seperate proxy for rewriting openid config
This commit is contained in:
6
authentik/proxy/Dockerfile
Normal file
6
authentik/proxy/Dockerfile
Normal file
@@ -0,0 +1,6 @@
|
|||||||
|
FROM python:3.12-slim
|
||||||
|
WORKDIR /app
|
||||||
|
RUN pip install --no-cache-dir flask gunicorn requests
|
||||||
|
COPY app.py .
|
||||||
|
EXPOSE 5000
|
||||||
|
CMD ["gunicorn", "-w", "1", "-b", "0.0.0.0:5000", "app:app"]
|
||||||
24
authentik/proxy/app.py
Normal file
24
authentik/proxy/app.py
Normal file
@@ -0,0 +1,24 @@
|
|||||||
|
import os
|
||||||
|
import requests
|
||||||
|
from flask import Flask, jsonify, request
|
||||||
|
|
||||||
|
app = Flask(__name__)
|
||||||
|
|
||||||
|
@app.route("/headers")
|
||||||
|
def headers():
|
||||||
|
return jsonify(dict(request.headers))
|
||||||
|
|
||||||
|
@app.route("/<provider>/.well-known/openid-configuration",)
|
||||||
|
def openid(provider):
|
||||||
|
internal = os.environ.get('INTERNAL')
|
||||||
|
external = os.environ.get('EXTERNAL')
|
||||||
|
url = f'/application/o/{provider}/.well-known/openid-configuration'
|
||||||
|
response = requests.get(f'{internal}/{url}')
|
||||||
|
return jsonify({
|
||||||
|
k: v.replace(internal, external)
|
||||||
|
if isinstance(v, str) and (k != 'jwks_uri') else v
|
||||||
|
for k, v in response.json().items()
|
||||||
|
})
|
||||||
|
|
||||||
|
if __name__ == '__main__':
|
||||||
|
app.run(host='0.0.0.0', port=5000)
|
||||||
@@ -10,7 +10,7 @@
|
|||||||
scopes openid email profile
|
scopes openid email profile
|
||||||
|
|
||||||
base_auth_url https://authentik.rik.veenboer.xyz
|
base_auth_url https://authentik.rik.veenboer.xyz
|
||||||
metadata_url http://host:12345/.well-known
|
metadata_url http://192.168.2.200:15000/caddy/.well-known/openid-configuration
|
||||||
}
|
}
|
||||||
authentication portal myportal {
|
authentication portal myportal {
|
||||||
enable identity provider generic
|
enable identity provider generic
|
||||||
|
|||||||
@@ -4,7 +4,7 @@ test.rik.veenboer.xyz {
|
|||||||
}
|
}
|
||||||
|
|
||||||
authorize with mypolicy
|
authorize with mypolicy
|
||||||
reverse_proxy host:12345
|
reverse_proxy host:15000
|
||||||
}
|
}
|
||||||
|
|
||||||
auth.rik.veenboer.xyz {
|
auth.rik.veenboer.xyz {
|
||||||
|
|||||||
@@ -75,3 +75,16 @@ services:
|
|||||||
depends_on:
|
depends_on:
|
||||||
- authentik-postgresql
|
- authentik-postgresql
|
||||||
- authentik-redis
|
- authentik-redis
|
||||||
|
|
||||||
|
authentik-proxy:
|
||||||
|
image: authentik-proxy
|
||||||
|
container_name: authentik-proxy
|
||||||
|
ports:
|
||||||
|
- "15000:5000"
|
||||||
|
environment:
|
||||||
|
INTERNAL: http://host:19000
|
||||||
|
EXTERNAL: https://authentik.rik.veenboer.xyz
|
||||||
|
build:
|
||||||
|
context: /opt/authentik/proxy
|
||||||
|
extra_hosts:
|
||||||
|
- host:192.168.2.200
|
||||||
|
|||||||
Reference in New Issue
Block a user