{"id":1876,"date":"2023-07-29T00:56:38","date_gmt":"2023-07-28T15:56:38","guid":{"rendered":"https:\/\/oboki.net\/workspace\/?p=1876"},"modified":"2023-12-06T01:13:01","modified_gmt":"2023-12-05T16:13:01","slug":"oauth2-proxy","status":"publish","type":"post","link":"https:\/\/oboki.net\/workspace\/system\/network\/oauth2-proxy\/","title":{"rendered":"OAuth2 Proxy"},"content":{"rendered":"

oauth2-proxy<\/a> \ub97c \uc774\uc6a9\ud558\uba74 \ud2b9\uc815 reverse proxy \uacbd\ub85c\uc5d0 \uc811\uadfc\ud560\ub54c OAuth2 \uc778\uc99d\uc744 \uc694\uccad\ud558\uac8c \ub418\uace0 \uc778\uc99d\ub41c \uc138\uc158\ub9cc \uc811\uadfc\ud560 \uc218 \uc788\ub3c4\ub85d \uc81c\ud55c\ud560 \uc218 \uc788\ub2e4.<\/p>\n

\uacf5\uc2dd \ubb38\uc11c\uc758 \uc67c\ucabd \uadf8\ub9bc\uacfc \uac19\uc774 \uc55e\ub2e8\uc5d0 nginx<\/code> \ub97c \ud558\ub098 \ub354 \ubd99\uc5ec\uc11c \uad6c\uc131\ud560 \uc218\ub3c4 \uc788\ub294\ub370<\/p>\n

\"\"<\/p>\n

nginx \uc5d0\uc11c \ub2e4\uc74c\uacfc \uac19\uc774 vhost private.oboki.net<\/code> \ub85c \ubd84\uae30\uc2dc\ud0a4\uace0<\/p>\n

    server {\n        server_name private.oboki.net;\n        location \/ {\n            proxy_pass http:\/\/${OAUTH2-PROXY-HOST}:4180;\n            ...\n        }\n    }<\/code><\/pre>\n
${OAUTH2-PROXY-HOST}:4180<\/code> \uc5d0 \uc774\uc5b4\uc11c oauth2-proxy<\/code> \uc11c\ube44\uc2a4\ub97c \ubd99\uc5ec\uc8fc\ub824\uace0 \ud55c\ub2e4.<\/p>\n
\uacf5\uc2dd \ub3c4\ucee4 \uc774\ubbf8\uc9c0\uc640 google \uc778\uc99d\uc744 \ud65c\uc6a9\ud574 \uad6c\uc131\uc744 \uc774\uc5b4\uac00\ubcf4\uba74,<\/p>\n
services:\n  proxy:\n    image: quay.io\/oauth2-proxy\/oauth2-proxy:v7.4.0-amd64\n    ports:\n      - 4180:4180\n    command:\n      - --authenticated-emails-file=\/allowed-emails\n      - --client-id=<Your Client ID>\n      - --client-secret=<Your Client Secret>\n      - --cookie-secret=MY-AWESOME-COOKIE-SECRET\n      - --cookie-secure=true\n      - --email-domain=google.com\n      - --http-address=http:\/\/0.0.0.0:4180\n      - --redirect-url=https:\/\/private.oboki.net\/oauth2\/callback\n      - --reverse-proxy=true\n      - --upstream=http:\/\/upstream\n    volumes:\n      - .\/allowed-emails:\/allowed-emails\n\n  upstream:\n    image: nginx:latest<\/code><\/pre>\n
https:\/\/private.oboki.net<\/code> \ub85c \uc811\uadfc\ud588\uc744 \ub54c upstream \uc11c\ube44\uc2a4\ub85c \ud3ec\uc6cc\ub529\uc2dc\ud0ac \uc218 \uc788\ub2e4.<\/p>\n
\ub2e4\uc74c\uacfc \uac19\uc774 vserver \ub85c \uc811\uadfc\ud558\uba74 \uc11c\ubc84\uac00 \ucd94\uac00\uc801\uc778 \uc778\uc99d\uc744 \uc694\uad6c\ud558\uac8c \ub418\uace0<\/p>\n
\"file\"<\/p>\n
\"file\"<\/p>\n
\uad6c\uae00 \uacc4\uc815\uc73c\ub85c \ub85c\uadf8\uc778\ud558\uba74 \ube44\ub85c\uc18c upstream \uc11c\ube44\uc2a4\uc5d0 \ub3c4\ub2ec\ud560 \uc218 \uc788\ub2e4.<\/p>\n
\"file\"<\/p>\n
<Your Client ID><\/code> \uc640 <Your Client Secret><\/code> \uc740 https:\/\/console.developers.google.com\/apis\/credentials<\/a> \uc5d0\uc11c \ub2e4\uc74c\uacfc \uac19\uc774 \ubb34\ub8cc\ub85c \ubc1c\uae09\ubc1b\uc744 \uc218 \uc788\ub2e4.<\/p>\n
\uc55e\uc11c \uc124\uc815\ud55c url \ub4e4\ub9cc \uc798 \uc785\ub825\ud574\uc8fc\uba74 \uc218 \ubd84 \ub0b4\ub85c \uae08\ubc29 \ud65c\uc131\ud654 \ub41c\ub2e4.<\/p>\n
\"file\"<\/p>\n
\"file\"<\/p>\n
\uc0ac\uc6a9\uc790 \uc720\ud615\uc744 \ub0b4\ubd80\ub85c \uc124\uc815\ud558\uba74 \ud2b9\uc815 \uc0ac\uc6a9\uc790\ub9cc \uc811\uadfc \uac00\ub2a5\ud558\ub3c4\ub85d Google Cloud \uc218\uc900\uc5d0\uc11c \uc81c\uc5b4\uac00\ub2a5\ud558\uaca0\uc9c0\ub9cc Google Workspace \ub97c \uc0ac\uc6a9\ud574\uc57c\ud558\uace0 authenticated-emails-file<\/code> \ud30c\uc77c\uc744 \uc774\uc6a9\ud574 \ud504\ub85d\uc2dc \uc218\uc900\uc5d0\uc11c \uad00\ub9ac\ud560 \uc218\ub3c4 \uc788\ub2e4.<\/p>\n","protected":false},"excerpt":{"rendered":"
oauth2-proxy \ub97c \uc774\uc6a9\ud558\uba74 \ud2b9\uc815 reverse proxy \uacbd\ub85c\uc5d0 \uc811\uadfc\ud560\ub54c OAuth2 \uc778\uc99d\uc744 \uc694\uccad\ud558\uac8c \ub418\uace0 \uc778\uc99d\ub41c \uc138\uc158\ub9cc \uc811\uadfc\ud560 \uc218 \uc788\ub3c4\ub85d \uc81c\ud55c\ud560 \uc218 \uc788\ub2e4. \uacf5\uc2dd \ubb38\uc11c\uc758 \uc67c\ucabd \uadf8\ub9bc\uacfc \uac19\uc774 \uc55e\ub2e8\uc5d0 nginx \ub97c \ud558\ub098 \ub354 \ubd99\uc5ec\uc11c \uad6c\uc131\ud560 \uc218\ub3c4 \uc788\ub294\ub370 nginx \uc5d0\uc11c \ub2e4\uc74c\uacfc \uac19\uc774 vhost private.oboki.net \ub85c \ubd84\uae30\uc2dc\ud0a4\uace0 server { server_name private.oboki.net; location \/ { proxy_pass http:\/\/${OAUTH2-PROXY-HOST}:4180; … } } ${OAUTH2-PROXY-HOST}:4180 […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[19],"tags":[],"class_list":["post-1876","post","type-post","status-publish","format-standard","hentry","category-network"],"_links":{"self":[{"href":"https:\/\/oboki.net\/workspace\/wp-json\/wp\/v2\/posts\/1876","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/oboki.net\/workspace\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/oboki.net\/workspace\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/oboki.net\/workspace\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/oboki.net\/workspace\/wp-json\/wp\/v2\/comments?post=1876"}],"version-history":[{"count":0,"href":"https:\/\/oboki.net\/workspace\/wp-json\/wp\/v2\/posts\/1876\/revisions"}],"wp:attachment":[{"href":"https:\/\/oboki.net\/workspace\/wp-json\/wp\/v2\/media?parent=1876"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/oboki.net\/workspace\/wp-json\/wp\/v2\/categories?post=1876"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/oboki.net\/workspace\/wp-json\/wp\/v2\/tags?post=1876"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}