Personal Homelab
krasovs.ky
1[Unit]
2Description=OAuth2 Proxy Server Quadlet
3# OAuth2 Proxy requests OIDC configuration after launch, Pocket-ID should be ready
4Wants=pocket-id.service
5After=pocket-id.service
6
7[Container]
8Image=quay.io/oauth2-proxy/oauth2-proxy:v7.13.0
9AutoUpdate=registry
10ContainerName=oauth2-proxy-server
11
12User=1000:1000
13
14Environment=OAUTH2_PROXY_HTTP_ADDRESS=0.0.0.0:4180
15Environment=OAUTH2_PROXY_PROVIDER=oidc
16Environment=OAUTH2_PROXY_OIDC_ISSUER_URL=https://id.${base_domain}
17Environment=OAUTH2_PROXY_EMAIL_DOMAINS=*
18Environment=OAUTH2_PROXY_CLIENT_ID=643ae98a-24a1-4c1d-9d0a-a102dd2fe38c
19Environment=OAUTH2_PROXY_COOKIE_SECURE=true
20Environment=OAUTH2_PROXY_REDIRECT_URL=https://oauth2-proxy.${base_domain}/oauth2/callback
21Environment=OAUTH2_PROXY_COOKIE_DOMAINS=.${base_domain}
22Environment=OAUTH2_PROXY_WHITELIST_DOMAINS=.${base_domain}
23Environment=OAUTH2_PROXY_COOKIE_REFRESH=59m
24Environment=OAUTH2_PROXY_COOKIE_EXPIRE=720h
25Environment=OAUTH2_PROXY_REVERSE_PROXY=true
26Environment=OAUTH2_PROXY_UPSTREAMS=static://202
27Environment=OAUTH2_PROXY_SESSION_STORE_TYPE=redis
28Environment=OAUTH2_PROXY_REDIS_CONNECTION_URL=redis://oauth2-proxy-redis
29Environment=OAUTH2_PROXY_SKIP_JWT_BEARER_TOKENS=true
30Environment=OAUTH2_PROXY_EXTRA_JWT_ISSUERS=https://id.${base_domain}=6ab0d4e0-db54-4404-ad25-003aa4c9d208
31Secret=oauth2-proxy-cookie-secret,type=env,target=OAUTH2_PROXY_COOKIE_SECRET
32Secret=oauth2-proxy-client-secret,type=env,target=OAUTH2_PROXY_CLIENT_SECRET
33
34Label="glance.id=oauth2-proxy"
35Label="glance.name=OAuth2 Proxy"
36Label="glance.icon=di:oauth2-proxy"
37Label="glance.description=Identity-Aware Proxy"
38Label="glance.hide=false"
39
40Label="traefik.enable=true"
41Label="traefik.http.routers.oauth2-proxy.rule=Host(`oauth2-proxy.${base_domain}`)"
42Label="traefik.http.services.oauth2-proxy.loadbalancer.server.port=4180"
43
44Pod=oauth2-proxy.pod
45
46[Service]
47TimeoutStartSec=900
48Restart=always
49
50[Install]
51WantedBy=multi-user.target default.target