attempting some OAUTH

media/docker-compose.yml

@@ -28,6 +28,9 @@ services:
       - /etc/localtime:/etc/localtime:ro
       - lidarr_config:/config:rw
       - media_share:/data
+    labels:
+      - traefik.http.routers.lidarr.rule=Host(`media.playne.au`) and PathPrefix(`/lidarr`)
+      - traefik.http.middlewares.lidarr.stripprefix.prefixes=/lidarr
 
   nzbget:
     environment:

network/docker-compose.yml

@@ -20,6 +20,26 @@ services:
       - /var/run/docker.sock:/var/run/docker.sock
       - ./traefik:/etc/traefik/
 
+  traefik-forward-auth:
+    image: thomseddon/traefik-forward-auth:2
+    env_file: traefik/traefik-forward-auth.env
+#    networks:
+#      - traefik_public
+    labels: # you only need these if you're using an auth host
+      - traefik.enable=true
+      - traefik.http.routers.auth.rule=Host(`auth.playne.au`)
+      - traefik.http.routers.auth.entrypoints=websecure
+      - traefik.http.routers.auth.tls=true
+      - traefik.http.routers.auth.tls.domains[0].main=playne.au
+      - traefik.http.routers.auth.tls.domains[0].sans=*.playne.au
+      - traefik.http.routers.auth.tls.certresolver=main
+      - traefik.http.routers.auth.service=auth@docker
+      - traefik.http.services.auth.loadbalancer.server.port=4181
+      - traefik.http.middlewares.forward-auth.forwardauth.address=http://traefik-forward-auth:4181
+      - traefik.http.middlewares.forward-auth.forwardauth.trustForwardHeader=true
+      - traefik.http.middlewares.forward-auth.forwardauth.authResponseHeaders=X-Forwarded-User
+      - traefik.http.routers.auth.middlewares=forward-auth
+
   heimdall:
     environment:
       - PGID=1000
@@ -36,6 +56,7 @@ services:
       - traefik.http.routers.heimdall.rule=Host(`media.playne.au`)
       - traefik.http.routers.heimdall.tls=true
       - traefik.http.routers.heimdall.tls.certresolver=le
+      - traefik.http.routers.heimdall.entrypoints=websecure
 
 
   pihole:
@@ -78,6 +99,7 @@ services:
       - traefik.http.routers.git.rule=Host(`git.playne.au`)
       - traefik.http.routers.git.tls=true
       - traefik.http.routers.git.tls.certresolver=le
+      - traefik.http.routers.git.entrypoints=websecure
       - traefik.http.services.git.loadbalancer.server.port=3000
 #      - traefik.tcp.routers.git.entrypoints[0]=gitssh
 #      - traefik.tcp.routers.git.rule=HostSNI(`*`)

network/traefik/traefik-forward-auth.env

@@ -0,0 +1,7 @@
+PROVIDERS_GOOGLE_CLIENT_ID=346842284459-kbsuo8u2l4qmm7f4ms9g0dj7iif00834.apps.googleusercontent.com
+PROVIDERS_GOOGLE_CLIENT_SECRET=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
+SECRET=g3aoDrSm9koLB7mwzZGZRWutYP2gyLVqB8qQoxcNiddhqDidijrmE8HxJm9e7d5XY6aBC8Hdoz32KqFrGABA7SZhGJH7YQb5jSJ7BNvFrnCWcKcGAMfXLbF5RnpeNGSD
+# comment out AUTH_HOST if you'd rather use individual redirect_uris (slightly less complicated but more work)
+AUTH_HOST=auth.playne.au
+COOKIE_DOMAINS=playne.au
+WHITELIST=jason@jasonplayne.com,april@aprilplayne.com,sophie@playne.id.au,tiana@playne.id.au