Comments (5)
google_auth_proxy
has a built in /ping
endpoint for exactly that sort of monitoring use case. Can you use that endpoint or are you really looking to pass requests through w/o authentication?
from oauth2_proxy.
Our current setup has Amazon ELB configured to balance across 3 nodes. Each node exposes a health check end point /status. ELB takes a node out of rotation on failure at /status end point.
With auth proxy, we will be pointing the ELB at auth proxy and configure auth proxy to the application nodes. Can you please clarify how the following can be done,
- Should we run auth proxy on each every node? If not can it act as a load balancer
- The /status end point checks connection pool size and other critical params. So /ping may not be an option for us.
from oauth2_proxy.
You can run google_auth_proxy on each node. If you use the same "secret" parameter for each, then logging into one will log you into any, but I think the initial oauth flow won't work if your requests switch between nodes during that process.
It may make sense to combine google_auth_proxy with flexible proxying webserver like nginx. You could configure nginx to proxy just one path through to the app directly, and for any other request proxy to google_auth_proxy (which then proxies to the app). Or, you could have initial connections go to one instance of google_auth_proxy, and have it proxy to nginx, which then does load-balancing between multiple app nodes.
from oauth2_proxy.
Thank you. We are going with the first option.
but I think the initial oauth flow won't work if your requests switch between nodes during that process
There's no state maintained and it works fine in our setup
We have made changes to skip authentication for a configured path. I will submit a patch for the same. As of now, it's restricted to a single path but can be extended to support a list of paths or regex based paths.
from oauth2_proxy.
closing in favor of #50
from oauth2_proxy.
Related Issues (20)
- GitHub Authentication keeps valid after user is removed from org or team HOT 1
- V2.2 is complaining about the google oauth Json file
- will oauth2_proxy support PUT HOT 2
- help with scope setting for okta HOT 1
- HTTP Basic Auth and set-xauthrequest HOT 4
- oauth2_proxy failing on the callback url using oidc provider HOT 1
- failing with oidc provider discovery object
- Safari is not sending cookies when doing CORS requests
- set response_mode
- Recent update of golang.org/x/oauth2/google libraries caused TestRequestSignaturePostRequest to fail
- OIDC provider disappeared in `v2.2` without any notice. HOT 1
- how to handle the callback url and get the login google emaill account? HOT 1
- htpasswd auth not working HOT 2
- Integrating oauth2_proxy with AWS Cognito HOT 3
- Microsoft Azure AD B2C Support
- user-configured redirect URL clobbered in oauthproxy.go HOT 5
- oidc and scope
- Restrict auth to specific Google groups returning Invalid Account HOT 1
- 404 not found on redirect HOT 1
- Cookie Path Defaults to Root '/' Even when Using "proxy-prefix" option
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from oauth2_proxy.