trustchain-oc1-orchestral
/
authentik
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

outposts/proxy: fix securecookie: no codecs provided error with redis 

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2021-09-09 10:23:46 +02:00
parent eb2540a3c8
commit 4c3a9e69f2
5 changed files with 20 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
cmd/proxy/server.go
View File

@ -4,6 +4,7 @@ import (
"fmt" "fmt"
"net/url" "net/url"
"os" "os"
"strconv"
log "github.com/sirupsen/logrus" log "github.com/sirupsen/logrus"
@ -20,7 +21,8 @@ Required environment variables:
- AUTHENTIK_INSECURE: Skip SSL Certificate verification - AUTHENTIK_INSECURE: Skip SSL Certificate verification
Optionally, you can set these: Optionally, you can set these:
- AUTHENTIK_HOST_BROWSER: URL to use in the browser, when it differs from AUTHENTIK_HOST` - AUTHENTIK_HOST_BROWSER: URL to use in the browser, when it differs from AUTHENTIK_HOST
- AUTHENTIK_PORT_OFFSET: Offset to add to the listening ports, i.e. value of 100 makes proxy listen on 9100`
func main() { func main() {
log.SetLevel(log.DebugLevel) log.SetLevel(log.DebugLevel)
@ -36,6 +38,15 @@ func main() {
fmt.Println(helpMessage) fmt.Println(helpMessage)
os.Exit(1) os.Exit(1)
} }
portOffset := 0
portOffsetS := os.Getenv("AUTHENTIK_PORT_OFFSET")
if portOffsetS != "" {
v, err := strconv.Atoi(portOffsetS)
if err != nil {
fmt.Println(err.Error())
}
portOffset = v
}
akURLActual, err := url.Parse(akURL) akURLActual, err := url.Parse(akURL)
if err != nil { if err != nil {
@ -49,7 +60,7 @@ func main() {
ac := ak.NewAPIController(*akURLActual, akToken) ac := ak.NewAPIController(*akURLActual, akToken)
ac.Server = proxyv2.NewProxyServer(ac) ac.Server = proxyv2.NewProxyServer(ac, portOffset)
err = ac.Start() err = ac.Start()
if err != nil { if err != nil {

2
cmd/server/main.go
View File

@ -99,7 +99,7 @@ func attemptProxyStart(ws *web.WebServer, u *url.URL) {
} }
continue continue
} }
srv := proxyv2.NewProxyServer(ac) srv := proxyv2.NewProxyServer(ac, 0)
ws.ProxyServer = srv ws.ProxyServer = srv
ac.Server = srv ac.Server = srv
log.WithField("logger", "authentik").Debug("attempting to start outpost") log.WithField("logger", "authentik").Debug("attempting to start outpost")

1
internal/config/struct.go
View File

@ -31,7 +31,6 @@ type WebConfig struct {
ListenTLS string `yaml:"listen_tls"` ListenTLS string `yaml:"listen_tls"`
LoadLocalFiles bool `yaml:"load_local_files" env:"AUTHENTIK_WEB_LOAD_LOCAL_FILES"` LoadLocalFiles bool `yaml:"load_local_files" env:"AUTHENTIK_WEB_LOAD_LOCAL_FILES"`
DisableEmbeddedOutpost bool `yaml:"disable_embedded_outpost" env:"AUTHENTIK_WEB__DISABLE_EMBEDDED_OUTPOST"` DisableEmbeddedOutpost bool `yaml:"disable_embedded_outpost" env:"AUTHENTIK_WEB__DISABLE_EMBEDDED_OUTPOST"`
OutpostPortOffset int `yaml:"outpost_port_offset"`
} }
type PathsConfig struct { type PathsConfig struct {

5
internal/outpost/proxyv2/application/session.go
View File

@ -5,6 +5,7 @@ import (
"strconv" "strconv"
"github.com/gorilla/sessions" "github.com/gorilla/sessions"
log "github.com/sirupsen/logrus"
"goauthentik.io/api" "goauthentik.io/api"
"goauthentik.io/internal/config" "goauthentik.io/internal/config"
"gopkg.in/boj/redistore.v1" "gopkg.in/boj/redistore.v1"
@ -13,15 +14,17 @@ import (
func GetStore(p api.ProxyOutpostConfig) sessions.Store { func GetStore(p api.ProxyOutpostConfig) sessions.Store {
var store sessions.Store var store sessions.Store
if config.G.Redis.Host != "" { if config.G.Redis.Host != "" {
rs, err := redistore.NewRediStoreWithDB(10, "tcp", fmt.Sprintf("%s:%d", config.G.Redis.Host, config.G.Redis.Port), config.G.Redis.Password, strconv.Itoa(config.G.Redis.OutpostSessionDB)) rs, err := redistore.NewRediStoreWithDB(10, "tcp", fmt.Sprintf("%s:%d", config.G.Redis.Host, config.G.Redis.Port), config.G.Redis.Password, strconv.Itoa(config.G.Redis.OutpostSessionDB), []byte(*p.CookieSecret))
if err != nil { if err != nil {
panic(err) panic(err)
} }
rs.Options.Domain = *p.CookieDomain rs.Options.Domain = *p.CookieDomain
log.Info("using redis session backend")
store = rs store = rs
} else { } else {
cs := sessions.NewCookieStore([]byte(*p.CookieSecret)) cs := sessions.NewCookieStore([]byte(*p.CookieSecret))
cs.Options.Domain = *p.CookieDomain cs.Options.Domain = *p.CookieDomain
log.Info("using cookie session backend")
store = cs store = cs
} }
return store return store

5
internal/outpost/proxyv2/proxyv2.go
View File

@ -14,7 +14,6 @@ import (
"github.com/pires/go-proxyproto" "github.com/pires/go-proxyproto"
log "github.com/sirupsen/logrus" log "github.com/sirupsen/logrus"
"goauthentik.io/api" "goauthentik.io/api"
"goauthentik.io/internal/config"
"goauthentik.io/internal/crypto" "goauthentik.io/internal/crypto"
"goauthentik.io/internal/outpost/ak" "goauthentik.io/internal/outpost/ak"
"goauthentik.io/internal/outpost/proxyv2/application" "goauthentik.io/internal/outpost/proxyv2/application"
@ -36,7 +35,7 @@ type ProxyServer struct {
akAPI *ak.APIController akAPI *ak.APIController
} }
func NewProxyServer(ac *ak.APIController) *ProxyServer { func NewProxyServer(ac *ak.APIController, portOffset int) *ProxyServer {
l := log.WithField("logger", "authentik.outpost.proxyv2") l := log.WithField("logger", "authentik.outpost.proxyv2")
defaultCert, err := crypto.GenerateSelfSignedCert() defaultCert, err := crypto.GenerateSelfSignedCert()
if err != nil { if err != nil {
@ -55,7 +54,7 @@ func NewProxyServer(ac *ak.APIController) *ProxyServer {
globalMux.Use(web.NewLoggingHandler(l.WithField("logger", "authentik.outpost.proxyv2.http"), nil)) globalMux.Use(web.NewLoggingHandler(l.WithField("logger", "authentik.outpost.proxyv2.http"), nil))
s := &ProxyServer{ s := &ProxyServer{
Listen: "0.0.0.0:%d", Listen: "0.0.0.0:%d",
PortOffset: config.G.Web.OutpostPortOffset, PortOffset: portOffset,
cryptoStore: ak.NewCryptoStore(ac.Client.CryptoApi), cryptoStore: ak.NewCryptoStore(ac.Client.CryptoApi),
apps: make(map[string]*application.Application), apps: make(map[string]*application.Application),