Modern-day UserDir public_html with authentication.
The Docker image is based on Alpine with periodic S3 sync and oauth2_proxy managed by supervisor.
S3 sync is done through awscli's s3 sync command and is run once per minute.
docker run \
-e BUCKETNAME=.. \
-e AWS_ACCESS_KEY_ID=.. \
-e AWS_SECRET_ACCESS_KEY=.. \
-e OAUTH2_PROXY_CLIENT_ID=.. \
-e OAUTH2_PROXY_CLIENT_SECRET=.. \
-e OAUTH2_PROXY_ARGS="-provider=github -github-org=MyOrg -email-domain=* -cookie-secret=.. -skip-auth-regex=healthcheck" \
-p 8080:80 \
--rm \
-it s3sync-oauth2-proxy:latest
For S3:
$BUCKETNAME- the AWS bucket name to sync$AWS_ACCESS_KEY_ID- the AWS key id - these can be replaced by instance-role based access$AWS_SECRET_ACCESS_KEY- the AWS secret key
For oauth2_proxy:
OAUTH2_PROXY_ARGS- arguments to pass to oauth2_proxy. by default,-http-addressand-upstreamare set to listen to0.0.0.0:80and proxy to the synced s3 folder, respectively.- other environment variables listed in oauth2_proxy's documentation
You can overwrite config/supervisord.conf to change the parameters for supervisord.
But usually you do not need to unless you need to start additional processes. Noted that daemon is off by default for supervisor.
The s3 bucket is synced to /home/shared/s3.