Compare commits
No commits in common. "636a3a10d7911148acd2cfd06e9210e1a4af9928" and "49d5ec1b3dab2e74d2247c3353994a324a663a77" have entirely different histories.
636a3a10d7
...
49d5ec1b3d
|
@ -34,6 +34,7 @@ haproxy_oidc_test_base_path: /auth/test
|
||||||
|
|
||||||
haproxy_forwarded_proto: https
|
haproxy_forwarded_proto: https
|
||||||
haproxy_forwarded_host: "%[req.hdr(Host)]"
|
haproxy_forwarded_host: "%[req.hdr(Host)]"
|
||||||
|
haproxy_forwarded_port: "%[dst_port]"
|
||||||
|
|
||||||
# Hydra OIDC configuration
|
# Hydra OIDC configuration
|
||||||
|
|
||||||
|
|
|
@ -1,4 +1,3 @@
|
||||||
# {{ ansible_managed }}
|
|
||||||
PODMAN_ARGS="\
|
PODMAN_ARGS="\
|
||||||
--name 'cadoles-pod-hydra-dispatcher-v1' \
|
--name 'cadoles-pod-hydra-dispatcher-v1' \
|
||||||
--replace \
|
--replace \
|
||||||
|
@ -18,5 +17,4 @@ PODMAN_ARGS="\
|
||||||
-e 'DEFAULT_LOCALE={{ hydra_dispatcher_default_locale }}' \
|
-e 'DEFAULT_LOCALE={{ hydra_dispatcher_default_locale }}' \
|
||||||
-e 'APP_LOCALES={{ hydra_dispatcher_available_locales | join(',') }}' \
|
-e 'APP_LOCALES={{ hydra_dispatcher_available_locales | join(',') }}' \
|
||||||
-e 'HYDRA_ADMIN_AUTHORIZED_HOSTS={{ hydra_dispatcher_admin_authorized_hosts | join(',') }}' \
|
-e 'HYDRA_ADMIN_AUTHORIZED_HOSTS={{ hydra_dispatcher_admin_authorized_hosts | join(',') }}' \
|
||||||
-e 'TRUSTED_PROXIES=127.0.0.1,10.0.2.0/24' \
|
|
||||||
"
|
"
|
|
@ -1,4 +1,3 @@
|
||||||
# {{ ansible_managed }}
|
|
||||||
PODMAN_ARGS="\
|
PODMAN_ARGS="\
|
||||||
--name 'cadoles-pod-hydra-oidc-v1' \
|
--name 'cadoles-pod-hydra-oidc-v1' \
|
||||||
--replace \
|
--replace \
|
||||||
|
@ -18,5 +17,4 @@ PODMAN_ARGS="\
|
||||||
-e 'OIDC_SCOPE={{ hydra_oidc_scope }}' \
|
-e 'OIDC_SCOPE={{ hydra_oidc_scope }}' \
|
||||||
-e 'CLIENT_ID_FC={{ hydra_oidc_client_id }}' \
|
-e 'CLIENT_ID_FC={{ hydra_oidc_client_id }}' \
|
||||||
-e 'CLIENT_SECRET_FC={{ hydra_oidc_client_secret }}' \
|
-e 'CLIENT_SECRET_FC={{ hydra_oidc_client_secret }}' \
|
||||||
-e 'TRUSTED_PROXIES=127.0.0.1,10.0.2.0/24' \
|
|
||||||
"
|
"
|
|
@ -1,4 +1,3 @@
|
||||||
# {{ ansible_managed }}
|
|
||||||
PODMAN_ARGS="\
|
PODMAN_ARGS="\
|
||||||
-p 127.0.0.1:3001:3000 \
|
-p 127.0.0.1:3001:3000 \
|
||||||
--network=slirp4netns:allow_host_loopback=true \
|
--network=slirp4netns:allow_host_loopback=true \
|
||||||
|
|
|
@ -1,4 +1,3 @@
|
||||||
# {{ ansible_managed }}
|
|
||||||
PODMAN_ARGS="\
|
PODMAN_ARGS="\
|
||||||
-p 127.0.0.1:3003:80 \
|
-p 127.0.0.1:3003:80 \
|
||||||
--network=slirp4netns:allow_host_loopback=true \
|
--network=slirp4netns:allow_host_loopback=true \
|
||||||
|
|
|
@ -1,4 +1,3 @@
|
||||||
# {{ ansible_managed }}
|
|
||||||
PODMAN_ARGS="\
|
PODMAN_ARGS="\
|
||||||
--name 'cadoles-pod-hydra-v1' \
|
--name 'cadoles-pod-hydra-v1' \
|
||||||
--replace \
|
--replace \
|
||||||
|
|
|
@ -1,4 +1,3 @@
|
||||||
# {{ ansible_managed }}
|
|
||||||
PODMAN_ARGS="\
|
PODMAN_ARGS="\
|
||||||
-p 127.0.0.1:3002:80 \
|
-p 127.0.0.1:3002:80 \
|
||||||
--network=slirp4netns:allow_host_loopback=true \
|
--network=slirp4netns:allow_host_loopback=true \
|
||||||
|
|
|
@ -1,4 +1,3 @@
|
||||||
# {{ ansible_managed }}
|
|
||||||
global
|
global
|
||||||
log /dev/log local0
|
log /dev/log local0
|
||||||
log /dev/log local1 notice
|
log /dev/log local1 notice
|
||||||
|
@ -73,6 +72,7 @@ option forwardfor
|
||||||
|
|
||||||
http-request set-header X-Forwarded-Proto {{ haproxy_forwarded_proto }}
|
http-request set-header X-Forwarded-Proto {{ haproxy_forwarded_proto }}
|
||||||
http-request set-header X-Forwarded-Host {{ haproxy_forwarded_host }}
|
http-request set-header X-Forwarded-Host {{ haproxy_forwarded_host }}
|
||||||
|
http-request set-header X-Forwarded-Port {{ haproxy_forwarded_port }}
|
||||||
|
|
||||||
# Backend Hydra
|
# Backend Hydra
|
||||||
backend hydra
|
backend hydra
|
||||||
|
@ -85,8 +85,6 @@ backend hydra_dispatcher
|
||||||
balance roundrobin
|
balance roundrobin
|
||||||
# Suppression du préfixe /auth/dispatcher dans l'URL
|
# Suppression du préfixe /auth/dispatcher dans l'URL
|
||||||
http-request set-path %[path,regsub(^{{ haproxy_hydra_dispatcher_base_path }}/,/)]
|
http-request set-path %[path,regsub(^{{ haproxy_hydra_dispatcher_base_path }}/,/)]
|
||||||
http-request set-header X-Forwarded-Prefix {{ haproxy_hydra_dispatcher_base_path }}
|
|
||||||
|
|
||||||
server hydra-login-dispatcher 127.0.0.1:3000 check
|
server hydra-login-dispatcher 127.0.0.1:3000 check
|
||||||
|
|
||||||
{% if enable_hydra_passwordless %}
|
{% if enable_hydra_passwordless %}
|
||||||
|
@ -95,8 +93,6 @@ backend hydra_passwordless
|
||||||
balance roundrobin
|
balance roundrobin
|
||||||
# Suppression du préfixe /auth/passwordless dans l'URL
|
# Suppression du préfixe /auth/passwordless dans l'URL
|
||||||
http-request set-path %[path,regsub(^{{ haproxy_hydra_passwordless_base_path }},)]
|
http-request set-path %[path,regsub(^{{ haproxy_hydra_passwordless_base_path }},)]
|
||||||
http-request set-header X-Forwarded-Prefix {{ haproxy_hydra_passwordless_base_path }}
|
|
||||||
|
|
||||||
server hydra-login-passwordless 127.0.0.1:3001 check
|
server hydra-login-passwordless 127.0.0.1:3001 check
|
||||||
{%- endif %}
|
{%- endif %}
|
||||||
|
|
||||||
|
@ -106,8 +102,6 @@ backend hydra_oidc
|
||||||
balance roundrobin
|
balance roundrobin
|
||||||
# Suppression du préfixe /auth/oidc dans l'URL
|
# Suppression du préfixe /auth/oidc dans l'URL
|
||||||
http-request set-path %[path,regsub(^{{ haproxy_hydra_oidc_base_path }},)]
|
http-request set-path %[path,regsub(^{{ haproxy_hydra_oidc_base_path }},)]
|
||||||
http-request set-header X-Forwarded-Prefix {{ haproxy_hydra_oidc_base_path }}
|
|
||||||
|
|
||||||
server hydra-login-oidc 127.0.0.1:3004 check
|
server hydra-login-oidc 127.0.0.1:3004 check
|
||||||
{%- endif %}
|
{%- endif %}
|
||||||
|
|
||||||
|
@ -123,7 +117,5 @@ backend oidc_test
|
||||||
balance roundrobin
|
balance roundrobin
|
||||||
# Suppression du préfixe /auth/test dans l'URL
|
# Suppression du préfixe /auth/test dans l'URL
|
||||||
http-request set-path %[path,regsub(^{{ haproxy_oidc_test_base_path }},/)]
|
http-request set-path %[path,regsub(^{{ haproxy_oidc_test_base_path }},/)]
|
||||||
http-request set-header X-Forwarded-Prefix {{ haproxy_oidc_test_base_path }}
|
|
||||||
|
|
||||||
server oidc-test 127.0.0.1:8080 check
|
server oidc-test 127.0.0.1:8080 check
|
||||||
{% endif %}
|
{% endif %}
|
|
@ -1,4 +1,3 @@
|
||||||
# {{ ansible_managed }}
|
|
||||||
hydra:
|
hydra:
|
||||||
apps:
|
apps:
|
||||||
{% if enable_hydra_passwordless %}
|
{% if enable_hydra_passwordless %}
|
||||||
|
|
|
@ -1,4 +1,3 @@
|
||||||
# {{ ansible_managed }}
|
|
||||||
remote_user:
|
remote_user:
|
||||||
subject_header: "{{ hydra_saml_subject_header }}"
|
subject_header: "{{ hydra_saml_subject_header }}"
|
||||||
headers_attributes_mapping: {{ hydra_saml_headers_attributes_mapping | to_json }}
|
headers_attributes_mapping: {{ hydra_saml_headers_attributes_mapping | to_json }}
|
|
@ -1,4 +1,3 @@
|
||||||
<!-- {{ ansible_managed }} -->
|
|
||||||
{% for item in saml_attributes %}
|
{% for item in saml_attributes %}
|
||||||
<Attribute {% for key,value in item.items() %}{% if value is not mapping %}{{ key }}="{{ value }}" {% endif %}{% endfor %}>
|
<Attribute {% for key,value in item.items() %}{% if value is not mapping %}{{ key }}="{{ value }}" {% endif %}{% endfor %}>
|
||||||
{% if item.attributeDecoder is defined %}
|
{% if item.attributeDecoder is defined %}
|
||||||
|
|
|
@ -1,4 +1,3 @@
|
||||||
<!-- {{ ansible_managed }} -->
|
|
||||||
{%- macro xmlnode(node) -%}
|
{%- macro xmlnode(node) -%}
|
||||||
<{{node.tag}}{% if node.attributes is defined %}{% for key,value in node.attributes.items() %} {{ key }}="{{ value }}"{% endfor %}{% endif %}{% if node.children is not defined %}/{% endif %}>
|
<{{node.tag}}{% if node.attributes is defined %}{% for key,value in node.attributes.items() %} {{ key }}="{{ value }}"{% endfor %}{% endif %}{% if node.children is not defined %}/{% endif %}>
|
||||||
{% if node.children is defined %}
|
{% if node.children is defined %}
|
||||||
|
|
Loading…
Reference in New Issue