Anonaddy Minimal Oauth Example

AnonAddyOAuth2.md

Minimal Working Example of anonaddy with OAuth2 Proxy

For testing purposes

It should be as simple as docker compose up then once the logs settle down navigate to http://oauth2-proxy.localtest.me:4180/ and start the login process. Login with credentials "[email protected]" and "password". It should drop you to the anonaddy UI.

dex.yaml

issuer: http://dex.localtest.me:5556/dex
storage:
  type: etcd
  config:
    endpoints:
    - http://etcd:2379
    namespace: dex/
web:
  http: 0.0.0.0:5556
oauth2:
  skipApprovalScreen: true
expiry:
  signingKeys: "4h"
  idTokens: "1h"
staticClients:
- id: oauth2-proxy
  redirectURIs:
  - 'http://oauth2-proxy.localtest.me:4180/oauth2/callback'
  name: 'OAuth2 Proxy'
  secret: b2F1dGgyLXByb3h5LWNsaWVudC1zZWNyZXQK
enablePasswordDB: true
staticPasswords:
- email: "[email protected]"
  # bcrypt hash of the string "password"
  hash: "$2a$10$2b2cU8CPhOTaGrs1HRQuAueS7JTT5ZHsHSzYiFPm1leZck7Mc8T4W"
  username: "admin"
  userID: "08a8684b-db88-4b73-90a9-3cd1661f5466"

docker-compose.yml

services:
  oauth2-proxy:
    container_name: oauth2-proxy
    image: quay.io/oauth2-proxy/oauth2-proxy:v7.12.0
    command: --config /oauth2-proxy.cfg
    hostname: oauth2-proxy
    volumes:
      - "./oauth2-proxy.cfg:/oauth2-proxy.cfg"
    restart: unless-stopped
    ports:
      - 4180:4180/tcp
    networks:
      dex: {}
      anonaddy: {}
    depends_on:
      - dex
      - anonaddy
  dex:
    container_name: dex
    image: ghcr.io/dexidp/dex:v2.43.1
    command: dex serve /dex.yaml
    hostname: dex
    volumes:
      - "./dex.yaml:/dex.yaml"
    restart: unless-stopped
    ports:
      - 5556:5556/tcp
    networks:
      dex:
        aliases:
          - dex.localtest.me
      etcd: {}
    depends_on:
      - etcd
  mariadb:
    image: mariadb:10.11
    environment:
      MARIADB_DATABASE: anonaddy
      MARIADB_USER: anonaddy
      MARIADB_PASSWORD: anonaddy_password
      MARIADB_ROOT_PASSWORD: root_password
    networks:
      anonaddy: {}

  redis:
    image: redis:7-alpine
    networks:
      anonaddy: {}

  anonaddy:
    image: ghcr.io/nielscil/anonaddy-docker:edge
    environment:
      DB_CONNECTION: mysql
      DB_HOST: mariadb
      DB_PORT: 3306
      DB_DATABASE: anonaddy
      DB_USERNAME: anonaddy
      DB_PASSWORD: anonaddy_password
      REDIS_HOST: redis
      APP_KEY: base64:K0H03qJzCwSyIr6Q7vAuzPhJ9F6Z0TF49dau2rJrT0E=
      APP_URL: http://oauth2-proxy.localtest.me:4180
      ANONADDY_USE_PROXY_AUTHENTICATION: "true"
      ANONADDY_PROXY_AUTHENTICATION_USER_ID_HEADER: X-Forwarded-User
      ANONADDY_PROXY_AUTHENTICATION_NAME_HEADER: X-Forwarded-User
      ANONADDY_PROXY_AUTHENTICATION_EMAIL_HEADER: X-Forwarded-Email
      ANONADDY_DOMAIN: localtest.me
      ANONADDY_ALLOWED_DOMAINS: localtest.me
      ANONADDY_SECRET: devsecret
      QUEUE_CONNECTION: redis
      SESSION_DRIVER: redis
      CACHE_DRIVER: redis
    networks:
      anonaddy: {}
    depends_on:
      - mariadb
      - redis
  etcd:
    container_name: etcd
    image: gcr.io/etcd-development/etcd:v3.6.4
    entrypoint: /usr/local/bin/etcd
    command:
      - --listen-client-urls=http://0.0.0.0:2379
      - --advertise-client-urls=http://etcd:2379
    networks:
      etcd: {}
networks:
  dex: {}
  etcd: {}
  anonaddy: {}

oauth2-proxy.cfg

http_address="0.0.0.0:4180"
cookie_secret="OQINaROshtE9TcZkNAm-5Zs2Pv3xaWytBmc5W7sPX7w="
email_domains="example.com"
cookie_secure="false"
upstreams="http://anonaddy:8000"
pass_user_headers="true"
set_xauthrequest="true"
pass_authorization_header="true"
pass_access_token="true"
cookie_domains=[".localtest.me"]
whitelist_domains=[".localtest.me"]

client_secret="b2F1dGgyLXByb3h5LWNsaWVudC1zZWNyZXQK"
client_id="oauth2-proxy"
redirect_url="http://oauth2-proxy.localtest.me:4180/oauth2/callback"

oidc_issuer_url="http://dex.localtest.me:5556/dex"
provider="oidc"
provider_display_name="Dex"