Skip to content

Update OIDC Docs for IdP alias guidance for self-hosted OIDC behind Pangolin - Issue #3 #24

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Update OIDC Docs for IdP alias guidance for self-hosted OIDC behind Pangolin - Issue #3 #24

wants to merge 1 commit into from
+103 −0

Conversation

@marcschaeferger
Copy link
Contributor

@marcschaeferger marcschaeferger commented Oct 28, 2025

Summary by Copilot:

This pull request adds documentation to clarify how to configure internal DNS resolution for a self-hosted OpenID Connect (OIDC) provider when it is hosted behind the same Pangolin/Traefik stack. The new guidance helps ensure that service-to-service OIDC flows work correctly within the Docker Compose network by using network aliases for the IdP domain. This avoids issues where containers cannot resolve the IdP hostname internally, which can lead to authentication failures.

OIDC Internal DNS Configuration:

  • Added instructions for adding the IdP domain as a Docker network alias on the service exposing ports 80/443 (typically gerbil or traefik) to ensure internal callbacks and token/userinfo requests resolve correctly within the stack. [1] [2]
  • Provided scenario-based examples for both cases: when Traefik shares the gerbil network namespace and when Traefik runs in its own namespace, including sample docker-compose.yaml snippets. [1] [2]
  • Clarified that public DNS remains unchanged and the alias only affects internal container DNS resolution for OIDC flows. [1] [2]
  • Added troubleshooting tips for DNS errors and guidance on when to remove the alias, emphasizing best practices to avoid edge cases with OIDC authentication. [1] [2]

Closes #3

@marcschaeferger
docs(oidc,docker-compose): add IdP alias guidance for self-hosted OID…
81c7914 
…C behind Pangolin

Include Docker network alias examples for Traefik sharing gerbil network namespace and standalone scenarios; clarify internal DNS rationale.

Closes fosrl#3
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Improve docs about OIDC

1 participant

@marcschaeferger