38 lines
No EOL
1.3 KiB
INI
38 lines
No EOL
1.3 KiB
INI
|
|
|
|
|
|
# --- 1. Provider Configuration ---
|
|
|
|
## GitHub OAuth2 Configuration
|
|
# provider = "github"
|
|
# client_id = "Ov23liA8Pj1NqKm5HgqR"
|
|
# client_secret = "3b5015ef53b81d94ff9414a55be1252508d70795"
|
|
# scope = "user:email"
|
|
# email_domains = ["*"] # Allow any email domain (since restriction is handled by github_org)
|
|
# github_org = "diukman" # Restrict access to members of this GitHub Organization
|
|
|
|
## Google OAuth2 Configuration
|
|
provider = "google"
|
|
client_id = "908518725447-1pbdp071t2b07p66fv0n845n3nrbeu0k.apps.googleusercontent.com"
|
|
client_secret = "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"
|
|
scope = "openid profile email"
|
|
|
|
# --- 2. OAuth2 Proxy Configuration ---
|
|
upstreams = "static://200"
|
|
http_address = "0.0.0.0:4180"
|
|
redirect_url = "https://auth.diukman.com/oauth2/callback"
|
|
|
|
set_xauthrequest = true
|
|
# --- 3. Cookie Configuration ---
|
|
cookie_secret = "0MuGA07eq7PqfEBQXV_mkRxPsHb4VsuwlEka5A4dExg="
|
|
cookie_domains = [ ".diukman.com", "diukman.com" ]
|
|
cookie_httponly = true
|
|
cookie_secure = true
|
|
cookie_samesite = "none"
|
|
cookie_expire = "168h" # Cookie expiry time (7 days)
|
|
|
|
# --- 5. Email Whitelisting ---
|
|
authenticated_emails_file = "/etc/allowed_emails.txt"
|
|
# --- 6. Domain redirection Whitelisting ---
|
|
whitelist_domains = ["*.diukman.com", "diukman.com"]
|
|
pass_host_header = true # Pass the Host header from the client to the upstream server |