starred/pocket-id-pocket-id-2
1
0
Fork 0
mirror of https://github.com/pocket-id/pocket-id.git synced 2025-12-09 14:42:59 +03:00
Code Issues 116 Packages Projects Releases 10 Wiki Activity
Files
2d0bd8dcbfb73650b7829cb66f40decb284bd73b
pocket-id-pocket-id-2/docs/proxy-services.md
Elias Schneider 3006bc9ef7 docs: add callback url to proxy-services.md
2024-12-03 20:35:47 +01:00

3.1 KiB
Raw Blame History

Proxy Services through Pocket ID

The goal of Pocket ID is to stay simple. Because of that we don't have a built-in proxy provider. However, you can use OAuth2 Proxy to add authentication to your services that don't support OIDC. This guide will show you how to set up OAuth2 Proxy with Pocket ID.

Docker Setup

1. Add OAuth2 proxy to the service that should be proxied.

To configure OAuth2 Proxy with Pocket ID, you have to add the following service to the service that should be proxied. E.g., if Uptime Kuma should be proxied, you can add the following service to the docker-compose.yml of Uptime Kuma:

# Example with Uptime Kuma
# uptime-kuma:
#  image: louislam/uptime-kuma
oauth2-proxy:
  image: quay.io/oauth2-proxy/oauth2-proxy:v7.6.0
  command: --config /oauth2-proxy.cfg
  volumes:
    - "./oauth2-proxy.cfg:/oauth2-proxy.cfg"
  ports:
    - 4180:4180

2. Create a new OIDC client in Pocket ID.

Create a new OIDC client in Pocket ID by navigating to https://<your-domain>/settings/admin/oidc-clients. Now enter https://<domain-of-proxied-service>/oauth2/callback as the callback URL. After adding the client, you will obtain the client ID and client secret, which you will need in the next step.

3. Create a configuration file for OAuth2 Proxy.

Create a configuration file named oauth2-proxy.cfg in the same directory as your docker-compose.yml file of the service that should be proxied (e.g. Uptime Kuma). This file will contain the necessary configurations for OAuth2 Proxy to work with Pocket ID.

Here is the recommend oauth2-proxy.cfg configuration:

# Replace with your own credentials
client_id="client-id-from-pocket-id"
client_secret="client-secret-from-pocket-id"
oidc_issuer_url="https://<your-pocket-id-domain>"

# Replace with a secure random string
cookie_secret="random-string"

# Upstream servers (e.g http://uptime-kuma:3001)
upstreams="http://<service-to-be-proxied>:<port>"

# Additional Configuration
provider="oidc"
scope = "openid email profile"

# If you are using a reverse proxy in front of OAuth2 Proxy
reverse_proxy = true

# Email domains allowed for authentication
email_domains = ["*"]

# If you are using HTTPS
cookie_secure="true"

# Listen on all interfaces
http_address="0.0.0.0:4180"

For additional configuration options, refer to the official OAuth2 Proxy documentation.

4. Start the services.

After creating the configuration file, you can start the services using Docker Compose:

docker compose up -d

5. Access the service.

You can now access the service through OAuth2 Proxy by visiting http://localhost:4180.

Standalone Installation

Setting up OAuth2 Proxy with Pocket ID without Docker is similar to the Docker setup. As the setup depends on your environment, you have to adjust the steps accordingly but is should be similar to the Docker setup.

You can visit the official OAuth2 Proxy documentation for more information.

Reference in New Issue View Git Blame Copy Permalink