Add oauth2proxy
This commit is contained in:
Bas van den Berg
parent
478626d386
commit
04aa3a9fa2
65
ct/oauth2-proxy.sh
Normal file
65
ct/oauth2-proxy.sh
Normal file
@ -0,0 +1,65 @@
|
||||
#!/usr/bin/env bash
|
||||
source <(curl -fsSL https://git.community-scripts.org/community-scripts/ProxmoxVED/raw/branch/main/misc/build.func)
|
||||
# Copyright (c) 2021-2025 community-scripts ORG
|
||||
# Author: bvdberg01
|
||||
# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE
|
||||
# Source: https://github.com/oauth2-proxy/oauth2-proxy/
|
||||
|
||||
APP="oauth2-proxy"
|
||||
var_tags="${var_tags:-os}"
|
||||
var_cpu="${var_cpu:-1}"
|
||||
var_ram="${var_ram:-512}"
|
||||
var_disk="${var_disk:-3}"
|
||||
var_os="${var_os:-debian}"
|
||||
var_version="${var_version:-12}"
|
||||
var_unprivileged="${var_unprivileged:-1}"
|
||||
|
||||
header_info "$APP"
|
||||
variables
|
||||
color
|
||||
catch_errors
|
||||
|
||||
function update_script() {
|
||||
header_info
|
||||
check_container_storage
|
||||
check_container_resources
|
||||
|
||||
if [[ ! -d /opt/oauth2-proxy ]]; then
|
||||
msg_error "No ${APP} Installation Found!"
|
||||
exit
|
||||
fi
|
||||
|
||||
RELEASE=$(curl -fsSL https://api.github.com/repos/oauth2-proxy/oauth2-proxy/releases/latest | jq -r .tag_name | sed 's/^v//')
|
||||
if [[ ! -f /opt/${APP}_version.txt ]] || [[ "${RELEASE}" != "$(cat /opt/${APP}_version.txt)" ]]; then
|
||||
msg_info "Stopping ${APP} services"
|
||||
systemctl stop oauth2-proxy
|
||||
msg_ok "Stopped ${APP}"
|
||||
|
||||
msg_info "Updating $APP to ${RELEASE}"
|
||||
rm -f /opt/oauth2-proxy/oauth2-proxy
|
||||
curl -fsSL "https://github.com/oauth2-proxy/oauth2-proxy/releases/download/v${RELEASE}/oauth2-proxy-v${RELEASE}.linux-amd64.tar.gz" -o /opt/oauth2-proxy.tar.gz
|
||||
tar -xzf /opt/oauth2-proxy.tar.gz
|
||||
mv /opt/oauth2-proxy-v${RELEASE}.linux-amd64/oauth2-proxy /opt/oauth2-proxy
|
||||
systemctl restart oauth2-proxy
|
||||
echo "${RELEASE}" >/opt/${APP}_version.txt
|
||||
msg_ok "Updated ${APP} to ${RELEASE}"
|
||||
|
||||
msg_info "Cleaning up"
|
||||
$STD apt-get -y autoremove
|
||||
$STD apt-get -y autoclean
|
||||
rm -f "/opt/oauth2-proxy.tar.gz"
|
||||
rm -rf "/opt/oauth2-proxy-v${RELEASE}.linux-amd64"
|
||||
msg_ok "Cleaned"
|
||||
else
|
||||
msg_ok "${APP} is already up to date (${RELEASE})"
|
||||
fi
|
||||
}
|
||||
|
||||
start
|
||||
build_container
|
||||
description
|
||||
|
||||
msg_ok "Completed Successfully!\n"
|
||||
echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
|
||||
echo -e "${INFO}${YW} Access it using the following URL:${CL}"
|
||||
echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:4180${CL}"
|
||||
74
install/oauth2-proxy-install.sh
Normal file
74
install/oauth2-proxy-install.sh
Normal file
@ -0,0 +1,74 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
# Copyright (c) 2021-2025 community-scripts ORG
|
||||
# Author: bvdberg01
|
||||
# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE
|
||||
# Source: https://github.com/oauth2-proxy/oauth2-proxy/
|
||||
|
||||
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
|
||||
color
|
||||
verb_ip6
|
||||
catch_errors
|
||||
setting_up_container
|
||||
network_check
|
||||
update_os
|
||||
|
||||
msg_info "Installing Dependencies"
|
||||
$STD apt-get install -y \
|
||||
jq
|
||||
msg_ok "Installed Dependencies"
|
||||
|
||||
msg_info "Setup OAuth2-Proxy"
|
||||
RELEASE=$(curl -fsSL https://api.github.com/repos/oauth2-proxy/oauth2-proxy/releases/latest | jq -r .tag_name | sed 's/^v//')
|
||||
mkdir -p /opt/oauth2-proxy
|
||||
curl -fsSL "https://github.com/oauth2-proxy/oauth2-proxy/releases/download/v${RELEASE}/oauth2-proxy-v${RELEASE}.linux-amd64.tar.gz" -o /opt/oauth2-proxy.tar.gz
|
||||
tar -xzf /opt/oauth2-proxy.tar.gz
|
||||
mv /opt/oauth2-proxy-v${RELEASE}.linux-amd64/oauth2-proxy /opt/oauth2-proxy
|
||||
msg_ok "Setup OAuth2-Proxy"
|
||||
|
||||
msg_info "Setup OAuth2-Proxy Config"
|
||||
cat <<EOF >/opt/oauth2-proxy/config.cfg
|
||||
#keycloak
|
||||
http_address = "0.0.0.0:4180"
|
||||
provider = "keycloak-oidc"
|
||||
client_id = "oauth2-proxy"
|
||||
client_secret = "PLACESECRETHERE"
|
||||
email_domains = "*"
|
||||
oidc_issuer_url = "https://example.domain.com/realms/master"
|
||||
redirect_url = "https://example.domain.com/oauth2/callback"
|
||||
code_challenge_method = "S256"
|
||||
cookie_secret = "PLACESECRETHERE"
|
||||
cookie_domains = ".domain.com"
|
||||
whitelist_domains = ".domain.com"
|
||||
EOF
|
||||
echo "${RELEASE}" >/opt/${APPLICATION}_version.txt
|
||||
msg_ok "Setup OAuth2-Proxy Config"
|
||||
|
||||
msg_info "Creating Service"
|
||||
cat <<EOF >/etc/systemd/system/oauth2-proxy.service
|
||||
[Unit]
|
||||
Description=OAuth2-Proxy Service
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
WorkingDirectory=/opt/oauth2-proxy
|
||||
ExecStart=/opt/oauth2-proxy/oauth2-proxy --config config.cfg
|
||||
Restart=on-failure
|
||||
RestartSec=5
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
EOF
|
||||
systemctl enable -q --now oauth2-proxy
|
||||
msg_ok "Created Service"
|
||||
|
||||
motd_ssh
|
||||
customize
|
||||
|
||||
msg_info "Cleaning up"
|
||||
$STD apt-get -y autoremove
|
||||
$STD apt-get -y autoclean
|
||||
rm -f "/opt/oauth2-proxy.tar.gz"
|
||||
rm -rf "/opt/oauth2-proxy-v${RELEASE}.linux-amd64"
|
||||
msg_ok "Cleaned"
|
||||
Loading…
x
Reference in New Issue
Block a user