scripts/homelab/installer/pihole-oauth2.cfg - pcloud - Gitiles

 http_address = "0.0.0.0:8080"

 reverse_proxy = true

 ## the OAuth Redirect URL.
 # defaults to the "https://" + requested host header + "/oauth2/callback"
 # redirect_url = "http://pihole.pcloud/oauth2/callback"

 upstreams = [
     "http://pihole-web.app-pihole.svc.cluster.local/"
 ]

 email_domains = [
     "*"
 ]

 logging_filename = ""
 logging_max_size = 100
 logging_max_age = 7
 logging_local_time = true
 logging_compress = false
 standard_logging = true
 standard_logging_format = "[{{.Timestamp}}] [{{.File}}] {{.Message}}"
 request_logging = true
 request_logging_format = "{{.Client}} - {{.Username}} [{{.Timestamp}}] {{.Host}} {{.RequestMethod}} {{.Upstream}} {{.RequestURI}} {{.Protocol}} {{.UserAgent}} {{.StatusCode}} {{.ResponseSize}} {{.RequestDuration}}"
 auth_logging = true
 auth_logging_format = "{{.Client}} - {{.Username}} [{{.Timestamp}}] [{{.Status}}] {{.Message}}"

 pass_basic_auth = true
 pass_user_headers = true
 pass_host_header = true

 ## The OAuth Client ID, Secret
 client_id = "pihole"
 client_secret = "1QpkwzJoZVlgjTnzfhhF3UfmVDVuKQQEWx4Qu3Oi9RM="

 ## Pass OAuth Access token to upstream via "X-Forwarded-Access-Token"
 pass_access_token = false

 ## Cookie Settings
 ## Name     - the cookie name
 ## Secret   - the seed string for secure cookies; should be 16, 24, or 32 bytes
 ##            for use with an AES cipher when cookie_refresh or pass_access_token
 ##            is set
 ## Domain   - (optional) cookie domain to force cookies to (ie: .yourcompany.com)
 ## Expire   - (duration) expire timeframe for cookie
 ## Refresh  - (duration) refresh the cookie when duration has elapsed after cookie was initially set.
 ##            Should be less than cookie_expire; set to 0 to disable.
 ##            On refresh, OAuth token is re-validated.
 ##            (ie: 1h means tokens are refreshed on request 1hr+ after it was set)
 ## Secure   - secure cookies are only sent by the browser of a HTTPS connection (recommended)
 ## HttpOnly - httponly cookies are not readable by javascript (recommended)
 cookie_name = "_oauth2_proxy_pihole"
 cookie_secret = "123456789012345678901234567890--"
 cookie_domains = "pihole.pcloud"
 cookie_expire = "168h"
 cookie_refresh = "100h"
 cookie_secure = true
 cookie_httponly = true

 provider = "oidc"
 oidc_issuer_url = "https://hydra.lekva.me/"
 provider_display_name = "PCloud OIDC Provider"
 profile_url = "https://accounts-ui.lekva.me"
	http_address = "0.0.0.0:8080"

	reverse_proxy = true

	## the OAuth Redirect URL.
	# defaults to the "https://" + requested host header + "/oauth2/callback"
	# redirect_url = "http://pihole.pcloud/oauth2/callback"

	upstreams = [
	"http://pihole-web.app-pihole.svc.cluster.local/"
	]

	email_domains = [
	"*"
	]

	logging_filename = ""
	logging_max_size = 100
	logging_max_age = 7
	logging_local_time = true
	logging_compress = false
	standard_logging = true
	standard_logging_format = "[{{.Timestamp}}] [{{.File}}] {{.Message}}"
	request_logging = true
	request_logging_format = "{{.Client}} - {{.Username}} [{{.Timestamp}}] {{.Host}} {{.RequestMethod}} {{.Upstream}} {{.RequestURI}} {{.Protocol}} {{.UserAgent}} {{.StatusCode}} {{.ResponseSize}} {{.RequestDuration}}"
	auth_logging = true
	auth_logging_format = "{{.Client}} - {{.Username}} [{{.Timestamp}}] [{{.Status}}] {{.Message}}"

	pass_basic_auth = true
	pass_user_headers = true
	pass_host_header = true

	## The OAuth Client ID, Secret
	client_id = "pihole"
	client_secret = "1QpkwzJoZVlgjTnzfhhF3UfmVDVuKQQEWx4Qu3Oi9RM="

	## Pass OAuth Access token to upstream via "X-Forwarded-Access-Token"
	pass_access_token = false

	## Cookie Settings
	## Name - the cookie name
	## Secret - the seed string for secure cookies; should be 16, 24, or 32 bytes
	## for use with an AES cipher when cookie_refresh or pass_access_token
	## is set
	## Domain - (optional) cookie domain to force cookies to (ie: .yourcompany.com)
	## Expire - (duration) expire timeframe for cookie
	## Refresh - (duration) refresh the cookie when duration has elapsed after cookie was initially set.
	## Should be less than cookie_expire; set to 0 to disable.
	## On refresh, OAuth token is re-validated.
	## (ie: 1h means tokens are refreshed on request 1hr+ after it was set)
	## Secure - secure cookies are only sent by the browser of a HTTPS connection (recommended)
	## HttpOnly - httponly cookies are not readable by javascript (recommended)
	cookie_name = "_oauth2_proxy_pihole"
	cookie_secret = "123456789012345678901234567890--"
	cookie_domains = "pihole.pcloud"
	cookie_expire = "168h"
	cookie_refresh = "100h"
	cookie_secure = true
	cookie_httponly = true

	provider = "oidc"
	oidc_issuer_url = "https://hydra.lekva.me/"
	provider_display_name = "PCloud OIDC Provider"
	profile_url = "https://accounts-ui.lekva.me"