outposts/proxy: fix securecookie: no codecs provided error with redis
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
		| @ -4,6 +4,7 @@ import ( | ||||
| 	"fmt" | ||||
| 	"net/url" | ||||
| 	"os" | ||||
| 	"strconv" | ||||
|  | ||||
| 	log "github.com/sirupsen/logrus" | ||||
|  | ||||
| @ -20,7 +21,8 @@ Required environment variables: | ||||
| - AUTHENTIK_INSECURE: Skip SSL Certificate verification | ||||
|  | ||||
| Optionally, you can set these: | ||||
| - AUTHENTIK_HOST_BROWSER: URL to use in the browser, when it differs from AUTHENTIK_HOST` | ||||
| - AUTHENTIK_HOST_BROWSER: URL to use in the browser, when it differs from AUTHENTIK_HOST | ||||
| - AUTHENTIK_PORT_OFFSET: Offset to add to the listening ports, i.e. value of 100 makes proxy listen on 9100` | ||||
|  | ||||
| func main() { | ||||
| 	log.SetLevel(log.DebugLevel) | ||||
| @ -36,6 +38,15 @@ func main() { | ||||
| 		fmt.Println(helpMessage) | ||||
| 		os.Exit(1) | ||||
| 	} | ||||
| 	portOffset := 0 | ||||
| 	portOffsetS := os.Getenv("AUTHENTIK_PORT_OFFSET") | ||||
| 	if portOffsetS != "" { | ||||
| 		v, err := strconv.Atoi(portOffsetS) | ||||
| 		if err != nil { | ||||
| 			fmt.Println(err.Error()) | ||||
| 		} | ||||
| 		portOffset = v | ||||
| 	} | ||||
|  | ||||
| 	akURLActual, err := url.Parse(akURL) | ||||
| 	if err != nil { | ||||
| @ -49,7 +60,7 @@ func main() { | ||||
|  | ||||
| 	ac := ak.NewAPIController(*akURLActual, akToken) | ||||
|  | ||||
| 	ac.Server = proxyv2.NewProxyServer(ac) | ||||
| 	ac.Server = proxyv2.NewProxyServer(ac, portOffset) | ||||
|  | ||||
| 	err = ac.Start() | ||||
| 	if err != nil { | ||||
|  | ||||
| @ -99,7 +99,7 @@ func attemptProxyStart(ws *web.WebServer, u *url.URL) { | ||||
| 			} | ||||
| 			continue | ||||
| 		} | ||||
| 		srv := proxyv2.NewProxyServer(ac) | ||||
| 		srv := proxyv2.NewProxyServer(ac, 0) | ||||
| 		ws.ProxyServer = srv | ||||
| 		ac.Server = srv | ||||
| 		log.WithField("logger", "authentik").Debug("attempting to start outpost") | ||||
|  | ||||
| @ -31,7 +31,6 @@ type WebConfig struct { | ||||
| 	ListenTLS              string `yaml:"listen_tls"` | ||||
| 	LoadLocalFiles         bool   `yaml:"load_local_files" env:"AUTHENTIK_WEB_LOAD_LOCAL_FILES"` | ||||
| 	DisableEmbeddedOutpost bool   `yaml:"disable_embedded_outpost" env:"AUTHENTIK_WEB__DISABLE_EMBEDDED_OUTPOST"` | ||||
| 	OutpostPortOffset      int    `yaml:"outpost_port_offset"` | ||||
| } | ||||
|  | ||||
| type PathsConfig struct { | ||||
|  | ||||
| @ -5,6 +5,7 @@ import ( | ||||
| 	"strconv" | ||||
|  | ||||
| 	"github.com/gorilla/sessions" | ||||
| 	log "github.com/sirupsen/logrus" | ||||
| 	"goauthentik.io/api" | ||||
| 	"goauthentik.io/internal/config" | ||||
| 	"gopkg.in/boj/redistore.v1" | ||||
| @ -13,15 +14,17 @@ import ( | ||||
| func GetStore(p api.ProxyOutpostConfig) sessions.Store { | ||||
| 	var store sessions.Store | ||||
| 	if config.G.Redis.Host != "" { | ||||
| 		rs, err := redistore.NewRediStoreWithDB(10, "tcp", fmt.Sprintf("%s:%d", config.G.Redis.Host, config.G.Redis.Port), config.G.Redis.Password, strconv.Itoa(config.G.Redis.OutpostSessionDB)) | ||||
| 		rs, err := redistore.NewRediStoreWithDB(10, "tcp", fmt.Sprintf("%s:%d", config.G.Redis.Host, config.G.Redis.Port), config.G.Redis.Password, strconv.Itoa(config.G.Redis.OutpostSessionDB), []byte(*p.CookieSecret)) | ||||
| 		if err != nil { | ||||
| 			panic(err) | ||||
| 		} | ||||
| 		rs.Options.Domain = *p.CookieDomain | ||||
| 		log.Info("using redis session backend") | ||||
| 		store = rs | ||||
| 	} else { | ||||
| 		cs := sessions.NewCookieStore([]byte(*p.CookieSecret)) | ||||
| 		cs.Options.Domain = *p.CookieDomain | ||||
| 		log.Info("using cookie session backend") | ||||
| 		store = cs | ||||
| 	} | ||||
| 	return store | ||||
|  | ||||
| @ -14,7 +14,6 @@ import ( | ||||
| 	"github.com/pires/go-proxyproto" | ||||
| 	log "github.com/sirupsen/logrus" | ||||
| 	"goauthentik.io/api" | ||||
| 	"goauthentik.io/internal/config" | ||||
| 	"goauthentik.io/internal/crypto" | ||||
| 	"goauthentik.io/internal/outpost/ak" | ||||
| 	"goauthentik.io/internal/outpost/proxyv2/application" | ||||
| @ -36,7 +35,7 @@ type ProxyServer struct { | ||||
| 	akAPI       *ak.APIController | ||||
| } | ||||
|  | ||||
| func NewProxyServer(ac *ak.APIController) *ProxyServer { | ||||
| func NewProxyServer(ac *ak.APIController, portOffset int) *ProxyServer { | ||||
| 	l := log.WithField("logger", "authentik.outpost.proxyv2") | ||||
| 	defaultCert, err := crypto.GenerateSelfSignedCert() | ||||
| 	if err != nil { | ||||
| @ -55,7 +54,7 @@ func NewProxyServer(ac *ak.APIController) *ProxyServer { | ||||
| 	globalMux.Use(web.NewLoggingHandler(l.WithField("logger", "authentik.outpost.proxyv2.http"), nil)) | ||||
| 	s := &ProxyServer{ | ||||
| 		Listen:     "0.0.0.0:%d", | ||||
| 		PortOffset: config.G.Web.OutpostPortOffset, | ||||
| 		PortOffset: portOffset, | ||||
|  | ||||
| 		cryptoStore: ak.NewCryptoStore(ac.Client.CryptoApi), | ||||
| 		apps:        make(map[string]*application.Application), | ||||
|  | ||||
		Reference in New Issue
	
	Block a user
	 Jens Langhammer
					Jens Langhammer