mistborn auth

5 years ago · 906205aa8e
2 changed files with 21 additions and 17 deletions
--- a/base.yml
+++ b/base.yml
@ -58,7 +58,11 @@ services:
      - "traefik.http.routers.api.rule=Host(`traefik.mistborn`)"
      - "traefik.http.routers.api.service=api@internal"
      - "traefik.http.routers.api.middlewares=mistborn_headers@file"
-      - "traefik.http.routers.api.entrypoints=web,websecure"
+      - "traefik.http.routers.api.entrypoints=web"
      #- "traefik.http.services.internal.loadbalancer.server.port=5000"
      - "traefik.http.middlewares.mistborn_auth.forwardAuth.address=http://${MISTBORN_BIND_IP}:5000/auth/"
      - "traefik.http.middlewares.mistborn_auth.forwardAuth.trustForwardHeader=true"
      - "traefik.http.middlewares.mistborn_auth.forwardAuth.tls.insecureSkipVerify=true"
    depends_on:
      - django
    volumes:
--- a/compose/production/traefik/dynamic.toml
+++ b/compose/production/traefik/dynamic.toml
@ -8,24 +8,24 @@
  [tls.options.default]
    minVersion = "VersionTLS12"
-[http.services]
+#[http.services]
-  [http.services.cockpit.loadBalancer]
+#  [http.services.cockpit.loadBalancer]
-    [[http.services.cockpit.loadBalancer.servers]]
+#    [[http.services.cockpit.loadBalancer.servers]]
-      url = "http://10.2.3.1:9090"
+#      url = "http://10.2.3.1:9090"
-[http.routers]
+#[http.routers]
-  [http.routers.cockpit]
+#  [http.routers.cockpit]
-    rule = "Host(`cockpit.mistborn`)"
+#    rule = "Host(`cockpit.mistborn`)"
-    service = "cockpit"
+#    service = "cockpit"
-    entrypoints = ["web", "websecure"]
+#    entrypoints = ["web", "websecure"]
-    middlewares = ["mistborn_auth"]
+#    middlewares = ["mistborn_auth"]
-[http.middlewares]
+#[http.middlewares]
-  [http.middlewares.mistborn_auth.forwardAuth]
+#  [http.middlewares.mistborn_auth.forwardAuth]
-    address = "http://10.2.3.1:5000/auth/"
+#    address = "http://10.2.3.1:5000/auth/"
-    trustForwardHeader = true
+#    trustForwardHeader = true
-    [http.middlewares.mistborn_auth.forwardAuth.tls]
+#    [http.middlewares.mistborn_auth.forwardAuth.tls]
-      insecureSkipVerify = true
+#      insecureSkipVerify = true
  [http.middlewares.mistborn_headers.headers]
    hostsProxyHeaders = ['X-CSRFToken']