Compare commits
4 Commits
49d5ec1b3d
...
636a3a10d7
Author | SHA1 | Date |
---|---|---|
wpetit | 636a3a10d7 | |
wpetit | 93d8997f6f | |
wpetit | 398040ab78 | |
wpetit | 91419d7424 |
|
@ -34,7 +34,6 @@ haproxy_oidc_test_base_path: /auth/test
|
||||||
|
|
||||||
haproxy_forwarded_proto: https
|
haproxy_forwarded_proto: https
|
||||||
haproxy_forwarded_host: "%[req.hdr(Host)]"
|
haproxy_forwarded_host: "%[req.hdr(Host)]"
|
||||||
haproxy_forwarded_port: "%[dst_port]"
|
|
||||||
|
|
||||||
# Hydra OIDC configuration
|
# Hydra OIDC configuration
|
||||||
|
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
# {{ ansible_managed }}
|
||||||
PODMAN_ARGS="\
|
PODMAN_ARGS="\
|
||||||
--name 'cadoles-pod-hydra-dispatcher-v1' \
|
--name 'cadoles-pod-hydra-dispatcher-v1' \
|
||||||
--replace \
|
--replace \
|
||||||
|
@ -17,4 +18,5 @@ PODMAN_ARGS="\
|
||||||
-e 'DEFAULT_LOCALE={{ hydra_dispatcher_default_locale }}' \
|
-e 'DEFAULT_LOCALE={{ hydra_dispatcher_default_locale }}' \
|
||||||
-e 'APP_LOCALES={{ hydra_dispatcher_available_locales | join(',') }}' \
|
-e 'APP_LOCALES={{ hydra_dispatcher_available_locales | join(',') }}' \
|
||||||
-e 'HYDRA_ADMIN_AUTHORIZED_HOSTS={{ hydra_dispatcher_admin_authorized_hosts | join(',') }}' \
|
-e 'HYDRA_ADMIN_AUTHORIZED_HOSTS={{ hydra_dispatcher_admin_authorized_hosts | join(',') }}' \
|
||||||
|
-e 'TRUSTED_PROXIES=127.0.0.1,10.0.2.0/24' \
|
||||||
"
|
"
|
|
@ -1,3 +1,4 @@
|
||||||
|
# {{ ansible_managed }}
|
||||||
PODMAN_ARGS="\
|
PODMAN_ARGS="\
|
||||||
--name 'cadoles-pod-hydra-oidc-v1' \
|
--name 'cadoles-pod-hydra-oidc-v1' \
|
||||||
--replace \
|
--replace \
|
||||||
|
@ -17,4 +18,5 @@ PODMAN_ARGS="\
|
||||||
-e 'OIDC_SCOPE={{ hydra_oidc_scope }}' \
|
-e 'OIDC_SCOPE={{ hydra_oidc_scope }}' \
|
||||||
-e 'CLIENT_ID_FC={{ hydra_oidc_client_id }}' \
|
-e 'CLIENT_ID_FC={{ hydra_oidc_client_id }}' \
|
||||||
-e 'CLIENT_SECRET_FC={{ hydra_oidc_client_secret }}' \
|
-e 'CLIENT_SECRET_FC={{ hydra_oidc_client_secret }}' \
|
||||||
|
-e 'TRUSTED_PROXIES=127.0.0.1,10.0.2.0/24' \
|
||||||
"
|
"
|
|
@ -1,3 +1,4 @@
|
||||||
|
# {{ ansible_managed }}
|
||||||
PODMAN_ARGS="\
|
PODMAN_ARGS="\
|
||||||
-p 127.0.0.1:3001:3000 \
|
-p 127.0.0.1:3001:3000 \
|
||||||
--network=slirp4netns:allow_host_loopback=true \
|
--network=slirp4netns:allow_host_loopback=true \
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
# {{ ansible_managed }}
|
||||||
PODMAN_ARGS="\
|
PODMAN_ARGS="\
|
||||||
-p 127.0.0.1:3003:80 \
|
-p 127.0.0.1:3003:80 \
|
||||||
--network=slirp4netns:allow_host_loopback=true \
|
--network=slirp4netns:allow_host_loopback=true \
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
# {{ ansible_managed }}
|
||||||
PODMAN_ARGS="\
|
PODMAN_ARGS="\
|
||||||
--name 'cadoles-pod-hydra-v1' \
|
--name 'cadoles-pod-hydra-v1' \
|
||||||
--replace \
|
--replace \
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
# {{ ansible_managed }}
|
||||||
PODMAN_ARGS="\
|
PODMAN_ARGS="\
|
||||||
-p 127.0.0.1:3002:80 \
|
-p 127.0.0.1:3002:80 \
|
||||||
--network=slirp4netns:allow_host_loopback=true \
|
--network=slirp4netns:allow_host_loopback=true \
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
# {{ ansible_managed }}
|
||||||
global
|
global
|
||||||
log /dev/log local0
|
log /dev/log local0
|
||||||
log /dev/log local1 notice
|
log /dev/log local1 notice
|
||||||
|
@ -72,7 +73,6 @@ option forwardfor
|
||||||
|
|
||||||
http-request set-header X-Forwarded-Proto {{ haproxy_forwarded_proto }}
|
http-request set-header X-Forwarded-Proto {{ haproxy_forwarded_proto }}
|
||||||
http-request set-header X-Forwarded-Host {{ haproxy_forwarded_host }}
|
http-request set-header X-Forwarded-Host {{ haproxy_forwarded_host }}
|
||||||
http-request set-header X-Forwarded-Port {{ haproxy_forwarded_port }}
|
|
||||||
|
|
||||||
# Backend Hydra
|
# Backend Hydra
|
||||||
backend hydra
|
backend hydra
|
||||||
|
@ -85,6 +85,8 @@ backend hydra_dispatcher
|
||||||
balance roundrobin
|
balance roundrobin
|
||||||
# Suppression du préfixe /auth/dispatcher dans l'URL
|
# Suppression du préfixe /auth/dispatcher dans l'URL
|
||||||
http-request set-path %[path,regsub(^{{ haproxy_hydra_dispatcher_base_path }}/,/)]
|
http-request set-path %[path,regsub(^{{ haproxy_hydra_dispatcher_base_path }}/,/)]
|
||||||
|
http-request set-header X-Forwarded-Prefix {{ haproxy_hydra_dispatcher_base_path }}
|
||||||
|
|
||||||
server hydra-login-dispatcher 127.0.0.1:3000 check
|
server hydra-login-dispatcher 127.0.0.1:3000 check
|
||||||
|
|
||||||
{% if enable_hydra_passwordless %}
|
{% if enable_hydra_passwordless %}
|
||||||
|
@ -93,6 +95,8 @@ backend hydra_passwordless
|
||||||
balance roundrobin
|
balance roundrobin
|
||||||
# Suppression du préfixe /auth/passwordless dans l'URL
|
# Suppression du préfixe /auth/passwordless dans l'URL
|
||||||
http-request set-path %[path,regsub(^{{ haproxy_hydra_passwordless_base_path }},)]
|
http-request set-path %[path,regsub(^{{ haproxy_hydra_passwordless_base_path }},)]
|
||||||
|
http-request set-header X-Forwarded-Prefix {{ haproxy_hydra_passwordless_base_path }}
|
||||||
|
|
||||||
server hydra-login-passwordless 127.0.0.1:3001 check
|
server hydra-login-passwordless 127.0.0.1:3001 check
|
||||||
{%- endif %}
|
{%- endif %}
|
||||||
|
|
||||||
|
@ -102,6 +106,8 @@ backend hydra_oidc
|
||||||
balance roundrobin
|
balance roundrobin
|
||||||
# Suppression du préfixe /auth/oidc dans l'URL
|
# Suppression du préfixe /auth/oidc dans l'URL
|
||||||
http-request set-path %[path,regsub(^{{ haproxy_hydra_oidc_base_path }},)]
|
http-request set-path %[path,regsub(^{{ haproxy_hydra_oidc_base_path }},)]
|
||||||
|
http-request set-header X-Forwarded-Prefix {{ haproxy_hydra_oidc_base_path }}
|
||||||
|
|
||||||
server hydra-login-oidc 127.0.0.1:3004 check
|
server hydra-login-oidc 127.0.0.1:3004 check
|
||||||
{%- endif %}
|
{%- endif %}
|
||||||
|
|
||||||
|
@ -117,5 +123,7 @@ backend oidc_test
|
||||||
balance roundrobin
|
balance roundrobin
|
||||||
# Suppression du préfixe /auth/test dans l'URL
|
# Suppression du préfixe /auth/test dans l'URL
|
||||||
http-request set-path %[path,regsub(^{{ haproxy_oidc_test_base_path }},/)]
|
http-request set-path %[path,regsub(^{{ haproxy_oidc_test_base_path }},/)]
|
||||||
|
http-request set-header X-Forwarded-Prefix {{ haproxy_oidc_test_base_path }}
|
||||||
|
|
||||||
server oidc-test 127.0.0.1:8080 check
|
server oidc-test 127.0.0.1:8080 check
|
||||||
{% endif %}
|
{% endif %}
|
|
@ -1,3 +1,4 @@
|
||||||
|
# {{ ansible_managed }}
|
||||||
hydra:
|
hydra:
|
||||||
apps:
|
apps:
|
||||||
{% if enable_hydra_passwordless %}
|
{% if enable_hydra_passwordless %}
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
# {{ ansible_managed }}
|
||||||
remote_user:
|
remote_user:
|
||||||
subject_header: "{{ hydra_saml_subject_header }}"
|
subject_header: "{{ hydra_saml_subject_header }}"
|
||||||
headers_attributes_mapping: {{ hydra_saml_headers_attributes_mapping | to_json }}
|
headers_attributes_mapping: {{ hydra_saml_headers_attributes_mapping | to_json }}
|
|
@ -1,3 +1,4 @@
|
||||||
|
<!-- {{ ansible_managed }} -->
|
||||||
{% for item in saml_attributes %}
|
{% for item in saml_attributes %}
|
||||||
<Attribute {% for key,value in item.items() %}{% if value is not mapping %}{{ key }}="{{ value }}" {% endif %}{% endfor %}>
|
<Attribute {% for key,value in item.items() %}{% if value is not mapping %}{{ key }}="{{ value }}" {% endif %}{% endfor %}>
|
||||||
{% if item.attributeDecoder is defined %}
|
{% if item.attributeDecoder is defined %}
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
<!-- {{ ansible_managed }} -->
|
||||||
{%- macro xmlnode(node) -%}
|
{%- macro xmlnode(node) -%}
|
||||||
<{{node.tag}}{% if node.attributes is defined %}{% for key,value in node.attributes.items() %} {{ key }}="{{ value }}"{% endfor %}{% endif %}{% if node.children is not defined %}/{% endif %}>
|
<{{node.tag}}{% if node.attributes is defined %}{% for key,value in node.attributes.items() %} {{ key }}="{{ value }}"{% endfor %}{% endif %}{% if node.children is not defined %}/{% endif %}>
|
||||||
{% if node.children is defined %}
|
{% if node.children is defined %}
|
||||||
|
|
Loading…
Reference in New Issue