summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--.env1
-rw-r--r--envoy.yml71
2 files changed, 38 insertions, 34 deletions
diff --git a/.env b/.env
index 92f8770..7a33d59 100644
--- a/.env
+++ b/.env
@@ -1,5 +1,6 @@
APP_ENV=development
BIND_ADDR=:8080
+HMAC_SESSION_SECRET=session_secret
HOST=localhost
OAUTH_CLIENT_ID=client_id
OAUTH_CLIENT_SECRET=client_secret
diff --git a/envoy.yml b/envoy.yml
index bff7a31..270606d 100644
--- a/envoy.yml
+++ b/envoy.yml
@@ -4,6 +4,15 @@ admin:
address: 0.0.0.0
port_value: 9901
static_resources:
+ secrets:
+ - name: client_secret
+ generic_secret:
+ secret:
+ environment_variable: OAUTH_CLIENT_SECRET
+ - name: hmac_secret
+ generic_secret:
+ secret:
+ environment_variable: HMAC_SESSION_SECRET
listeners:
- name: listener_0
address:
@@ -36,40 +45,34 @@ static_resources:
forwarded_for: "%REQ(X-FORWARDED-FOR)%"
user_agent: "%REQ(USER-AGENT)%"
http_filters:
- # - name: envoy.filters.http.oauth2
- # typed_config:
- # "@type": type.googleapis.com/envoy.extensions.filters.http.oauth2.v3.OAuth2
- # config:
- # auth_scopes:
- # - user
- # - openid
- # - email
- # authorization_endpoint: https://gitlab.com/oauth/authorize
- # credentials:
- # client_id: client_id
- # token_secret:
- # name: token
- # sds_config:
- # path_config_source:
- # path: "/etc/envoy/client_secret.yaml"
- # hmac_secret:
- # name: hmac
- # sds_config:
- # path_config_source:
- # path: "/etc/envoy/hmac.yaml"
- # forward_bearer_token: true
- # redirect_path_matcher:
- # path:
- # exact: /session/callback
- # redirect_uri: "%REQ(x-forwarded-proto)%://%REQ(:authority)%/session/callback"
- # signout_path:
- # path:
- # exact: /session/destroy
- # token_endpoint:
- # cluster: oidc
- # uri: https://gitlab.com/oauth/token
- # timeout: 5s
- # use_refresh_token: true
+ - name: envoy.filters.http.oauth2
+ typed_config:
+ "@type": type.googleapis.com/envoy.extensions.filters.http.oauth2.v3.OAuth2
+ config:
+ auth_scopes:
+ - user
+ - openid
+ - email
+ authorization_endpoint: https://gitlab.com/oauth/authorize
+ credentials:
+ client_id: client_id
+ token_secret:
+ name: client_secret
+ hmac_secret:
+ name: hmac_secret
+ forward_bearer_token: true
+ redirect_path_matcher:
+ path:
+ exact: /session/callback
+ redirect_uri: "%REQ(x-forwarded-proto)%://%REQ(:authority)%/session/callback"
+ signout_path:
+ path:
+ exact: /session/destroy
+ token_endpoint:
+ cluster: oidc
+ uri: https://gitlab.com/oauth/token
+ timeout: 5s
+ use_refresh_token: true
- name: envoy.filters.http.router
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
generated by cgit v1.2.3 (git 2.39.1) at 2026-02-02 02:24:47 +0000