Docker Image for Basic Auth and OpenID Connect proxy authentication. Useful for putting services behind Keycloak and other OpenID Connect authentication with Basic Auth compatibility for service accounts.
This is Image used Nginx for proxying request and OpenResty with the
lua-resty-openidc
library to handle OpenID Connect authentication.
It is heavily based on docker-oidc-proxy as well as this gist.
This proxy is controlled through environment variables, so there is no need to mess with any configuration files unless you want to of course. The following environment variables is used in this image:
-
OID_SESSION_SECRET
: secret value for cookie sessions -
OID_SESSION_CHECK_SSI
: check SSI or not (on
oroff
) -
OID_SESSION_NAME
: cookie session name -
OID_REDIRECT_PATH
: Redirect path after authentication -
OID_DISCOVERY
: OpenID provider well-known discovery URL -
OID_CLIENT_ID
: OpenID Client ID -
OID_CLIENT_SECRET
: OpenID Client Secret -
OIDC_AUTH_METHOD
: OpenID Connect authentication method (client_secret_basic
orclient_secret_post
) -
OIDC_AUTH_SCOPE
: OpenID scopes separated by space (defaults to"openid"
) -
OIDC_RENEW_ACCESS_TOKEN_ON_EXPIERY
: Enable silent renew of access token (true
orfalse
) -
LOG_USER_CLAIM
: if a claim is specified (egemail
), report it to upstream withX-User
header -
BASIC_AUTH_USERNAME
: username authorized for basic auth -
BASIC_AUTH_PASSWORD
: password authorized for basic auth -
PROXY_HOST
: Host name of the service to proxy -
PROXY_PORT
: Port of the service to proxy -
PROXY_PROTOCOL
: Protofol to the service to proxy (http
orhttps
)
docker run \
-e OID_DISCOVERY=https://my-auth-server/auth \
-e OID_CLIENT_ID=my-client \
-e OID_CLIENT_SECRET=my-secret \
-e BASIC_AUTH_USERNAME=poweradmin \
-e BASIC_AUTH_PASSWORD=my-secured-password \
-e PROXY_HOST=my-service \
-e PROXY_PORT=80 \
-e PROXY_PROTOCOL=http \
-p 80:80 \
jobteaser/http-basic-auth-oidc-proxy
This Docker image is licensed under the Apache License 2.0.
Software contained in this image is licensed under the following:
- docker-oidc-proxy: MIT License
- docker-openresty: BSD 2-clause "Simplified" License
- lua-resty-http: BSD 2-clause "Simplified" License
- lua-resty-jwt: Apache License 2.0
- lua-resty-openidc: Apache License 2.0
- lua-resty-session: BSD 2-clause "Simplified" License
- lua-resty-hmac: BSD 2-clause "Simplified" License
This image is officially supported on Docker version 1.12.
Support for older versions (down to 1.0) is provided on a best-effort basis.
If you have any problems with or questions about this image, please contact us through a GitHub issue.