51 lines
1.2 KiB
INI
51 lines
1.2 KiB
INI
## OAuth2 Proxy Configuration
|
|
## Using GitHub as the identity provider
|
|
|
|
# Provider settings
|
|
provider = "github"
|
|
|
|
# Get these from GitHub Settings → Developer settings → OAuth Apps
|
|
client_id = "${GITHUB_CLIENT_ID}"
|
|
client_secret = "${GITHUB_CLIENT_SECRET}"
|
|
|
|
# Cookie settings
|
|
cookie_name = "llama_session"
|
|
cookie_secret = "${OAUTH2_PROXY_COOKIE_SECRET}"
|
|
cookie_domains = [".story-basking.ts.net"]
|
|
cookie_expire = "168h0m0s"
|
|
cookie_refresh = "60m"
|
|
cookie_secure = true
|
|
cookie_httponly = true
|
|
cookie_samesite = "none"
|
|
|
|
# Redirect URL - must match GitHub OAuth settings
|
|
redirect_url = "https://llama.story-basking.ts.net/oauth2/callback"
|
|
|
|
# GitHub specific - restrict to specific orgs/users (optional)
|
|
# github_org = "your-org"
|
|
# github_team = "your-team"
|
|
github_user = "brycecovert"
|
|
|
|
# Upstream - your llama service
|
|
upstreams = [ "http://workstation:5082" ]
|
|
|
|
# Server settings
|
|
http_address = "0.0.0.0:4180"
|
|
reverse_proxy = true
|
|
|
|
# Pass user info to upstream
|
|
pass_authorization_header = true
|
|
pass_access_token = true
|
|
set_xauthrequest = true
|
|
|
|
# Skip the provider selection button
|
|
skip_provider_button = true
|
|
|
|
# Session storage
|
|
session_store_type = "cookie"
|
|
|
|
# Logging
|
|
standard_logging = true
|
|
auth_logging = true
|
|
request_logging = true
|