-
-
Notifications
You must be signed in to change notification settings - Fork 68
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
question: Environment variables in Google OAuth example #34
Comments
@bogosj , thank you for the issue!
That is a shared key. The
It is not necessary if you are using Let's encrypt.
Yes.
Correct. You just need to keep in mind the binding to privileged ports |
Thanks. For the shared key is the suggested method creating a random GUID/UUID? |
@bogosj, random yes. GUID/UUID - no 😄 (because in theory it could be guessed), but it easier to explain it. I would say generate anything between 64-96 characters long. If you are running everything on a single instance and you don't care about re-authentication about reboot, then don't specify any Separately, you could also setup https://authp.github.io/docs/authorize/token-verification#verification-with-rsa-and-ecdsa-keys |
I guessed at a GUID because at the top of the page you reference there's a shared key:
|
@bogosj , that's correct 😄 I can't make up good passwords, so I resort to |
I removed the crypto blocks as suggested. I kept getting an error that looked like:
Apologies, the docker container logs disappeared after re-building so I don't have an exact copy of it. I added:
To the top of the global block and that seems to have fixed it. |
@bogosj , 👍 I will update docs with these. |
@bogosj , after re-reading https://caddyserver.com/docs/caddyfile/directives i am convinces that the order should be
|
Perhaps I'm misunderstanding but now that I read those docs shouldn't it be:
|
@bogosj , good question 👍 To answer it, one has to have some experience writing plugins for caddy, because I've never seen a doc explaining it. Authenticate The caddy-security/plugin_authn.go Line 47 in 8f1d6f6
This type of plugins perform caddy-security/plugin_authn.go Lines 96 to 101 in 8f1d6f6
It is from the same category as the ones below (ref)
The Authorize The caddy-security/plugin_authz.go Line 50 in 8f1d6f6
This type of plugins perform caddy-security/plugin_authz.go Line 101 in 8f1d6f6
This type of plugin is NOT supposed to write HTTP response body, because subsequent plugins would not be able to write response headers and body. Also, note the It is from the same category as the ones below (ref)
Being prior to |
@bogosj , updates the configuration files in the docs with the |
I want to set up Google OAuth in front of various services in my existing Caddy set up. Looking through the example file:
https://github.com/authp/authp.github.io/blob/main/assets/conf/oauth/google/Caddyfile
What is
JWT_SHARED_KEY
?Is the
(tls_config)
necessary? That appears to be using manual certs instead of Let's Encrypt?https://assetq.myfiosgateway.com - I assume this should be like https://myservice.mydomain.com.
Presumably this could run on port 80 and 443 instead of the non-standard ports?
The text was updated successfully, but these errors were encountered: