TL;DR
fauth:
container_name: fauth
image: thomseddon/traefik-forward-auth:latest
restart: unless-stopped
security_opt:
- no-new-privileges:true
environment:
- PROVIDERS_GOOGLE_CLIENT_ID=$GOOGLE_CLIENT_ID # REDACTED
- PROVIDERS_GOOGLE_CLIENT_SECRET=$GOOGLE_CLIENT_ID # REDACTED
- SECRET=$OAUTH_SECRET
- INSECURE_COOKIE=false
labels:
- traefik.enable=true
- traefik.http.middlewares.fauth.forwardauth.address=http://fauth:4181
- traefik.http.middlewares.fauth.forwardauth.authResponseHeaders=X-Forwarded-User
- traefik.http.services.fauth.loadbalancer.server.port=4181
#use
organizr:
image: linuxserver/organizr:latest
container_name: organizr
restart: unless-stopped
labels:
- traefik.enable=true
- traefik.http.routers.organizr.rule=Host(`organizr.example.com`)
- traefik.http.routers.organizr.entrypoints=web
- traefik.http.routers.organizr.middlewares=fauth
Code language: PHP (php)위처럼 설정하면 된다.
실제로 사용한예시
version: "3.8"
########################### NETWORKS
networks:
default:
driver: bridge
name: traefik_proxy
db_net:
external:
name: db_net
db_work:
external:
name: db_work
########################### SERVICES
services:
# Traefik 2 - Reverse Proxy
traefik:
image: traefik:v2.4
container_name: DO__traefik
restart: unless-stopped
ports:
- target: 80
published: 80
protocol: tcp
mode: host
- target: 443
published: 443
protocol: tcp
mode: host
- target: 8080
published: 8080
protocol: tcp
mode: host
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./traefik/rules:/rules
- ./traefik/acme:/acme
- ./traefik/traefik.yaml:/etc/traefik/traefik.yaml
labels:
- traefik.enable=true
## HTTP Routers
- traefik.http.routers.202106__traefik.rule=Host(`traefik.${DOMAINNAME}`)
- traefik.http.routers.202106__traefik.entrypoints=websecure
- traefik.http.routers.202106__traefik.tls.certresolver=leresolver
- traefik.http.routers.202106__traefik.middlewares=fauth
## Service
- traefik.http.services.202106__traefik.loadbalancer.server.port=8080
networks:
- db_net
- db_work
- default
fauth:
container_name: fauth
image: thomseddon/traefik-forward-auth:latest
restart: unless-stopped
security_opt:
- no-new-privileges:true
environment:
- PROVIDERS_GOOGLE_CLIENT_ID=${GOOGLE_CLIENT_ID} # REDACTED
- PROVIDERS_GOOGLE_CLIENT_SECRET=${GOOGLE_CLIENT_ID} # REDACTED
- SECRET=$O{AUTH_SECRET}
- INSECURE_COOKIE=false
- WHITELIST=${EMAIL}
labels:
- traefik.enable=true
- traefik.http.middlewares.fauth.forwardauth.address=http://fauth:4181
- traefik.http.middlewares.fauth.forwardauth.authResponseHeaders=X-Forwarded-User
- traefik.http.services.fauth.loadbalancer.server.port=4181Code language: PHP (php)fauth를 미들웨어로 추가하고 해당 미들웨어를 Google OAuth를 적용할 컨테이너의 미들웨어로 추가해주면 된다.
그러면 Google OAuth를 인증받고 해당 라우트로 들어갈 수 있다.
issue) White list not working
해당 컨테이너의 옵션으로 white list를 넣어서 원하는 인원만 접속할 수 있게하는 옵션이 있는데 해당 옵션이 재대로 작동하지 않는다.
https://github.com/Hansanghyeon/synology-traefik/issues/3
발단
https://github.com/Hansanghyeon/synology-traefik/discussions/2
참고
- 인증에 사용한 docker image
https://github.com/thomseddon/traefik-forward-auth - traefik-forward-auth 활용 example
https://www.reddit.com/r/Traefik/comments/hnbznm/traefik_v22_google_sso/fxfpoqr?utm_source=share&utm_medium=web2x&context=3