kevinmingtarja/docker-compose.yaml

## docker-compose.yaml
version: '3.8'

services:
  # Redis for OAuth2 Proxy session storage
  oauth2-redis:
    image: redis:7-alpine
    container_name: skypilot-oauth2-redis
    ports:
      - "6379:6379"
    restart: unless-stopped
    command: redis-server --appendonly yes
    volumes:
      - redis_data:/data
    networks:
      - oauth2-net

  # OAuth2 Proxy for authentication
  oauth2-proxy:
    image: quay.io/oauth2-proxy/oauth2-proxy:v7.9.0
    container_name: skypilot-oauth2-proxy
    ports:
      - "4180:4180"
    depends_on:
      - oauth2-redis
    environment:
      # Core OAuth2 Proxy Configuration
      OAUTH2_PROXY_HTTP_ADDRESS: "0.0.0.0:4180"
      OAUTH2_PROXY_PROVIDER: "oidc"

      # OIDC Provider
      OAUTH2_PROXY_OIDC_ISSUER_URL: "${OKTA_ISSUER_URL:-}"
      OAUTH2_PROXY_CLIENT_ID: "${OKTA_CLIENT_ID:-your-client-id-here}"
      OAUTH2_PROXY_CLIENT_SECRET: "${OKTA_CLIENT_SECRET:-your-client-secret-here}"

      # Session Configuration
      OAUTH2_PROXY_COOKIE_SECRET: "${OAUTH2_COOKIE_SECRET:-$(openssl rand -base64 32 | tr -d '=')}"
      OAUTH2_PROXY_SESSION_STORE_TYPE: "redis"
      OAUTH2_PROXY_REDIS_CONNECTION_URL: "redis://oauth2-redis:6379/0"

      # Security Settings
      OAUTH2_PROXY_EMAIL_DOMAINS: "*"
      OAUTH2_PROXY_COOKIE_SECURE: "false"  # Set to true in production with HTTPS
      OAUTH2_PROXY_COOKIE_HTTPONLY: "true"

      # Reverse Proxy Configuration
      OAUTH2_PROXY_REVERSE_PROXY: "true"
      OAUTH2_PROXY_SET_XAUTHREQUEST: "true"  # This sets X-Auth-Request-* headers
      OAUTH2_PROXY_UPSTREAM: "file:///dev/null"
      OAUTH2_PROXY_SKIP_PROVIDER_BUTTON: "true"

      # Additional Options
      OAUTH2_PROXY_PASS_ACCESS_TOKEN: "true"
      OAUTH2_PROXY_PASS_USER_HEADERS: "true"
      OAUTH2_PROXY_SET_AUTHORIZATION_HEADER: "true"

    restart: unless-stopped
    networks:
      - oauth2-net
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:4180/ping"]
      interval: 30s
      timeout: 10s
      retries: 3

volumes:
  redis_data:
    driver: local

networks:
  oauth2-net:
    driver: bridge
	version: '3.8'

	services:
	# Redis for OAuth2 Proxy session storage
	oauth2-redis:
	image: redis:7-alpine
	container_name: skypilot-oauth2-redis
	ports:
	- "6379:6379"
	restart: unless-stopped
	command: redis-server --appendonly yes
	volumes:
	- redis_data:/data
	networks:
	- oauth2-net

	# OAuth2 Proxy for authentication
	oauth2-proxy:
	image: quay.io/oauth2-proxy/oauth2-proxy:v7.9.0
	container_name: skypilot-oauth2-proxy
	ports:
	- "4180:4180"
	depends_on:
	- oauth2-redis
	environment:
	# Core OAuth2 Proxy Configuration
	OAUTH2_PROXY_HTTP_ADDRESS: "0.0.0.0:4180"
	OAUTH2_PROXY_PROVIDER: "oidc"

	# OIDC Provider
	OAUTH2_PROXY_OIDC_ISSUER_URL: "${OKTA_ISSUER_URL:-}"
	OAUTH2_PROXY_CLIENT_ID: "${OKTA_CLIENT_ID:-your-client-id-here}"
	OAUTH2_PROXY_CLIENT_SECRET: "${OKTA_CLIENT_SECRET:-your-client-secret-here}"

	# Session Configuration
	OAUTH2_PROXY_COOKIE_SECRET: "${OAUTH2_COOKIE_SECRET:-$(openssl rand -base64 32 \| tr -d '=')}"
	OAUTH2_PROXY_SESSION_STORE_TYPE: "redis"
	OAUTH2_PROXY_REDIS_CONNECTION_URL: "redis://oauth2-redis:6379/0"

	# Security Settings
	OAUTH2_PROXY_EMAIL_DOMAINS: "*"
	OAUTH2_PROXY_COOKIE_SECURE: "false" # Set to true in production with HTTPS
	OAUTH2_PROXY_COOKIE_HTTPONLY: "true"

	# Reverse Proxy Configuration
	OAUTH2_PROXY_REVERSE_PROXY: "true"
	OAUTH2_PROXY_SET_XAUTHREQUEST: "true" # This sets X-Auth-Request-* headers
	OAUTH2_PROXY_UPSTREAM: "file:///dev/null"
	OAUTH2_PROXY_SKIP_PROVIDER_BUTTON: "true"

	# Additional Options
	OAUTH2_PROXY_PASS_ACCESS_TOKEN: "true"
	OAUTH2_PROXY_PASS_USER_HEADERS: "true"
	OAUTH2_PROXY_SET_AUTHORIZATION_HEADER: "true"

	restart: unless-stopped
	networks:
	- oauth2-net
	healthcheck:
	test: ["CMD", "curl", "-f", "http://localhost:4180/ping"]
	interval: 30s
	timeout: 10s
	retries: 3

	volumes:
	redis_data:
	driver: local

	networks:
	oauth2-net:
	driver: bridge
No results found