScript as_tag use the struct field names * making shared.js a module, removing wasmloader.js * don't compress compressed things
55 lines
2.1 KiB
Bash
Executable file
55 lines
2.1 KiB
Bash
Executable file
#!/bin/bash
|
|
|
|
PROXY_VERSION="7-debian-11"
|
|
PROXY_HTTP_PORT="10080"
|
|
PROXY_HTTPS_PORT="10443"
|
|
CLIENT_ID="test_oauth2"
|
|
|
|
# documentation for proxy settings is here: https://oauth2-proxy.github.io/oauth2-proxy/docs/configuration/overview/#environment-variables
|
|
|
|
# generate a cookie secret
|
|
echo "OAUTH2_PROXY_COOKIE_SECRET=$(openssl rand -hex 16)" > envfile
|
|
{
|
|
echo "OAUTH2_PROXY_CLIENT_ID=${CLIENT_ID}"
|
|
echo "OAUTH2_PROXY_CLIENT_SECRET_FILE=/opt/client.secret"
|
|
echo "OAUTH2_PROXY_COOKIE_EXPIRE=300s"
|
|
echo "OAUTH2_PROXY_CODE_CHALLENGE_METHOD=S256"
|
|
echo "OAUTH2_PROXY_COOKIE_CSRF_EXPIRE=300s"
|
|
echo "OAUTH2_PROXY_HTTP_ADDRESS=:${PROXY_HTTP_PORT}"
|
|
echo "OAUTH2_PROXY_HTTPS_ADDRESS=:${PROXY_HTTPS_PORT}"
|
|
echo "OAUTH2_PROXY_PROVIDER=oidc"
|
|
echo "OAUTH2_PROXY_SCOPE=openid"
|
|
echo "OAUTH2_PROXY_EMAIL_DOMAIN=example.com"
|
|
echo "OAUTH2_PROXY_UPSTREAM=file://opt/index.html"
|
|
echo "OAUTH2_PROXY_OIDC_ISSUER_URL=https://localhost:8443/oauth2/openid/${CLIENT_ID}"
|
|
echo "OAUTH2_PROXY_SSL_INSECURE_SKIP_VERIFY=true"
|
|
# cert things, loads the certs that we use for for the test server
|
|
echo "OAUTH2_PROXY_TLS_CERT_FILE=/opt/cert.pem"
|
|
echo "OAUTH2_PROXY_TLS_KEY_FILE=/opt/key.pem"
|
|
|
|
} >> envfile
|
|
|
|
if [ ! -f client.secret ]; then
|
|
echo "The client.secret file is missing! Can't run!"
|
|
exit 1
|
|
fi
|
|
|
|
if [ -z "$(cat client.secret)" ]; then
|
|
echo "The client.secret file is empty! Can't run!"
|
|
exit 1
|
|
fi
|
|
|
|
echo "#################################################################"
|
|
echo " Starting the proxy"
|
|
echo " Access it on https://localhost:${PROXY_HTTPS_PORT}"
|
|
echo "#################################################################"
|
|
|
|
docker run --rm -it \
|
|
--env-file envfile \
|
|
--network host \
|
|
--mount "type=bind,source=/tmp/kanidm/cert.pem,target=/opt/cert.pem" \
|
|
--mount "type=bind,source=/tmp/kanidm/key.pem,target=/opt/key.pem" \
|
|
--mount "type=bind,source=./index.html,target=/opt/index.html" \
|
|
--mount "type=bind,source=./client.secret,target=/opt/client.secret" \
|
|
"bitnami/oauth2-proxy:${PROXY_VERSION}" --email-domain='*'
|