outposts/proxy: fix securecookie: no codecs provided error with redis
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
eb2540a3c8
commit
4c3a9e69f2
|
@ -4,6 +4,7 @@ import (
|
|||
"fmt"
|
||||
"net/url"
|
||||
"os"
|
||||
"strconv"
|
||||
|
||||
log "github.com/sirupsen/logrus"
|
||||
|
||||
|
@ -20,7 +21,8 @@ Required environment variables:
|
|||
- AUTHENTIK_INSECURE: Skip SSL Certificate verification
|
||||
|
||||
Optionally, you can set these:
|
||||
- AUTHENTIK_HOST_BROWSER: URL to use in the browser, when it differs from AUTHENTIK_HOST`
|
||||
- AUTHENTIK_HOST_BROWSER: URL to use in the browser, when it differs from AUTHENTIK_HOST
|
||||
- AUTHENTIK_PORT_OFFSET: Offset to add to the listening ports, i.e. value of 100 makes proxy listen on 9100`
|
||||
|
||||
func main() {
|
||||
log.SetLevel(log.DebugLevel)
|
||||
|
@ -36,6 +38,15 @@ func main() {
|
|||
fmt.Println(helpMessage)
|
||||
os.Exit(1)
|
||||
}
|
||||
portOffset := 0
|
||||
portOffsetS := os.Getenv("AUTHENTIK_PORT_OFFSET")
|
||||
if portOffsetS != "" {
|
||||
v, err := strconv.Atoi(portOffsetS)
|
||||
if err != nil {
|
||||
fmt.Println(err.Error())
|
||||
}
|
||||
portOffset = v
|
||||
}
|
||||
|
||||
akURLActual, err := url.Parse(akURL)
|
||||
if err != nil {
|
||||
|
@ -49,7 +60,7 @@ func main() {
|
|||
|
||||
ac := ak.NewAPIController(*akURLActual, akToken)
|
||||
|
||||
ac.Server = proxyv2.NewProxyServer(ac)
|
||||
ac.Server = proxyv2.NewProxyServer(ac, portOffset)
|
||||
|
||||
err = ac.Start()
|
||||
if err != nil {
|
||||
|
|
|
@ -99,7 +99,7 @@ func attemptProxyStart(ws *web.WebServer, u *url.URL) {
|
|||
}
|
||||
continue
|
||||
}
|
||||
srv := proxyv2.NewProxyServer(ac)
|
||||
srv := proxyv2.NewProxyServer(ac, 0)
|
||||
ws.ProxyServer = srv
|
||||
ac.Server = srv
|
||||
log.WithField("logger", "authentik").Debug("attempting to start outpost")
|
||||
|
|
|
@ -31,7 +31,6 @@ type WebConfig struct {
|
|||
ListenTLS string `yaml:"listen_tls"`
|
||||
LoadLocalFiles bool `yaml:"load_local_files" env:"AUTHENTIK_WEB_LOAD_LOCAL_FILES"`
|
||||
DisableEmbeddedOutpost bool `yaml:"disable_embedded_outpost" env:"AUTHENTIK_WEB__DISABLE_EMBEDDED_OUTPOST"`
|
||||
OutpostPortOffset int `yaml:"outpost_port_offset"`
|
||||
}
|
||||
|
||||
type PathsConfig struct {
|
||||
|
|
|
@ -5,6 +5,7 @@ import (
|
|||
"strconv"
|
||||
|
||||
"github.com/gorilla/sessions"
|
||||
log "github.com/sirupsen/logrus"
|
||||
"goauthentik.io/api"
|
||||
"goauthentik.io/internal/config"
|
||||
"gopkg.in/boj/redistore.v1"
|
||||
|
@ -13,15 +14,17 @@ import (
|
|||
func GetStore(p api.ProxyOutpostConfig) sessions.Store {
|
||||
var store sessions.Store
|
||||
if config.G.Redis.Host != "" {
|
||||
rs, err := redistore.NewRediStoreWithDB(10, "tcp", fmt.Sprintf("%s:%d", config.G.Redis.Host, config.G.Redis.Port), config.G.Redis.Password, strconv.Itoa(config.G.Redis.OutpostSessionDB))
|
||||
rs, err := redistore.NewRediStoreWithDB(10, "tcp", fmt.Sprintf("%s:%d", config.G.Redis.Host, config.G.Redis.Port), config.G.Redis.Password, strconv.Itoa(config.G.Redis.OutpostSessionDB), []byte(*p.CookieSecret))
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
rs.Options.Domain = *p.CookieDomain
|
||||
log.Info("using redis session backend")
|
||||
store = rs
|
||||
} else {
|
||||
cs := sessions.NewCookieStore([]byte(*p.CookieSecret))
|
||||
cs.Options.Domain = *p.CookieDomain
|
||||
log.Info("using cookie session backend")
|
||||
store = cs
|
||||
}
|
||||
return store
|
||||
|
|
|
@ -14,7 +14,6 @@ import (
|
|||
"github.com/pires/go-proxyproto"
|
||||
log "github.com/sirupsen/logrus"
|
||||
"goauthentik.io/api"
|
||||
"goauthentik.io/internal/config"
|
||||
"goauthentik.io/internal/crypto"
|
||||
"goauthentik.io/internal/outpost/ak"
|
||||
"goauthentik.io/internal/outpost/proxyv2/application"
|
||||
|
@ -36,7 +35,7 @@ type ProxyServer struct {
|
|||
akAPI *ak.APIController
|
||||
}
|
||||
|
||||
func NewProxyServer(ac *ak.APIController) *ProxyServer {
|
||||
func NewProxyServer(ac *ak.APIController, portOffset int) *ProxyServer {
|
||||
l := log.WithField("logger", "authentik.outpost.proxyv2")
|
||||
defaultCert, err := crypto.GenerateSelfSignedCert()
|
||||
if err != nil {
|
||||
|
@ -55,7 +54,7 @@ func NewProxyServer(ac *ak.APIController) *ProxyServer {
|
|||
globalMux.Use(web.NewLoggingHandler(l.WithField("logger", "authentik.outpost.proxyv2.http"), nil))
|
||||
s := &ProxyServer{
|
||||
Listen: "0.0.0.0:%d",
|
||||
PortOffset: config.G.Web.OutpostPortOffset,
|
||||
PortOffset: portOffset,
|
||||
|
||||
cryptoStore: ak.NewCryptoStore(ac.Client.CryptoApi),
|
||||
apps: make(map[string]*application.Application),
|
||||
|
|
Reference in a new issue