changes

2026-04-20 14:05:17 -07:00
parent f14c90e05a
commit 26716b7b2b
7 changed files with 162 additions and 11 deletions
--- a/llama/oauth2-proxy.cfg
+++ b/llama/oauth2-proxy.cfg
@@ -0,0 +1,50 @@
+## OAuth2 Proxy Configuration
+## Using GitHub as the identity provider
+
+# Provider settings
+provider = "github"
+
+# Get these from GitHub Settings → Developer settings → OAuth Apps
+client_id = "${GITHUB_CLIENT_ID}"
+client_secret = "${GITHUB_CLIENT_SECRET}"
+
+# Cookie settings
+cookie_name = "llama_session"
+cookie_secret = "${OAUTH2_PROXY_COOKIE_SECRET}"
+cookie_domains = [".story-basking.ts.net"]
+cookie_expire = "168h0m0s"
+cookie_refresh = "60m"
+cookie_secure = true
+cookie_httponly = true
+cookie_samesite = "none"
+
+# Redirect URL - must match GitHub OAuth settings
+redirect_url = "https://llama.story-basking.ts.net/oauth2/callback"
+
+# GitHub specific - restrict to specific orgs/users (optional)
+# github_org = "your-org"
+# github_team = "your-team"
+github_user = "brycecovert"
+
+# Upstream - your llama service
+upstreams = [ "http://workstation:5082" ]
+
+# Server settings
+http_address = "0.0.0.0:4180"
+reverse_proxy = true
+
+# Pass user info to upstream
+pass_authorization_header = true
+pass_access_token = true
+set_xauthrequest = true
+
+# Skip the provider selection button
+skip_provider_button = true
+
+# Session storage
+session_store_type = "cookie"
+
+# Logging
+standard_logging = true
+auth_logging = true
+request_logging = true