Skip authentication for health check urls about oauth2_proxy HOT 5 CLOSED

google_auth_proxy has a built in /ping endpoint for exactly that sort of monitoring use case. Can you use that endpoint or are you really looking to pass requests through w/o authentication?

from oauth2_proxy.

Our current setup has Amazon ELB configured to balance across 3 nodes. Each node exposes a health check end point /status. ELB takes a node out of rotation on failure at /status end point.

With auth proxy, we will be pointing the ELB at auth proxy and configure auth proxy to the application nodes. Can you please clarify how the following can be done,

1. Should we run auth proxy on each every node? If not can it act as a load balancer
2. The /status end point checks connection pool size and other critical params. So /ping may not be an option for us.

from oauth2_proxy.

You can run google_auth_proxy on each node. If you use the same "secret" parameter for each, then logging into one will log you into any, but I think the initial oauth flow won't work if your requests switch between nodes during that process.

It may make sense to combine google_auth_proxy with flexible proxying webserver like nginx. You could configure nginx to proxy just one path through to the app directly, and for any other request proxy to google_auth_proxy (which then proxies to the app). Or, you could have initial connections go to one instance of google_auth_proxy, and have it proxy to nginx, which then does load-balancing between multiple app nodes.

from oauth2_proxy.

Thank you. We are going with the first option.

but I think the initial oauth flow won't work if your requests switch between nodes during that process
There's no state maintained and it works fine in our setup

We have made changes to skip authentication for a configured path. I will submit a patch for the same. As of now, it's restricted to a single path but can be extended to support a list of paths or regex based paths.

from oauth2_proxy.

closing in favor of #50

from oauth2_proxy.