-
Notifications
You must be signed in to change notification settings - Fork 1.2k
Document Shortest Possible 😎 Path for Noobs #149
Comments
@johnboxall Thanks for this. The Without doing these things, the proxy keeps on redirecting to the sign-in page and the logs show |
One quick way to get noobs up and running may be through a Deploy to Heroku button. This PR #150 shows an example of how that might work. |
@johnboxall can you clarify the need for basic auth here? Is the case that you'd run two separate heroku apps? |
@hulbert the upstream apps we're looking to add authentication to are available on the public internet. Typically we protect them by using a shared secret over HTTP Basic Auth – this way you can't drive by access them on the web, but if you know the secret, you can still access them to check that they work. We set them here, so that they are sent upstream by Example: https://private.example.com is available on the public internet and protected by basic auth. https://x:[email protected] allows you to access the app. https://oauth2proxy.example.com/ is configured to provide authorization for private.example.com. For it to work, it needs to send |
oauth2_proxy
offers a number of configuration options.For folks looking to get up and running, quickly, it would be awesome to add a 15 minute "Quickstart" guide.
This right place for this may be a separate repo containing the compiled binaries, and an
app.json
file to power a "Deploy to Heroku" button.For others looking to get started quickly, here is how I typically do it using the Google Apps provider and an upstream application which requires a secret HTTP Basic Auth password to access:
Create a new repo.
Put the latest binaries from the releases pages into your repo.
Create an
oauth2_proxy.cfg
file. Here are the minimal options you'll need:Create a Heroku app using the binary builtpack:
Create a
Procfile
to run the binary with your config:Follow the Google Auth Provider instructions. Set the required environment config variables on Heroku:
Deploy your app to Heroku and rejoice.
For those looking to test locally using HTTP, make sure to toggle these settings:
cookie_secure=false
. This avoids responding with asecure
cookie on HTTP, which the browser will discard.redirect_url="http://127.0.0.1.xip.io:4180/oauth2/callback"
. By default the server will attempt to set cookies on the same domain as the request – this will fail forlocalhost
and127.0.0.1
(as well as any IP based domain.❤️
The text was updated successfully, but these errors were encountered: