Things are gonna break

2026-03-18 05:16:44 +01:00 · 2023-02-17 13:30:35 +09:00
parent 01efd82612
commit 01093b022f
3 changed files with 18 additions and 2 deletions
--- a/5
+++ b/5
@@ -37,6 +37,11 @@ ENV AUTH_TYPE="basic"
 ENV BASIC_AUTH_USER="user"
 ENV BASIC_AUTH_PASS="pass"

+# OIDC variables
+ENV OIDC_DISCOVERY_URL=http://localhost
+ENV OIDC_CLIENT_ID=Headscale WebUI
+ENV OIDC_CLIENT_SECRET=
+
 # Jenkins build args
 ARG GIT_COMMIT_ARG=""
 ARG GIT_BRANCH_ARG=""
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -12,9 +12,10 @@ services:
      - BASIC_AUTH_USER=user                   # Used for basic auth - Can be omitted if not using Basic Auth  
      - BASIC_AUTH_PASS=pass                   # Used for basic auth - Can be omitted if not using Basic Auth
      # ENV for OIDC (Used only if AUTH_TYPE is "OIDC")
-      - OIDC_URL=https://auth.$DOMAIN
+      - OIDC_DISCOVERY_URL=https://auth.$DOMAIN # Check docs for your OIDC provider for the "Well Known" discovery URL
      - OIDC_CLIENT_ID=Headscale WebUI
      - OIDC_CLIENT_SECRET=YourOIDCClientSecret
+      # OIDC Redirect URI:  $DOMAIN/$BASE_PATH/auth
    volumes:
      - ./volume:/data                         # Headscale-WebUI's storage.  Make sure ./volume is readable by UID 1000 (chown 1000:1000 ./volume)
      - ./headscale/config/:/etc/headscale/:ro # Headscale's config storage location.  Used to read your Headscale config.
--- a/server.py
+++ b/server.py
@@ -16,6 +16,17 @@ HS_VERSION  = "v0.20.0"
 DEBUG_STATE = False
 AUTH_TYPE   = os.environ["AUTH_TYPE"].replace('"', '')

+# OIDC Variables:  https://github.com/verdan/flaskoidc
+FLASK_OIDC_PROVIDER_NAME = "OIDC"                           # Default:  'google'
+FLASK_OIDC_SCOPES                                           # Default:  'openid email profile'
+FLASK_OIDC_USER_ID_FIELD                                    # Default:  'email'
+FLASK_OIDC_CLIENT_ID = os.environ["OIDC_CLIENT_ID"]         # Default:  ''
+FLASK_OIDC_CLIENT_SECRET = os.environ["OIDC_CLIENT_SECRET"] # Default:  ''
+FLASK_OIDC_FORCE_SCHEME                                     # Default:  'http'
+FLASK_OIDC_REDIRECT_URI                                     # Default:  '/auth'
+FLASK_OIDC_CONFIG_URL                                       # Default:  ''
+FLASK_OIDC_OVERWRITE_REDIRECT_URI = BASE_PATH               # Default:  '/'
+
 static_url_path = '/static'
 if BASE_PATH != '': static_url_path = BASE_PATH + static_url_path

@@ -47,7 +58,6 @@ elif AUTH_TYPE.lower() == "basic":

    basic_auth = BasicAuth(app)

-
 else:
    app = Flask(__name__, static_url_path=static_url_path)