Compare commits
3 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
 ab
|
80b14bee5a | ||
|
ab
|
4ebb718106 | ||
|
ab
|
cbd07b7e3c |
@@ -0,0 +1,13 @@
|
||||
DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
|
||||
Version 2, December 2004
|
||||
|
||||
Copyright (C) 2004 Sam Hocevar <sam@hocevar.net>
|
||||
|
||||
Everyone is permitted to copy and distribute verbatim or modified
|
||||
copies of this license document, and changing it is allowed as long
|
||||
as the name is changed.
|
||||
|
||||
DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
|
||||
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
|
||||
|
||||
0. You just DO WHAT THE FUCK YOU WANT TO.
|
||||
@@ -1,6 +1,6 @@
|
||||
# rsauth2-proxy
|
||||
|
||||
Auth proxy for [Traefik ForwardAuth](https://doc.traefik.io/traefik/middlewares/http/forwardauth/) with Keycloak OIDC. Single instance protects all services in a cluster. Replaces oauth2-proxy.
|
||||
Auth proxy for [Traefik ForwardAuth](https://doc.traefik.io/traefik/middlewares/http/forwardauth/) with Keycloak OIDC. Single instance protects all services in a Kubernetes cluster. Replaces oauth2-proxy.
|
||||
|
||||
## How it works
|
||||
|
||||
@@ -107,7 +107,7 @@ spec:
|
||||
spec:
|
||||
containers:
|
||||
- name: auth-proxy
|
||||
image: ghcr.io/your-org/rsauth2-proxy:latest
|
||||
image: ultradesu/rsauth2-proxy:0.1.0
|
||||
ports:
|
||||
- containerPort: 8080
|
||||
envFrom:
|
||||
@@ -197,8 +197,6 @@ cargo build --release
|
||||
docker build -t rsauth2-proxy .
|
||||
```
|
||||
|
||||
Produces a static musl binary in a `FROM scratch` image (~10MB).
|
||||
|
||||
## Security properties
|
||||
|
||||
- **Encrypted cookies** — AES-256-GCM, not just signed. Cookie contents cannot be read or tampered with without the key.
|
||||
@@ -221,4 +219,4 @@ On successful authentication, the following headers are set on the request forwa
|
||||
|
||||
## License
|
||||
|
||||
MIT
|
||||
WTFPL
|
||||
|
||||
Reference in New Issue
Block a user