| giolekva | 6e3463a | 2021-10-25 20:42:55 +0400 | [diff] [blame] | 1 | http_address = "0.0.0.0:8080" |
| 2 | |
| 3 | reverse_proxy = true |
| 4 | |
| 5 | ## the OAuth Redirect URL. |
| 6 | # defaults to the "https://" + requested host header + "/oauth2/callback" |
| 7 | # redirect_url = "http://pihole.pcloud/oauth2/callback" |
| 8 | |
| 9 | upstreams = [ |
| 10 | "http://pihole-web.app-pihole.svc.cluster.local/" |
| 11 | ] |
| 12 | |
| 13 | email_domains = [ |
| 14 | "*" |
| 15 | ] |
| 16 | |
| 17 | logging_filename = "" |
| 18 | logging_max_size = 100 |
| 19 | logging_max_age = 7 |
| 20 | logging_local_time = true |
| 21 | logging_compress = false |
| 22 | standard_logging = true |
| 23 | standard_logging_format = "[{{.Timestamp}}] [{{.File}}] {{.Message}}" |
| 24 | request_logging = true |
| 25 | request_logging_format = "{{.Client}} - {{.Username}} [{{.Timestamp}}] {{.Host}} {{.RequestMethod}} {{.Upstream}} {{.RequestURI}} {{.Protocol}} {{.UserAgent}} {{.StatusCode}} {{.ResponseSize}} {{.RequestDuration}}" |
| 26 | auth_logging = true |
| 27 | auth_logging_format = "{{.Client}} - {{.Username}} [{{.Timestamp}}] [{{.Status}}] {{.Message}}" |
| 28 | |
| 29 | pass_basic_auth = true |
| 30 | pass_user_headers = true |
| 31 | pass_host_header = true |
| 32 | |
| 33 | ## The OAuth Client ID, Secret |
| 34 | client_id = "pihole" |
| 35 | client_secret = "1QpkwzJoZVlgjTnzfhhF3UfmVDVuKQQEWx4Qu3Oi9RM=" |
| 36 | |
| 37 | ## Pass OAuth Access token to upstream via "X-Forwarded-Access-Token" |
| 38 | pass_access_token = false |
| 39 | |
| 40 | ## Cookie Settings |
| 41 | ## Name - the cookie name |
| 42 | ## Secret - the seed string for secure cookies; should be 16, 24, or 32 bytes |
| 43 | ## for use with an AES cipher when cookie_refresh or pass_access_token |
| 44 | ## is set |
| 45 | ## Domain - (optional) cookie domain to force cookies to (ie: .yourcompany.com) |
| 46 | ## Expire - (duration) expire timeframe for cookie |
| 47 | ## Refresh - (duration) refresh the cookie when duration has elapsed after cookie was initially set. |
| 48 | ## Should be less than cookie_expire; set to 0 to disable. |
| 49 | ## On refresh, OAuth token is re-validated. |
| 50 | ## (ie: 1h means tokens are refreshed on request 1hr+ after it was set) |
| 51 | ## Secure - secure cookies are only sent by the browser of a HTTPS connection (recommended) |
| 52 | ## HttpOnly - httponly cookies are not readable by javascript (recommended) |
| 53 | cookie_name = "_oauth2_proxy_pihole" |
| 54 | cookie_secret = "123456789012345678901234567890--" |
| 55 | cookie_domains = "pihole.pcloud" |
| 56 | cookie_expire = "168h" |
| 57 | cookie_refresh = "100h" |
| 58 | cookie_secure = true |
| 59 | cookie_httponly = true |
| 60 | |
| 61 | provider = "oidc" |
| 62 | oidc_issuer_url = "https://hydra.lekva.me/" |
| 63 | provider_display_name = "PCloud OIDC Provider" |
| 64 | profile_url = "https://accounts-ui.lekva.me" |