2024-07-26 13:46:05 +02:00
|
|
|
version: '3.4'
|
|
|
|
|
|
|
|
|
|
services:
|
2024-10-28 14:58:11 +01:00
|
|
|
oc-auth:
|
|
|
|
|
image: 'oc-auth:latest'
|
2024-07-26 13:46:05 +02:00
|
|
|
ports:
|
2024-10-28 14:58:11 +01:00
|
|
|
- 8094:8080
|
|
|
|
|
container_name: oc-auth
|
2024-10-30 12:38:25 +01:00
|
|
|
labels:
|
|
|
|
|
- "traefik.enable=true"
|
2026-02-20 10:30:34 +01:00
|
|
|
- "traefik.http.routers.auth-sec.entrypoints=web"
|
|
|
|
|
- "traefik.http.routers.auth-sec.rule=PathPrefix(`/auth/`)"
|
|
|
|
|
- "traefik.http.middlewares.auth-sec-rewrite.replacepathregex.regex=^/auth(.*)"
|
|
|
|
|
- "traefik.http.middlewares.auth-sec-rewrite.replacepathregex.replacement=/oc$$1"
|
|
|
|
|
- "traefik.http.services.auth-sec.loadbalancer.server.port=8080"
|
|
|
|
|
- "traefik.http.routers.auth-sec.middlewares=auth-sec-rewrite,auth-auth-sec"
|
|
|
|
|
- "traefik.http.middlewares.auth-auth-sec.forwardauth.address=http://hydra:4444/oauth2/auth"
|
|
|
|
|
- "traefik.http.middlewares.auth-auth-sec.forwardauth.trustForwardHeader=true"
|
|
|
|
|
- "traefik.http.middlewares.auth-auth-sec.forwardauth.authResponseHeaders=X-Auth-Request-User,X-Auth-Request-Email"
|
2024-10-28 14:58:11 +01:00
|
|
|
environment:
|
|
|
|
|
LDAP_ENDPOINTS: ldap:389
|
|
|
|
|
LDAP_BINDDN: cn=admin,dc=example,dc=com
|
|
|
|
|
LDAP_BINDPW: password
|
|
|
|
|
LDAP_BASEDN: "dc=example,dc=com"
|
2026-01-23 11:09:31 +01:00
|
|
|
LDAP_USER_BASEDN: "ou=users,dc=example,dc=com"
|
2024-10-28 14:58:11 +01:00
|
|
|
LDAP_ROLE_BASEDN: "ou=AppRoles,dc=example,dc=com"
|
|
|
|
|
networks:
|
2025-04-01 10:16:26 +02:00
|
|
|
- oc
|
2024-10-30 12:38:25 +01:00
|
|
|
volumes:
|
2025-04-01 10:16:26 +02:00
|
|
|
- ./pem/private.pem:/keys/private/private.pem
|
|
|
|
|
- ./pem/public.pem:/keys/public/public.pem
|
2024-10-28 14:58:11 +01:00
|
|
|
networks:
|
2025-04-01 10:16:26 +02:00
|
|
|
oc:
|
2024-10-28 14:58:11 +01:00
|
|
|
external: true
|
